set version to 0.9.38-rc2 for second release candidate

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

actions/admin/settings/100.panel.php

@@ -227,6 +227,31 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField',
 					),
+				'panel_customer_hide_options' => array(
+					'label' => $lng['serversettings']['panel_customer_hide_options'],
+					'settinggroup' => 'panel',
+					'varname' => 'customer_hide_options',
+					'type' => 'option',
+					'default' => '',
+					'option_mode' => 'multiple',
+					'option_emptyallowed' => true,
+					'option_options' => array(
+						'email'                       => $lng['menue']['email']['email'],
+						'mysql'                       => $lng['menue']['mysql']['mysql'],
+						'domains'                     => $lng['menue']['domains']['domains'],
+						'ftp'                         => $lng['menue']['ftp']['ftp'],
+						'extras'                      => $lng['menue']['extras']['extras'],
+						'extras.directoryprotection'  => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['directoryprotection'],
+						'extras.pathoptions'          => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['pathoptions'],
+						'extras.logger'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['logger']['logger'],
+						'extras.backup'               => $lng['menue']['extras']['extras']." / ".$lng['menue']['extras']['backup'],
+						'traffic'                     => $lng['menue']['traffic']['traffic'],
+						'traffic.http'                => $lng['menue']['traffic']['traffic']." / HTTP",
+						'traffic.ftp'                 => $lng['menue']['traffic']['traffic']." / FTP",
+						'traffic.mail'                => $lng['menue']['traffic']['traffic']." / Mail",
+					),
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),

actions/admin/settings/120.system.php

@@ -69,14 +69,6 @@ return array(
 					'save_method' => 'storeSettingHostname',
 					'plausibility_check_method' => 'checkHostname',
 					),
-				'system_froxlordirectlyviahostname' => array(
-					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
-					'settinggroup' => 'system',
-					'varname' => 'froxlordirectlyviahostname',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
 				'system_validatedomain' => array(
 					'label' => $lng['serversettings']['validate_domain'],
 					'settinggroup' => 'system',
@@ -160,6 +152,65 @@ return array(
 					'default' => 90,
 					'save_method' => 'storeSettingField',
 					),
+
+				'system_mail_use_smtp' => array(
+					'label' => $lng['serversettings']['mail_use_smtp'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_use_smtp',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_host' => array(
+					'label' => $lng['serversettings']['mail_smtp_host'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_host',
+					'type' => 'string',
+					'default' => 'localhost',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_port' => array(
+					'label' => $lng['serversettings']['mail_smtp_port'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_port',
+					'type' => 'int',
+					'int_min' => 1,
+					'int_max' => 65535,
+					'default' => 25,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_usetls' => array(
+					'label' => $lng['serversettings']['mail_smtp_usetls'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_usetls',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_auth' => array(
+					'label' => $lng['serversettings']['mail_smtp_auth'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_auth',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_user' => array(
+					'label' => $lng['serversettings']['mail_smtp_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_user',
+					'type' => 'string',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_passwd' => array(
+					'label' => $lng['serversettings']['mail_smtp_passwd'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_passwd',
+					'type' => 'hiddenString',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),

actions/admin/settings/122.froxlorvhost.php

@@ -0,0 +1,163 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Settings
+ *
+ */
+return array(
+	'groups' => array(
+		'froxlorvhost' => array(
+			'title' => $lng['admin']['froxlorvhost'],
+			'fields' => array(
+				/**
+				 * Webserver-Vhost
+				 */
+				'system_froxlordirectlyviahostname' => array(
+					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
+					'settinggroup' => 'system',
+					'varname' => 'froxlordirectlyviahostname',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				/**
+				 * SSL / Let's Encrypt
+				 */
+				'system_le_froxlor_enabled' => array(
+					'label' => $lng['serversettings']['le_froxlor_enabled'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_enabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingClearCertificates',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				'system_le_froxlor_redirect' => array(
+					'label' => $lng['serversettings']['le_froxlor_redirect'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_redirect',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				/**
+				 * FCGID
+				 */
+				'system_mod_fcgid_enabled_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpuser' => array(
+					'label' => $lng['admin']['mod_fcgid_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpgroup' => array(
+					'label' => $lng['admin']['mod_fcgid_group'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_defaultini_ownvhost',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				/**
+				 * php-fpm
+				 */
+				'system_phpfpm_enabled_ownvhost' => array(
+					'label' => $lng['phpfpm']['ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'enabled_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpuser' => array(
+					'label' => $lng['phpfpm']['vhost_httpuser'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpgroup' => array(
+					'label' => $lng['phpfpm']['vhost_httpgroup'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_defaultini',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				/**
+				 * DNS
+				 */
+				'system_dns_createhostnameentry' => array(
+					'label' => $lng['serversettings']['dns_createhostnameentry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createhostnameentry',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.bind_enable')
+				)
+			)
+		)
+	)
+);

actions/admin/settings/130.webserver.php

@@ -260,11 +260,7 @@ return array(
 					'varname' => 'enabled',
 					'type' => 'bool',
 					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				),
 				'customredirect_default' => array(
 					'label' => $lng['serversettings']['customredirect_default'],
@@ -274,11 +270,7 @@ return array(
 					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getRedirectCodes',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				)
 			)
 		)

