set version to 0.9.38.5 for upcoming release

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
also reseller/admins who can't see all customers were able to delete arbitrary ssl certificates, refs #1699
2017-01-13 19:45:17 +01:00 · 2017-01-13 19:21:34 +01:00 · 2017-01-10 19:11:01 +01:00 · 2017-01-10 08:37:50 +01:00 · 2017-01-05 11:58:11 +01:00 · 2017-01-02 07:32:45 +01:00
126 changed files with 9432 additions and 7231 deletions
--- a/README.md
+++ b/README.md
@@ -11,8 +11,8 @@ Developed by experienced server administrators, this panel simplifies the effort
 3. Point your browser to http://[ip-of-webserver]/froxlor
 4. Follow the installer
 5. Login as administrator
-6. Adjust "Server > Settings" according to your needs
-7. Choose your distribution under "Server > Configuration"
+6. Adjust "System > Settings" according to your needs
+7. Choose your distribution under "System > Configuration"
 8. Follow the steps for your services
 9. Have fun!

--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -227,6 +227,31 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_customer_hide_options' => array(
+					'label' => $lng['serversettings']['panel_customer_hide_options'],
+					'settinggroup' => 'panel',
+					'varname' => 'customer_hide_options',
+					'type' => 'option',
+					'default' => '',
+					'option_mode' => 'multiple',
+					'option_emptyallowed' => true,
+					'option_options' => array(
+						'email'                       => $lng['menue']['email']['email'],
+						'mysql'                       => $lng['menue']['mysql']['mysql'],
+						'domains'                     => $lng['menue']['domains']['domains'],
+						'ftp'                         => $lng['menue']['ftp']['ftp'],
+						'extras'                      => $lng['menue']['extras']['extras'],
+						'extras.directoryprotection'  => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['directoryprotection'],
+						'extras.pathoptions'          => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['pathoptions'],
+						'extras.logger'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['logger']['logger'],
+						'extras.backup'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['backup'],
+						'traffic'                     => $lng['menue']['traffic']['traffic'],
+						'traffic.http'                => $lng['menue']['traffic']['traffic']." / HTTP",
+						'traffic.ftp'                 => $lng['menue']['traffic']['traffic']." / FTP",
+						'traffic.mail'                => $lng['menue']['traffic']['traffic']." / Mail",
+					),
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/120.system.php
+++ b/actions/admin/settings/120.system.php
@@ -69,14 +69,6 @@ return array(
 					'save_method' => 'storeSettingHostname',
 					'plausibility_check_method' => 'checkHostname',
 					),
-				'system_froxlordirectlyviahostname' => array(
-					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
-					'settinggroup' => 'system',
-					'varname' => 'froxlordirectlyviahostname',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
 				'system_validatedomain' => array(
 					'label' => $lng['serversettings']['validate_domain'],
 					'settinggroup' => 'system',
@@ -160,6 +152,65 @@ return array(
 					'default' => 90,
 					'save_method' => 'storeSettingField',
 					),
+
+				'system_mail_use_smtp' => array(
+					'label' => $lng['serversettings']['mail_use_smtp'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_use_smtp',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_host' => array(
+					'label' => $lng['serversettings']['mail_smtp_host'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_host',
+					'type' => 'string',
+					'default' => 'localhost',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_port' => array(
+					'label' => $lng['serversettings']['mail_smtp_port'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_port',
+					'type' => 'int',
+					'int_min' => 1,
+					'int_max' => 65535,
+					'default' => 25,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_usetls' => array(
+					'label' => $lng['serversettings']['mail_smtp_usetls'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_usetls',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_auth' => array(
+					'label' => $lng['serversettings']['mail_smtp_auth'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_auth',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_user' => array(
+					'label' => $lng['serversettings']['mail_smtp_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_user',
+					'type' => 'string',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_passwd' => array(
+					'label' => $lng['serversettings']['mail_smtp_passwd'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_passwd',
+					'type' => 'hiddenString',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/122.froxlorvhost.php
+++ b/actions/admin/settings/122.froxlorvhost.php
@@ -0,0 +1,192 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Settings
+ *
+ */
+return array(
+	'groups' => array(
+		'froxlorvhost' => array(
+			'title' => $lng['admin']['froxlorvhost'],
+			'fields' => array(
+				/**
+				 * Webserver-Vhost
+				 */
+				'system_froxlordirectlyviahostname' => array(
+					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
+					'settinggroup' => 'system',
+					'varname' => 'froxlordirectlyviahostname',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				/**
+				 * SSL / Let's Encrypt
+				 */
+				'system_le_froxlor_enabled' => array(
+					'label' => $lng['serversettings']['le_froxlor_enabled'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_enabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingClearCertificates',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				'system_le_froxlor_redirect' => array(
+					'label' => $lng['serversettings']['le_froxlor_redirect'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_redirect',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_maxage' => array(
+					'label' => $lng['admin']['domain_hsts_maxage'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_maxage',
+					'type' => 'int',
+					'int_min' => 0,
+					'int_max' => 94608000, // 3-years
+					'default' => 0,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_incsub' => array(
+					'label' => $lng['admin']['domain_hsts_incsub'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_incsub',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_preload' => array(
+					'label' => $lng['admin']['domain_hsts_preload'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_preload',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				/**
+				 * FCGID
+				 */
+				'system_mod_fcgid_enabled_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpuser' => array(
+					'label' => $lng['admin']['mod_fcgid_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpgroup' => array(
+					'label' => $lng['admin']['mod_fcgid_group'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_defaultini_ownvhost',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				/**
+				 * php-fpm
+				 */
+				'system_phpfpm_enabled_ownvhost' => array(
+					'label' => $lng['phpfpm']['ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'enabled_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpuser' => array(
+					'label' => $lng['phpfpm']['vhost_httpuser'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpgroup' => array(
+					'label' => $lng['phpfpm']['vhost_httpgroup'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_defaultini',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				/**
+				 * DNS
+				 */
+				'system_dns_createhostnameentry' => array(
+					'label' => $lng['serversettings']['dns_createhostnameentry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createhostnameentry',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.bind_enable')
+				)
+			)
+		)
+	)
+);
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -179,6 +179,17 @@ return array(
 						'nginx'
 					)
 				),
+				'system_nginx_http2_support' => array(
+					'label' => $lng['serversettings']['nginx_http2_support'],
+					'settinggroup' => 'system',
+					'varname' => 'nginx_http2_support',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'nginx'
+					)
+				),
 				'system_nginx_php_backend' => array(
 					'label' => $lng['serversettings']['nginx_php_backend'],
 					'settinggroup' => 'system',
@@ -260,11 +271,7 @@ return array(
 					'varname' => 'enabled',
 					'type' => 'bool',
 					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				),
 				'customredirect_default' => array(
 					'label' => $lng['serversettings']['customredirect_default'],
@@ -274,11 +281,7 @@ return array(
 					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getRedirectCodes',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				)
 			)
 		)
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -16,134 +16,145 @@
 * @package    Settings
 *
 */
-
 return array(
 	'groups' => array(
-			'ssl' => array(
-					'title' => $lng['admin']['sslsettings'],
-					'fields' => array(
-							'system_ssl_enabled' => array(
-									'label' => $lng['serversettings']['ssl']['use_ssl'],
-									'settinggroup' => 'system',
-									'varname' => 'use_ssl',
-									'type' => 'bool',
-									'default' => false,
-									'save_method' => 'storeSettingField',
-									'overview_option' => true
-							),
-							'system_ssl_cipher_list' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cipher_list',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_cert_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cert_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '/etc/apache2/apache2.pem',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_key_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_key_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_key_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '/etc/apache2/apache2.key',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_cert_chainfile' => array(
-									'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cert_chainfile',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_ca_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_ca_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '',
-									'save_method' => 'storeSettingField',
-							),
-							'system_leenabled' => array(
-							        'label' => $lng['serversettings']['leenabled'],
-							        'settinggroup' => 'system',
-							        'varname' => 'leenabled',
-							        'type' => 'bool',
-							        'default' => false,
-							        'cronmodule' => 'froxlor/letsencrypt',
-							        'save_method' => 'storeSettingField'
-							),
-							'system_letsencryptca' => array(
-									'label' => $lng['serversettings']['letsencryptca'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptca',
-									'type' => 'option',
-									'default' => 'testing',
-									'option_mode' => 'one',
-									'option_options' => array('testing' => 'https://acme-staging.api.letsencrypt.org (Test)', 'production' => 'https://acme-v01.api.letsencrypt.org (Live)'),
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptcountrycode' => array(
-									'label' => $lng['serversettings']['letsencryptcountrycode'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptcountrycode',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'DE',
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptstate' => array(
-									'label' => $lng['serversettings']['letsencryptstate'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptstate',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'Hessen',
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptchallengepath' => array(
-									'label' => $lng['serversettings']['letsencryptchallengepath'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptchallengepath',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => FROXLOR_INSTALL_DIR,
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptkeysize' => array(
-									'label' => $lng['serversettings']['letsencryptkeysize'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptkeysize',
-									'type' => 'int',
-									'int_min' => 2048,
-									'default' => 4096,
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptreuseold' => array(
-									'label' => $lng['serversettings']['letsencryptreuseold'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptreuseold',
-									'type' => 'bool',
-									'default' => false,
-									'save_method' => 'storeSettingField',
-							),
-					)
+		'ssl' => array(
+			'title' => $lng['admin']['sslsettings'],
+			'fields' => array(
+				'system_ssl_enabled' => array(
+					'label' => $lng['serversettings']['ssl']['use_ssl'],
+					'settinggroup' => 'system',
+					'varname' => 'use_ssl',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'overview_option' => true
+				),
+				'system_ssl_cipher_list' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cipher_list',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cert_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cert_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '/etc/apache2/apache2.pem',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_key_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_key_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_key_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '/etc/apache2/apache2.key',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cert_chainfile' => array(
+					'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cert_chainfile',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_ca_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_ca_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_leenabled' => array(
+					'label' => $lng['serversettings']['leenabled'],
+					'settinggroup' => 'system',
+					'varname' => 'leenabled',
+					'type' => 'bool',
+					'default' => false,
+					'cronmodule' => 'froxlor/letsencrypt',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptacmeconf' => array(
+					'label' => $lng['serversettings']['letsencryptacmeconf'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptacmeconf',
+					'type' => 'string',
+					'string_type' => 'file',
+					'default' => '/etc/apache2/conf-enabled/acme.conf',
+					'save_method' => 'storeSettingField',
+				),
+				'system_letsencryptca' => array(
+					'label' => $lng['serversettings']['letsencryptca'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptca',
+					'type' => 'option',
+					'default' => 'testing',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'testing' => 'https://acme-staging.api.letsencrypt.org (Test)',
+						'production' => 'https://acme-v01.api.letsencrypt.org (Live)'
+					),
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptcountrycode' => array(
+					'label' => $lng['serversettings']['letsencryptcountrycode'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptcountrycode',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'DE',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptstate' => array(
+					'label' => $lng['serversettings']['letsencryptstate'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptstate',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'Hessen',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptchallengepath' => array(
+					'label' => $lng['serversettings']['letsencryptchallengepath'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptchallengepath',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => FROXLOR_INSTALL_DIR,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptkeysize' => array(
+					'label' => $lng['serversettings']['letsencryptkeysize'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptkeysize',
+					'type' => 'int',
+					'int_min' => 2048,
+					'default' => 4096,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptreuseold' => array(
+					'label' => $lng['serversettings']['letsencryptreuseold'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptreuseold',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				)
 			)
 		)
-	);
+	)
+);
--- a/actions/admin/settings/135.fcgid.php
+++ b/actions/admin/settings/135.fcgid.php
@@ -97,44 +97,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField',
 					),
-				'system_mod_fcgid_enabled_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpuser' => array(
-					'label' => $lng['admin']['mod_fcgid_user'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpgroup' => array(
-					'label' => $lng['admin']['mod_fcgid_group'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_defaultini_ownvhost',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
 				'system_mod_fcgid_idle_timeout' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'],
 					'settinggroup' => 'system',
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -30,46 +30,12 @@ return array(
 					'plausibility_check_method' => 'checkFcgidPhpFpm',
 					'overview_option' => true
 					),
-				'system_phpfpm_enabled_ownvhost' => array(
-					'label' => $lng['phpfpm']['ownvhost'],
+				'system_phpfpm_defaultini' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
 					'settinggroup' => 'phpfpm',
-					'varname' => 'enabled_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_httpuser' => array(
-					'label' => $lng['phpfpm']['vhost_httpuser'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser'
-					),
-				'system_phpfpm_httpgroup' => array(
-					'label' => $lng['phpfpm']['vhost_httpgroup'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_defaultini' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'defaultini',
-					'type' => 'option',
-					'default' => '1',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_defaultini',
+					'varname' => 'defaultini',
 					'type' => 'option',
-					'default' => '2',
+					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField'
--- a/actions/admin/settings/160.nameserver.php
+++ b/actions/admin/settings/160.nameserver.php
@@ -97,14 +97,6 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField',
 				),
-				'system_dns_createhostnameentry' => array(
-					'label' => $lng['serversettings']['dns_createhostnameentry'],
-					'settinggroup' => 'system',
-					'varname' => 'dns_createhostnameentry',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',
@@ -127,5 +119,3 @@ return array(
 			),
 		),
 	);
-
-?>
--- a/actions/admin/settings/210.security.php
+++ b/actions/admin/settings/210.security.php
@@ -63,6 +63,23 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
+					),
+				'system_allow_customer_shell' => array(
+					'label' => $lng['serversettings']['allow_allow_customer_shell'],
+					'settinggroup' => 'system',
+					'varname' => 'allow_customer_shell',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_available_shells' => array(
+					'label' => $lng['serversettings']['available_shells'],
+					'settinggroup' => 'system',
+					'varname' => 'available_shells',
+					'type' => 'string',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField',
 					)
 				)
 			)
--- a/admin_autoupdate.php
+++ b/admin_autoupdate.php
@@ -32,7 +32,7 @@ if (ini_get('allow_url_fopen') === false) {
 }

 // check for archive-stuff
-if (function_exists('gzopen') === false) {
+if (! extension_loaded('zip')) {
 	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2));
 }

@@ -85,7 +85,7 @@ if ($page == 'overview') {
 			}
 			elseif ($isnewerversion == 0) {
 				// all good
-			    standard_success ('noupdatesavail');
+				standard_success ('noupdatesavail');
 			} else {
 				standard_error ('customized_version');
 			}
@@ -122,7 +122,7 @@ elseif ($page == 'getdownload') {

 		// remove old archive
 		if (file_exists($localArchive)) {
-		    @unlink($localArchive);
+			@unlink($localArchive);
 		}

 		// store archive
@@ -137,15 +137,15 @@ elseif ($page == 'getdownload') {
 		// validate the integrity of the downloaded file
 		$_shouldsum = @file_get_contents($toCheck);
 		if (!empty($_shouldsum)) {
-		    $_t = explode(" ", $_shouldsum);
-		    $shouldsum = $_t[0];
+			$_t = explode(" ", $_shouldsum);
+			$shouldsum = $_t[0];
 		} else {
-		    $shouldsum = null;
+			$shouldsum = null;
 		}
 		$filesum = hash_file('sha256', $localArchive);

 		if ($filesum != $shouldsum) {
-		    redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9));
+			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9));
 		}

 		// to the next step
@@ -166,8 +166,8 @@ elseif ($page == 'extract') {
 		$zip = new ZipArchive;
 		$res = $zip->open($localArchive);
 		if ($res === true) {
-		    $log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".dirname(FROXLOR_INSTALL_DIR));
-			$zip->extractTo(dirname(FROXLOR_INSTALL_DIR));
+			$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".FROXLOR_INSTALL_DIR);
+			$zip->extractTo(FROXLOR_INSTALL_DIR);
 			$zip->close();
 			// success - remove unused archive
 			@unlink($localArchive);
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -30,6 +30,19 @@ if ($userinfo['change_serversettings'] == '1') {
 		$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
 	}

+	// try to convert namserver hosts to ip's
+	$ns_ips = "";
+	if (Settings::Get('system.nameservers') != '') {
+		$nameservers = explode(',', Settings::Get('system.nameservers'));
+		foreach ($nameservers as $nameserver) {
+			$nameserver = trim($nameserver);
+			$nameserver_ips = gethostbynamel($nameserver);
+			if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+				$ns_ips .= implode(",", $nameserver_ips);
+			}
+		}
+	}
+
 	$replace_arr = Array(
 		'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
 		'<SQL_UNPRIVILEGED_PASSWORD>' => 'MYSQL_PASSWORD',
@@ -39,6 +52,8 @@ if ($userinfo['change_serversettings'] == '1') {
 		'<SERVERNAME>' => Settings::Get('system.hostname'),
 		'<SERVERIP>' => Settings::Get('system.ipaddress'),
 		'<NAMESERVERS>' => Settings::Get('system.nameservers'),
+		'<NAMESERVERS_IP>' => $ns_ips,
+		'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
 		'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
 		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -84,6 +84,15 @@ if ($page == 'customers'
 				$domains = $domains_stmt->fetch(PDO::FETCH_ASSOC);
 				$row['domains'] = intval($domains['domains']);
 				$dec_places = Settings::Get('panel.decimal_places');
+
+				// get disk-space usages for web, mysql and mail
+				$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+				$usages = Database::pexecute_first($usages_stmt, array('cid' => $row['customerid']));
+
+				$row['webspace_used'] = round($usages['webspace'] / 1024, $dec_places);
+				$row['mailspace_used'] = round($usages['mail'] / 1024, $dec_places);
+				$row['dbspace_used'] = round($usages['mysql'] / 1024, $dec_places);
+
 				$row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $dec_places);
 				$row['traffic'] = round($row['traffic'] / (1024 * 1024), $dec_places);
 				$row['diskspace_used'] = round($row['diskspace_used'] / 1024, $dec_places);
@@ -869,7 +878,7 @@ if ($page == 'customers'
 						}
 						// check froxlor-local user membership in ftp-group
 						// without this check addition may duplicate user in list if httpuser == local_user
-						if (strpos($ins_data['members'], $local_user) !== false) {
+						if (strpos($ins_data['members'], $local_user) == false) {
 							$ins_data['members'] .= ','.$local_user;
 						}
 					}
--- a/admin_domains.php
+++ b/admin_domains.php
@@ -166,7 +166,7 @@ if ($page == 'domains' || $page == 'overview') {

 				$subresult_stmt = Database::prepare("
 					SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "`
-					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ") AND `isemaildomain` = '1'");
+					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ")");
 				Database::pexecute($subresult_stmt, array(
 					'id' => $id
 				));
@@ -189,12 +189,27 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain/s from mail-tables");
 				}

+				// if mainbutsubto-domains are not to be deleted, re-assign the (ismainbutsubto value of the main
+				// domain which is being deleted) as their new ismainbutsubto value
+				if ($remove_subbutmain_domains !== 1) {
+					$upd_stmt = Database::prepare("
+						UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
+						`ismainbutsubto` = :newIsMainButSubtoValue
+						WHERE `ismainbutsubto` = :deletedMainDomainId
+						");
+					Database::pexecute($upd_stmt, array(
+						'newIsMainButSubtoValue' => $result['ismainbutsubto'],
+						'deletedMainDomainId' => $id,
+					));
+				}
+
 				$del_stmt = Database::prepare("
 					DELETE FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `id` = :id OR `parentdomainid` = :id " . $rsd_sql);
 				Database::pexecute($del_stmt, array(
 					'id' => $id
 				));
+
 				$deleted_domains = $del_stmt->rowCount();

 				$upd_stmt = Database::prepare("
@@ -380,6 +395,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}

 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
@@ -387,6 +405,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}

 				if ($userinfo['change_serversettings'] == '1') {

@@ -434,6 +455,7 @@ if ($page == 'domains' || $page == 'overview') {

 				if ($userinfo['caneditphpsettings'] == '1' || $userinfo['change_serversettings'] == '1') {

+                                        $phpenabled  = isset($POST_['phpenabled']) ? intval($_POST['phpenabled']) : 0;
 					$openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0;

 					if ((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
@@ -474,7 +496,9 @@ if ($page == 'domains' || $page == 'overview') {
 					}
 				} else {

+                                        $phpenabled = '1';
 					$openbasedir = '1';
+
 					if ((int) Settings::Get('phpfpm.enabled') == 1) {
 						$phpsettingid = Settings::Get('phpfpm.defaultini');
 					} else {
@@ -565,12 +589,23 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
+						// HSTS
+						$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+						$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+						$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
@@ -578,6 +613,11 @@ if ($page == 'domains' || $page == 'overview') {
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
 				}

 				// We can't enable let's encrypt for wildcard - domains
@@ -653,6 +693,10 @@ if ($page == 'domains' || $page == 'overview') {
 				if (count($ipandports) == 0) {
 					standard_error('noipportgiven');
 				}
+				
+				if($phpenabled != '1') {
+					$phpenabled = '0';
+				}

 				if ($openbasedir != '1') {
 					$openbasedir = '0';
@@ -733,6 +777,7 @@ if ($page == 'domains' || $page == 'overview') {
 						'ipandport' => serialize($ipandports),
 						'ssl_redirect' => $ssl_redirect,
 						'ssl_ipandport' => serialize($ssl_ipandports),
+						'phpenabled' => $phpenabled,
 						'openbasedir' => $openbasedir,
 						'phpsettingid' => $phpsettingid,
 						'mod_fcgid_starter' => $mod_fcgid_starter,
@@ -741,7 +786,10 @@ if ($page == 'domains' || $page == 'overview') {
 						'registration_date' => $registration_date,
 						'termination_date' => $termination_date,
 						'issubof' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'hsts_maxage' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload
 					);

 					$security_questions = array(
@@ -778,6 +826,7 @@ if ($page == 'domains' || $page == 'overview') {
 						'email_only' => $email_only,
 						'subcanemaildomain' => $subcanemaildomain,
 						'caneditdomain' => $caneditdomain,
+						'phpenabled' => $phpenabled,
 						'openbasedir' => $openbasedir,
 						'speciallogfile' => $speciallogfile,
 						'specialsettings' => $specialsettings,
@@ -789,7 +838,10 @@ if ($page == 'domains' || $page == 'overview') {
 						'mod_fcgid_starter' => $mod_fcgid_starter,
 						'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 						'ismainbutsubto' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'hsts' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload
 					);

 					$ins_stmt = Database::prepare("
@@ -811,18 +863,22 @@ if ($page == 'domains' || $page == 'overview') {
 						`email_only` = :email_only,
 						`subcanemaildomain` = :subcanemaildomain,
 						`caneditdomain` = :caneditdomain,
+						`phpenabled` = :phpenabled,
 						`openbasedir` = :openbasedir,
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
 						`ssl_redirect` = :ssl_redirect,
 						`add_date` = :add_date,
 						`registration_date` = :registration_date,
-                                                `termination_date` = :termination_date,
+						`termination_date` = :termination_date,
 						`phpsettingid` = :phpsettingid,
 						`mod_fcgid_starter` = :mod_fcgid_starter,
 						`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
 						`ismainbutsubto` = :ismainbutsubto,
-						`letsencrypt` = :letsencrypt
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload
 					");
 					Database::pexecute($ins_stmt, $ins_data);
 					$domainid = Database::lastInsertId();
@@ -1037,8 +1093,12 @@ if ($page == 'domains' || $page == 'overview') {
 	} elseif ($action == 'edit' && $id != 0) {

 		$result_stmt = Database::prepare("
-			SELECT `d`.*, `c`.`customerid` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
-			WHERE `d`.`parentdomainid` = '0' AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid"));
+			SELECT `d`.*, `c`.`customerid`
+			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+			LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
+			WHERE `d`.`parentdomainid` = '0'
+			AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid")
+		);
 		$params = array(
 			'id' => $id
 		);
@@ -1183,7 +1243,7 @@ if ($page == 'domains' || $page == 'overview') {
 					$adminid = $result['adminid'];
 				}

-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;
 				$issubof = intval($_POST['issubof']);
 				$subcanemaildomain = intval($_POST['subcanemaildomain']);
 				$caneditdomain = isset($_POST['caneditdomain']) ? intval($_POST['caneditdomain']) : 0;
@@ -1193,12 +1253,18 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}
 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
 					'0000-00-00',
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}

 				$isemaildomain = 0;
 				if (isset($_POST['isemaildomain'])) {
@@ -1272,6 +1338,7 @@ if ($page == 'domains' || $page == 'overview') {

 				if ($userinfo['caneditphpsettings'] == '1' || $userinfo['change_serversettings'] == '1') {

+					$phpenabled  = isset($_POST['phpenabled']) ? intval($_POST['phpenabled']) : 0;
 					$openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0;

 					if ((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
@@ -1306,6 +1373,7 @@ if ($page == 'domains' || $page == 'overview') {
 						$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];
 					}
 				} else {
+					$phpenabled = $result['phpenabled'];
 					$openbasedir = $result['openbasedir'];
 					$phpsettingid = $result['phpsettingid'];
 					$mod_fcgid_starter = $result['mod_fcgid_starter'];
@@ -1348,6 +1416,11 @@ if ($page == 'domains' || $page == 'overview') {
 						$letsencrypt = (int) $_POST['letsencrypt'];
 					}

+					// HSTS
+					$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+					$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+					$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 					$ssl_ipandports = array();
 					if (isset($_POST['ssl_ipandport']) && ! is_array($_POST['ssl_ipandport'])) {
 						$_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']);
@@ -1373,12 +1446,18 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
@@ -1386,6 +1465,11 @@ if ($page == 'domains' || $page == 'overview') {
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
 				}

 				// We can't enable let's encrypt for wildcard domains
@@ -1401,6 +1485,10 @@ if ($page == 'domains' || $page == 'overview') {
 				if (! preg_match('/^https?\:\/\//', $documentroot)) {
 					$documentroot = makeCorrectDir($documentroot);
 				}
+				
+				if ($phpenabled != '1') {
+					$phpenabled = '0';
+				}

 				if ($openbasedir != '1') {
 					$openbasedir = '0';
@@ -1510,6 +1598,7 @@ if ($page == 'domains' || $page == 'overview') {
 					'dkim' => $dkim,
 					'selectserveralias' => $serveraliasoption,
 					'ssl_redirect' => $ssl_redirect,
+					'phpenabled' => $phpenabled,
 					'openbasedir' => $openbasedir,
 					'phpsettingid' => $phpsettingid,
 					'mod_fcgid_starter' => $mod_fcgid_starter,
@@ -1523,7 +1612,10 @@ if ($page == 'domains' || $page == 'overview') {
 					'speciallogverified' => $speciallogverified,
 					'ipandport' => serialize($ipandports),
 					'ssl_ipandport' => serialize($ssl_ipandports),
-					'letsencrypt' => $letsencrypt
+					'letsencrypt' => $letsencrypt,
+					'hsts_maxage' => $hsts_maxage,
+					'hsts_sub' => $hsts_sub,
+					'hsts_preload' => $hsts_preload
 				);

 				$security_questions = array(
@@ -1542,7 +1634,7 @@ if ($page == 'domains' || $page == 'overview') {
 				$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';
 				$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';

-				if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt']) {
+				if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $phpenabled != $result['phpenabled'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload']) {
 					inserttask('1');
 				}

@@ -1571,6 +1663,16 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain #" . $id . " from mail-tables");
 				}

+				// check whether LE has been disabled, so we remove the certificate
+				if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+					$del_stmt = Database::prepare("
+						DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+					");
+					Database::pexecute($del_stmt, array(
+						'id' => $id
+					));
+				}
+
 				$updatechildren = '';

 				if ($subcanemaildomain == '0' && $result['subcanemaildomain'] != '0') {
@@ -1673,6 +1775,7 @@ if ($page == 'domains' || $page == 'overview') {
 				$update_data['zonefile'] = $zonefile;
 				$update_data['wwwserveralias'] = $wwwserveralias;
 				$update_data['iswildcarddomain'] = $iswildcarddomain;
+				$update_data['phpenabled'] = $phpenabled;
 				$update_data['openbasedir'] = $openbasedir;
 				$update_data['speciallogfile'] = $speciallogfile;
 				$update_data['phpsettingid'] = $phpsettingid;
@@ -1683,6 +1786,9 @@ if ($page == 'domains' || $page == 'overview') {
 				$update_data['termination_date'] = $termination_date;
 				$update_data['ismainbutsubto'] = $issubof;
 				$update_data['letsencrypt'] = $letsencrypt;
+				$update_data['hsts'] = $hsts_maxage;
+				$update_data['hsts_sub'] = $hsts_sub;
+				$update_data['hsts_preload'] = $hsts_preload;
 				$update_data['id'] = $id;

 				$update_stmt = Database::prepare("
@@ -1701,6 +1807,7 @@ if ($page == 'domains' || $page == 'overview') {
 					`zonefile` = :zonefile,
 					`wwwserveralias` = :wwwserveralias,
 					`iswildcarddomain` = :iswildcarddomain,
+					`phpenabled` = :phpenabled,
 					`openbasedir` = :openbasedir,
 					`speciallogfile` = :speciallogfile,
 					`phpsettingid` = :phpsettingid,
@@ -1710,13 +1817,17 @@ if ($page == 'domains' || $page == 'overview') {
 					`registration_date` = :registration_date,
 					`termination_date` = :termination_date,
 					`ismainbutsubto` = :ismainbutsubto,
-					`letsencrypt` = :letsencrypt
+					`letsencrypt` = :letsencrypt,
+					`hsts` = :hsts,
+					`hsts_sub` = :hsts_sub,
+					`hsts_preload` = :hsts_preload
 					WHERE `id` = :id
 				");
 				Database::pexecute($update_stmt, $update_data);

 				$_update_data['customerid'] = $customerid;
 				$_update_data['adminid'] = $adminid;
+				$_update_data['phpenabled'] = $phpenabled;
 				$_update_data['openbasedir'] = $openbasedir;
 				$_update_data['phpsettingid'] = $phpsettingid;
 				$_update_data['mod_fcgid_starter'] = $mod_fcgid_starter;
@@ -1735,6 +1846,7 @@ if ($page == 'domains' || $page == 'overview') {
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
 					`customerid` = :customerid,
 					`adminid` = :adminid,
+					`phpenabled` = :phpenabled,
 					`openbasedir` = :openbasedir,
 					`phpsettingid` = :phpsettingid,
 					`mod_fcgid_starter` = :mod_fcgid_starter,
@@ -2086,6 +2198,11 @@ if ($page == 'domains' || $page == 'overview') {
 } elseif ($page == 'domaindnseditor' && Settings::Get('system.dnsenabled') == '1') {

 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }

 function formatDomainEntry(&$row, &$idna_convert)
--- a/admin_index.php
+++ b/admin_index.php
@@ -144,6 +144,15 @@ if ($page == 'overview') {
 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();

+	$system_hostname = gethostname();
+	$meminfo= explode("\n", @file_get_contents("/proc/meminfo"));
+	$memory = "";
+	for ($i = 0; $i < sizeof($meminfo); ++$i) {
+		if (substr($meminfo[$i], 0, 3) === "Mem") {
+			$memory.= $meminfo[$i] . PHP_EOL;
+		}
+	}
+
 	if (function_exists('sys_getloadavg')) {
 		$loadArray = sys_getloadavg();
 		$load = number_format($loadArray[0], 2, '.', '') . " / " . number_format($loadArray[1], 2, '.', '') . " / " . number_format($loadArray[2], 2, '.', '');
@@ -360,7 +369,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = nl2br($mail_body);

--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -33,6 +33,7 @@ if ($page == 'ipsandports'
 	$websrv = Settings::Get('system.webserver');
 	$is_nginx = ($websrv == 'nginx');
 	$is_apache = ($websrv == 'apache2');
+	$is_apache24 = $is_apache && (Settings::Get('system.apache24') === '1');

 	if ($action == '') {

--- a/customer_domains.php
+++ b/customer_domains.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -36,7 +41,7 @@ if ($page == 'overview') {
 			'd.domain' => $lng['domains']['domainname']
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_DOMAINS, $fields);
-		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isbinddomain`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			WHERE `d`.`customerid`= :customerid
@@ -260,7 +265,7 @@ if ($page == 'overview') {
 				}

 				$subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
-				$domain = $idna_convert->encode($_POST['domain']);
+				$domain = $_POST['domain'];
 				$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain` = :domain
 					AND `customerid` = :customerid
@@ -272,6 +277,13 @@ if ($page == 'overview') {

 				$completedomain = $subdomain . '.' . $domain;

+				if (Settings::Get('system.validate_domain') && ! validateDomain($completedomain)) {
+					standard_error(array(
+						'stringiswrong',
+						'mydomain'
+					));
+				}
+
 				if ($completedomain == Settings::Get('system.hostname')) {
 					standard_error('admin_domain_emailsystemhostname');
 				}
@@ -307,14 +319,14 @@ if ($page == 'overview') {
 					triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 				}

-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -362,6 +374,11 @@ if ($page == 'overview') {
 					$ssl_redirect = 2;
 				}

+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} elseif ($subdomain == '') {
@@ -404,7 +421,10 @@ if ($page == 'overview') {
 						`specialsettings` = :specialsettings,
 						`ssl_redirect` = :ssl_redirect,
 						`phpsettingid` = :phpsettingid,
-						`letsencrypt` = :letsencrypt"
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -421,7 +441,10 @@ if ($page == 'overview') {
 						"specialsettings" => $domain_check['specialsettings'],
 						"ssl_redirect" => $ssl_redirect,
 						"phpsettingid" => $phpsid_result['phpsettingid'],
-						"letsencrypt" => $letsencrypt
+						"letsencrypt" => $letsencrypt,
+						"hsts" => $hsts_maxage,
+						"hsts_sub" => $hsts_sub,
+						"hsts_preload" => $hsts_preload
 					);
 					Database::pexecute($stmt, $params);

@@ -494,7 +517,12 @@ if ($page == 'overview') {

 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE pip.`ssl`='1'
+				");
 				Database::pexecute($ssl_ip_stmt);
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
@@ -515,8 +543,7 @@ if ($page == 'overview') {
 		}
 	} elseif ($action == 'edit' && $id != 0) {

-		$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`isbinddomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
-			`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `d`.`letsencrypt`, `pd`.`subcanemaildomain`
+		$stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
 			WHERE `d`.`customerid` = :customerid
 			AND `d`.`id` = :id
@@ -534,14 +561,14 @@ if ($page == 'overview') {

 		if (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -556,7 +583,7 @@ if ($page == 'overview') {
 					$_doredirect = true;
 				}

-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;

 				if (isset($_POST['selectserveralias'])) {
 					$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
@@ -622,7 +649,7 @@ if ($page == 'overview') {

 				// We can't enable let's encrypt for wildcard - domains
 				if ($iswildcarddomain == '1' && $letsencrypt == '1') {
-				    standard_error('nowildcardwithletsencrypt');
+					standard_error('nowildcardwithletsencrypt');
 				}

 				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
@@ -630,6 +657,11 @@ if ($page == 'overview') {
 					$ssl_redirect = 2;
 				}

+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} else {
@@ -654,7 +686,11 @@ if ($page == 'overview') {
 						|| $aliasdomain != $result['aliasdomain']
 						|| $openbasedir_path != $result['openbasedir_path']
 						|| $ssl_redirect != $result['ssl_redirect']
-						|| $letsencrypt != $result['letsencrypt']) {
+						|| $letsencrypt != $result['letsencrypt']
+						|| $hsts_maxage != $result['hsts']
+						|| $hsts_sub != $result['hsts_sub']
+						|| $hsts_preload != $result['hsts_preload']
+					) {
 						$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");

 						$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
@@ -665,7 +701,10 @@ if ($page == 'overview') {
 							`aliasdomain`= :aliasdomain,
 							`openbasedir_path`= :openbasedir_path,
 							`ssl_redirect`= :ssl_redirect,
-							`letsencrypt`= :letsencrypt
+							`letsencrypt`= :letsencrypt,
+							`hsts` = :hsts,
+							`hsts_sub` = :hsts_sub,
+							`hsts_preload` = :hsts_preload
 							WHERE `customerid`= :customerid
 							AND `id`= :id"
 						);
@@ -678,6 +717,9 @@ if ($page == 'overview') {
 							"openbasedir_path" => $openbasedir_path,
 							"ssl_redirect" => $ssl_redirect,
 							"letsencrypt" => $letsencrypt,
+							"hsts" => $hsts_maxage,
+							"hsts_sub" => $hsts_sub,
+							"hsts_preload" => $hsts_preload,
 							"customerid" => $userinfo['customerid'],
 							"id" => $id
 						);
@@ -687,11 +729,20 @@ if ($page == 'overview') {
 							// trigger when domain id for alias destination has changed: both for old and new destination
 							triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
 							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
-						} else
-							if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
-								// or when wwwserveralias or letsencrypt was changed
-								triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
-							}
+						} elseif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+							// or when wwwserveralias or letsencrypt was changed
+							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+						}
+
+						// check whether LE has been disabled, so we remove the certificate
+						if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+							$del_stmt = Database::prepare("
+								DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+							");
+							Database::pexecute($del_stmt, array(
+								'id' => $id
+							));
+						}

 						inserttask('1');

@@ -718,7 +769,7 @@ if ($page == 'overview') {
 					AND `dip`.`id_ipandports`
 					IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."`
 						WHERE `id_domain` = :id)
-					GROUP BY `d`.`domain`
+					GROUP BY `d`.`id`, `d`.`domain`
 					ORDER BY `d`.`domain` ASC"
 				);
 				Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid']));
@@ -727,7 +778,7 @@ if ($page == 'overview') {
 					$domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']);
 				}

-				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) {
+				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($result['documentroot'])) {
 					if (Settings::Get('panel.pathedit') == 'Dropdown') {
 						$urlvalue = $result['documentroot'];
 						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -751,8 +802,13 @@ if ($page == 'overview') {

 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
-				Database::pexecute($ssl_ip_stmt);
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE `dti`.`id_domain` = :id_domain AND pip.`ssl`='1'
+				");
+				Database::pexecute($ssl_ip_stmt, array("id_domain" => $result['id']));
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
 					$ssl_ipsandports = 'notempty';
@@ -923,4 +979,9 @@ if ($page == 'overview') {
 } elseif ($page == 'domaindnseditor' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1') {

 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }
--- a/customer_email.php
+++ b/customer_email.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','email')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -200,7 +205,8 @@ if ($page == 'overview') {
 		if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$email_part = $_POST['email_part'];
-				$domain = $idna_convert->encode(validate($_POST['domain'], 'domain'));
+				// domain does not need idna encoding as the value of the select-box is already Punycode
+				$domain = validate($_POST['domain'], 'domain');
 				$stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain`= :domain
 					AND `customerid`= :customerid
--- a/customer_extras.php
+++ b/customer_extras.php
@@ -19,6 +19,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -29,6 +34,12 @@ if ($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
 	eval("echo \"" . getTemplate("extras/extras") . "\";");
 } elseif ($page == 'htpasswds') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.directoryprotection')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
 		$fields = array(
@@ -262,6 +273,12 @@ if ($page == 'overview') {
 		}
 	}
 } elseif ($page == 'htaccess') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.pathoptions')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
 		$fields = array(
@@ -520,6 +537,11 @@ if ($page == 'overview') {
 	}
 } elseif ($page == 'backup') {

+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.backup')) {
+		redirectTo('customer_index.php');
+	}
+
 	if (Settings::Get('system.backupenabled') == 1)
 	{
 		if ($action == 'abort' && isset($_POST['send']) && $_POST['send'] == 'send') {
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','ftp')) {
+	redirectTo('customer_index.php');
+}
+
 $id = 0;
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -40,7 +45,7 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_FTP_USERS, $fields);

-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
@@ -153,6 +158,10 @@ if ($page == 'overview') {
 				$path = validate($_POST['path'], 'path');
 				$password = validate($_POST['ftp_password'], 'password');
 				$password = validatePassword($password);
+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}

 				$sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0;
 				if ($sendinfomail != 1) {
@@ -200,8 +209,8 @@ if ($page == 'overview') {
 					$cryptPassword = makeCryptPassword($password);

 					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
-						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
-						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid)"
+						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`)
+						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid, :shell)"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -209,7 +218,8 @@ if ($page == 'overview') {
 						"description" => $description,
 						"password" => $cryptPassword,
 						"homedir" => $path,
-						"guid" => $userinfo['guid']
+						"guid" => $userinfo['guid'],
+						"shell" => $shell
 					);
 					Database::pexecute($stmt, $params);

@@ -329,6 +339,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", "/bin/false");
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, "/bin/false");
+						}
+					}
+				}
+
 				//$sendinfomail = makeyesno('sendinfomail', '1', '0', '0');

 				$ftp_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_add.php';
@@ -341,7 +363,7 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -353,6 +375,11 @@ if ($page == 'overview') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');

+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}
+
 				$_setnewpass = false;
 				if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
 					$password = validate($_POST['ftp_password'], 'password');
@@ -406,11 +433,11 @@ if ($page == 'overview') {
 				$log->logAction(USR_ACTION, LOG_INFO, "edited ftp-account '" . $result['username'] . "'");
 				$description = validate($_POST['ftp_description'], 'description');
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
-					SET `description` = :desc
+					SET `description` = :desc, `shell` = :shell
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
-				Database::pexecute($stmt, array("desc" => $description, "customerid" => $userinfo['customerid'], "id" => $id));
+				Database::pexecute($stmt, array("desc" => $description, "shell" => $shell, "customerid" => $userinfo['customerid'], "id" => $id));

 				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
@@ -436,6 +463,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", $result['shell']);
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, $result['shell']);
+						}
+					}
+				}
+
 				$ftp_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_edit.php';
 				$ftp_edit_form = htmlform::genHTMLForm($ftp_edit_data);

--- a/customer_index.php
+++ b/customer_index.php
@@ -78,8 +78,15 @@ if ($page == 'overview') {
 	$yesterday = time() - (60 * 60 * 24);
 	$month = date('M Y', $yesterday);

+	// get disk-space usages for web, mysql and mail
+	$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+	$usages = Database::pexecute_first($usages_stmt, array('cid' => $userinfo['customerid']));
+
 	$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['diskspace_used'] = round($usages['webspace'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['mailspace_used'] = round($usages['mail'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['dbspace_used'] = round($usages['mysql'] / 1024, Settings::Get('panel.decimal_places'));
+
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');
@@ -267,7 +274,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = str_replace("\n", "<br />", $mail_body);

--- a/customer_logger.php
+++ b/customer_logger.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras.logger')) {
+	redirectTo('customer_index.php');
+}
+
 if ($page == 'log'
 ) {
 	if ($action == '') {
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','mysql')) {
+	redirectTo('customer_index.php');
+}
+
 // get sql-root access data
 Database::needRoot(true);
 Database::needSqlData();
--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';