actions/admin/settings/131.ssl.php

@@ -16,134 +16,171 @@
  * @package    Settings
  *
  */
-
 return array(
 	'groups' => array(
-			'ssl' => array(
-					'title' => $lng['admin']['sslsettings'],
-					'fields' => array(
-							'system_ssl_enabled' => array(
-									'label' => $lng['serversettings']['ssl']['use_ssl'],
-									'settinggroup' => 'system',
-									'varname' => 'use_ssl',
-									'type' => 'bool',
-									'default' => false,
-									'save_method' => 'storeSettingField',
-									'overview_option' => true
-							),
-							'system_ssl_cipher_list' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cipher_list',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_cert_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cert_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '/etc/apache2/apache2.pem',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_key_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_key_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_key_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '/etc/apache2/apache2.key',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_cert_chainfile' => array(
-									'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_cert_chainfile',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '',
-									'save_method' => 'storeSettingField',
-							),
-							'system_ssl_ca_file' => array(
-									'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
-									'settinggroup' => 'system',
-									'varname' => 'ssl_ca_file',
-									'type' => 'string',
-									'string_type' => 'file',
-									'string_emptyallowed' => true,
-									'default' => '',
-									'save_method' => 'storeSettingField',
-							),
-							'system_leenabled' => array(
-							        'label' => $lng['serversettings']['leenabled'],
-							        'settinggroup' => 'system',
-							        'varname' => 'leenabled',
-							        'type' => 'bool',
-							        'default' => false,
-							        'cronmodule' => 'froxlor/letsencrypt',
-							        'save_method' => 'storeSettingField'
-							),
-							'system_letsencryptca' => array(
-									'label' => $lng['serversettings']['letsencryptca'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptca',
-									'type' => 'option',
-									'default' => 'testing',
-									'option_mode' => 'one',
-									'option_options' => array('testing' => 'https://acme-staging.api.letsencrypt.org (Test)', 'production' => 'https://acme-v01.api.letsencrypt.org (Live)'),
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptcountrycode' => array(
-									'label' => $lng['serversettings']['letsencryptcountrycode'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptcountrycode',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'DE',
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptstate' => array(
-									'label' => $lng['serversettings']['letsencryptstate'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptstate',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => 'Hessen',
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptchallengepath' => array(
-									'label' => $lng['serversettings']['letsencryptchallengepath'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptchallengepath',
-									'type' => 'string',
-									'string_emptyallowed' => false,
-									'default' => FROXLOR_INSTALL_DIR,
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptkeysize' => array(
-									'label' => $lng['serversettings']['letsencryptkeysize'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptkeysize',
-									'type' => 'int',
-									'int_min' => 2048,
-									'default' => 4096,
-									'save_method' => 'storeSettingField',
-							),
-							'system_letsencryptreuseold' => array(
-									'label' => $lng['serversettings']['letsencryptreuseold'],
-									'settinggroup' => 'system',
-									'varname' => 'letsencryptreuseold',
-									'type' => 'bool',
-									'default' => false,
-									'save_method' => 'storeSettingField',
-							),
-					)
+		'ssl' => array(
+			'title' => $lng['admin']['sslsettings'],
+			'fields' => array(
+				'system_ssl_enabled' => array(
+					'label' => $lng['serversettings']['ssl']['use_ssl'],
+					'settinggroup' => 'system',
+					'varname' => 'use_ssl',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'overview_option' => true
+				),
+				'system_ssl_cipher_list' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cipher_list',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cert_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cert_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '/etc/apache2/apache2.pem',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_key_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_key_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_key_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '/etc/apache2/apache2.key',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_cert_chainfile' => array(
+					'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_cert_chainfile',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_ssl_ca_file' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_ca_file',
+					'type' => 'string',
+					'string_type' => 'file',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_leenabled' => array(
+					'label' => $lng['serversettings']['leenabled'],
+					'settinggroup' => 'system',
+					'varname' => 'leenabled',
+					'type' => 'bool',
+					'default' => false,
+					'cronmodule' => 'froxlor/letsencrypt',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptacmeconf' => array(
+					'label' => $lng['serversettings']['letsencryptacmeconf'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptacmeconf',
+					'type' => 'string',
+					'string_type' => 'file',
+					'default' => '/etc/apache2/conf-enabled/acme.conf',
+					'save_method' => 'storeSettingField',
+				),
+				'system_letsencryptca' => array(
+					'label' => $lng['serversettings']['letsencryptca'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptca',
+					'type' => 'option',
+					'default' => 'testing',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'testing' => 'https://acme-staging.api.letsencrypt.org (Test)',
+						'production' => 'https://acme-v01.api.letsencrypt.org (Live)'
+					),
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptcountrycode' => array(
+					'label' => $lng['serversettings']['letsencryptcountrycode'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptcountrycode',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'DE',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptstate' => array(
+					'label' => $lng['serversettings']['letsencryptstate'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptstate',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'Hessen',
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptchallengepath' => array(
+					'label' => $lng['serversettings']['letsencryptchallengepath'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptchallengepath',
+					'type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => FROXLOR_INSTALL_DIR,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptkeysize' => array(
+					'label' => $lng['serversettings']['letsencryptkeysize'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptkeysize',
+					'type' => 'int',
+					'int_min' => 2048,
+					'default' => 4096,
+					'save_method' => 'storeSettingField'
+				),
+				'system_letsencryptreuseold' => array(
+					'label' => $lng['serversettings']['letsencryptreuseold'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptreuseold',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'system_hsts_maxage' => array(
+					'label' => $lng['admin']['domain_hsts_maxage'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_maxage',
+					'type' => 'int',
+					'int_min' => 0,
+					'int_max' => 94608000, // 3-years
+					'default' => 0,
+					'save_method' => 'storeSettingField'
+				),
+				'system_hsts_incsub' => array(
+					'label' => $lng['admin']['domain_hsts_incsub'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_incsub',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				'system_hsts_preload' => array(
+					'label' => $lng['admin']['domain_hsts_preload'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_preload',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
 			)
 		)
-	);
+	)
+);

actions/admin/settings/135.fcgid.php

@@ -97,44 +97,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField',
 					),
-				'system_mod_fcgid_enabled_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpuser' => array(
-					'label' => $lng['admin']['mod_fcgid_user'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpgroup' => array(
-					'label' => $lng['admin']['mod_fcgid_group'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_defaultini_ownvhost',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
 				'system_mod_fcgid_idle_timeout' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'],
 					'settinggroup' => 'system',

actions/admin/settings/136.phpfpm.php

@@ -30,46 +30,12 @@ return array(
 					'plausibility_check_method' => 'checkFcgidPhpFpm',
 					'overview_option' => true
 					),
-				'system_phpfpm_enabled_ownvhost' => array(
-					'label' => $lng['phpfpm']['ownvhost'],
+				'system_phpfpm_defaultini' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
 					'settinggroup' => 'phpfpm',
-					'varname' => 'enabled_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_httpuser' => array(
-					'label' => $lng['phpfpm']['vhost_httpuser'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser'
-					),
-				'system_phpfpm_httpgroup' => array(
-					'label' => $lng['phpfpm']['vhost_httpgroup'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_defaultini' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'defaultini',
-					'type' => 'option',
-					'default' => '1',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_defaultini',
+					'varname' => 'defaultini',
 					'type' => 'option',
-					'default' => '2',
+					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField'

actions/admin/settings/160.nameserver.php

@@ -97,14 +97,6 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField',
 				),
-				'system_dns_createhostnameentry' => array(
-					'label' => $lng['serversettings']['dns_createhostnameentry'],
-					'settinggroup' => 'system',
-					'varname' => 'dns_createhostnameentry',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',
@@ -127,5 +119,3 @@ return array(
 			),
 		),
 	);
-
-?>

actions/admin/settings/210.security.php

@@ -63,6 +63,23 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
+					),
+				'system_allow_customer_shell' => array(
+					'label' => $lng['serversettings']['allow_allow_customer_shell'],
+					'settinggroup' => 'system',
+					'varname' => 'allow_customer_shell',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_available_shells' => array(
+					'label' => $lng['serversettings']['available_shells'],
+					'settinggroup' => 'system',
+					'varname' => 'available_shells',
+					'type' => 'string',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField',
 					)
 				)
 			)

admin_autoupdate.php

@@ -32,7 +32,7 @@ if (ini_get('allow_url_fopen') === false) {
 }
 
 // check for archive-stuff
-if (function_exists('gzopen') === false) {
+if (! extension_loaded('zip')) {
 	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2));
 }
 
@@ -85,7 +85,7 @@ if ($page == 'overview') {
 			}
 			elseif ($isnewerversion == 0) {
 				// all good
-			    standard_success ('noupdatesavail');
+				standard_success ('noupdatesavail');
 			} else {
 				standard_error ('customized_version');
 			}
@@ -122,7 +122,7 @@ elseif ($page == 'getdownload') {
 
 		// remove old archive
 		if (file_exists($localArchive)) {
-		    @unlink($localArchive);
+			@unlink($localArchive);
 		}
 
 		// store archive
@@ -137,15 +137,15 @@ elseif ($page == 'getdownload') {
 		// validate the integrity of the downloaded file
 		$_shouldsum = @file_get_contents($toCheck);
 		if (!empty($_shouldsum)) {
-		    $_t = explode(" ", $_shouldsum);
-		    $shouldsum = $_t[0];
+			$_t = explode(" ", $_shouldsum);
+			$shouldsum = $_t[0];
 		} else {
-		    $shouldsum = null;
+			$shouldsum = null;
 		}
 		$filesum = hash_file('sha256', $localArchive);
 
 		if ($filesum != $shouldsum) {
-		    redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9));
+			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9));
 		}
 
 		// to the next step
@@ -166,8 +166,8 @@ elseif ($page == 'extract') {
 		$zip = new ZipArchive;
 		$res = $zip->open($localArchive);
 		if ($res === true) {
-		    $log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".dirname(FROXLOR_INSTALL_DIR));
-			$zip->extractTo(dirname(FROXLOR_INSTALL_DIR));
+			$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".FROXLOR_INSTALL_DIR);
+			$zip->extractTo(FROXLOR_INSTALL_DIR);
 			$zip->close();
 			// success - remove unused archive
 			@unlink($localArchive);

admin_customers.php

@@ -84,6 +84,15 @@ if ($page == 'customers'
 				$domains = $domains_stmt->fetch(PDO::FETCH_ASSOC);
 				$row['domains'] = intval($domains['domains']);
 				$dec_places = Settings::Get('panel.decimal_places');
+
+				// get disk-space usages for web, mysql and mail
+				$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+				$usages = Database::pexecute_first($usages_stmt, array('cid' => $row['customerid']));
+
+				$row['webspace_used'] = round($usages['webspace'] / 1024, $dec_places);
+				$row['mailspace_used'] = round($usages['mail'] / 1024, $dec_places);
+				$row['dbspace_used'] = round($usages['mysql'] / 1024, $dec_places);
+
 				$row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $dec_places);
 				$row['traffic'] = round($row['traffic'] / (1024 * 1024), $dec_places);
 				$row['diskspace_used'] = round($row['diskspace_used'] / 1024, $dec_places);
@@ -869,7 +878,7 @@ if ($page == 'customers'
 						}
 						// check froxlor-local user membership in ftp-group
 						// without this check addition may duplicate user in list if httpuser == local_user
-						if (strpos($ins_data['members'], $local_user) !== false) {
+						if (strpos($ins_data['members'], $local_user) == false) {
 							$ins_data['members'] .= ','.$local_user;
 						}
 					}

admin_domains.php

@@ -166,7 +166,7 @@ if ($page == 'domains' || $page == 'overview') {
 
 				$subresult_stmt = Database::prepare("
 					SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "`
-					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ") AND `isemaildomain` = '1'");
+					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ")");
 				Database::pexecute($subresult_stmt, array(
 					'id' => $id
 				));
@@ -189,13 +189,26 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain/s from mail-tables");
 				}
 
+				// if mainbutsubto-domains are not to be deleted, re-assign the (ismainbutsubto value of the main
+				// domain which is being deleted) as their new ismainbutsubto value
+				if ($remove_subbutmain_domains !== 1) {
+					$upd_stmt = Database::prepare("
+						UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
+						`ismainbutsubto` = :newIsMainButSubtoValue
+						WHERE `ismainbutsubto` = :deletedMainDomainId
+						");
+					Database::pexecute($upd_stmt, array(
+						'newIsMainButSubtoValue' => $result['ismainbutsubto'],
+						'deletedMainDomainId' => $id,
+					));
+				}
+
 				$del_stmt = Database::prepare("
 					DELETE FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `id` = :id OR `parentdomainid` = :id " . $rsd_sql);
 				Database::pexecute($del_stmt, array(
 					'id' => $id
 				));
-				$deleted_domains = $del_stmt->rowCount();
 
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
@@ -380,6 +393,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}
 
 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
@@ -387,6 +403,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}
 
 				if ($userinfo['change_serversettings'] == '1') {
 
@@ -565,12 +584,23 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
+						// HSTS
+						$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+						$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+						$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
@@ -578,6 +608,11 @@ if ($page == 'domains' || $page == 'overview') {
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
 				}
 
 				// We can't enable let's encrypt for wildcard - domains
@@ -741,7 +776,10 @@ if ($page == 'domains' || $page == 'overview') {
 						'registration_date' => $registration_date,
 						'termination_date' => $termination_date,
 						'issubof' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'hsts_maxage' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload
 					);
 
 					$security_questions = array(
@@ -789,7 +827,10 @@ if ($page == 'domains' || $page == 'overview') {
 						'mod_fcgid_starter' => $mod_fcgid_starter,
 						'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 						'ismainbutsubto' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'hsts' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload
 					);
 
 					$ins_stmt = Database::prepare("
@@ -817,12 +858,15 @@ if ($page == 'domains' || $page == 'overview') {
 						`ssl_redirect` = :ssl_redirect,
 						`add_date` = :add_date,
 						`registration_date` = :registration_date,
-                                                `termination_date` = :termination_date,
+						`termination_date` = :termination_date,
 						`phpsettingid` = :phpsettingid,
 						`mod_fcgid_starter` = :mod_fcgid_starter,
 						`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
 						`ismainbutsubto` = :ismainbutsubto,
-						`letsencrypt` = :letsencrypt
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload
 					");
 					Database::pexecute($ins_stmt, $ins_data);
 					$domainid = Database::lastInsertId();
@@ -1037,8 +1081,12 @@ if ($page == 'domains' || $page == 'overview') {
 	} elseif ($action == 'edit' && $id != 0) {
 
 		$result_stmt = Database::prepare("
-			SELECT `d`.*, `c`.`customerid` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
-			WHERE `d`.`parentdomainid` = '0' AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid"));
+			SELECT `d`.*, `c`.`customerid`
+			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+			LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
+			WHERE `d`.`parentdomainid` = '0'
+			AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid")
+		);
 		$params = array(
 			'id' => $id
 		);
@@ -1183,7 +1231,7 @@ if ($page == 'domains' || $page == 'overview') {
 					$adminid = $result['adminid'];
 				}
 