+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {

 	$id = intval($_POST['id']);
@@ -327,7 +332,7 @@ if ($page == 'overview') {

 				$subject = $subticket->Get('subject');
 				$message = $subticket->Get('message');
-				
+
 				$row2 = htmlentities_array($row2);
 				eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_list") . "\";");
 			}
--- a/customer_traffic.php
+++ b/customer_traffic.php
@@ -20,6 +20,12 @@
 define('AREA', 'customer');
 $intrafficpage = 1;
 require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','traffic')) {
+	redirectTo('customer_index.php');
+}
+
 $traffic = '';
 $month = null;
 $year = null;
@@ -109,8 +115,7 @@ if (!is_null($month) && !is_null($year)) {
 	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
 		FROM `" . TABLE_PANEL_TRAFFIC . "`
 		WHERE `customerid` = :customerid
-		GROUP BY CONCAT(`year`,`month`)
-		ORDER BY CONCAT(`year`,`month`) DESC
+		GROUP BY `year` DESC, `month` DESC
 		LIMIT 12"
 	);
 	Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -66,7 +66,7 @@ CREATE TABLE `mail_virtual` (
  `id` int(11) NOT NULL auto_increment,
  `email` varchar(255) NOT NULL default '',
  `email_full` varchar(255) NOT NULL default '',
-  `destination` text NOT NULL,
+  `destination` text NOT NULL default '',
  `domainid` int(11) NOT NULL default '0',
  `customerid` int(11) NOT NULL default '0',
  `popaccountid` int(11) NOT NULL default '0',
@@ -195,8 +195,9 @@ CREATE TABLE `panel_customers` (
  `theme` varchar(255) NOT NULL default 'Sparkle',
  `custom_notes` text,
  `custom_notes_show` tinyint(1) NOT NULL default '0',
-  `lepublickey` mediumtext DEFAULT NULL,
-  `leprivatekey` mediumtext DEFAULT NULL,
+  `lepublickey` mediumtext default NULL,
+  `leprivatekey` mediumtext default NULL,
+  `leregistered` tinyint(1) NOT NULL default '0',
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -237,6 +238,7 @@ CREATE TABLE `panel_domains` (
  `dkim_pubkey` text,
  `wwwserveralias` tinyint(1) NOT NULL default '1',
  `parentdomainid` int(11) NOT NULL default '0',
+  `phpenabled` tinyint(1) NOT NULL default '0',
  `openbasedir` tinyint(1) NOT NULL default '0',
  `openbasedir_path` tinyint(1) NOT NULL default '0',
  `speciallogfile` tinyint(1) NOT NULL default '0',
@@ -245,8 +247,8 @@ CREATE TABLE `panel_domains` (
  `deactivated` tinyint(1) NOT NULL default '0',
  `bindserial` varchar(10) NOT NULL default '2000010100',
  `add_date` int( 11 ) NOT NULL default '0',
-  `registration_date` date NOT NULL,
-  `termination_date` date NOT NULL,
+  `registration_date` date DEFAULT NULL,
+  `termination_date` date DEFAULT NULL,
  `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',
  `mod_fcgid_starter` int(4) default '-1',
  `mod_fcgid_maxrequests` int(4) default '-1',
@@ -254,7 +256,7 @@ CREATE TABLE `panel_domains` (
  `letsencrypt` tinyint(1) NOT NULL default '0',
  `hsts` varchar(10) NOT NULL default '0',
  `hsts_sub` tinyint(1) NOT NULL default '0',
-  `hsts_preload` tinyint(1) NOT NULL default '1',
+  `hsts_preload` tinyint(1) NOT NULL default '0',
  PRIMARY KEY  (`id`),
  KEY `customerid` (`customerid`),
  KEY `parentdomain` (`parentdomainid`),
@@ -280,7 +282,8 @@ CREATE TABLE `panel_ipsandports` (
  `default_vhostconf_domain` text,
  `ssl_cert_chainfile` varchar(255) NOT NULL,
  `docroot` varchar(255) NOT NULL default '',
-  PRIMARY KEY  (`id`)
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `ip_port` (`ip`,`port`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;


@@ -496,6 +499,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'ssl_cert_chainfile', ''),
 	('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
 	('system', 'nginx_php_backend', '127.0.0.1:8888'),
+	('system', 'nginx_http2_support', '0'),
 	('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
 	('system', 'phpreload_command', ''),
 	('system', 'apache24', '0'),
@@ -521,7 +525,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'lepublickey', 'unset'),
 	('system', 'letsencryptca', 'production'),
 	('system', 'letsencryptcountrycode', 'DE'),
-	('system', 'letsencryptstate', 'Germany'),
+	('system', 'letsencryptstate', 'Hessen'),
 	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
 	('system', 'letsencryptkeysize', '4096'),
 	('system', 'letsencryptreuseold', 0),
@@ -530,6 +534,22 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'dnsenabled', '0'),
 	('system', 'dns_server', 'bind'),
 	('system', 'apacheglobaldiropt', ''),
+	('system', 'allow_customer_shell', '0'),
+	('system', 'available_shells', ''),
+	('system', 'le_froxlor_enabled', '0'),
+	('system', 'le_froxlor_redirect', '0'),
+	('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),
+	('system', 'mail_use_smtp', '0'),
+	('system', 'mail_smtp_host', 'localhost'),
+	('system', 'mail_smtp_port', '25'),
+	('system', 'mail_smtp_usetls', '1'),
+	('system', 'mail_smtp_auth', '1'),
+	('system', 'mail_smtp_user', ''),
+	('system', 'mail_smtp_passwd', ''),
+	('system', 'hsts_maxage', '0'),
+	('system', 'hsts_incsub', '0'),
+	('system', 'hsts_preload', '0'),
+	('system', 'leregistered', '0'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -560,8 +580,9 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.37-rc1'),
-	('panel', 'db_version', '201607140');
+	('panel', 'customer_hide_options', ''),
+	('panel', 'version', '0.9.38.5'),
+	('panel', 'db_version', '201612110');


 DROP TABLE IF EXISTS `panel_tasks`;
--- a/install/lib/class.FroxlorInstall.php
+++ b/install/lib/class.FroxlorInstall.php
@@ -177,10 +177,14 @@ class FroxlorInstall
 		}

 		// check system-hostname to be a FQDN
-		if ($this->_validate_ip($this->_data['servername'], true) !== false) {
+		if ($this->_validate_ip($this->_data['servername']) !== false) {
 			$this->_data['servername'] = '';
 		}

+		if (empty($this->_data['serverip'] || $this->_validate_ip($this->_data['serverip']) == false)) {
+			return false;
+		}
+
 		if (isset($_POST['installstep']) && $_POST['installstep'] == '1' && $this->_data['admin_pass1'] == $this->_data['admin_pass2'] && $this->_data['admin_pass1'] != '' && $this->_data['admin_pass2'] != '' && $this->_data['mysql_unpriv_pass'] != '' && $this->_data['mysql_root_pass'] != '' && $this->_data['servername'] != '' && $this->_data['serverip'] != '' && $this->_data['httpuser'] != '' && $this->_data['httpgroup'] != '' && $this->_data['mysql_unpriv_user'] != $this->_data['mysql_root_user']) {
 			return true;
 		}
@@ -781,7 +785,7 @@ class FroxlorInstall
 		}
 		$formdata .= $this->_getSectionItemString('servername', true, $style);
 		// serverip
-		if (! empty($_POST['installstep']) && $this->_data['serverip'] == '') {
+		if (! empty($_POST['installstep']) && ($this->_data['serverip'] == '' || $this->_validate_ip($this->_data['serverip']) == false)) {
 			$style = 'color:red;';
 		} else {
 			$style = '';
@@ -996,6 +1000,15 @@ class FroxlorInstall
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}

+		// check for zip extension
+		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpzip']);
+
+		if (! extension_loaded('zip')) {
+			$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['zipdescription']);
+		} else {
+			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+		}
+
 		// check for open_basedir
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['openbasedir']);
 		$php_ob = @ini_get("open_basedir");
--- a/install/lng/english.lng.php
+++ b/install/lng/english.lng.php
@@ -34,7 +34,9 @@ $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
 $lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-extension...';
+$lng['requirements']['phpzip'] = 'PHP zip-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
+$lng['requirements']['zipdescription'] = 'The auto-update feature requires the zip extension.';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';
--- a/install/lng/german.lng.php
+++ b/install/lng/german.lng.php
@@ -34,7 +34,9 @@ $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
 $lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-Erweiterung...';
+$lng['requirements']['phpzip'] = 'PHP zip-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
+$lng['requirements']['zipdescription'] = 'Die Auto-Update Funktion benötigt die zip Erweiterung.';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';
--- a/install/templates/dataitemchk.tpl
+++ b/install/templates/dataitemchk.tpl
@@ -1,4 +1,4 @@
 <p>
 	<label for="{$fieldname}" class="install-block {$style}">{$this->_lng['install']['webserver']} {$fieldlabel}:</label>
-	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}<span>
+	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}</span>
 </p>
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -3397,8 +3397,185 @@ if (isDatabaseVersion('201606190')) {

 if (isFroxlorVersion('0.9.36')) {

-	showUpdateStep("Updating from 0.9.36 to 0.9.37-rc1");
-	lastStepStatus(0);
-
+	showUpdateStep("Updating from 0.9.36 to 0.9.37-rc1", false);
 	updateToVersion('0.9.37-rc1');
 }
+
+if (isDatabaseVersion('201607140')) {
+
+	showUpdateStep("Adding new setting to hide certain options in customer panel");
+	Settings::AddNew("panel.customer_hide_options", "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201607210');
+}
+
+if (isFroxlorVersion('0.9.37-rc1')) {
+
+	showUpdateStep("Updating from 0.9.37-rc1 to 0.9.37 final", false);
+	updateToVersion('0.9.37');
+}
+
+if (isDatabaseVersion('201607210')) {
+
+	showUpdateStep("Adding new settings for customer shell option");
+	Settings::AddNew("system.allow_customer_shell", "0");
+	Settings::AddNew("system.available_shells", "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201608260');
+}
+
+if (isDatabaseVersion('201608260')) {
+
+	showUpdateStep("Adding new settings to use Let's Encrypt for froxlor");
+	Settings::AddNew("system.le_froxlor_enabled", "0");
+	Settings::AddNew("system.le_froxlor_redirect", "0");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609050');
+}
+
+if (isDatabaseVersion('201609050')) {
+
+	showUpdateStep("Adding new settings for acme.conf (Let's Encrypt)");
+	// get user-chosen value
+	$websrv_default = "/etc/apache2/conf-enabled/acme.conf";
+	if (Settings::Get('system.webserver') == 'nginx') {
+		$websrv_default = "/etc/nginx/acme.conf";
+	}
+	$acmeconffile = isset($_POST['acmeconffile']) ? $_POST['acmeconffile'] : $websrv_default;
+	$acmeconffile = makeCorrectFile($acmeconffile);
+	Settings::AddNew("system.letsencryptacmeconf", $acmeconffile);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609120');
+}
+
+if (isDatabaseVersion('201609120')) {
+
+	showUpdateStep("Adding new SMTP settings for emails sent by froxlor");
+	// get user-chosen value
+	$smtp_enable = isset($_POST['smtp_enable']) ? (int) $_POST['smtp_enable'] : 0;
+	$smtp_host = isset($_POST['smtp_host']) ? $_POST['smtp_host'] : "localhost";
+	$smtp_port = isset($_POST['smtp_port']) ? (int)$_POST['smtp_port'] : 25;
+	$smtp_usetls = isset($_POST['smtp_usetls']) ? (int) $_POST['smtp_usetls'] : 1;
+	$smtp_useauth = isset($_POST['smtp_auth']) ? (int) $_POST['smtp_auth'] : 1;
+	$smtp_user = isset($_POST['smtp_user']) ? $_POST['smtp_user'] : "";
+	$smtp_passwd = isset($_POST['smtp_passwd']) ? $_POST['smtp_passwd'] : "";
+
+	Settings::AddNew("system.mail_use_smtp", $smtp_enable);
+	Settings::AddNew("system.mail_smtp_host", $smtp_host);
+	Settings::AddNew("system.mail_smtp_port", $smtp_port);
+	Settings::AddNew("system.mail_smtp_usetls", $smtp_usetls);
+	Settings::AddNew("system.mail_smtp_auth", $smtp_useauth);
+	Settings::AddNew("system.mail_smtp_user", $smtp_user);
+	Settings::AddNew("system.mail_smtp_passwd", $smtp_passwd);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609200');
+}
+
+if (isDatabaseVersion('201609200')) {
+
+	showUpdateStep("Changing tables to be more mysql strict-mode compatible");
+	Database::query("ALTER TABLE `".TABLE_MAIL_VIRTUAL."` CHANGE `destination` `destination` TEXT NOT NULL DEFAULT '';");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `registration_date` `registration_date` DATE NULL DEFAULT NULL;");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `termination_date` `termination_date` DATE NULL DEFAULT NULL;");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609240');
+}
+
+if (isDatabaseVersion('201609240')) {
+
+	showUpdateStep("Add HSTS settings for froxlor-vhost");
+	Settings::AddNew("system.hsts_maxage", 0);
+	Settings::AddNew("system.hsts_incsub", 0);
+	Settings::AddNew("system.hsts_preload", 0);
+	lastStepStatus(0);
+
+	showUpdateStep("Settings HSTS default values for all domains (deactivated)");
+	Database::query("UPDATE `".TABLE_PANEL_DOMAINS."` SET `hsts_sub` = '0', `hsts_preload` = '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201610070');
+}
+
+if (isFroxlorVersion('0.9.37')) {
+
+	showUpdateStep("Updating from 0.9.37 to 0.9.38-rc1", false);
+	updateToVersion('0.9.38-rc1');
+}
+
+if (isFroxlorVersion('0.9.38-rc1')) {
+
+	showUpdateStep("Updating from 0.9.38-rc1 to 0.9.38-rc2", false);
+	updateToVersion('0.9.38-rc2');
+}
+
+if (isFroxlorVersion('0.9.38-rc2')) {
+
+	showUpdateStep("Updating from 0.9.38-rc2 to 0.9.38 final", false);
+	updateToVersion('0.9.38');
+}
+
+if (isDatabaseVersion('201610070')) {
+
+	showUpdateStep("Add Nginx http2 setting");
+	Settings::AddNew("system.nginx_http2_support", 0);
+	lastStepStatus(0);
+
+	updateToDbVersion('201611180');
+}
+
+if (isFroxlorVersion('0.9.38')) {
+
+	showUpdateStep("Updating from 0.9.38 to 0.9.38.1", false);
+	updateToVersion('0.9.38.1');
+}
+
+if (isFroxlorVersion('0.9.38.1')) {
+
+	showUpdateStep("Updating from 0.9.38.1 to 0.9.38.2", false);
+	updateToVersion('0.9.38.2');
+}
+
+if (isFroxlorVersion('0.9.38.2')) {
+
+	showUpdateStep("Updating from 0.9.38.2 to 0.9.38.3", false);
+	updateToVersion('0.9.38.3');
+}
+
+if (isFroxlorVersion('0.9.38.3')) {
+
+	showUpdateStep("Updating from 0.9.38.3 to 0.9.38.4", false);
+	updateToVersion('0.9.38.4');
+}
+
+if (isDatabaseVersion('201611180')) {
+
+	showUpdateStep("Updating database table definition for panel_domains");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `phpenabled` tinyint(1) NOT NULL default '1' AFTER `parentdomainid`;");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding field for let's-encrypt registration status");
+	Database::query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` add `leregistered` TINYINT(1) NOT NULL DEFAULT 0;");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding system setting for let's-encrypt registration status");
+	Settings::AddNew('system.leregistered', '0');
+	lastStepStatus(0);
+
+  showUpdateStep("Adding unique key to ipsandports table");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_IPSANDPORTS . "` ADD UNIQUE KEY `ip_port` (`ip`,`port`)");
+	lastStepStatus(0);
+
+	updateToDbVersion('201612110');
+}
+
+if (isFroxlorVersion('0.9.38.4')) {
+
+	showUpdateStep("Updating from 0.9.38.4 to 0.9.38.5", false);
+	updateToVersion('0.9.38.5');
+}
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -679,4 +679,34 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 		$question .= $dnsdaemons . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201609120')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'You can now customize the path to your acme.conf file (global alias for Let\'s Encrypt). If you already set up Let\'s Encrypt and the acme.conf file, please set this to the complete path to the file!<br /><br />';
+			$question = '<strong>Path to the acme.conf alias-file.</strong><br />';
+			$question .= '<input type="text" class="text" name="acmeconffile" value="/etc/apache2/conf-enabled/acme.conf" /><br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if (versionInUpdate($current_db_version, '201609200')) {
+		$has_preconfig = true;
+		$description = 'Specify SMTP settings which froxlor should use to send mail (optional)<br /><br />';
+		$question = '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= makeyesno('smtp_enable', '1', '0', '0') . '<br />';
+		$question .= '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_host" value="localhost" /><br />';
+		$question .= '<strong>TCP port to connect to?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_port" value="25" /><br />';
+		$question .= '<strong>Enable TLS encryption?</strong><br />';
+		$question .= makeyesno('smtp_usetls', '1', '0', '1') . '<br />';
+		$question .= '<strong>Enable SMTP authentication?</strong><br />';
+		$question .= makeyesno('smtp_auth', '1', '0', '1') . '<br />';
+		$question .= '<strong>SMTP user?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_user" value="" /><br />';
+		$question .= '<strong>SMTP password?</strong><br />';
+		$question .= '<input type="password" class="text" name="smtp_passwd" value="" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
 }
--- a/lib/classes/config/class.ConfigDaemon.php
+++ b/lib/classes/config/class.ConfigDaemon.php
@@ -71,7 +71,7 @@ class ConfigDaemon {
 	 * @var string
 	 */
 	public $title;
-	
+
 	/**
 	 * Whether this is the default daemon of the service-category
 	 * @var boolean
@@ -321,7 +321,7 @@ class ConfigDaemon {
 		if (array_key_exists('chown', $attributes)) {
 			$return[] = array('type' => 'command', 'content' => 'chown ' . $attributes['chown'] . ' "' . $this->_parseContent($attributes['name']) . '"', 'execute' => "post");
 		}
-		
+
 		// If we have more than 1 element, we want to group this stuff for easier processing later
 		if (count($return) > 1) {
 			$return = array('type' => 'file', 'subcommands' => $return, 'name' => $this->_parseContent($attributes['name']));
@@ -399,10 +399,11 @@ class ConfigDaemon {
 			case "false": if ($order == true) { $return = -1; }; break;
 			case "true": if ($order == false) { $return = -1; }; break;
 			case "notempty": if ($order == "") { $return = -1; }; break;
-			case "userexists": if (posix_getpwnam($order) === false) { $return = -1; }; break;
-			case "groupexists": if (posix_getgrnam($order) === false) { $return = -1; }; break;
-			case "usernotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
-			case "groupnotexists": if (is_array(posix_getgrnam($order))) { $return = -1; }; break;
+			case "userexists": if (posix_getpwuid($order) === false) { $return = -1; }; break;
+			case "groupexists": if (posix_getgrgid($order) === false) { $return = -1; }; break;
+			case "usernotexists": if (is_array(posix_getpwuid($order))) { $return = -1; }; break;
+			case "groupnotexists": if (is_array(posix_getgrgid($order))) { $return = -1; }; break;
+			case "usernamenotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
 			case "equals": $return = (isset($attributes['value']) && $attributes['value'] == $order ? 0 : -1); break;
 		}
 		return $return;
--- a/lib/classes/idna/class.idna_convert_wrapper.php
+++ b/lib/classes/idna/class.idna_convert_wrapper.php
@@ -67,6 +67,16 @@ class idna_convert_wrapper
 		}
 	}

+	public function encode_uri($to_encode)
+	{
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			return $this->_do_action('encode', $to_encode);
+		} else {
+			$to_encode = $this->is_utf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+			return $this->idna_converter->encodeUri($to_encode);
+		}
+	}
+
 	/**
 	 * Decode a domain name, a email address or a list of one of both.
 	 *
--- a/lib/classes/output/class.htmlform.php
+++ b/lib/classes/output/class.htmlform.php
@@ -122,6 +122,8 @@ class htmlform
 				return self::_checkbox($fieldname, $data); break;
 			case 'file':
 				return self::_file($fieldname, $data); break;
+			case 'int':
+				return self::_int($fieldname, $data); break;
 		}
 	}

@@ -313,4 +315,29 @@ class htmlform
 		return $return;
 	}

+	private static function _int($fieldname = '', $data = array())
+	{
+		$return = '';
+		$extras = '';
+		if(isset($data['int_min'])) {
+			$extras .= ' min="'.$data['int_min'].'"';
+		}
+		if(isset($data['int_max'])) {
+			$extras .= ' max="'.$data['int_max'].'"';
+		}
+
+		// add support to save reloaded forms
+		if (isset($data['value'])) {
+			$value = $data['value'];
+		} elseif (isset($_SESSION['requestData'][$fieldname])) {
+			$value = $_SESSION['requestData'][$fieldname];
+		} else {
+			$value = '';
+		}
+
+		$type = 'number';
+		$ulfield = '';
+		eval("\$return = \"" . getTemplate("misc/form/input_text", "1") . "\";");
+		return $return;
+	}
 }
--- a/lib/classes/output/class.paging.php
+++ b/lib/classes/output/class.paging.php
@@ -319,6 +319,8 @@ class paging {
 				$condition.= $searchfield . " ".$oper." " . Database::quote($searchtext);
 			} else {
 				$searchtext = str_replace('*', '%', $this->searchtext);
+				// append wildcards if user did not enter any
+				if (strpos($searchtext,'%') === false) $searchtext='%'.$searchtext.'%';
 				$condition.= $searchfield . " LIKE " . Database::quote($searchtext);
 			}
 			
--- a/lib/classes/phpinterface/class.phpinterface_fcgid.php
+++ b/lib/classes/phpinterface/class.phpinterface_fcgid.php
@@ -135,15 +135,6 @@ class phpinterface_fcgid {
 			$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 			$openbasedir .= $_phpappendopenbasedir;

-			$openbasedir = explode(':', $openbasedir);
-			$clean_openbasedir = array();
-			foreach ($openbasedir as $number => $path) {
-				if (trim($path) != '/') {
-					$clean_openbasedir[] = makeCorrectDir($path);
-				}
-			}
-			$openbasedir = implode(':', $clean_openbasedir);
-
 		} else {
 			$openbasedir = 'none';
 			$openbasedirc = ';';
@@ -166,14 +157,13 @@ class phpinterface_fcgid {
 		);