-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;
 				$issubof = intval($_POST['issubof']);
 				$subcanemaildomain = intval($_POST['subcanemaildomain']);
 				$caneditdomain = isset($_POST['caneditdomain']) ? intval($_POST['caneditdomain']) : 0;
@@ -1193,12 +1241,18 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}
 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
 					'0000-00-00',
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}
 
 				$isemaildomain = 0;
 				if (isset($_POST['isemaildomain'])) {
@@ -1348,6 +1402,11 @@ if ($page == 'domains' || $page == 'overview') {
 						$letsencrypt = (int) $_POST['letsencrypt'];
 					}
 
+					// HSTS
+					$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+					$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+					$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 					$ssl_ipandports = array();
 					if (isset($_POST['ssl_ipandport']) && ! is_array($_POST['ssl_ipandport'])) {
 						$_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']);
@@ -1373,12 +1432,18 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
@@ -1386,6 +1451,11 @@ if ($page == 'domains' || $page == 'overview') {
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
 				}
 
 				// We can't enable let's encrypt for wildcard domains
@@ -1523,7 +1593,10 @@ if ($page == 'domains' || $page == 'overview') {
 					'speciallogverified' => $speciallogverified,
 					'ipandport' => serialize($ipandports),
 					'ssl_ipandport' => serialize($ssl_ipandports),
-					'letsencrypt' => $letsencrypt
+					'letsencrypt' => $letsencrypt,
+					'hsts_maxage' => $hsts_maxage,
+					'hsts_sub' => $hsts_sub,
+					'hsts_preload' => $hsts_preload
 				);
 
 				$security_questions = array(
@@ -1542,7 +1615,7 @@ if ($page == 'domains' || $page == 'overview') {
 				$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';
 				$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';
 
-				if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt']) {
+				if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload']) {
 					inserttask('1');
 				}
 
@@ -1571,6 +1644,16 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain #" . $id . " from mail-tables");
 				}
 
+				// check whether LE has been disabled, so we remove the certificate
+				if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+					$del_stmt = Database::prepare("
+						DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+					");
+					Database::pexecute($del_stmt, array(
+						'id' => $id
+					));
+				}
+
 				$updatechildren = '';
 
 				if ($subcanemaildomain == '0' && $result['subcanemaildomain'] != '0') {
@@ -1683,6 +1766,9 @@ if ($page == 'domains' || $page == 'overview') {
 				$update_data['termination_date'] = $termination_date;
 				$update_data['ismainbutsubto'] = $issubof;
 				$update_data['letsencrypt'] = $letsencrypt;
+				$update_data['hsts'] = $hsts_maxage;
+				$update_data['hsts_sub'] = $hsts_sub;
+				$update_data['hsts_preload'] = $hsts_preload;
 				$update_data['id'] = $id;
 
 				$update_stmt = Database::prepare("
@@ -1710,7 +1796,10 @@ if ($page == 'domains' || $page == 'overview') {
 					`registration_date` = :registration_date,
 					`termination_date` = :termination_date,
 					`ismainbutsubto` = :ismainbutsubto,
-					`letsencrypt` = :letsencrypt
+					`letsencrypt` = :letsencrypt,
+					`hsts` = :hsts,
+					`hsts_sub` = :hsts_sub,
+					`hsts_preload` = :hsts_preload
 					WHERE `id` = :id
 				");
 				Database::pexecute($update_stmt, $update_data);
@@ -2086,6 +2175,11 @@ if ($page == 'domains' || $page == 'overview') {
 } elseif ($page == 'domaindnseditor' && Settings::Get('system.dnsenabled') == '1') {
 
 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }
 
 function formatDomainEntry(&$row, &$idna_convert)

admin_index.php

@@ -144,6 +144,15 @@ if ($page == 'overview') {
 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();
 
+	$system_hostname = gethostname();
+	$meminfo= explode("\n", @file_get_contents("/proc/meminfo"));
+	$memory = "";
+	for ($i = 0; $i < sizeof($meminfo); ++$i) {
+		if (substr($meminfo[$i], 0, 3) === "Mem") {
+			$memory.= $meminfo[$i] . PHP_EOL;
+		}
+	}
+
 	if (function_exists('sys_getloadavg')) {
 		$loadArray = sys_getloadavg();
 		$load = number_format($loadArray[0], 2, '.', '') . " / " . number_format($loadArray[1], 2, '.', '') . " / " . number_format($loadArray[2], 2, '.', '');
@@ -360,7 +369,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = nl2br($mail_body);
 

admin_ipsandports.php

@@ -33,6 +33,7 @@ if ($page == 'ipsandports'
 	$websrv = Settings::Get('system.webserver');
 	$is_nginx = ($websrv == 'nginx');
 	$is_apache = ($websrv == 'apache2');
+	$is_apache24 = $is_apache && (Settings::Get('system.apache24') === '1');
 
 	if ($action == '') {
 

customer_domains.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -36,7 +41,7 @@ if ($page == 'overview') {
 			'd.domain' => $lng['domains']['domainname']
 		);
 		$paging = new paging($userinfo, TABLE_PANEL_DOMAINS, $fields);
-		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+		$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isbinddomain`, `d`.`isemaildomain`, `d`.`caneditdomain`, `d`.`iswildcarddomain`, `d`.`parentdomainid`, `d`.`letsencrypt`, `d`.`termination_date`, `ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`, `da`.`id` AS `domainaliasid`, `da`.`domain` AS `domainalias` FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `ad` ON `d`.`aliasdomain`=`ad`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			WHERE `d`.`customerid`= :customerid
@@ -260,7 +265,7 @@ if ($page == 'overview') {
 				}
 
 				$subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
-				$domain = $idna_convert->encode($_POST['domain']);
+				$domain = $_POST['domain'];
 				$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain` = :domain
 					AND `customerid` = :customerid
@@ -272,6 +277,13 @@ if ($page == 'overview') {
 
 				$completedomain = $subdomain . '.' . $domain;
 
+				if (Settings::Get('system.validate_domain') && ! validateDomain($completedomain)) {
+					standard_error(array(
+						'stringiswrong',
+						'mydomain'
+					));
+				}
+
 				if ($completedomain == Settings::Get('system.hostname')) {
 					standard_error('admin_domain_emailsystemhostname');
 				}
@@ -307,14 +319,14 @@ if ($page == 'overview') {
 					triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 				}
 
-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}
 
-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -362,6 +374,11 @@ if ($page == 'overview') {
 					$ssl_redirect = 2;
 				}
 
+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} elseif ($subdomain == '') {
@@ -404,7 +421,10 @@ if ($page == 'overview') {
 						`specialsettings` = :specialsettings,
 						`ssl_redirect` = :ssl_redirect,
 						`phpsettingid` = :phpsettingid,
-						`letsencrypt` = :letsencrypt"
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -421,7 +441,10 @@ if ($page == 'overview') {
 						"specialsettings" => $domain_check['specialsettings'],
 						"ssl_redirect" => $ssl_redirect,
 						"phpsettingid" => $phpsid_result['phpsettingid'],
-						"letsencrypt" => $letsencrypt
+						"letsencrypt" => $letsencrypt,
+						"hsts" => $hsts_maxage,
+						"hsts_sub" => $hsts_sub,
+						"hsts_preload" => $hsts_preload
 					);
 					Database::pexecute($stmt, $params);
 
@@ -515,8 +538,7 @@ if ($page == 'overview') {
 		}
 	} elseif ($action == 'edit' && $id != 0) {
 
-		$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`isbinddomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
-			`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `d`.`letsencrypt`, `pd`.`subcanemaildomain`
+		$stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
 			WHERE `d`.`customerid` = :customerid
 			AND `d`.`id` = :id
@@ -534,14 +556,14 @@ if ($page == 'overview') {
 
 		if (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}
 
-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -556,7 +578,7 @@ if ($page == 'overview') {
 					$_doredirect = true;
 				}
 
-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;
 
 				if (isset($_POST['selectserveralias'])) {
 					$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
@@ -622,7 +644,7 @@ if ($page == 'overview') {
 
 				// We can't enable let's encrypt for wildcard - domains
 				if ($iswildcarddomain == '1' && $letsencrypt == '1') {
-				    standard_error('nowildcardwithletsencrypt');
+					standard_error('nowildcardwithletsencrypt');
 				}
 
 				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
@@ -630,6 +652,11 @@ if ($page == 'overview') {
 					$ssl_redirect = 2;
 				}
 
+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} else {
@@ -654,7 +681,11 @@ if ($page == 'overview') {
 						|| $aliasdomain != $result['aliasdomain']
 						|| $openbasedir_path != $result['openbasedir_path']
 						|| $ssl_redirect != $result['ssl_redirect']
-						|| $letsencrypt != $result['letsencrypt']) {
+						|| $letsencrypt != $result['letsencrypt']
+						|| $hsts_maxage != $result['hsts']
+						|| $hsts_sub != $result['hsts_sub']
+						|| $hsts_preload != $result['hsts_preload']
+					) {
 						$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");
 
 						$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
@@ -665,7 +696,10 @@ if ($page == 'overview') {
 							`aliasdomain`= :aliasdomain,
 							`openbasedir_path`= :openbasedir_path,
 							`ssl_redirect`= :ssl_redirect,
-							`letsencrypt`= :letsencrypt
+							`letsencrypt`= :letsencrypt,
+							`hsts` = :hsts,
+							`hsts_sub` = :hsts_sub,
+							`hsts_preload` = :hsts_preload
 							WHERE `customerid`= :customerid
 							AND `id`= :id"
 						);
@@ -678,6 +712,9 @@ if ($page == 'overview') {
 							"openbasedir_path" => $openbasedir_path,
 							"ssl_redirect" => $ssl_redirect,
 							"letsencrypt" => $letsencrypt,
+							"hsts" => $hsts_maxage,
+							"hsts_sub" => $hsts_sub,
+							"hsts_preload" => $hsts_preload,
 							"customerid" => $userinfo['customerid'],
 							"id" => $id
 						);
@@ -687,11 +724,20 @@ if ($page == 'overview') {
 							// trigger when domain id for alias destination has changed: both for old and new destination
 							triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
 							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
-						} else
-							if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
-								// or when wwwserveralias or letsencrypt was changed
-								triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
-							}
+						} elseif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+							// or when wwwserveralias or letsencrypt was changed
+							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
+						}
+
+						// check whether LE has been disabled, so we remove the certificate
+						if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+							$del_stmt = Database::prepare("
+								DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+							");
+							Database::pexecute($del_stmt, array(
+								'id' => $id
+							));
+						}
 
 						inserttask('1');
 
@@ -718,7 +764,7 @@ if ($page == 'overview') {
 					AND `dip`.`id_ipandports`
 					IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."`
 						WHERE `id_domain` = :id)
-					GROUP BY `d`.`domain`
+					GROUP BY `d`.`id`, `d`.`domain`
 					ORDER BY `d`.`domain` ASC"
 				);
 				Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid']));
@@ -727,7 +773,7 @@ if ($page == 'overview') {
 					$domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']);
 				}
 
-				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) {
+				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($result['documentroot'])) {
 					if (Settings::Get('panel.pathedit') == 'Dropdown') {
 						$urlvalue = $result['documentroot'];
 						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -923,4 +969,9 @@ if ($page == 'overview') {
 } elseif ($page == 'domaindnseditor' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1') {
 
 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }

customer_email.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','email')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -200,7 +205,8 @@ if ($page == 'overview') {
 		if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$email_part = $_POST['email_part'];
-				$domain = $idna_convert->encode(validate($_POST['domain'], 'domain'));
+				// domain does not need idna encoding as the value of the select-box is already Punycode
+				$domain = validate($_POST['domain'], 'domain');
 				$stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain`= :domain
 					AND `customerid`= :customerid

customer_extras.php

@@ -19,6 +19,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
 } elseif (isset($_GET['id'])) {
@@ -29,6 +34,12 @@ if ($page == 'overview') {
 	$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras");
 	eval("echo \"" . getTemplate("extras/extras") . "\";");
 } elseif ($page == 'htpasswds') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.directoryprotection')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htpasswds");
 		$fields = array(
@@ -262,6 +273,12 @@ if ($page == 'overview') {
 		}
 	}
 } elseif ($page == 'htaccess') {
+
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.pathoptions')) {
+		redirectTo('customer_index.php');
+	}
+
 	if ($action == '') {
 		$log->logAction(USR_ACTION, LOG_NOTICE, "viewed customer_extras::htaccess");
 		$fields = array(
@@ -520,6 +537,11 @@ if ($page == 'overview') {
 	}
 } elseif ($page == 'backup') {
 
+	// redirect if this customer sub-page is hidden via settings
+	if (Settings::IsInList('panel.customer_hide_options','extras.backup')) {
+		redirectTo('customer_index.php');
+	}
+
 	if (Settings::Get('system.backupenabled') == 1)
 	{
 		if ($action == 'abort' && isset($_POST['send']) && $_POST['send'] == 'send') {

customer_ftp.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','ftp')) {
+	redirectTo('customer_index.php');
+}
+
 $id = 0;
 if (isset($_POST['id'])) {
 	$id = intval($_POST['id']);
@@ -40,7 +45,7 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_FTP_USERS, $fields);
 
-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
@@ -153,6 +158,10 @@ if ($page == 'overview') {
 				$path = validate($_POST['path'], 'path');
 				$password = validate($_POST['ftp_password'], 'password');
 				$password = validatePassword($password);
+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}
 
 				$sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0;
 				if ($sendinfomail != 1) {
@@ -200,8 +209,8 @@ if ($page == 'overview') {
 					$cryptPassword = makeCryptPassword($password);
 