 		//insert a small header for the file
-
 		$phpini_file = ";\n";
 		$phpini_file.= "; php.ini created/changed on " . date("Y.m.d H:i:s") . " for domain '" . $this->_domain['domain'] . "' with id #" . $this->_domain['id'] . " from php template '" . $phpconfig['description'] . "' with id #" . $phpconfig['id'] . "\n";
 		$phpini_file.= "; Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\n";
 		$phpini_file.= ";\n\n";
 		$phpini_file.= replace_variables($phpconfig['phpsettings'], $php_ini_variables);
 		$phpini_file = str_replace('"none"', 'none', $phpini_file);
-		$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
+		//$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
 		$phpini_file_handler = fopen($this->getIniFile(), 'w');
 		fwrite($phpini_file_handler, $phpini_file);
 		fclose($phpini_file_handler);
--- a/lib/classes/phpinterface/class.phpinterface_fpm.php
+++ b/lib/classes/phpinterface/class.phpinterface_fpm.php
@@ -267,15 +267,6 @@ class phpinterface_fpm {

 					$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 					$openbasedir .= $_phpappendopenbasedir;
-
-					$openbasedir = explode(':', $openbasedir);
-					$clean_openbasedir = array();
-					foreach ($openbasedir as $number => $path) {
-						if (trim($path) != '/') {
-							$clean_openbasedir[] = makeCorrectDir($path);
-						}
-					}
-					$openbasedir = implode(':', $clean_openbasedir);
 				}
 			}
 			$fpm_config.= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
--- a/lib/classes/phpmailer/PHPMailerAutoload.php
+++ b/lib/classes/phpmailer/PHPMailerAutoload.php
@@ -1,49 +1,49 @@
 <?php
 /**
 * PHPMailer SPL autoloader.
- * PHP Version 5
- * @package PHPMailer
- * @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
- * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
- * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
- * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
- * @author Brent R. Matzelle (original founder)
- * @copyright 2012 - 2014 Marcus Bointon
- * @copyright 2010 - 2012 Jim Jagielski
- * @copyright 2004 - 2009 Andy Prevost
- * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
- * @note This program is distributed in the hope that it will be useful - WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.
- */
+* PHP Version 5
+* @package PHPMailer
+* @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
+* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
+* @author Brent R. Matzelle (original founder)
+* @copyright 2012 - 2014 Marcus Bointon
+* @copyright 2010 - 2012 Jim Jagielski
+* @copyright 2004 - 2009 Andy Prevost
+* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+* @note This program is distributed in the hope that it will be useful - WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.
+*/

 /**
 * PHPMailer SPL autoloader.
- * @param string $classname The name of the class to load
- */
+* @param string $classname The name of the class to load
+*/
 function PHPMailerAutoload($classname)
 {
-    //Can't use __DIR__ as it's only in PHP 5.3+
-    $filename = dirname(__FILE__).DIRECTORY_SEPARATOR.'class.'.strtolower($classname).'.php';
-    if (is_readable($filename)) {
-        require $filename;
-    }
+	//Can't use __DIR__ as it's only in PHP 5.3+
+	$filename = dirname(__FILE__).DIRECTORY_SEPARATOR.'class.'.strtolower($classname).'.php';
+	if (is_readable($filename)) {
+		require $filename;
+	}
 }

 if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
-    //SPL autoloading was introduced in PHP 5.1.2
-    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
-        spl_autoload_register('PHPMailerAutoload', true, true);
-    } else {
-        spl_autoload_register('PHPMailerAutoload');
-    }
+	//SPL autoloading was introduced in PHP 5.1.2
+	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+		spl_autoload_register('PHPMailerAutoload', true, true);
+	} else {
+		spl_autoload_register('PHPMailerAutoload');
+	}
 } else {
-    /**
-     * Fall back to traditional autoload for old PHP versions
-     * @param string $classname The name of the class to load
-     */
-    function __autoload($classname)
-    {
-        PHPMailerAutoload($classname);
-    }
+	/**
+	 * Fall back to traditional autoload for old PHP versions
+	 * @param string $classname The name of the class to load
+	 */
+	function __autoload($classname)
+	{
+		PHPMailerAutoload($classname);
+	}
 }
--- a/lib/classes/phpmailer/class.PHPMailer.php
+++ b/lib/classes/phpmailer/class.PHPMailer.php
--- a/lib/classes/phpmailer/class.SMTP.php
+++ b/lib/classes/phpmailer/class.SMTP.php
--- a/lib/classes/settings/class.Settings.php
+++ b/lib/classes/settings/class.Settings.php
@@ -86,6 +86,7 @@ class Settings {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			self::$_data[$row['settinggroup']][$row['varname']] = $row['value'];
 		}
+		return true;
 	}

 	/**
@@ -124,6 +125,23 @@ class Settings {
 		return $result;
 	}

+	/**
+	 * tests if a setting-value that i s a comma separated list contains an entry
+	 *
+	 * @param string $setting a group and a varname separated by a dot (group.varname)
+	 * @param string $entry the entry that is expected to be in the list
+	 *
+	 * @return boolean true, if the list contains $entry
+	 */
+	public function pIsInList($setting = null, $entry = null) {
+		$s=Settings::Get($setting);
+		if ($s==null) {
+			return false;
+		}
+		$slist = explode(",",$s);
+		return in_array($entry, $slist);
+	}
+
 	/**
 	 * update a setting / set a new value
 	 *
@@ -144,10 +162,16 @@ class Settings {
 			if ($instant_save) {
 				$this->_storeSetting($sstr[0], $sstr[1], $value);
 			} else {
-				if (!is_array(self::$_data[$sstr[0]])) {
+				// set temporary data for usage
+				if (!isset(self::$_data[$sstr[0]]) || !is_array(self::$_data[$sstr[0]])) {
 					self::$_data[$sstr[0]] = array();
 				}
 				self::$_data[$sstr[0]][$sstr[1]] = $value;
+				// set update-data when invoking Flush()
+				if (!isset(self::$_updatedata[$sstr[0]]) || !is_array(self::$_updatedata[$sstr[0]])) {
+					self::$_updatedata[$sstr[0]] = array();
+				}
+				self::$_updatedata[$sstr[0]][$sstr[1]] = $value;
 			}
 			return true;
 		}
@@ -206,8 +230,9 @@ class Settings {
 			// now empty the array
 			self::$_updatedata = array();
 			// re-read in all settings
-			$this->_readSettings();
+			return $this->_readSettings();
 		}
+		return false;
 	}

 	/**
--- a/lib/classes/ssl/class.lescript.php
+++ b/lib/classes/ssl/class.lescript.php
@@ -29,7 +29,8 @@
 class lescript
 {

-	public $license = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf';
+	// https://letsencrypt.org/repository/
+	public $license;

 	private $logger;

@@ -37,9 +38,18 @@ class lescript

 	private $accountKey;

-	public function __construct($logger)
+	private $customerid;
+
+	private $isFroxlorVhost;
+
+	private $isLeProduction;
+
+	private $version;
+
+	public function __construct($logger, $version = '1')
 	{
 		$this->logger = $logger;
+		$this->version = $version;
 		if (Settings::Get('system.letsencryptca') == 'production') {
 			$ca = 'https://acme-v01.api.letsencrypt.org';
 		} else {
@@ -49,44 +59,87 @@ class lescript
 		$this->log("Using '$ca' to generate certificate");
 	}

-	public function initAccount($certrow)
+	public function initAccount($certrow, $isFroxlorVhost = false)
 	{
 		// Let's see if we have the private accountkey
 		$this->accountKey = $certrow['leprivatekey'];
-		if (! $this->accountKey || $this->accountKey == 'unset' || Settings::Get('system.letsencryptca') != 'production') {
+		$this->customerId = $certrow['customerid'];
+		$this->isFroxlorVhost = $isFroxlorVhost;
+		$this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production');
+
+		$leregistered=$certrow['leregistered'];
+
+		if (! $this->accountKey || $this->accountKey == 'unset' || !$this->isLeProduction) {

 			// generate and save new private key for account
 			// ---------------------------------------------

-			$this->log('Starting new account registration');
+			$this->log('Creating new account key');
 			$keys = $this->generateKey();
 			// Only store the accountkey in production, in staging always generate a new key
-			if (Settings::Get('system.letsencryptca') == 'production') {
-				$upd_stmt = Database::prepare(
-					"UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " .
-						 "WHERE `customerid` = :customerid;");
-				Database::pexecute($upd_stmt,
-					array(
+			if ($this->isLeProduction) {
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+					Settings::Set('system.leregistered', 0); // key is not registered
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private, `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
 						'public' => $keys['public'],
 						'private' => $keys['private'],
-						'customerid' => $certrow['customerid']
+						'registered' => 0,
+						'customerid' => $this->customerId
 					));
+				}
 			}
+			$leregistered=0;
 			$this->accountKey = $keys['private'];
+		} else {
+			$this->log('Using existing account key');
+		}

+		if ($leregistered==0) { // Account not registered
+
+			$this->log('Starting new account registration');
 			$response = $this->postNewReg();
-			if ($this->client->getLastCode() != 201) {
-				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . $response);
+			if ($this->client->getLastCode() == 409) {
+				$this->log('The key was already registered. Using existing account.');
+			} else if ($this->client->getLastCode() == 201) {
+				$this->log('New account registered.');
+			} else {
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
+			}
+			$accountUrl=$this->client->getLastLocation();
+
+			$this->log('Accepting lets encrypt Terms of Service');
+
+			$this->license = $this->client->getAgreementURL();
+
+			// Terms of Service are optional according to ACME specs; if no ToS are presented, no need to update registration
+			if (!empty($this->license)) {
+				$response = $this->postRegAgreement(parse_url($accountUrl, PHP_URL_PATH));
+				if ($this->client->getLastCode() != 202) {
+					throw new \RuntimeException("Terms of Service not accepted. Whole response: " . json_encode($response));
+				}
 			}

-			$this->postNewReg();
-			$this->log('New account certificate registered');
-		} else {
-
-			$this->log('Account already registered. Continuing.');
+			$leregistered=1;
+			$this->setLeRegisteredState($leregistered); // Account registered
+			$this->log('Lets encrypt Terms of Service accepted');
 		}
+
 	}

+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
 	public function signDomains(array $domains, $domainkey = null, $csr = null)
 	{
 		if (! $this->accountKey) {
@@ -108,20 +161,25 @@ class lescript

 			$this->log("Requesting challenge for $domain");

-			$response = $this->signedRequest("/acme/new-authz",
-				array(
-					"resource" => "new-authz",
-					"identifier" => array(
-						"type" => "dns",
-						"value" => $domain
-					)
-				));
+			$response = $this->signedRequest("/acme/new-authz", array(
+				"resource" => "new-authz",
+				"identifier" => array(
+					"type" => "dns",
+					"value" => $domain
+				)
+			));
+
+			if ($this->client->getLastCode() == 403) {
+				$this->log("Got status 403 - setting LE status to unregistered.");
+				$this->setLeRegisteredState(0);
+				throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run.  Whole response: " . json_encode($response));
+			}

 			// if response is not an array but a string, it's most likely a server-error, e.g.
 			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
 			// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
 			if (! is_array($response)) {
-				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . $response);
+				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
 			}

 			if (! array_key_exists('challenges', $response)) {
@@ -129,12 +187,13 @@ class lescript
 			}

 			// choose http-01 challenge only
-			$challenge = array_reduce($response['challenges'],
-				function ($v, $w) {
-					return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
-				});
-			if (! $challenge)
+			$challenge = array_reduce($response['challenges'], function ($v, $w) {
+				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
+			});
+
+			if (! $challenge) {
 				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}

 			$this->log("Got challenge token for $domain");
 			$location = $this->client->getLastLocation();
@@ -168,7 +227,9 @@ class lescript
 			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");

 			// simple self check
-			if ($payload !== trim(@file_get_contents($uri))) {
+			$selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version));
+			$selfcheckContext = stream_context_create($selfcheckContextOptions);
+			if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
 				$errmsg = json_encode(error_get_last());
 				if ($errmsg != "null") {
 					$errmsg = "; PHP error: " . $errmsg;
@@ -176,19 +237,18 @@ class lescript
 					$errmsg = "";
 				}
 				@unlink($tokenPath);
-				throw new \RuntimeException("Please check $uri - token not available" . $errmsg);
+				$this->logger->logAction(CRON_ACTION, LOG_ERR, "letsencrypt Please check $uri - token not available" . $errmsg);
 			}

 			$this->log("Sending request to challenge");

 			// send request to challenge
-			$result = $this->signedRequest($challenge['uri'],
-				array(
-					"resource" => "challenge",
-					"type" => "http-01",
-					"keyAuthorization" => $payload,
-					"token" => $challenge['token']
-				));
+			$result = $this->signedRequest($challenge['uri'], array(
+				"resource" => "challenge",
+				"type" => "http-01",
+				"keyAuthorization" => $payload,
+				"token" => $challenge['token']
+			));

 			// waiting loop
 			// we wait for a maximum of 30 seconds to avoid endless loops
@@ -227,7 +287,9 @@ class lescript

 		$this->client->getLastLinks();

-		$csr = $this->generateCSR($privateDomainKey, $domains);
+		if (empty($csr)) {
+			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}

 		// request certificates creation
 		$result = $this->signedRequest("/acme/new-cert", array(
@@ -286,6 +348,21 @@ class lescript
 		);
 	}

+	private function setLeRegisteredState($state)
+	{
+		if ($this->isLeProduction) {
+			if ($this->isFroxlorVhost) {
+				Settings::Set('system.leregistered', $state);
+			} else {
+				$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+				Database::pexecute($upd_stmt, array(
+					'registered' => $state,
+					'customerid' => $this->customerId
+				));
+			}
+		}
+	}
+
 	private function parsePemFromBody($body)
 	{
 		$pem = chunk_split(base64_encode($body), 64, "\n");
@@ -302,6 +379,16 @@ class lescript
 		));
 	}

+	private function postRegAgreement($uri)
+	{
+		$this->log('Accepting agreement at URL: ' . $this->license);
+
+		return $this->signedRequest($uri, array(
+			'resource' => 'reg',
+			'agreement' => $this->license
+		));
+	}
+
 	private function generateCSR($privateKey, array $domains)
 	{
 		$domain = reset($domains);
@@ -313,8 +400,7 @@ class lescript
 		$tmpConfPath = $tmpConfMeta["uri"];

 		// workaround to get SAN working
-		fwrite($tmpConf,
-			'HOME = .
+		fwrite($tmpConf, 'HOME = .
 RANDFILE = $ENV::HOME/.rnd
 [ req ]
 default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
@@ -328,16 +414,15 @@ basicConstraints = CA:FALSE
 subjectAltName = ' . $san . '
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment');

-		$csr = openssl_csr_new(
-			array(
-				"CN" => $domain,
-				"ST" => Settings::Get('system.letsencryptstate'),
-				"C" => Settings::Get('system.letsencryptcountrycode'),
-				"O" => "Unknown"
-			), $privateKey, array(
-				"config" => $tmpConfPath,
-				"digest_alg" => "sha256"
-			));
+		$csr = openssl_csr_new(array(
+			"CN" => $domain,
+			"ST" => Settings::Get('system.letsencryptstate'),
+			"C" => Settings::Get('system.letsencryptcountrycode'),
+			"O" => "Unknown"
+		), $privateKey, array(
+			"config" => $tmpConfPath,
+			"digest_alg" => "sha256"
+		));

 		if (! $csr)
 			throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
@@ -352,11 +437,10 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment');

 	private function generateKey()
 	{
-		$res = openssl_pkey_new(
-			array(
-				"private_key_type" => OPENSSL_KEYTYPE_RSA,
-				"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
-			));
+		$res = openssl_pkey_new(array(
+			"private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
+		));

 		if (! openssl_pkey_export($res, $privateKey)) {
 			throw new \RuntimeException("Key export failed!");
@@ -506,6 +590,49 @@ class Client
 		preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
 		return $matches[1];
 	}
+
+	public function getAgreementURLFromLastResponse()
+	{
+		if (preg_match_all('~Link: <(.+)>;rel="terms-of-service"~', $this->lastHeader, $matches)) {
+			return $matches[1][0];
+		}
+		return "";
+	}
+	public function getAgreementURLFromDirectory()
+	{
+		// FIXME: Current license should be found in /directory but LE does not implement this yet
+		// $this->curl('GET', '/directory');
+		return "";
+	}
+	public function getAgreementURLFromTermsUrl()
+	{
+		$this->curl('GET', '/terms');
+		if (preg_match_all('~Location: (.+)~', $this->lastHeader, $matches)) {
+			return trim($matches[1][0]);
+		}
+		return "";
+	}
+
+	public function getAgreementURL()
+	{
+		// 1. check the header of the last response
+		$license=$this->getAgreementURLFromLastResponse();
+		if (!empty($license)) return $license;
+
+		// 2. query directory for license
+		$license=$this->getAgreementURLFromDirectory();
+		if (!empty($license)) return $license;
+
+		// 3. query /terms endpoint (not ACME standard but implemented by let's enrypt)
+		$license=$this->getAgreementURLFromTermsUrl();
+		if (!empty($license)) return $license;
+
+		// Fallback: use latest known license. This is only valid for let's encrypt and should be removed as soon as there is an official
+		// ACME-endpoint to get the current ToS
+		return "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf";
+		// return "";
+	}
+
 }

 class Base64UrlSafeEncoder
--- a/lib/classes/webserver/class.DomainSSL.php
+++ b/lib/classes/webserver/class.DomainSSL.php
@@ -46,7 +46,7 @@ class DomainSSL {
 				|| $dom_certs['ssl_cert_file'] == ''
 		) {
 			// maybe its parent?
-			if ($domain['parentdomainid'] != 0) {
+			if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
 				$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
 			}
 		}
--- a/lib/classes/webserver/class.WebserverBase.php
+++ b/lib/classes/webserver/class.WebserverBase.php
@@ -31,8 +31,9 @@ class WebserverBase {
 		$query = "SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`,
 				`d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`,
 				`c`.`documentroot` AS `customerroot`, `c`.`deactivated`,
-				`c`.`phpenabled` AS `phpenabled`, `d`.`mod_fcgid_starter`,
-				`d`.`mod_fcgid_maxrequests`
+				`c`.`phpenabled` AS `phpenabled_customer`,
+				`d`.`phpenabled` AS `phpenabled_vhost`,
+				`d`.`mod_fcgid_starter`,`d`.`mod_fcgid_maxrequests`
 				FROM `".TABLE_PANEL_DOMAINS."` `d`

 				LEFT JOIN `".TABLE_PANEL_CUSTOMERS."` `c` USING(`customerid`)
--- a/lib/configfiles/gentoo.xml
+++ b/lib/configfiles/gentoo.xml
@@ -64,7 +64,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -96,7 +96,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -267,7 +267,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -396,7 +396,8 @@ mail	IN		A	<SERVERIP>
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -938,7 +939,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -3875,7 +3877,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/configfiles/jessie.xml
+++ b/lib/configfiles/jessie.xml
@@ -68,7 +68,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -287,7 +287,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -380,7 +380,8 @@ exit "$RETVAL"
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -921,7 +922,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -4467,9 +4469,9 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				<!-- libnss-mysql -->
 				<daemon name="libnss" title="libnss-mysql (required for FCGID/php-fpm/mpm-itk)">
 					<install><![CDATA[apt-get install nscd
-wget http://ftp.us.debian.org/debian/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
-dpkg -i libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
-rm libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
+wget http://ftp.us.debian.org/debian/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-5_`dpkg --print-architecture`.deb
+dpkg -i libnss-mysql-bg_1.5-5_`dpkg --print-architecture`.deb
+rm libnss-mysql-bg_1.5-5_`dpkg --print-architecture`.deb
 ]]></install>
 					<file name="/etc/libnss-mysql.cfg" chown="root:root" chmod="0600"
 						backup="true">
@@ -4696,7 +4698,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/configfiles/precise.xml
+++ b/lib/configfiles/precise.xml
@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -246,7 +246,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -346,7 +346,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -407,7 +408,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180
@@ -1695,7 +1697,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/configfiles/rhel_centos.xml
+++ b/lib/configfiles/rhel_centos.xml
@@ -46,7 +46,7 @@
 				<daemon name="apache" version="2.4" title="Apache 2.4"
 					default="true">
 					<include>//service[@type='http']/general/commands</include>
-					<file name="/etc/httpd/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
--- a/lib/configfiles/trusty.xml
+++ b/lib/configfiles/trusty.xml
@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -279,7 +279,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -379,7 +379,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -417,7 +418,8 @@ gmysql-password=
 					<install><![CDATA[apt-get install pdns-server]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -441,7 +443,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180
@@ -1703,7 +1706,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/configfiles/wheezy.xml
+++ b/lib/configfiles/wheezy.xml
@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -319,7 +319,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -424,7 +424,8 @@ exit "$RETVAL"
 # allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
 #                   IP addresses
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-recursion	List of netmasks that are allowed to recurse
@@ -763,7 +764,8 @@ gmysql-password=
 # allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
 #                   IP addresses
 #
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-recursion	List of netmasks that are allowed to recurse
@@ -5504,7 +5506,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>
--- a/lib/formfields/admin/domains/formfield.domains_add.php
+++ b/lib/formfields/admin/domains/formfield.domains_add.php
@@ -14,7 +14,6 @@
 * @package    Formfields
 *
 */
-
 return array(
 	'domain_add' => array(
 		'title' => $lng['admin']['domain_add'],
@@ -27,20 +26,20 @@ return array(
 					'domain' => array(
 						'label' => 'Domain',
 						'type' => 'text',
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'customerid' => array(
 						'label' => $lng['admin']['customer'],
 						'type' => 'select',
 						'select_var' => $customers,
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'adminid' => array(
 						'visible' => ($userinfo['customers_see_all'] == '1' ? true : false),
 						'label' => $lng['admin']['admin'],
 						'type' => 'select',
 						'select_var' => $admins,
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'alias' => array(
 						'label' => $lng['domains']['aliasdomain'],
@@ -58,9 +57,14 @@ return array(
 						'desc' => $lng['admin']['domain_editable']['desc'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'add_date' => array(
 						'label' => $lng['domains']['add_date'],
@@ -101,40 +105,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => '',
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -146,7 +116,10 @@ return array(
 						'desc' => $lng['admin']['speciallogfile']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -161,6 +134,88 @@ return array(
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => '',
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_sub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					)
+				)
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_add.png',
@@ -170,23 +225,41 @@ return array(
 						'label' => 'OpenBasedir',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
+					),
+					'phpenabled' => array(
+						'label' => $lng['admin']['phpenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
 					),
 					'phpsettingid' => array(
-						'visible' => (((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
 						'label' => $lng['admin']['phpsettings']['title'],
 						'type' => 'select',
 						'select_var' => $phpconfigs
 					),
 					'mod_fcgid_starter' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_starter']['title'],
 						'type' => 'text'
 					),
 					'mod_fcgid_maxrequests' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_maxrequests']['title'],
 						'type' => 'text'
 					)
@@ -201,9 +274,14 @@ return array(
 						'label' => 'Nameserver',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
@@ -220,15 +298,23 @@ return array(
 						'label' => $lng['admin']['emaildomain'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'email_only' => array(
 						'label' => $lng['admin']['email_only'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -242,9 +328,14 @@ return array(
 						'label' => 'DomainKeys',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					)
 				)
 			)
--- a/lib/formfields/admin/domains/formfield.domains_edit.php
+++ b/lib/formfields/admin/domains/formfield.domains_edit.php
@@ -14,7 +14,6 @@
 * @package    Formfields
 *
 */
-
 return array(
 	'domain_edit' => array(
 		'title' => $lng['admin']['domain_edit'],
@@ -28,14 +27,14 @@ return array(
 						'label' => 'Domain',
 						'type' => 'label',
 						'value' => $result['domain'],
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'customerid' => array(
 						'label' => $lng['admin']['customer'],
 						'type' => (Settings::Get('panel.allow_domain_change_customer') == '1' ? 'select' : 'label'),
 						'select_var' => (isset($customers) ? $customers : null),
 						'value' => (isset($result['customername']) ? $result['customername'] : null),
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'adminid' => array(
 						'visible' => ($userinfo['customers_see_all'] == '1' ? true : false),
@@ -43,7 +42,7 @@ return array(
 						'type' => (Settings::Get('panel.allow_domain_change_admin') == '1' ? 'select' : 'label'),
 						'select_var' => (isset($admins) ? $admins : null),
 						'value' => (isset($result['adminname']) ? $result['adminname'] : null),
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'alias' => array(
 						'visible' => ($alias_check == '0' ? true : false),
@@ -60,16 +59,21 @@ return array(
 					'associated_info' => array(
 						'label' => $lng['domains']['associated_with_domain'],
 						'type' => 'label',
-						'value' => $subdomains.' '.$lng['customer']['subdomains'].', '.$alias_check.' '.$lng['domains']['aliasdomains'].', '.$emails.' '.$lng['customer']['emails'].', '.$email_accounts.' '.$lng['customer']['accounts'].', '.$email_forwarders.' '.$lng['customer']['forwarders']
+						'value' => $subdomains . ' ' . $lng['customer']['subdomains'] . ', ' . $alias_check . ' ' . $lng['domains']['aliasdomains'] . ', ' . $emails . ' ' . $lng['customer']['emails'] . ', ' . $email_accounts . ' ' . $lng['customer']['accounts'] . ', ' . $email_forwarders . ' ' . $lng['customer']['forwarders']
 					),
 					'caneditdomain' => array(
 						'label' => $lng['admin']['domain_editable']['title'],
 						'desc' => $lng['admin']['domain_editable']['desc'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['caneditdomain'])
+						'value' => array(
+							$result['caneditdomain']
+						)
 					),
 					'add_date' => array(
 						'label' => $lng['domains']['add_date'],
@@ -113,40 +117,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => $usedips,
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['ssl_redirect'])
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['letsencrypt'])
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -158,9 +128,14 @@ return array(
 						'desc' => $lng['admin']['speciallogfile']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['speciallogfile'])
+						'value' => array(
+							$result['speciallogfile']
+						)
 					),
 					'specialsettings' => array(
 						'visible' => ($userinfo['change_serversettings'] == '1' ? true : false),
@@ -178,9 +153,104 @@ return array(
 						'desc' => $lng['serversettings']['specialsettingsforsubdomains']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
+					)
+				)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => $usedips,
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ssl_redirect']
+						)
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['letsencrypt']
+						)
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_sub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['hsts_sub']
+						)
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['hsts_preload']
+						)
 					)
 				)
 			),
@@ -193,27 +263,45 @@ return array(
 						'label' => 'OpenBasedir',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['openbasedir'])
+						'value' => array(
+							$result['openbasedir']
+						)
+					),
+					'phpenabled' => array(
+						'label' => $lng['admin']['phpenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['phpenabled']
+						)
 					),
 					'phpsettingid' => array(
-						'visible' => (((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
 						'label' => $lng['admin']['phpsettings']['title'],
 						'type' => 'select',
 						'select_var' => $phpconfigs
 					),
 					'mod_fcgid_starter' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_starter']['title'],
 						'type' => 'text',
-						'value' => ((int)$result['mod_fcgid_starter'] != - 1 ? $result['mod_fcgid_starter'] : '')
+						'value' => ((int) $result['mod_fcgid_starter'] != - 1 ? $result['mod_fcgid_starter'] : '')
 					),
 					'mod_fcgid_maxrequests' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_maxrequests']['title'],
 						'type' => 'text',
-						'value' => ((int)$result['mod_fcgid_maxrequests'] != - 1 ? $result['mod_fcgid_maxrequests'] : '')
+						'value' => ((int) $result['mod_fcgid_maxrequests'] != - 1 ? $result['mod_fcgid_maxrequests'] : '')
 					)
 				)
 			),
@@ -226,9 +314,14 @@ return array(
 						'label' => 'Nameserver',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['isbinddomain'])
+						'value' => array(
+							$result['isbinddomain']
+						)
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
@@ -246,17 +339,27 @@ return array(
 						'label' => $lng['admin']['emaildomain'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['isemaildomain'])
+						'value' => array(
+							$result['isemaildomain']
+						)
 					),
 					'email_only' => array(
 						'label' => $lng['admin']['email_only'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['email_only'])
+						'value' => array(
+							$result['email_only']
+						)
 					),
 					'subcanemaildomain' => array(
 						'label' => $lng['admin']['subdomainforemail'],
@@ -268,9 +371,14 @@ return array(
 						'label' => 'DomainKeys',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['dkim'])
+						'value' => array(
+							$result['dkim']
+						)
 					)
 				)
 			)
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
@@ -49,7 +49,7 @@ return array(
 						'value' => array('1')
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
@@ -51,7 +51,7 @@ return array(
 						'value' => array($result['listen_statement'])
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(
--- a/lib/formfields/customer/domains/formfield.domains_add.php
+++ b/lib/formfields/customer/domains/formfield.domains_add.php
@@ -54,7 +54,7 @@ return array(
 						'type' => 'text'
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -66,33 +66,65 @@ return array(
 						'type' => 'label',
 						'value' => $lng['customer']['selectserveralias_addinfo']
 					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array()
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['customer']['letsencrypt']['title'],
-						'desc' => $lng['customer']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array()
-					),
 					'openbasedir_path' => array(
 						'label' => $lng['domain']['openbasedirpath'],
 						'type' => 'select',
 						'select_var' => $openbasedir
 					)
 				)
-			)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false,
+				'fields' => array(
+					'ssl_redirect' => array(
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? true : false),
+						'label' => $lng['customer']['letsencrypt']['title'],
+						'desc' => $lng['customer']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_maxage' => array(
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_sub' => array(
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+				),
+			),
 		)
 	)
 );
--- a/lib/formfields/customer/domains/formfield.domains_edit.php
+++ b/lib/formfields/customer/domains/formfield.domains_edit.php
@@ -54,7 +54,7 @@ return array(
 						'value' => $urlvalue
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -76,26 +76,6 @@ return array(
 									),
 						'value' => array($result['isemaildomain'])
 					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array($result['ssl_redirect'])
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false) : false),
-						'label' => $lng['customer']['letsencrypt']['title'],
-						'desc' => $lng['customer']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array($result['letsencrypt'])
-					),
 					'openbasedir_path' => array(
 						'visible' => ($result['openbasedir'] == '1') ? true : false,
 						'label' => $lng['domain']['openbasedirpath'],
@@ -103,7 +83,59 @@ return array(
 						'select_var' => $openbasedir
 					)
 				)
-			)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false,
+				'fields' => array(
+					'ssl_redirect' => array(
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['ssl_redirect'])
+					),
+					'letsencrypt' => array(
+						'visible' => Settings::Get('system.leenabled') == '1' ? true : false,
+						'label' => $lng['customer']['letsencrypt']['title'],
+						'desc' => $lng['customer']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['letsencrypt'])
+					),
+					'hsts_maxage' => array(
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_sub' => array(
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_sub'])
+					),
+					'hsts_preload' => array(
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_preload'])
+					),
+				)
+			),
 		)
 	)
 );
--- a/lib/formfields/customer/ftp/formfield.ftp_add.php
+++ b/lib/formfields/customer/ftp/formfield.ftp_add.php
@@ -64,6 +64,12 @@ return array(
 									),
 						'value' => array()
 					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
+					)
 				)
 			)
 		)
--- a/lib/formfields/customer/ftp/formfield.ftp_edit.php
+++ b/lib/formfields/customer/ftp/formfield.ftp_edit.php
@@ -51,6 +51,12 @@ return array(
 						'type' => 'text',
 						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
+					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
 					)
 				)
 			)
--- a/lib/functions/dns/function.createDomainZone.php
+++ b/lib/functions/dns/function.createDomainZone.php
@@ -55,8 +55,8 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 	if ($domain['isemaildomain'] === '1') {
 		addRequiredEntry('@', 'MX', $required_entries);
 		if (Settings::Get('system.dns_createmailentry')) {
-			foreach(['imap', 'pop3', 'mail', 'smtp'] as $record) {
-				foreach(['AAAA', 'A'] as $type) {
+			foreach(array('imap', 'pop3', 'mail', 'smtp') as $record) {
+				foreach(array('AAAA', 'A') as $type) {
 					addRequiredEntry($record, $type, $required_entries);
 				}
 			}
@@ -205,6 +205,7 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			if (Settings::Get('system.mxservers') != '') {
 				$mxservers = explode(',', Settings::Get('system.mxservers'));
 				foreach ($mxservers as $mxserver) {
+					$mxserver = trim($mxserver);
 					if (substr($mxserver, - 1, 1) != '.') {
 						$mxserver .= '.';
 					}
@@ -274,13 +275,11 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			Database::pexecute($upd_stmt, array('serial' => $domain['bindserial'], 'id' => $domain['id']));
 		}

-		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " (" . PHP_EOL;
-		$soa_content .= $domain['bindserial'] . "\t; serial" . PHP_EOL;
+		// PowerDNS does not like multi-line-format
+		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " ";
+		$soa_content .= $domain['bindserial'] . " ";
 		// TODO for now, dummy time-periods
-		$soa_content .= "1800\t; refresh (30 mins)" . PHP_EOL;
-		$soa_content .= "900\t; retry (15 mins)" . PHP_EOL;
-		$soa_content .= "604800\t; expire (7 days)" . PHP_EOL;
-		$soa_content .= "1200\t)\t; minimum (20 mins)";
+		$soa_content .= "3600 900 604800 1200";

 		$soa_record = new DnsEntry('@', 'SOA', $soa_content);
 		array_unshift($zonerecords, $soa_record);
--- a/lib/functions/filedir/function.findDirs.php
+++ b/lib/functions/filedir/function.findDirs.php
@@ -17,27 +17,57 @@
 *
 */

+
 /**
 * Returns an array of found directories
 *
 * This function checks every found directory if they match either $uid or $gid, if they do
 * the found directory is valid. It uses recursive-iterators to find subdirectories.
 *
- * @param  string $path the path to start searching in
- * @param  int $uid the uid which must match the found directories
- * @param  int $gid the gid which must match the found direcotries
+ * @param string $path
+ *        	the path to start searching in
+ * @param int $uid
+ *        	the uid which must match the found directories
+ * @param int $gid
+ *        	the gid which must match the found direcotries
 *
 * @return array Array of found valid paths
 */
-function findDirs($path, $uid, $gid) {
-
-	$_fileList = array ();
+function findDirs($path, $uid, $gid)
+{
+	$_fileList = array();
 	$path = makeCorrectDir($path);

 	// valid directory?
 	if (is_dir($path)) {
+
+		// Will exclude everything under these directories
+		$exclude = array(
+			'awstats',
+			'webalizer'
+		);
+
+		/**
+		 *
+		 * @param SplFileInfo $file
+		 * @param mixed $key
+		 * @param RecursiveCallbackFilterIterator $iterator
+		 * @return bool True if you need to recurse or if the item is acceptable
+		 */
+		$filter = function ($file, $key, $iterator) use ($exclude) {
+			if (in_array($file->getFilename(), $exclude)) {
+				return false;
+			}
+			return true;
+		};
+
 		// create RecursiveIteratorIterator
-		$its = new RecursiveIteratorIterator(new IgnorantRecursiveDirectoryIterator($path));
+		$its = new RecursiveIteratorIterator(
+			new RecursiveCallbackFilterIterator(
+				new IgnorantRecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
+				$filter
+			)
+		);
 		// we can limit the recursion-depth, but will it be helpful or
 		// will people start asking "why do I only see 2 subdirectories, i want to use /a/b/c"
 		// let's keep this in mind and see whether it will be useful
@@ -50,24 +80,27 @@ function findDirs($path, $uid, $gid) {
 				$_fileList[] = makeCorrectDir(dirname($fullFileName));
 			}
 		}
+		$_fileList[] = $path;
 	}

 	return array_unique($_fileList);
-
 }

 /**
-* If you use RecursiveDirectoryIterator with RecursiveIteratorIterator and run
-* into UnexpectedValueException you may use this little hack to ignore those
-* directories, such as lost+found on linux.
-* (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
-**/
-class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator {
-    function getChildren() {
-        try {
-            return new IgnorantRecursiveDirectoryIterator($this->getPathname());
-        } catch(UnexpectedValueException $e) {
-            return new RecursiveArrayIterator(array());
-        }
-    }
+ * If you use RecursiveDirectoryIterator with RecursiveIteratorIterator and run
+ * into UnexpectedValueException you may use this little hack to ignore those
+ * directories, such as lost+found on linux.
+ * (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
+ */
+class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator
+{
+
+	function getChildren()
+	{
+		try {
+			return new IgnorantRecursiveDirectoryIterator($this->getPathname());
+		} catch (UnexpectedValueException $e) {
+			return new RecursiveArrayIterator(array());
+		}
+	}
 }
--- a/lib/functions/filedir/function.makeCorrectDir.php
+++ b/lib/functions/filedir/function.makeCorrectDir.php
@@ -26,7 +26,11 @@
 */
 function makeCorrectDir($dir) {

-	assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
+	if (version_compare("5.4.6", PHP_VERSION, ">")) {
+		assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
+	} else {
+		assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
+	}

 	$dir = trim($dir);

--- a/lib/functions/filedir/function.makePathfield.php
+++ b/lib/functions/filedir/function.makePathfield.php
@@ -64,7 +64,12 @@ function makePathfield($path, $uid, $gid, $value = '', $dom = false) {
 				$_field = '';
 				foreach ($dirList as $key => $dir) {
 					if (strpos($dir, $path) === 0) {
-						$dir = makeCorrectDir(substr($dir, strlen($path)));
+						$dir = substr($dir, strlen($path));
+						// docroot cut off of current directory == empty -> directory is the docroot
+						if (empty($dir)) {
+							$dir = '/';
+						}
+						$dir = makeCorrectDir($dir);
 					}
 					$_field.= makeoption($dir, $dir, $value);
 				}
--- a/lib/functions/formfields/bool/function.getFormFieldOutputBool.php
+++ b/lib/functions/formfields/bool/function.getFormFieldOutputBool.php
@@ -17,7 +17,7 @@
 *
 */

-function getFormFieldOutputBool($fieldname, $fielddata)
+function getFormFieldOutputBool($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$boolswitch = makeYesNo($fieldname, '1', '0', $fielddata['value']);
--- a/lib/functions/formfields/date/function.getFormFieldOutputDate.php
+++ b/lib/functions/formfields/date/function.getFormFieldOutputDate.php
@@ -17,12 +17,12 @@
 *
 */

-function getFormFieldOutputDate($fieldname, $fielddata)
+function getFormFieldOutputDate($fieldname, $fielddata, $do_show = true)
 {
 	if(isset($fielddata['date_timestamp']) && $fielddata['date_timestamp'] === true)
 	{
 		$fielddata['value'] = date('Y-m-d', $fielddata['value']);
 	}

-	return getFormFieldOutputString($fieldname, $fielddata);
+	return getFormFieldOutputString($fieldname, $fielddata, $do_show);
 }
--- a/lib/functions/formfields/file/function.getFormFieldOutputFile.php
+++ b/lib/functions/formfields/file/function.getFormFieldOutputFile.php
@@ -15,7 +15,7 @@
 *
 */

-function getFormFieldOutputFile($fieldname, $fielddata)
+function getFormFieldOutputFile($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);
--- a/lib/functions/formfields/function.buildFormEx.php
+++ b/lib/functions/formfields/function.buildFormEx.php
@@ -49,7 +49,7 @@ function buildFormEx($form, $part = '') {
 					$do_show = $groupdetails['visible'];
 				}

-				if ($do_show) {
+				//if ($do_show) {
 					if (isset($groupdetails['title']) && $groupdetails['title'] != '') {
 						$fields .= getFormGroupOutput($groupname, $groupdetails);
 					}
@@ -66,7 +66,7 @@ function buildFormEx($form, $part = '') {
 							$fields .= getFormFieldOutput($fieldname, $fielddetails);
 						}
 					}
-				}
+				//}
 			}
 		}
 	}
--- a/lib/functions/formfields/function.getFormFieldData.php
+++ b/lib/functions/formfields/function.getFormFieldData.php
@@ -21,7 +21,8 @@ function getFormFieldData($fieldname, $fielddata, &$input)
 {
 	if(is_array($fielddata) && isset($fielddata['type']) && $fielddata['type'] != '' && function_exists('getFormFieldData' . ucfirst($fielddata['type'])))
 	{
-		$newfieldvalue = call_user_func('getFormFieldData' . ucfirst($fielddata['type']), $fieldname, $fielddata, $input);
+		$gfdFunc = 'getFormFieldData' . ucfirst($fielddata['type']);
+		$newfieldvalue = $gfdFunc($fieldname, $fielddata, $input);
 	}
 	else
 	{
@@ -38,6 +39,6 @@ function getFormFieldData($fieldname, $fielddata, &$input)
 			$newfieldvalue = false;
 		}
 	}
-	
+
 	return trim($newfieldvalue);
 }
--- a/lib/functions/formfields/function.getFormFieldOutput.php
+++ b/lib/functions/formfields/function.getFormFieldOutput.php
@@ -19,6 +19,8 @@

 function getFormFieldOutput($fieldname, $fielddata) {

+	global $lng;
+
 	$returnvalue = '';
 	if (is_array($fielddata)
 		&& isset($fielddata['type'])
@@ -51,6 +53,7 @@ function getFormFieldOutput($fieldname, $fielddata) {
 			$websrv = Settings::Get('system.webserver');
 			if (!in_array($websrv, $fielddata['websrv_avail'])) {
 				$do_show = false;
+				$fielddata['label'].= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $fielddata['websrv_avail']));
 			}
 		}

@@ -59,11 +62,14 @@ function getFormFieldOutput($fieldname, $fielddata) {
 		// be false due to websrv_avail
 		if (isset($fielddata['visible']) && $do_show) {
 			$do_show = $fielddata['visible'];
+			if (!$do_show) {
+				$fielddata['label'].= $lng['serversettings']['option_unavailable'];
+			}
 		}

-		if ($do_show) {
-			$returnvalue = call_user_func('getFormFieldOutput' . ucfirst($fielddata['type']), $fieldname, $fielddata);
-		}
+		//if ($do_show) {
+			$returnvalue = call_user_func('getFormFieldOutput' . ucfirst($fielddata['type']), $fieldname, $fielddata, $do_show);
+		//}
 	}
 	return $returnvalue;
 }
--- a/lib/functions/formfields/function.getFormGroupOutput.php
+++ b/lib/functions/formfields/function.getFormGroupOutput.php
@@ -81,11 +81,13 @@ function getFormOverviewGroupOutput($groupname, $groupdetails) {
 		$websrv = Settings::Get('system.webserver');
 		if (!in_array($websrv, $groupdetails['websrv_avail'])) {
 			$do_show = false;
+			$title .= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $groupdetails['websrv_avail']));
+			// hack disabled flag into select-box
+			$option = str_replace('<select class', '<select disabled="disabled" class', $option);
 		}
 	}

-	if ($do_show) {
-		eval("\$group = \"" . getTemplate("settings/settings_overviewgroup") . "\";");
-	}
+	eval("\$group = \"" . getTemplate("settings/settings_overviewgroup") . "\";");
+
 	return $group;
 }
--- a/lib/functions/formfields/hiddenstring/function.getFormFieldOutputString.php
+++ b/lib/functions/formfields/hiddenstring/function.getFormFieldOutputString.php
@@ -17,7 +17,7 @@
 *
 */