 					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
-						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
-						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid)"
+						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`)
+						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid, :shell)"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -209,7 +218,8 @@ if ($page == 'overview') {
 						"description" => $description,
 						"password" => $cryptPassword,
 						"homedir" => $path,
-						"guid" => $userinfo['guid']
+						"guid" => $userinfo['guid'],
+						"shell" => $shell
 					);
 					Database::pexecute($stmt, $params);
 
@@ -329,6 +339,18 @@ if ($page == 'overview') {
 					}
 				}
 
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", "/bin/false");
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, "/bin/false");
+						}
+					}
+				}
+
 				//$sendinfomail = makeyesno('sendinfomail', '1', '0', '0');
 
 				$ftp_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_add.php';
@@ -341,7 +363,7 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -353,6 +375,11 @@ if ($page == 'overview') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');
 
+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}
+
 				$_setnewpass = false;
 				if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
 					$password = validate($_POST['ftp_password'], 'password');
@@ -406,11 +433,11 @@ if ($page == 'overview') {
 				$log->logAction(USR_ACTION, LOG_INFO, "edited ftp-account '" . $result['username'] . "'");
 				$description = validate($_POST['ftp_description'], 'description');
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
-					SET `description` = :desc
+					SET `description` = :desc, `shell` = :shell
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
-				Database::pexecute($stmt, array("desc" => $description, "customerid" => $userinfo['customerid'], "id" => $id));
+				Database::pexecute($stmt, array("desc" => $description, "shell" => $shell, "customerid" => $userinfo['customerid'], "id" => $id));
 
 				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
@@ -436,6 +463,18 @@ if ($page == 'overview') {
 					}
 				}
 
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", $result['shell']);
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, $result['shell']);
+						}
+					}
+				}
+
 				$ftp_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_edit.php';
 				$ftp_edit_form = htmlform::genHTMLForm($ftp_edit_data);
 

customer_index.php

@@ -78,8 +78,15 @@ if ($page == 'overview') {
 	$yesterday = time() - (60 * 60 * 24);
 	$month = date('M Y', $yesterday);
 
+	// get disk-space usages for web, mysql and mail
+	$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+	$usages = Database::pexecute_first($usages_stmt, array('cid' => $userinfo['customerid']));
+
 	$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['diskspace_used'] = round($usages['webspace'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['mailspace_used'] = round($usages['mail'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['dbspace_used'] = round($usages['mysql'] / 1024, Settings::Get('panel.decimal_places'));
+
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');
@@ -267,7 +274,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = str_replace("\n", "<br />", $mail_body);
 

customer_logger.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','extras.logger')) {
+	redirectTo('customer_index.php');
+}
+
 if ($page == 'log'
 ) {
 	if ($action == '') {

customer_mysql.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','mysql')) {
+	redirectTo('customer_index.php');
+}
+
 // get sql-root access data
 Database::needRoot(true);
 Database::needSqlData();

customer_tickets.php

@@ -20,6 +20,11 @@
 define('AREA', 'customer');
 require './lib/init.php';
 
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','domains')) {
+	redirectTo('customer_index.php');
+}
+
 if (isset($_POST['id'])) {
 
 	$id = intval($_POST['id']);
@@ -327,7 +332,7 @@ if ($page == 'overview') {
 
 				$subject = $subticket->Get('subject');
 				$message = $subticket->Get('message');
-				
+
 				$row2 = htmlentities_array($row2);
 				eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_list") . "\";");
 			}

customer_traffic.php

@@ -20,6 +20,12 @@
 define('AREA', 'customer');
 $intrafficpage = 1;
 require './lib/init.php';
+
+// redirect if this customer page is hidden via settings
+if (Settings::IsInList('panel.customer_hide_options','traffic')) {
+	redirectTo('customer_index.php');
+}
+
 $traffic = '';
 $month = null;
 $year = null;
@@ -109,8 +115,7 @@ if (!is_null($month) && !is_null($year)) {
 	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
 		FROM `" . TABLE_PANEL_TRAFFIC . "`
 		WHERE `customerid` = :customerid
-		GROUP BY CONCAT(`year`,`month`)
-		ORDER BY CONCAT(`year`,`month`) DESC
+		GROUP BY `year` DESC, `month` DESC
 		LIMIT 12"
 	);
 	Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));

install/froxlor.sql

@@ -66,7 +66,7 @@ CREATE TABLE `mail_virtual` (
   `id` int(11) NOT NULL auto_increment,
   `email` varchar(255) NOT NULL default '',
   `email_full` varchar(255) NOT NULL default '',
-  `destination` text NOT NULL,
+  `destination` text NOT NULL default '',
   `domainid` int(11) NOT NULL default '0',
   `customerid` int(11) NOT NULL default '0',
   `popaccountid` int(11) NOT NULL default '0',
@@ -245,8 +245,8 @@ CREATE TABLE `panel_domains` (
   `deactivated` tinyint(1) NOT NULL default '0',
   `bindserial` varchar(10) NOT NULL default '2000010100',
   `add_date` int( 11 ) NOT NULL default '0',
-  `registration_date` date NOT NULL,
-  `termination_date` date NOT NULL,
+  `registration_date` date DEFAULT NULL,
+  `termination_date` date DEFAULT NULL,
   `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',
   `mod_fcgid_starter` int(4) default '-1',
   `mod_fcgid_maxrequests` int(4) default '-1',
@@ -254,7 +254,7 @@ CREATE TABLE `panel_domains` (
   `letsencrypt` tinyint(1) NOT NULL default '0',
   `hsts` varchar(10) NOT NULL default '0',
   `hsts_sub` tinyint(1) NOT NULL default '0',
-  `hsts_preload` tinyint(1) NOT NULL default '1',
+  `hsts_preload` tinyint(1) NOT NULL default '0',
   PRIMARY KEY  (`id`),
   KEY `customerid` (`customerid`),
   KEY `parentdomain` (`parentdomainid`),
@@ -521,7 +521,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'lepublickey', 'unset'),
 	('system', 'letsencryptca', 'production'),
 	('system', 'letsencryptcountrycode', 'DE'),
-	('system', 'letsencryptstate', 'Germany'),
+	('system', 'letsencryptstate', 'Hessen'),
 	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
 	('system', 'letsencryptkeysize', '4096'),
 	('system', 'letsencryptreuseold', 0),
@@ -530,6 +530,21 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'dnsenabled', '0'),
 	('system', 'dns_server', 'bind'),
 	('system', 'apacheglobaldiropt', ''),
+	('system', 'allow_customer_shell', '0'),
+	('system', 'available_shells', ''),
+	('system', 'le_froxlor_enabled', '0'),
+	('system', 'le_froxlor_redirect', '0'),
+	('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),
+	('system', 'mail_use_smtp', '0'),
+	('system', 'mail_smtp_host', 'localhost'),
+	('system', 'mail_smtp_port', '25'),
+	('system', 'mail_smtp_usetls', '1'),
+	('system', 'mail_smtp_auth', '1'),
+	('system', 'mail_smtp_user', ''),
+	('system', 'mail_smtp_passwd', ''),
+	('system', 'hsts_maxage', '0'),
+	('system', 'hsts_sub', '0'),
+	('system', 'hsts_preload', '0'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -560,8 +575,9 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.37-rc1'),
-	('panel', 'db_version', '201607140');
+	('panel', 'customer_hide_options', ''),
+	('panel', 'version', '0.9.38-rc2'),
+	('panel', 'db_version', '201610070');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;

install/lib/class.FroxlorInstall.php

@@ -996,6 +996,15 @@ class FroxlorInstall
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}
 