-function getFormFieldOutputHiddenString($fieldname, $fielddata)
+function getFormFieldOutputHiddenString($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);
--- a/lib/functions/formfields/int/function.getFormFieldOutputInt.php
+++ b/lib/functions/formfields/int/function.getFormFieldOutputInt.php
@@ -17,7 +17,7 @@
 *
 */

-function getFormFieldOutputInt($fieldname, $fielddata)
+function getFormFieldOutputInt($fieldname, $fielddata, $do_show = true)
 {
-	return getFormFieldOutputString($fieldname, $fielddata);
+	return getFormFieldOutputString($fieldname, $fielddata, $do_show);
 }
--- a/lib/functions/formfields/option/function.getFormFieldOutputOption.php
+++ b/lib/functions/formfields/option/function.getFormFieldOutputOption.php
@@ -17,10 +17,10 @@
 *
 */

-function getFormFieldOutputOption($fieldname, $fielddata)
+function getFormFieldOutputOption($fieldname, $fielddata, $do_show = true)
 {
 	$returnvalue = '';
-	
+
 	if(isset($fielddata['option_options']) && is_array($fielddata['option_options']) && !empty($fielddata['option_options']))
 	{
 		if(isset($fielddata['option_mode']) && $fielddata['option_mode'] == 'multiple')
--- a/lib/functions/formfields/option/function.validateFormFieldOption.php
+++ b/lib/functions/formfields/option/function.validateFormFieldOption.php
@@ -20,7 +20,7 @@
 function validateFormFieldOption($fieldname, $fielddata, $newfieldvalue)
 {
 	$returnvalue = true;
-	
+
 	if(isset($fielddata['option_mode']) && $fielddata['option_mode'] == 'multiple')
 	{
 		$options = explode(',', $newfieldvalue);
@@ -33,13 +33,16 @@ function validateFormFieldOption($fieldname, $fielddata, $newfieldvalue)
 	{
 		$returnvalue = isset($fielddata['option_options'][$newfieldvalue]);
 	}
-	
+
 	if($returnvalue === true)
 	{
 		return true;
 	}
 	else
 	{
+		if (isset($fielddata['option_emptyallowed']) && $fielddata['option_emptyallowed']) {
+			return true;
+		}
 		return 'not in option';
 	}
 }
--- a/lib/functions/formfields/string/function.getFormFieldOutputString.php
+++ b/lib/functions/formfields/string/function.getFormFieldOutputString.php
@@ -17,7 +17,7 @@
 *
 */

-function getFormFieldOutputString($fieldname, $fielddata)
+function getFormFieldOutputString($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);
--- a/lib/functions/formfields/string/function.validateFormFieldString.php
+++ b/lib/functions/formfields/string/function.validateFormFieldString.php
@@ -122,7 +122,7 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
                        $newfieldvalue = '';
                        $returnvalue = 'stringmustntbeempty';
                    } else {
-                        $newfieldvalue = validate_ip2($newfieldvalue, true, true, true);
+                        $newfieldvalue = validate_ip2($newfieldvalue, true, 'invalidip', true, true, true);
                        $returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
                    }
                }
--- a/lib/functions/formfields/text/function.getFormFieldOutputText.php
+++ b/lib/functions/formfields/text/function.getFormFieldOutputText.php
@@ -17,7 +17,7 @@
 *
 */

-function getFormFieldOutputText($fieldname, $fielddata)
+function getFormFieldOutputText($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);
--- a/lib/functions/froxlor/function.CorrectErrorDocument.php
+++ b/lib/functions/froxlor/function.CorrectErrorDocument.php
@@ -32,7 +32,7 @@ function correctErrorDocument($errdoc = null) {
 		// not a URL
 		if ((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:'
 				&& strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:')
-				|| !validateUrl($idna_convert->encode($errdoc))
+				|| !validateUrl($errdoc)
 		) {
 			// a file
 			if (substr($errdoc, 0, 1) != '"') {
--- a/lib/functions/output/function.RedirectCode.php
+++ b/lib/functions/output/function.RedirectCode.php
@@ -16,11 +16,11 @@

 /**
 * return an array of all enabled redirect-codes
- * 
+ *
 * @return array array of enabled redirect-codes
 */
 function getRedirectCodesArray() {
-	
+
 	$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
 	$result_stmt = Database::query($sql);

@@ -35,13 +35,13 @@ function getRedirectCodesArray() {
 /**
 * return an array of all enabled redirect-codes
 * for the settings form
- * 
+ *
 * @return array array of enabled redirect-codes
 */
 function getRedirectCodes() {

 	global $lng;
-	
+
 	$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
 	$result_stmt = Database::query($sql);

@@ -54,16 +54,17 @@ function getRedirectCodes() {
 }

 /**
- * returns the redirect-code for a given 
+ * returns the redirect-code for a given
 * domain-id
- * 
+ *
 * @param integer $domainid id of the domain
- * 
+ * @param string $default
+ *
 * @return string redirect-code
 */
-function getDomainRedirectCode($domainid = 0) {
+function getDomainRedirectCode($domainid = 0, $default = '') {

-	$code = '';
+	$code = $default;
 	if ($domainid > 0) {

 		$result_stmt = Database::prepare("
@@ -76,18 +77,18 @@ function getDomainRedirectCode($domainid = 0) {
 		if (is_array($result)
 			&& isset($result['redirect'])
 		) {
-			$code = ($result['redirect'] == '---') ? '' : $result['redirect'];
+			$code = ($result['redirect'] == '---') ? $default : $result['redirect'];
 		}
 	}
 	return $code;
 }

 /**
- * returns the redirect-id for a given 
+ * returns the redirect-id for a given
 * domain-id
- * 
+ *
 * @param integer $domainid id of the domain
- * 
+ *
 * @return integer redirect-code-id
 */
 function getDomainRedirectId($domainid = 0) {
@@ -112,10 +113,10 @@ function getDomainRedirectId($domainid = 0) {

 /**
 * adds a redirectcode for a domain
- * 
+ *
 * @param integer $domainid id of the domain to add the code for
- * @param integer $redirect selected redirect-id 
- * 
+ * @param integer $redirect selected redirect-id
+ *
 * @return null
 */
 function addRedirectToDomain($domainid = 0, $redirect = 1) {
@@ -130,10 +131,10 @@ function addRedirectToDomain($domainid = 0, $redirect = 1) {
 /**
 * updates the redirectcode of a domain
 * if redirect-code is false, nothing happens
- * 
+ *
 * @param integer $domainid id of the domain to update
 * @param integer $redirect selected redirect-id or false
- * 
+ *
 * @return null
 */
 function updateRedirectOfDomain($domainid = 0, $redirect = false) {
--- a/lib/functions/output/function.dieWithMail.php
+++ b/lib/functions/output/function.dieWithMail.php
@@ -34,6 +34,18 @@ function dieWithMail($message, $subject = "[froxlor] Cronjob error") {
 		$_mail = new PHPMailer(true);
 		$_mail->CharSet = "UTF-8";

+		if (Settings::Get('system.mail_use_smtp')) {
+			$_mail->isSMTP();
+			$_mail->Host = Settings::Get('system.mail_smtp_host');
+			$_mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+			$_mail->Username = Settings::Get('system.mail_smtp_user');
+			$_mail->Password = Settings::Get('system.mail_smtp_passwd');
+			if (Settings::Get('system.mail_smtp_usetls')) {
+				$_mail->SMTPSecure = 'tls';
+			}
+			$_mail->Port = Settings::Get('system.mail_smtp_port');
+		}
+
 		if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
 			// set return-to address and custom sender-name, see #76
 			$_mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
--- a/lib/functions/settings/function.storeSettingClearCertificates.php
+++ b/lib/functions/settings/function.storeSettingClearCertificates.php
@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+* Copyright (c) 2003-2009 the SysCP Team (see authors).
+* Copyright (c) 2010 the Froxlor Team (see authors).
+*
+* For the full copyright and license information, please view the COPYING
+* file that was distributed with this source code. You can also view the
+* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+*
+* @copyright  (c) the authors
+* @author     Froxlor team <team@froxlor.org> (2010-)
+* @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+* @package    Functions
+*
+*/
+
+function storeSettingClearCertificates($fieldname, $fielddata, $newfieldvalue) {
+
+	$returnvalue = storeSettingField($fieldname, $fielddata, $newfieldvalue);
+
+	if ($returnvalue !== false
+		&& is_array($fielddata)
+		&& isset($fielddata['settinggroup'])
+		&& $fielddata['settinggroup'] == 'system'
+		&& isset($fielddata['varname'])
+		&& $fielddata['varname'] == 'le_froxlor_enabled'
+		&& $newfieldvalue == '0'
+		) {
+			Database::query("
+				DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
+			");
+		}
+
+		return $returnvalue;
+}
--- a/lib/functions/validate/function.appendOpenbasedirPath.php
+++ b/lib/functions/validate/function.appendOpenbasedirPath.php
@@ -21,40 +21,43 @@
 * to a line for a open_basedir directive
 *
 * @param string $path
- *            the path to check and append
+ *        	the path to check and append
 * @param boolean $first
- *            if true, no ':' will be prefixed to the path
- *            
+ *        	if true, no ':' will be prefixed to the path
+ *
 * @return string
 */
 function appendOpenBasedirPath($path = '', $first = false)
 {
-    if ($path != '' && $path != '/'
-        && (! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
-        && ! preg_match("#^/proc#i", $path)
-        && ! preg_match("#^/etc#i", $path)
-        && ! preg_match("#^/sys#i", $path)
-        && ! preg_match("#:#", $path)
-    ) {
-        
-        $path = makeCorrectDir($path);
-        
-        // check for php-version that requires the trailing
-        // slash to be removed as it does not allow the usage
-        // of the subfolders within the given folder, fixes #797
-        if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
-            // check trailing slash
-            if (substr($path, - 1, 1) == '/') {
-                // remove it
-                $path = substr($path, 0, - 1);
-            }
-        }
-        
-        if ($first) {
-            return $path;
-        }
-        
-        return ':' . $path;
-    }
-    return '';
+	if ($path != '' && $path != '/' &&
+		(! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
+		&& ! preg_match("#^/proc#i", $path)
+		&& ! preg_match("#^/etc#i", $path)
+		&& ! preg_match("#^/sys#i", $path)
+		&& ! preg_match("#:#", $path)) {
+
+		if (preg_match("#^/dev/urandom#i", $path)) {
+			$path = makeCorrectFile($path);
+		} else {
+			$path = makeCorrectDir($path);
+		}
+
+		// check for php-version that requires the trailing
+		// slash to be removed as it does not allow the usage
+		// of the subfolders within the given folder, fixes #797
+		if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
+			// check trailing slash
+			if (substr($path, - 1, 1) == '/') {
+				// remove it
+				$path = substr($path, 0, - 1);
+			}
+		}
+
+		if ($first) {
+			return $path;
+		}
+
+		return ':' . $path;
+	}
+	return '';
 }
--- a/lib/functions/validate/function.validateUrl.php
+++ b/lib/functions/validate/function.validateUrl.php
@@ -37,7 +37,11 @@ function validateUrl($url) {
 	}

 	// needs converting
-	$url = $idna_convert->encode($url);
+	try {
+		$url = $idna_convert->encode($url);
+	} catch (Exception $e) {
+		return false;
+	}

 	$pattern = "/^https?:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,4}(\:[0-9]+)?\/?(.+)?$/i";
 	if (preg_match($pattern, $url)) {
--- a/lib/functions/validate/function.validate_ip.php
+++ b/lib/functions/validate/function.validate_ip.php
@@ -49,23 +49,43 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
 * @param string $lng index for error-message (if $return_bool is false)
 * @param bool $allow_localhost whether to allow 127.0.0.1
 * @param bool $allow_priv whether to allow private network addresses
+ * @param bool $allow_cidr whether to allow CIDR values e.g. 10.10.10.10/16
 *
 * @return string|bool ip address on success, false on failure
 */
-function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
+function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_cidr = false) {

-    $filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
+	$cidr = "";
+	if ($allow_cidr) {
+		$org_ip = $ip;
+		$ip_cidr = explode("/", $ip);
+		if (count($ip_cidr) == 2) {
+			$ip = $ip_cidr[0];
+			$cidr = "/".$ip_cidr[1];
+		} else {
+			$ip = $org_ip;
+		}
+	} elseif (strpos($ip, "/") !== false) {
+		if ($return_bool) {
+			return false;
+		} else {
+			standard_error($lng, $ip);
+			exit();
+		}
+	}
+
+	$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);

 	if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
 			|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
 			&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
 	) {
-		return $ip;
+		return $ip.$cidr;
 	}

 	// special case where localhost ip is allowed (mysql-access-hosts for example)
 	if ($allow_localhost && $ip == '127.0.0.1') {
-		return $ip;
+		return $ip.$cidr;
 	}

 	if ($return_bool) {
--- a/lib/init.php
+++ b/lib/init.php
@@ -39,11 +39,6 @@ header("X-XSS-Protection: 1; mode=block");
 // Don't allow to load Froxlor in an iframe to prevent i.e. clickjacking
 header("X-Frame-Options: DENY");

-// If Froxlor was called via HTTPS -> enforce it for the next time
-if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
-	header("Strict-Transport-Security: max-age=15768000");
-}
-
 // Internet Explorer shall not guess the Content-Type, see:
 // http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
 header("X-Content-Type-Options: nosniff");
@@ -127,6 +122,24 @@ require FROXLOR_INSTALL_DIR.'/lib/tables.inc.php';
 */
 $idna_convert = new idna_convert_wrapper();

+/**
+ * If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
+ */
+if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
+	$maxage = Settings::Get('system.hsts_maxage');
+	if (empty($maxage)) {
+		$maxage = 0;
+	}
+	$hsts_header = "Strict-Transport-Security: max-age=".$maxage;
+	if (Settings::Get('system.hsts_incsub') == '1') {
+		$hsts_header .= "; includeSubDomains";
+	}
+	if (Settings::Get('system.hsts_preload') == '1') {
+		$hsts_header .= "; preload";
+	}
+	header($hsts_header);
+}
+
 /**
 * disable magic_quotes_runtime if enabled
 */
@@ -142,7 +155,7 @@ if (version_compare(PHP_VERSION, "5.4.0", "<")) {
 	 */
 	if (get_magic_quotes_gpc()) {
 		$in = array(&$_GET, &$_POST, &$_COOKIE);
-	
+
 		while (list($k, $v) = each($in)) {
 			foreach ($v as $key => $val) {
 				if (!is_array($val)) {
@@ -265,7 +278,7 @@ while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 	// versions didn't have that and it will
 	// lead to a lot of undfined variables
 	// before the admin can even update
-	if (isset($row['iso'])) { 
+	if (isset($row['iso'])) {
 		$iso[$row['iso']] = $row['language'];
 	}
 }
@@ -542,6 +555,18 @@ if ($page == '') {
 $mail = new PHPMailer(true);
 $mail->CharSet = "UTF-8";

+if (Settings::Get('system.mail_use_smtp')) {
+	$mail->isSMTP();
+	$mail->Host = Settings::Get('system.mail_smtp_host');
+	$mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+	$mail->Username = Settings::Get('system.mail_smtp_user');
+	$mail->Password = Settings::Get('system.mail_smtp_passwd');
+	if (Settings::Get('system.mail_smtp_usetls')) {
+		$mail->SMTPSecure = 'tls';
+	}
+	$mail->Port = Settings::Get('system.mail_smtp_port');
+}
+
 if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
 	// set return-to address and custom sender-name, see #76
 	$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
--- a/lib/navigation/00.froxlor.main.php
+++ b/lib/navigation/00.froxlor.main.php
@@ -16,295 +16,305 @@
 * @package    Navigation
 *
 */
-
-return array (
-	'customer' => array (
-		'index' => array (
+return array(
+	'customer' => array(
+		'index' => array(
 			'url' => 'customer_index.php',
 			'label' => $lng['admin']['overview'],
-			'elements' => array (
-				array (
-					'label' => $lng['menue']['main']['username'],
+			'elements' => array(
+				array(
+					'label' => $lng['menue']['main']['username']
 				),
-				array (
+				array(
 					'url' => 'customer_index.php?page=change_password',
-					'label' => $lng['menue']['main']['changepassword'],
+					'label' => $lng['menue']['main']['changepassword']
 				),
-				array (
+				array(
 					'url' => 'customer_index.php?page=change_language',
-					'label' => $lng['menue']['main']['changelanguage'],
+					'label' => $lng['menue']['main']['changelanguage']
 				),
-				array (
+				array(
 					'url' => 'customer_index.php?page=change_theme',
 					'label' => $lng['menue']['main']['changetheme'],
 					'show_element' => (Settings::Get('panel.allow_theme_change_customer') == true)
 				),
-				array (
+				array(
 					'url' => 'customer_index.php?action=logout',
-					'label' => $lng['login']['logout'],
-				),
-			),
+					'label' => $lng['login']['logout']
+				)
+			)
 		),
-		'email' => array (
+		'email' => array(
 			'url' => 'customer_email.php',
 			'label' => $lng['menue']['email']['email'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'email')),
+			'elements' => array(
+				array(
 					'url' => 'customer_email.php?page=emails',
 					'label' => $lng['menue']['email']['emails'],
-					'required_resources' => 'emails',
+					'required_resources' => 'emails'
 				),
-				array (
+				array(
 					'url' => 'customer_email.php?page=emails&action=add',
 					'label' => $lng['emails']['emails_add'],
 					'required_resources' => 'emails'
 				),
-				array (
+				array(
 					'url' => Settings::Get('panel.webmail_url'),
 					'new_window' => true,
 					'label' => $lng['menue']['email']['webmail'],
 					'required_resources' => 'emails_used',
-					'show_element' => ( Settings::Get('panel.webmail_url') != '' ),
-				),
-			),
+					'show_element' => (Settings::Get('panel.webmail_url') != '')
+				)
+			)
 		),
-		'mysql' => array (
+		'mysql' => array(
 			'url' => 'customer_mysql.php',
 			'label' => $lng['menue']['mysql']['mysql'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'mysql')),
+			'elements' => array(
+				array(
 					'url' => 'customer_mysql.php?page=mysqls',
 					'label' => $lng['menue']['mysql']['databases'],
-					'required_resources' => 'mysqls',
+					'required_resources' => 'mysqls'
 				),
-				array (
+				array(
 					'url' => Settings::Get('panel.phpmyadmin_url'),
 					'new_window' => true,
 					'label' => $lng['menue']['mysql']['phpmyadmin'],
 					'required_resources' => 'mysqls_used',
-					'show_element' => ( Settings::Get('panel.phpmyadmin_url') != '' ),
-				),
-			),
+					'show_element' => (Settings::Get('panel.phpmyadmin_url') != '')
+				)
+			)
 		),
-		'domains' => array (
+		'domains' => array(
 			'url' => 'customer_domains.php',
 			'label' => $lng['menue']['domains']['domains'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'domains')),
+			'elements' => array(
+				array(
 					'url' => 'customer_domains.php?page=domains',
-					'label' => $lng['menue']['domains']['settings'],
+					'label' => $lng['menue']['domains']['settings']
 				),
-			),
+				array(
+					'url' => 'customer_domains.php?page=sslcertificates',
+					'label' => $lng['domains']['ssl_certificates']
+				)
+			)
 		),
-		'ftp' => array (
+		'ftp' => array(
 			'url' => 'customer_ftp.php',
 			'label' => $lng['menue']['ftp']['ftp'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'ftp')),
+			'elements' => array(
+				array(
 					'url' => 'customer_ftp.php?page=accounts',
-					'label' => $lng['menue']['ftp']['accounts'],
+					'label' => $lng['menue']['ftp']['accounts']
 				),
-				array (
+				array(
 					'url' => Settings::Get('panel.webftp_url'),
 					'new_window' => true,
 					'label' => $lng['menue']['ftp']['webftp'],
-					'show_element' => ( Settings::Get('panel.webftp_url') != '' ),
-				),
-			),
+					'show_element' => (Settings::Get('panel.webftp_url') != '')
+				)
+			)
 		),
-		'extras' => array (
+		'extras' => array(
 			'url' => 'customer_extras.php',
 			'label' => $lng['menue']['extras']['extras'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'extras')),
+			'elements' => array(
+				array(
 					'url' => 'customer_extras.php?page=htpasswds',
 					'label' => $lng['menue']['extras']['directoryprotection'],
+					'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection'))
 				),
-				array (
+				array(
 					'url' => 'customer_extras.php?page=htaccess',
 					'label' => $lng['menue']['extras']['pathoptions'],
+					'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions'))
 				),
-				array (
+				array(
 					'url' => 'customer_logger.php?page=log',
 					'label' => $lng['menue']['logger']['logger'],
-					'show_element' => ( Settings::Get('logger.enabled') == true )
+					'show_element' => (Settings::Get('logger.enabled') == true) && (! Settings::IsInList('panel.customer_hide_options', 'extras.logger'))
 				),
-				array (
+				array(
 					'url' => 'customer_extras.php?page=backup',
 					'label' => $lng['menue']['extras']['backup'],
-					'show_element' => ( Settings::Get('system.backupenabled') == true ),
-				),
-			),
+					'show_element' => (Settings::Get('system.backupenabled') == true) && (! Settings::IsInList('panel.customer_hide_options', 'extras.backup'))
+				)
+			)
 		),
-		'traffic' => array (
+		'traffic' => array(
 			'url' => 'customer_traffic.php',
 			'label' => $lng['menue']['traffic']['traffic'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'traffic')),
+			'elements' => array(
+				array(
 					'url' => 'customer_traffic.php?page=current',
-					'label' => $lng['menue']['traffic']['current'],
-				),
-			),
-		),
+					'label' => $lng['menue']['traffic']['current']
+				)
+			)
+		)
 	),
-	'admin' => array (
-		'index' => array (
+	'admin' => array(
+		'index' => array(
 			'url' => 'admin_index.php',
 			'label' => $lng['admin']['overview'],
-			'elements' => array (
-				array (
-					'label' => $lng['menue']['main']['username'],
+			'elements' => array(
+				array(
+					'label' => $lng['menue']['main']['username']
 				),
-				array (
+				array(
 					'url' => 'admin_index.php?page=change_password',
-					'label' => $lng['menue']['main']['changepassword'],
+					'label' => $lng['menue']['main']['changepassword']
 				),
-				array (
+				array(
 					'url' => 'admin_index.php?page=change_language',
-					'label' => $lng['menue']['main']['changelanguage'],
+					'label' => $lng['menue']['main']['changelanguage']
 				),
-				array (
+				array(
 					'url' => 'admin_index.php?page=change_theme',
 					'label' => $lng['menue']['main']['changetheme'],
 					'show_element' => (Settings::Get('panel.allow_theme_change_admin') == true)
 				),
-				array (
+				array(
 					'url' => 'admin_index.php?action=logout',
-					'label' => $lng['login']['logout'],
-				),
-			),
+					'label' => $lng['login']['logout']
+				)
+			)
 		),
-		'resources' => array (
+		'resources' => array(
 			'label' => $lng['admin']['resources'],
 			'required_resources' => 'customers',
-			'elements' => array (
-				array (
+			'elements' => array(
+				array(
 					'url' => 'admin_customers.php?page=customers',
 					'label' => $lng['admin']['customers'],
-					'required_resources' => 'customers',
+					'required_resources' => 'customers'
 				),
-				array (
+				array(
 					'url' => 'admin_admins.php?page=admins',
 					'label' => $lng['admin']['admins'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
-			    array (
-			        'url' => 'admin_domains.php?page=domains',
-			        'label' => $lng['admin']['domains'],
-			        'required_resources' => 'domains',
-			    ),
-			    array (
-			        'url' => 'admin_ipsandports.php?page=ipsandports',
-			        'label' => $lng['admin']['ipsandports']['ipsandports'],
-			        'required_resources' => 'change_serversettings',
-			    ),
-			    array (
-			        'url' => 'admin_settings.php?page=updatecounters',
-			        'label' => $lng['admin']['updatecounters'],
-			        'required_resources' => 'change_serversettings',
-			    ),
-			),
+				array(
+					'url' => 'admin_domains.php?page=domains',
+					'label' => $lng['admin']['domains'],
+					'required_resources' => 'domains'
+				),
+				array(
+					'url' => 'admin_domains.php?page=sslcertificates',
+					'label' => $lng['domains']['ssl_certificates'],
+					'required_resources' => 'domains'
+				),
+				array(
+					'url' => 'admin_ipsandports.php?page=ipsandports',
+					'label' => $lng['admin']['ipsandports']['ipsandports'],
+					'required_resources' => 'change_serversettings'
+				),
+				array(
+					'url' => 'admin_settings.php?page=updatecounters',
+					'label' => $lng['admin']['updatecounters'],
+					'required_resources' => 'change_serversettings'
+				)
+			)
 		),
-		'traffic' => array (
+		'traffic' => array(
 			'label' => $lng['admin']['traffic'],
 			'required_resources' => 'customers',
-			'elements' => array (
-				array (
+			'elements' => array(
+				array(
 					'url' => 'admin_traffic.php?page=customers',
 					'label' => $lng['admin']['customertraffic'],
-					'required_resources' => 'customers',
-				),
-			),
+					'required_resources' => 'customers'
+				)
+			)
 		),
-		'server' => array (
+		'server' => array(
 			'label' => $lng['admin']['server'],
 			'required_resources' => 'change_serversettings',
-			'elements' => array (
-				array (
+			'elements' => array(
+				array(
 					'url' => 'admin_configfiles.php?page=configfiles',
 					'label' => $lng['admin']['configfiles']['serverconfiguration'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
-				array (
+				array(
 					'url' => 'admin_settings.php?page=overview',
 					'label' => $lng['admin']['serversettings'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
-				array (
+				array(
 					'url' => 'admin_cronjobs.php?page=overview',
 					'label' => $lng['admin']['cron']['cronsettings'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
-			    array (
-			        'url' => 'admin_logger.php?page=log',
-			        'label' => $lng['menue']['logger']['logger'],
-			        'required_resources' => 'change_serversettings',
-			        'show_element' => ( Settings::Get('logger.enabled') == true ),
-			    ),
-				array (
+				array(
+					'url' => 'admin_logger.php?page=log',
+					'label' => $lng['menue']['logger']['logger'],
+					'required_resources' => 'change_serversettings',
+					'show_element' => (Settings::Get('logger.enabled') == true)
+				),
+				array(
 					'url' => 'admin_settings.php?page=rebuildconfigs',
 					'label' => $lng['admin']['rebuildconf'],
+					'required_resources' => 'change_serversettings'
+				),
+				array(
+					'url' => 'admin_autoupdate.php?page=overview',
+					'label' => $lng['admin']['autoupdate'],
 					'required_resources' => 'change_serversettings',
-				),
-			    array (
-			        'url' => 'admin_autoupdate.php?page=overview',
-			        'label' => $lng['admin']['autoupdate'],
-			        'required_resources' => 'change_serversettings',
-			    ),
-			),
+					'show_element' => extension_loaded('zip')
+				)
+			)
 		),
-	    'server_php' => array (
-	        'label' => $lng['admin']['server_php'],
-	        'required_resources' => 'change_serversettings',
-	        'elements' => array (
-	            array (
-	                'url' => 'admin_phpsettings.php?page=overview',
-	                'label' => $lng['menue']['phpsettings']['maintitle'],
-	                'show_element' => (
-	                    Settings::Get('system.mod_fcgid') == true ||
-	                    Settings::Get('phpfpm.enabled') == true
-	                ),
-	            ),
-	            array (
-	                'url' => 'admin_settings.php?page=phpinfo',
-	                'label' => $lng['admin']['phpinfo'],
-	                'required_resources' => 'change_serversettings',
-	            ),
-	            array (
-	                'url' => 'admin_apcuinfo.php?page=showinfo',
-	                'label' => $lng['admin']['apcuinfo'],
-	                'required_resources' => 'change_serversettings',
-	                'show_element' => (
-	                    function_exists('apcu_cache_info') === true
-	                ),
-	            ),
-	            array (
-	                'url' => 'admin_opcacheinfo.php?page=showinfo',
-	                'label' => $lng['admin']['opcacheinfo'],
-	                'required_resources' => 'change_serversettings',
-	                'show_element' => (
-	                    function_exists('opcache_get_configuration') === true
-	                ),
-	            ),
-	        ),
-	    ),
-		'misc' => array (
+		'server_php' => array(
+			'label' => $lng['admin']['server_php'],
+			'required_resources' => 'change_serversettings',
+			'elements' => array(
+				array(
+					'url' => 'admin_phpsettings.php?page=overview',
+					'label' => $lng['menue']['phpsettings']['maintitle'],
+					'show_element' => (Settings::Get('system.mod_fcgid') == true || Settings::Get('phpfpm.enabled') == true)
+				),
+				array(
+					'url' => 'admin_settings.php?page=phpinfo',
+					'label' => $lng['admin']['phpinfo'],
+					'required_resources' => 'change_serversettings'
+				),
+				array(
+					'url' => 'admin_apcuinfo.php?page=showinfo',
+					'label' => $lng['admin']['apcuinfo'],
+					'required_resources' => 'change_serversettings',
+					'show_element' => (function_exists('apcu_cache_info') === true)
+				),
+				array(
+					'url' => 'admin_opcacheinfo.php?page=showinfo',
+					'label' => $lng['admin']['opcacheinfo'],
+					'required_resources' => 'change_serversettings',
+					'show_element' => (function_exists('opcache_get_configuration') === true)
+				)
+			)
+		),
+		'misc' => array(
 			'label' => $lng['admin']['misc'],
-			'elements' => array (
-			    array (
-			        'url' => 'admin_settings.php?page=integritycheck',
-			        'label' => $lng['admin']['integritycheck'],
-			        'required_resources' => 'change_serversettings',
-			    ),
-			    array (
-			        'url' => 'admin_templates.php?page=email',
-			        'label' => $lng['admin']['templates']['email'],
-			    ),
-				array (
-					'url' => 'admin_message.php?page=message',
-					'label' => $lng['admin']['message'],
+			'elements' => array(
+				array(
+					'url' => 'admin_settings.php?page=integritycheck',
+					'label' => $lng['admin']['integritycheck'],
+					'required_resources' => 'change_serversettings'
 				),
-			),
-		),
-	),
+				array(
+					'url' => 'admin_templates.php?page=email',
+					'label' => $lng['admin']['templates']['email']
+				),
+				array(
+					'url' => 'admin_message.php?page=message',
+					'label' => $lng['admin']['message']
+				)
+			)
+		)
+	)
 );
--- a/lib/version.inc.php
+++ b/lib/version.inc.php
@@ -16,10 +16,10 @@
 */

 // Main version variable
-$version = '0.9.37-rc1';
+$version = '0.9.38.5';

 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201607140';
+$dbversion = '201612110';

 // Distribution branding-tag (used for Debian etc.)
 $branding = '';
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -71,6 +71,7 @@ $lng['customer']['ftps'] = 'FTP-accounts';
 $lng['customer']['subdomains'] = 'Subdomains';
 $lng['customer']['domains'] = 'Domains';
 $lng['customer']['unlimited'] = '∞';
+$lng['customer']['mib'] = 'MiB';

 /**
 * Customermenue
@@ -903,7 +904,7 @@ $lng['serversettings']['mail_quota_enabled']['enforcelink'] = 'Click here to enf
 $lng['question']['admin_quotas_reallywipe'] = 'Do you really want to wipe all quotas on table mail_users? This cannot be reverted!';
 $lng['question']['admin_quotas_reallyenforce'] = 'Do you really want to enforce the default quota to all Users? This cannot be reverted!';
 $lng['error']['vmailquotawrong'] = 'The quotasize must be positive number.';
-$lng['customer']['email_quota'] = 'E-mail quota';
+$lng['customer']['email_quota'] = 'E-mail quota (MiB)';
 $lng['customer']['email_imap'] = 'E-mail IMAP';
 $lng['customer']['email_pop3'] = 'E-mail POP3';
 $lng['customer']['mail_quota'] = 'Mailquota';
@@ -1961,7 +1962,7 @@ $lng['admin']['autoupdate'] = 'Auto-Update';
 $lng['error']['customized_version'] = 'It looks like your Froxlor installation has been customized, no support sorry.';
 $lng['error']['autoupdate_0'] = 'Unknown error';
 $lng['error']['autoupdate_1'] = 'PHP setting allow_url_fopen is disabled. Autoupdate needs this setting to be enabled in php.ini';
-$lng['error']['autoupdate_2'] = 'PHP extension Zlib not found, please ensure it is installed and activated';
+$lng['error']['autoupdate_2'] = 'PHP zip extension not found, please ensure it is installed and activated';
 $lng['error']['autoupdate_4'] = 'The froxlor archive could not be stored to the disk :(';
 $lng['error']['autoupdate_5'] = 'version.froxlor.org returned inacceptable values :(';
 $lng['error']['autoupdate_6'] = 'Woops, there was no (valid) version given to download :(';
@@ -2021,3 +2022,46 @@ $lng['serversettings']['dns_server']['description'] = 'Remember that daemons hav
 $lng['error']['domain_nopunycode'] = 'You must not specify punycode (IDNA). The domain will automatically be converted';
 $lng['admin']['dnsenabled'] = 'Enable DNS editor';
 $lng['error']['dns_record_toolong'] = 'Records/labels can only be up to 63 characters';
+
+// Added in froxlor 0.9.37-rc1
+$lng['serversettings']['panel_customer_hide_options']['title'] = 'Hide menu items and traffic charts in customer panel';
+$lng['serversettings']['panel_customer_hide_options']['description'] = 'Select items to hide in customer panel. To select multiple options, hold down CTRL while selecting.';
+
+// Added in froxlor 0.9.38-rc1
+$lng['serversettings']['allow_allow_customer_shell']['title'] = 'Allow customers to enable shell access for ftp-users';
+$lng['serversettings']['allow_allow_customer_shell']['description'] = '<strong class="red">Please note: Shell access allows the user to execute various binaries on your system. Use with extrem caution. Please only activate this if you REALLY know what you are doing!!!</strong>';
+$lng['serversettings']['available_shells']['title'] = 'List of available shells';
+$lng['serversettings']['available_shells']['description'] = 'Comma seperated list of shells that are available for the customer to chose from for their ftp-users.<br><br>Note that the default shell <strong>/bin/false</strong> will always be a choice (if enabled), even if this setting is empty. It is the default value for ftp-users in any case';
+$lng['panel']['shell'] = 'Shell';
+$lng['serversettings']['le_froxlor_enabled']['title'] = "Enable Let's Encrypt for the froxlor vhost";
+$lng['serversettings']['le_froxlor_enabled']['description'] = "If activated, the froxlor vhost will automatically be secured using a Let's Encrypt certificate.";
+$lng['serversettings']['le_froxlor_redirect']['title'] = "Enable SSL-redirect for the froxlor vhost";
+$lng['serversettings']['le_froxlor_redirect']['description'] = "If activated, all http requests to your froxlor will be redirected to the corresponding SSL site.";
+$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost settings';
+$lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Availble only for: %s</em>';
+$lng['serversettings']['option_unavailable'] = '<br><em class="red">Option not availble due to other settings.</em>';
+$lng['serversettings']['letsencryptacmeconf']['title'] = "Path to the acme.conf snippet";
+$lng['serversettings']['letsencryptacmeconf']['description'] = "File name of the config snippet which allows the web server to serve the acme challenge.";
+$lng['admin']['hostname'] = 'Hostname';
+$lng['admin']['memory'] = 'Memory usage';
+$lng['serversettings']['mail_use_smtp'] = 'Set mailer to use SMTP';
+$lng['serversettings']['mail_smtp_host'] = 'Specify SMTP server';
+$lng['serversettings']['mail_smtp_usetls'] = 'Enable TLS encryption';
+$lng['serversettings']['mail_smtp_auth'] = 'Enable SMTP authentication';
+$lng['serversettings']['mail_smtp_port'] = 'TCP port to connect to';
+$lng['serversettings']['mail_smtp_user'] = 'SMTP username';
+$lng['serversettings']['mail_smtp_passwd'] = 'SMTP password';
+$lng['domains']['ssl_certificates'] = 'SSL certificates';
+$lng['domains']['ssl_certificate_removed'] = 'The certificate with the id #%s has been removed successfully';
+$lng['domains']['ssl_certificate_error'] = "Error reading certificate for domain: %s";
+$lng['domains']['no_ssl_certificates'] = "There are no domains with SSL certificate";
+$lng['admin']['webserversettings_ssl'] = 'Webserver SSL settings';
+$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
+$lng['admin']['domain_hsts_maxage']['description'] = 'Specify the max-age value for the Strict-Transport-Security header<br>The value <i>0</i> will disable HSTS for the domain. Most user set a value of <i>31536000</i> (one year).';
+$lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
+$lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
+$lng['admin']['domain_hsts_preload']['title'] = 'Include domain in <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload list</a>';
+$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.<br>Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.<br>Please read the details at <a href="https://hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> before sending the header with "preload".';
+
+$lng['serversettings']['nginx_http2_support']['title'] = 'Nginx HTTP2 Support';
+$lng['serversettings']['nginx_http2_support']['description'] = 'enable http2 support for ssl. ENABLE ONLY IF YOUR Nginx SUPPORT THIS FEATURE. (version 1.9.5+)';
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -900,7 +900,7 @@ $lng['serversettings']['mail_quota_enabled']['enforcelink'] = 'Hier klicken, um
 $lng['question']['admin_quotas_reallywipe'] = 'Sind Sie sicher, dass alle E-Mail-Kontingente aus der Tabelle mail_users entfernt werden sollen? Dieser Schritt kann nicht rückgängig gemacht werden!';
 $lng['question']['admin_quotas_reallyenforce'] = 'Sind Sie sicher, dass Sie allen Benutzern das Default-Quota zuweisen wollen? Dies kann nicht rückgängig gemacht werden!';
 $lng['error']['vmailquotawrong'] = 'Die Kontingent-Größe muss positiv sein.';
-$lng['customer']['email_quota'] = 'E-Mail-Kontingent';
+$lng['customer']['email_quota'] = 'E-Mail-Kontingent (MiB)';
 $lng['customer']['email_imap'] = 'IMAP';
 $lng['customer']['email_pop3'] = 'POP3';
 $lng['customer']['mail_quota'] = 'E-Mail-Kontingent';
@@ -1202,7 +1202,7 @@ $lng['serversettings']['perl_path']['description'] = 'Standard ist /usr/bin/perl
 // ADDED IN FROXLOR 0.9.12-svn1
 $lng['admin']['fcgid_settings'] = 'FCGID';
 $lng['serversettings']['mod_fcgid_ownvhost']['title'] = 'Verwende FCGID im Froxlor-Vhost';
-$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalem Benutzer ausgeführt';
+$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalen Benutzer ausgeführt';
 $lng['admin']['mod_fcgid_user'] = 'Lokaler Benutzer für FCGID (Froxlor Vhost)';
 $lng['admin']['mod_fcgid_group'] = 'Lokale Gruppe für FCGID (Froxlor Vhost)';

@@ -1291,7 +1291,7 @@ $lng['error']['fcgidstillenabled'] = 'FCGID ist derzeit aktiviert. Bitte deaktiv
 $lng['phpfpm']['vhost_httpuser'] = 'Lokaler Benutzer für PHP-FPM (Froxlor-Vhost)';
 $lng['phpfpm']['vhost_httpgroup'] = 'Lokale Gruppe für PHP-FPM (Froxlor-Vhost)';
 $lng['phpfpm']['ownvhost']['title'] = 'Verwende PHP-FPM im Froxlor-Vhost';
-$lng['phpfpm']['ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalem Benutzer ausgeführt';
+$lng['phpfpm']['ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalen Benutzer ausgeführt';

 // ADDED IN FROXLOR 0.9.17
 $lng['crondesc']['cron_usage_report'] = 'Webspace- und Trafficreport';
@@ -1615,7 +1615,7 @@ $lng['admin']['autoupdate'] = 'Auto-Update';
 $lng['error']['customized_version'] = 'Es scheint als wäre die Froxlor Installation angepasst worden. Kein Support, sorry.';
 $lng['error']['autoupdate_0'] = 'Unbekannter Fehler';
 $lng['error']['autoupdate_1'] = 'PHP Einstellung allow_url_fopen ist deaktiviert. Autoupdate benötigt diese Option, bitte in der php.ini aktivieren.';
-$lng['error']['autoupdate_2'] = 'PHP Extension Zlib nicht gefunden, bitte prüfen, ob diese installiert und aktiviert ist.';
+$lng['error']['autoupdate_2'] = 'PHP zip Erweiterung nicht gefunden, bitte prüfen, ob diese installiert und aktiviert ist.';
 $lng['error']['autoupdate_4'] = 'Das froxlor Archiv konnte nicht auf der Festplatte gespeichert werden :(';
 $lng['error']['autoupdate_5'] = 'version.froxlor.org gab ungültige Werte zurück :(';
 $lng['error']['autoupdate_6'] = 'Woops, keine (gültige) Version angegeben für den Download :(';
@@ -1674,3 +1674,42 @@ $lng['serversettings']['dns_server']['description'] = 'Dienste müssen mit den f
 $lng['error']['domain_nopunycode'] = 'Die Eingabe von Punycode (IDNA) ist nicht notwendig. Die Domain wird automatisch konvertiert.';
 $lng['admin']['dnsenabled'] = 'Zugriff auf DNS Editor';
 $lng['error']['dns_record_toolong'] = 'Records/Labels können maximal 63 Zeichen lang sein';
+
+// Added in froxlor 0.9.37-rc1
+$lng['serversettings']['panel_customer_hide_options']['title'] = 'Menüpunkte und Traffic-Charts im Kundenbereich ausblenden';
+$lng['serversettings']['panel_customer_hide_options']['description'] = 'Wählen Sie hier die gewünschten Menüpunkte und Traffic-Charts aus, welche im Kundenbereich ausgeblendet werden sollen. Für Mehrfachauswahl, halten Sie während der Auswahl STRG gedrückt.';
+
+// Added in froxlor 0.9.38-rc1
+$lng['serversettings']['allow_allow_customer_shell']['title'] = 'Erlaube Kunden für FTP Benutzer eine Shell auszuwählen';
+$lng['serversettings']['allow_allow_customer_shell']['description'] = '<strong class="red">Bitte beachten: Shell Zugriff gestattet dem Benutzer verschiedene Programme auf Ihrem System auszuführen. Mit großer Vorsicht verwenden. Bitte aktiviere dies nur wenn WIRKLICH bekannt ist, was das bedeutet!!!</strong>';
+$lng['serversettings']['available_shells']['title'] = 'Liste der verfügbaren Shells';
+$lng['serversettings']['available_shells']['description'] = 'Komme-getrennte Liste von Shells die der Kunde für seine FTP-Konten wählen kann.<br><br>Hinweis: Die Standard-Shell <strong>/bin/false</strong> wird immer eine Auswahlmöglichkeit sein (wenn aktiviert), auch wenn diese Einstellung leer ist. Sie ist in jedem Fall der Standardwert für alle FTP-Konten';
+$lng['serversettings']['le_froxlor_enabled']['title'] = "Let's Encrypt für den froxlor Vhost verwenden";
+$lng['serversettings']['le_froxlor_enabled']['description'] = "Wenn dies aktiviert ist, erstellt froxlor für seinen vhost automatisch ein Let's Encrypt Zertifikat.";
+$lng['serversettings']['le_froxlor_redirect']['title'] = "SSL-Weiterleitung für den froxlor Vhost aktivieren";
+$lng['serversettings']['le_froxlor_redirect']['description'] = "Wenn dies aktiviert ist, werden alle HTTP Anfragen an die entsprechende SSL Seite weitergeleitet.";
+$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost Einstellungen';
+$lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Nur verfügbar für: %s</em>';
+$lng['serversettings']['option_unavailable'] = '<br><em class="red">Option aufgrund anderer Einstellungen nicht verfügbar.</em>';
+$lng['serversettings']['letsencryptacmeconf']['title'] = "Pfad zu acme.conf";
+$lng['serversettings']['letsencryptacmeconf']['description'] = "Dateiname der Konfiguration, die dem Webserver erlaubt, die ACME-Challenges zu bedienen.";
+$lng['admin']['hostname'] = 'Hostname';
+$lng['admin']['memory'] = 'Speicherauslastung';
+$lng['serversettings']['mail_use_smtp'] = 'Nutze SMTP für das Senden von E-Mails';
+$lng['serversettings']['mail_smtp_host'] = 'SMTP Server';
+$lng['serversettings']['mail_smtp_usetls'] = 'Aktiviere TLS Verschlüsselung';
+$lng['serversettings']['mail_smtp_auth'] = 'Nutze SMTP Authentifizierung';
+$lng['serversettings']['mail_smtp_port'] = 'TCP Port für SMTP';
+$lng['serversettings']['mail_smtp_user'] = 'SMTP Benutzer';
+$lng['serversettings']['mail_smtp_passwd'] = 'SMTP Passwort';
+$lng['domains']['ssl_certificates'] = 'SSL Zertifikate';
+$lng['domains']['ssl_certificate_removed'] = 'Das Zertifikat mit der ID #%s wurde erfolgreich gelöscht.';
+$lng['domains']['ssl_certificate_error'] = "Fehler beim Lesen des Zertifikats für die Domain: %s";
+$lng['domains']['no_ssl_certificates'] = "Es wurden keine SSL-Zertifikate gefunden";
+$lng['admin']['webserversettings_ssl'] = 'Webserver SSL-Einstellungen';
+$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
+$lng['admin']['domain_hsts_maxage']['description'] = '"max-age" Wert für den Strict-Transport-Security Header<br>Der Wert <i>0</i> deaktiviert HSTS für diese Domain. Meist wird der Wert <i>31536000</i> gerne genutzt (ein Jahr).';
+$lng['admin']['domain_hsts_incsub']['title'] = 'Inkludiere HSTS für jede Subdomain';
+$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
+$lng['admin']['domain_hsts_preload']['title'] = 'Füge Domain in die <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload Liste</a> hinzu';
+$lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.<br>Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.<br>Beachte Details unter <a href="https://hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> bevor ein Header mit "preload" gesendet wird.';
--- a/scripts/classes/class.DnsBase.php
+++ b/scripts/classes/class.DnsBase.php
@@ -1,10 +1,24 @@
 <?php