+		// check for zip extension
+		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpzip']);
+
+		if (! extension_loaded('zip')) {
+			$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['zipdescription']);
+		} else {
+			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+		}
+
 		// check for open_basedir
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['openbasedir']);
 		$php_ob = @ini_get("open_basedir");

install/lng/english.lng.php

@@ -34,7 +34,9 @@ $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
 $lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-extension...';
+$lng['requirements']['phpzip'] = 'PHP zip-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
+$lng['requirements']['zipdescription'] = 'The auto-update feature requires the zip extension.';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';

install/lng/german.lng.php

@@ -34,7 +34,9 @@ $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
 $lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-Erweiterung...';
+$lng['requirements']['phpzip'] = 'PHP zip-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
+$lng['requirements']['zipdescription'] = 'Die Auto-Update Funktion benötigt die zip Erweiterung.';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -3397,8 +3397,119 @@ if (isDatabaseVersion('201606190')) {
 
 if (isFroxlorVersion('0.9.36')) {
 
-	showUpdateStep("Updating from 0.9.36 to 0.9.37-rc1");
-	lastStepStatus(0);
-
+	showUpdateStep("Updating from 0.9.36 to 0.9.37-rc1", false);
 	updateToVersion('0.9.37-rc1');
 }
+
+if (isDatabaseVersion('201607140')) {
+
+	showUpdateStep("Adding new setting to hide certain options in customer panel");
+	Settings::AddNew("panel.customer_hide_options", "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201607210');
+}
+
+if (isFroxlorVersion('0.9.37-rc1')) {
+
+	showUpdateStep("Updating from 0.9.37-rc1 to 0.9.37 final", false);
+	updateToVersion('0.9.37');
+}
+
+if (isDatabaseVersion('201607210')) {
+
+	showUpdateStep("Adding new settings for customer shell option");
+	Settings::AddNew("system.allow_customer_shell", "0");
+	Settings::AddNew("system.available_shells", "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201608260');
+}
+
+if (isDatabaseVersion('201608260')) {
+
+	showUpdateStep("Adding new settings to use Let's Encrypt for froxlor");
+	Settings::AddNew("system.le_froxlor_enabled", "0");
+	Settings::AddNew("system.le_froxlor_redirect", "0");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609050');
+}
+
+if (isDatabaseVersion('201609050')) {
+
+	showUpdateStep("Adding new settings for acme.conf (Let's Encrypt)");
+	// get user-chosen value
+	$websrv_default = "/etc/apache2/conf-enabled/acme.conf";
+	if (Settings::Get('system.webserver') == 'nginx') {
+		$websrv_default = "/etc/nginx/acme.conf";
+	}
+	$acmeconffile = isset($_POST['acmeconffile']) ? $_POST['acmeconffile'] : $websrv_default;
+	$acmeconffile = makeCorrectFile($acmeconffile);
+	Settings::AddNew("system.letsencryptacmeconf", $acmeconffile);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609120');
+}
+
+if (isDatabaseVersion('201609120')) {
+
+	showUpdateStep("Adding new SMTP settings for emails sent by froxlor");
+	// get user-chosen value
+	$smtp_enable = isset($_POST['smtp_enable']) ? (int) $_POST['smtp_enable'] : 0;
+	$smtp_host = isset($_POST['smtp_host']) ? $_POST['smtp_host'] : "localhost";
+	$smtp_port = isset($_POST['smtp_port']) ? (int)$_POST['smtp_port'] : 25;
+	$smtp_usetls = isset($_POST['smtp_usetls']) ? (int) $_POST['smtp_usetls'] : 1;
+	$smtp_useauth = isset($_POST['smtp_auth']) ? (int) $_POST['smtp_auth'] : 1;
+	$smtp_user = isset($_POST['smtp_user']) ? $_POST['smtp_user'] : "";
+	$smtp_passwd = isset($_POST['smtp_passwd']) ? $_POST['smtp_passwd'] : "";
+
+	Settings::AddNew("system.mail_use_smtp", $smtp_enable);
+	Settings::AddNew("system.mail_smtp_host", $smtp_host);
+	Settings::AddNew("system.mail_smtp_port", $smtp_port);
+	Settings::AddNew("system.mail_smtp_usetls", $smtp_usetls);
+	Settings::AddNew("system.mail_smtp_auth", $smtp_useauth);
+	Settings::AddNew("system.mail_smtp_user", $smtp_user);
+	Settings::AddNew("system.mail_smtp_passwd", $smtp_passwd);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609200');
+}
+
+if (isDatabaseVersion('201609200')) {
+
+	showUpdateStep("Changing tables to be more mysql strict-mode compatible");
+	Database::query("ALTER TABLE `".TABLE_MAIL_VIRTUAL."` CHANGE `destination` `destination` TEXT NOT NULL DEFAULT '';");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `registration_date` `registration_date` DATE NULL DEFAULT NULL;");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `termination_date` `termination_date` DATE NULL DEFAULT NULL;");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609240');
+}
+
+if (isDatabaseVersion('201609240')) {
+
+	showUpdateStep("Add HSTS settings for froxlor-vhost");
+	Settings::AddNew("system.hsts_maxage", 0);
+	Settings::AddNew("system.hsts_incsub", 0);
+	Settings::AddNew("system.hsts_preload", 0);
+	lastStepStatus(0);
+
+	showUpdateStep("Settings HSTS default values for all domains (deactivated)");
+	Database::query("UPDATE `".TABLE_PANEL_DOMAINS."` SET `hsts_sub` = '0', `hsts_preload` = '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201610070');
+}
+
+if (isFroxlorVersion('0.9.37')) {
+
+	showUpdateStep("Updating from 0.9.37 to 0.9.38-rc1", false);
+	updateToVersion('0.9.38-rc1');
+}
+
+if (isFroxlorVersion('0.9.38-rc1')) {
+
+	showUpdateStep("Updating from 0.9.38-rc1 to 0.9.38-rc2", false);
+	updateToVersion('0.9.38-rc2');
+}