-/***
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ */
+
+/**
 * Class DnsBase
 *
 * Base class for all DNS server configs
- *
 */
 abstract class DnsBase
 {
@@ -69,8 +83,7 @@ abstract class DnsBase

 	protected function getDomainList()
 	{
-		$result_domains_stmt = Database::query(
-			"
+		$result_domains_stmt = Database::query("
 			SELECT
 				`d`.`id`,
 				`d`.`domain`,
@@ -131,35 +144,21 @@ abstract class DnsBase
 				$domains[$key]['children'] = array();
 			}
 			if ($domains[$key]['ismainbutsubto'] > 0) {
-				if (isset($domains[  $domains[$key]['ismainbutsubto']  ])) {
-					$domains[  $domains[$key]['ismainbutsubto']  ]['children'][] = $domains[$key]['id'];
+				if (isset($domains[$domains[$key]['ismainbutsubto']])) {
+					$domains[$domains[$key]['ismainbutsubto']]['children'][] = $domains[$key]['id'];
 				} else {
-					$this->_logger->logAction(CRON_ACTION, LOG_ERR,
-						'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key .
-						') is set to to be subdomain to non-existent domain ID #' .
-						$domains[$key]['ismainbutsubto'] .
-						'. No DNS record(s) will be created for this domain.');
+					$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key . ') is set to to be subdomain to non-existent domain ID #' . $domains[$key]['ismainbutsubto'] . '. No DNS record(s) will be created for this domain.');
 				}
 			}
 		}

-		$this->_logger->logAction(CRON_ACTION, LOG_DEBUG,
-			str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') .
-			'ismainbutsubto ' . str_pad('parent domain', 40, ' ') .
-			"list of child domain ids");
-			foreach ($domains as $domain) {
-				$logLine =
-				str_pad($domain['id'], 9, ' ') .
-				str_pad($domain['domain'], 40, ' ') .
-				str_pad($domain['ismainbutsubto'], 15, ' ') .
-				str_pad(((isset($domains[  $domain['ismainbutsubto']  ])) ?
-					$domains[  $domain['ismainbutsubto']  ]['domain'] :
-					'-'), 40, ' ') .
-					join(', ', $domain['children']);
-					$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, $logLine);
-			}
+		$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . 'ismainbutsubto ' . str_pad('parent domain', 40, ' ') . "list of child domain ids");
+		foreach ($domains as $domain) {
+			$logLine = str_pad($domain['id'], 9, ' ') . str_pad($domain['domain'], 40, ' ') . str_pad($domain['ismainbutsubto'], 15, ' ') . str_pad(((isset($domains[$domain['ismainbutsubto']])) ? $domains[$domain['ismainbutsubto']]['domain'] : '-'), 40, ' ') . join(', ', $domain['children']);
+			$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, $logLine);
+		}

-			return $domains;
+		return $domains;
 	}

 	public function reloadDaemon()
@@ -171,8 +170,7 @@ abstract class DnsBase
 		if ($cmdStatus === 0) {
 			$this->_logger->logAction(CRON_ACTION, LOG_INFO, Settings::Get('system.dns_server') . ' daemon reloaded');
 		} else {
-			$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd .
-				'`: exit code (' . $cmdStatus . ') - please check your system logs');
+			$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . '`: exit code (' . $cmdStatus . ') - please check your system logs');
 		}
 	}

--- a/scripts/classes/class.HttpConfigBase.php
+++ b/scripts/classes/class.HttpConfigBase.php
@@ -1,11 +1,28 @@
 <?php
-/***
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ */
+
+/**
 * Class HttpConfigBase
 *
 * Base class for all HTTP server configs
 *
 */
-class HttpConfigBase {
+class HttpConfigBase
+{

 	/**
 	 * process special config as template, by substituting {VARIABLE} with the
@@ -13,26 +30,92 @@ class HttpConfigBase {
 	 *
 	 * The following variables are known at the moment:
 	 *
-	 * {DOMAIN}         - domain name
-	 * {IP}             - IP for this domain
-	 * {PORT}           - Port for this domain
-	 * {CUSTOMER}       - customer name
-	 * {IS_SSL}         - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string
-	 * {DOCROOT}        - document root for this domain
+	 * {DOMAIN} - domain name
+	 * {IP} - IP for this domain
+	 * {PORT} - Port for this domain
+	 * {CUSTOMER} - customer name
+	 * {IS_SSL} - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string
+	 * {DOCROOT} - document root for this domain
 	 *
-	 * @param $template
+	 * @param
+	 *        	$template
 	 * @return string
 	 */
-	protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost) {
+	protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost)
+	{
 		$templateVars = array(
 			'DOMAIN' => $domain['domain'],
 			'CUSTOMER' => $domain['loginname'],
 			'IP' => $ip,
 			'PORT' => $port,
-			'SCHEME' => ($is_ssl_vhost)?'https':'http',
+			'SCHEME' => ($is_ssl_vhost) ? 'https' : 'http',
 			'DOCROOT' => $domain['documentroot']
 		);
 		return replace_variables($template, $templateVars);
 	}

-} 
+	protected function getMyPath($ip_port = null)
+	{
+		if (! empty($ip_port) && $ip_port['docroot'] == '') {
+			if (Settings::Get('system.froxlordirectlyviahostname')) {
+				$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
+			} else {
+				$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
+			}
+		} else {
+			// user-defined docroot, #417
+			$mypath = makeCorrectDir($ip_port['docroot']);
+		}
+		return $mypath;
+	}
+
+	protected function checkAlternativeSslPort()
+	{
+		// We must not check if our port differs from port 443,
+		// but if there is a destination-port != 443
+		$_sslport = '';
+		// This returns the first port that is != 443 with ssl enabled,
+		// ordered by ssl-certificate (if any) so that the ip/port combo
+		// with certificate is used
+		$ssldestport_stmt = Database::prepare("
+			SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`
+			WHERE `ip`.`ssl` = '1'  AND `ip`.`port` != 443
+			ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;
+		");
+		$ssldestport = Database::pexecute_first($ssldestport_stmt);
+
+		if ($ssldestport['port'] != '') {
+			$_sslport = ":" . $ssldestport['port'];
+		}
+
+		return $_sslport;
+	}
+
+	protected function froxlorVhostHasLetsEncryptCert()
+	{
+		// check whether we have an entry with valid certificates which just does not need
+		// updating yet, so we need to skip this here
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
+			return true;
+		}
+		return false;
+	}
+
+	protected function froxlorVhostLetsEncryptNeedsRenew()
+	{
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+			WHERE `domainid` = '0' AND
+			(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
+			return true;
+		}
+		return false;
+	}
+}
--- a/scripts/jobs/cron_letsencrypt.php
+++ b/scripts/jobs/cron_letsencrypt.php
@@ -27,8 +27,7 @@ if (! extension_loaded('curl')) {
 	exit();
 }

-$certificates_stmt = Database::query(
-	"
+$certificates_stmt = Database::query("
 		SELECT
 			domssl.`id`,
 			domssl.`domainid`,
@@ -44,6 +43,7 @@ $certificates_stmt = Database::query(
 			dom.`ssl_redirect`,
 			cust.`leprivatekey`,
 			cust.`lepublickey`,
+			cust.`leregistered`,
 			cust.`customerid`,
 			cust.`loginname`
 		FROM
@@ -63,8 +63,7 @@ $certificates_stmt = Database::query(
 			)
 	");

-$aliasdomains_stmt = Database::prepare(
-	"
+$aliasdomains_stmt = Database::prepare("
 		SELECT
 			dom.`id` as domainid,
 			dom.`domain`,
@@ -76,8 +75,7 @@ $aliasdomains_stmt = Database::prepare(
 			AND dom.`iswildcarddomain` = 0
 	");

-$updcert_stmt = Database::prepare(
-	"
+$updcert_stmt = Database::prepare("
 		REPLACE INTO
 			`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
 		SET
@@ -93,7 +91,108 @@ $updcert_stmt = Database::prepare(

 $upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");

+// flag for re-generation of vhost files
 $changedetected = 0;
+
+// first - generate LE for system-vhost if enabled
+if (Settings::Get('system.le_froxlor_enabled') == '1') {
+
+	$certrow = array(
+		'loginname' => 'froxlor.panel',
+		'domain' => Settings::Get('system.hostname'),
+		'domainid' => 0,
+		'documentroot' => FROXLOR_INSTALL_DIR,
+		'leprivatekey' => Settings::Get('system.leprivatekey'),
+		'lepublickey' => Settings::Get('system.lepublickey'),
+		'leregistered' => Settings::Get('system.leregistered'),
+		'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
+		'expirationdate' => null,
+		'ssl_cert_file' => null,
+		'ssl_key_file' => null,
+		'ssl_ca_file' => null,
+		'ssl_csr_file' => null,
+		'id' => null
+	);
+
+	$froxlor_ssl_settings_stmt = Database::prepare("
+		SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+		WHERE `domainid` = '0' AND
+		(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
+	");
+	$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+
+	$insert_or_update_required = true;
+	if ($froxlor_ssl) {
+		$certrow['id'] = $froxlor_ssl['id'];
+		$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
+		$certrow['ssl_cert_file'] = $froxlor_ssl['ssl_cert_file'];
+		$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
+		$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
+		$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
+	} else {
+		// check whether we have an entry with valid certificates which just does not need
+		// updating yet, so we need to skip this here
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
+			$insert_or_update_required = false;
+		}
+	}
+
+	if ($insert_or_update_required) {
+		$domains = array(
+			$certrow['domain']
+		);
+
+		// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
+		// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
+
+		$cronlog = FroxlorLogger::getInstanceOf(array(
+			'loginname' => $certrow['loginname']
+		));
+
+		try {
+			// Initialize Lescript with documentroot
+			$le = new lescript($cronlog, $version);
+
+			// Initialize Lescript
+			$le->initAccount($certrow, true);
+
+			// Request the new certificate (old key may be used)
+			$return = $le->signDomains($domains, $certrow['ssl_key_file']);
+
+			// We are interessted in the expirationdate
+			$newcert = openssl_x509_parse($return['crt']);
+
+			// Store the new data
+			Database::pexecute($updcert_stmt, array(
+				'id' => $certrow['id'],
+				'domainid' => $certrow['domainid'],
+				'crt' => $return['crt'],
+				'key' => $return['key'],
+				'ca' => $return['chain'],
+				'chain' => $return['chain'],
+				'csr' => $return['csr'],
+				'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
+			));
+
+			if ($certrow['ssl_redirect'] == 3) {
+				Settings::Set('system.le_froxlor_redirect', '1');
+			}
+
+			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
+
+			$changedetected = 1;
+		} catch (Exception $e) {
+			$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
+		}
+	}
+}
+
+// customer domains
 $certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
 foreach ($certrows as $certrow) {

@@ -104,15 +203,15 @@ foreach ($certrows as $certrow) {

 	// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
 	if ($certrow['ssl_redirect'] != 2) {
-		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);

-		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $certrow['domain']);
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
 		$domains = array(
 			$certrow['domain']
 		);
 		// add www.<domain> to SAN list
 		if ($certrow['wwwserveralias'] == 1) {
-			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $certrow['domain']);
+			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
 			$domains[] = 'www.' . $certrow['domain'];
 		}

@@ -122,39 +221,38 @@ foreach ($certrows as $certrow) {
 		));
 		$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);
 		foreach ($aliasdomains as $aliasdomain) {
-			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $aliasdomain['domain']);
+			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
 			$domains[] = $aliasdomain['domain'];
 			if ($aliasdomain['wwwserveralias'] == 1) {
-				$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $aliasdomain['domain']);
+				$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
 				$domains[] = 'www.' . $aliasdomain['domain'];
 			}
 		}

 		try {
 			// Initialize Lescript with documentroot
-			$le = new lescript($cronlog);
+			$le = new lescript($cronlog, $version);

 			// Initialize Lescript
 			$le->initAccount($certrow);

 			// Request the new certificate (old key may be used)
-			$return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']);
+			$return = $le->signDomains($domains, $certrow['ssl_key_file']);

 			// We are interessted in the expirationdate
 			$newcert = openssl_x509_parse($return['crt']);

 			// Store the new data
-			Database::pexecute($updcert_stmt,
-				array(
-					'id' => $certrow['id'],
-					'domainid' => $certrow['domainid'],
-					'crt' => $return['crt'],
-					'key' => $return['key'],
-					'ca' => $return['chain'],
-					'chain' => $return['chain'],
-					'csr' => $return['csr'],
-					'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
-				));
+			Database::pexecute($updcert_stmt, array(
+				'id' => $certrow['id'],
+				'domainid' => $certrow['domainid'],
+				'crt' => $return['crt'],
+				'key' => $return['key'],
+				'ca' => $return['chain'],
+				'chain' => $return['chain'],
+				'csr' => $return['csr'],
+				'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
+			));

 			if ($certrow['ssl_redirect'] == 3) {
 				Database::pexecute($upddom_stmt, array(
@@ -166,12 +264,10 @@ foreach ($certrows as $certrow) {

 			$changedetected = 1;
 		} catch (Exception $e) {
-			$cronlog->logAction(CRON_ACTION, LOG_ERR,
-				"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
+			$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
 		}
 	} else {
-		$cronlog->logAction(CRON_ACTION, LOG_WARNING,
-			"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
+		$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
 	}
 }

--- a/scripts/jobs/cron_tasks.inc.dns.10.bind.php
+++ b/scripts/jobs/cron_tasks.inc.dns.10.bind.php
@@ -129,9 +129,7 @@ class bind extends DnsBase
 			// AXFR server #100
 			if (count($this->_axfr) > 0) {
 				foreach ($this->_axfr as $axfrserver) {
-					if (validate_ip($axfrserver, true) !== false) {
-						$bindconf_file .= '		' . $axfrserver . ';' . "\n";
-					}
+					$bindconf_file .= '		' . $axfrserver . ';' . "\n";
 				}
 			}
 			// close allow-transfer
--- a/scripts/jobs/cron_tasks.inc.dns.20.pdns.php
+++ b/scripts/jobs/cron_tasks.inc.dns.20.pdns.php
@@ -29,11 +29,11 @@ class pdns extends DnsBase
 		// connect to db
 		$this->_connectToPdnsDb();

-		// clean up
-		$this->_clearZoneTables();
-
 		$domains = $this->getDomainList();

+		// clean up
+		$this->_clearZoneTables($domains);
+
 		if (empty($domains)) {
 			$this->_logger->logAction(CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, skipping...');
 			return;
@@ -62,7 +62,7 @@ class pdns extends DnsBase
 		}

 		if ($domain['zonefile'] == '') {
-			// check for system-hostname
+		// check for system-hostname
 			$isFroxlorHostname = false;
 			if (isset($domain['froxlorhost']) && $domain['froxlorhost'] == 1) {
 				$isFroxlorHostname = true;
@@ -91,19 +91,30 @@ class pdns extends DnsBase
 			}
 		} else {
 			$this->_logger->logAction(CRON_ACTION, LOG_ERROR,
-				'Zonefiles are NOT supported when PowerDNS is selected as DNS daemon (triggered by: ' .
+				'Custom zonefiles are NOT supported when PowerDNS is selected as DNS daemon (triggered by: ' .
 				$domain['domain'] . ')');
-			$this->_bindconf_file .= $this->_generateDomainConfig($domain);
 		}
 	}

-	private function _clearZoneTables()
+	private function _clearZoneTables($domains = null)
 	{
 		$this->_logger->logAction(CRON_ACTION, LOG_INFO, 'Cleaning dns zone entries from database');

-		$this->pdns_db->query("TRUNCATE TABLE `records`");
-		$this->pdns_db->query("TRUNCATE TABLE `domains`");
-		$this->pdns_db->query("TRUNCATE TABLE `domainmetadata`");
+		$pdns_domains_stmt = $this->pdns_db->prepare("SELECT `id`, `name` FROM `domains` WHERE `name` = :domain");
+
+		$del_rec_stmt = $this->pdns_db->prepare("DELETE FROM `records` WHERE `domain_id` = :did");
+		$del_meta_stmt = $this->pdns_db->prepare("DELETE FROM `domainmetadata` WHERE `domain_id` = :did");
+		$del_dom_stmt = $this->pdns_db->prepare("DELETE FROM `domains` WHERE `id` = :did");
+
+		foreach ($domains as $domain)
+		{
+			$pdns_domains_stmt->execute(array('domain' => $domain['domain']));
+			$pdns_domain = $pdns_domains_stmt->fetch(\PDO::FETCH_ASSOC);
+
+			$del_rec_stmt->execute(array('did' => $pdns_domain['id']));
+			$del_meta_stmt->execute(array('did' => $pdns_domain['id']));
+			$del_dom_stmt->execute(array('did' => $pdns_domain['id']));
+		}
 	}

 	private function _insertZone($domainname, $serial = 0)
@@ -183,10 +194,8 @@ class pdns extends DnsBase
 			// AXFR server #100
 			if (count($this->_axfr) > 0) {
 				foreach ($this->_axfr as $axfrserver) {
-					if (validate_ip($axfrserver, true) !== false) {
-						$ins_data['value'] = $axfrserver;
-						$ins_stmt->execute($ins_data);
-					}
+					$ins_data['value'] = $axfrserver;
+					$ins_stmt->execute($ins_data);
 				}
 			}
 		}
--- a/scripts/jobs/cron_tasks.inc.http.10.apache.php
+++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php
--- a/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php
+++ b/scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php
@@ -23,7 +23,7 @@ class apache_fcgid extends apache
 	{
 		$php_options_text = '';

-		if($domain['phpenabled'] == '1')
+		if($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1')
 		{
 			$php = new phpinterface($domain);
 			$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);
--- a/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
+++ b/scripts/jobs/cron_tasks.inc.http.20.lighttpd.php
--- a/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php
+++ b/scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php
@@ -21,7 +21,7 @@ class lighttpd_fcgid extends lighttpd
 	{
 		$php_options_text = '';

-		if($domain['phpenabled'] == '1')
+		if($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1')
 		{
 			$php = new phpinterface($domain);
 			$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);
--- a/scripts/jobs/cron_tasks.inc.http.30.nginx.php
+++ b/scripts/jobs/cron_tasks.inc.http.30.nginx.php
--- a/scripts/jobs/cron_tasks.inc.http.35.nginx_phpfpm.php
+++ b/scripts/jobs/cron_tasks.inc.http.35.nginx_phpfpm.php
@@ -20,7 +20,7 @@ class nginx_phpfpm extends nginx
 	protected function composePhpOptions($domain, $ssl_vhost = false) {
 		$php_options_text = '';

-		if ($domain['phpenabled'] == '1') {
+		if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
 			$php = new phpinterface($domain);
 			$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);
 			
--- a/Show More
+++ b/Show More