install/updates/preconfig/0.9/preconfig_0.9.inc.php

@@ -679,4 +679,34 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 		$question .= $dnsdaemons . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201609120')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'You can now customize the path to your acme.conf file (global alias for Let\'s Encrypt). If you already set up Let\'s Encrypt and the acme.conf file, please set this to the complete path to the file!<br /><br />';
+			$question = '<strong>Path to the acme.conf alias-file.</strong><br />';
+			$question .= '<input type="text" class="text" name="acmeconffile" value="/etc/apache2/conf-enabled/acme.conf" /><br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if (versionInUpdate($current_db_version, '201609200')) {
+		$has_preconfig = true;
+		$description = 'Specify SMTP settings which froxlor should use to send mail (optional)<br /><br />';
+		$question = '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= makeyesno('smtp_enable', '1', '0', '0') . '<br />';
+		$question .= '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_host" value="localhost" /><br />';
+		$question .= '<strong>TCP port to connect to?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_port" value="25" /><br />';
+		$question .= '<strong>Enable TLS encryption?</strong><br />';
+		$question .= makeyesno('smtp_usetls', '1', '0', '1') . '<br />';
+		$question .= '<strong>Enable SMTP authentication?</strong><br />';
+		$question .= makeyesno('smtp_auth', '1', '0', '1') . '<br />';
+		$question .= '<strong>SMTP user?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_user" value="" /><br />';
+		$question .= '<strong>SMTP password?</strong><br />';
+		$question .= '<input type="password" class="text" name="smtp_passwd" value="" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
 }

lib/classes/config/class.ConfigDaemon.php

@@ -71,7 +71,7 @@ class ConfigDaemon {
 	 * @var string
 	 */
 	public $title;
-	
+
 	/**
 	 * Whether this is the default daemon of the service-category
 	 * @var boolean
@@ -321,7 +321,7 @@ class ConfigDaemon {
 		if (array_key_exists('chown', $attributes)) {
 			$return[] = array('type' => 'command', 'content' => 'chown ' . $attributes['chown'] . ' "' . $this->_parseContent($attributes['name']) . '"', 'execute' => "post");
 		}
-		
+
 		// If we have more than 1 element, we want to group this stuff for easier processing later
 		if (count($return) > 1) {
 			$return = array('type' => 'file', 'subcommands' => $return, 'name' => $this->_parseContent($attributes['name']));
@@ -399,10 +399,11 @@ class ConfigDaemon {
 			case "false": if ($order == true) { $return = -1; }; break;
 			case "true": if ($order == false) { $return = -1; }; break;
 			case "notempty": if ($order == "") { $return = -1; }; break;
-			case "userexists": if (posix_getpwnam($order) === false) { $return = -1; }; break;
-			case "groupexists": if (posix_getgrnam($order) === false) { $return = -1; }; break;
-			case "usernotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
-			case "groupnotexists": if (is_array(posix_getgrnam($order))) { $return = -1; }; break;
+			case "userexists": if (posix_getpwuid($order) === false) { $return = -1; }; break;
+			case "groupexists": if (posix_getgrgid($order) === false) { $return = -1; }; break;
+			case "usernotexists": if (is_array(posix_getpwuid($order))) { $return = -1; }; break;
+			case "groupnotexists": if (is_array(posix_getgrgid($order))) { $return = -1; }; break;
+			case "usernamenotexists": if (is_array(posix_getpwnam($order))) { $return = -1; }; break;
 			case "equals": $return = (isset($attributes['value']) && $attributes['value'] == $order ? 0 : -1); break;
 		}
 		return $return;

lib/classes/idna/class.idna_convert_wrapper.php

@@ -67,6 +67,16 @@ class idna_convert_wrapper
 		}
 	}
 
+	public function encode_uri($to_encode)
+	{
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			return $this->_do_action('encode', $to_encode);
+		} else {
+			$to_encode = $this->is_utf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+			return $this->idna_converter->encodeUri($to_encode);
+		}
+	}
+
 	/**
 	 * Decode a domain name, a email address or a list of one of both.
 	 *

lib/classes/output/class.htmlform.php

@@ -122,6 +122,8 @@ class htmlform
 				return self::_checkbox($fieldname, $data); break;
 			case 'file':
 				return self::_file($fieldname, $data); break;
+			case 'int':
+				return self::_int($fieldname, $data); break;
 		}
 	}
 
@@ -313,4 +315,29 @@ class htmlform
 		return $return;
 	}
 
+	private static function _int($fieldname = '', $data = array())
+	{
+		$return = '';
+		$extras = '';
+		if(isset($data['int_min'])) {
+			$extras .= ' min="'.$data['int_min'].'"';
+		}
+		if(isset($data['int_max'])) {
+			$extras .= ' max="'.$data['int_max'].'"';
+		}
+
+		// add support to save reloaded forms
+		if (isset($data['value'])) {
+			$value = $data['value'];
+		} elseif (isset($_SESSION['requestData'][$fieldname])) {
+			$value = $_SESSION['requestData'][$fieldname];
+		} else {
+			$value = '';
+		}
+
+		$type = 'number';
+		$ulfield = '';
+		eval("\$return = \"" . getTemplate("misc/form/input_text", "1") . "\";");
+		return $return;
+	}
 }

lib/classes/output/class.paging.php

@@ -319,6 +319,8 @@ class paging {
 				$condition.= $searchfield . " ".$oper." " . Database::quote($searchtext);
 			} else {
 				$searchtext = str_replace('*', '%', $this->searchtext);
+				// append wildcards if user did not enter any
+				if (strpos($searchtext,'%') === false) $searchtext='%'.$searchtext.'%';
 				$condition.= $searchfield . " LIKE " . Database::quote($searchtext);
 			}
 			

lib/classes/phpinterface/class.phpinterface_fcgid.php

@@ -166,14 +166,13 @@ class phpinterface_fcgid {
 		);
 
 		//insert a small header for the file
-
 		$phpini_file = ";\n";
 		$phpini_file.= "; php.ini created/changed on " . date("Y.m.d H:i:s") . " for domain '" . $this->_domain['domain'] . "' with id #" . $this->_domain['id'] . " from php template '" . $phpconfig['description'] . "' with id #" . $phpconfig['id'] . "\n";
 		$phpini_file.= "; Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\n";
 		$phpini_file.= ";\n\n";
 		$phpini_file.= replace_variables($phpconfig['phpsettings'], $php_ini_variables);
 		$phpini_file = str_replace('"none"', 'none', $phpini_file);
-		$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
+		//$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
 		$phpini_file_handler = fopen($this->getIniFile(), 'w');
 		fwrite($phpini_file_handler, $phpini_file);
 		fclose($phpini_file_handler);

lib/classes/phpmailer/class.PHPMailer.php

@@ -31,7 +31,7 @@ class PHPMailer
      * The PHPMailer Version number.
      * @var string
      */
-    public $Version = '5.2.15';
+    public $Version = '5.2.16';
 
     /**
      * Email priority.
@@ -285,7 +285,7 @@ class PHPMailer
 
     /**
      * SMTP auth type.
-     * Options are LOGIN (default), PLAIN, NTLM, CRAM-MD5
+     * Options are CRAM-MD5, LOGIN, PLAIN, NTLM, XOAUTH2, attempted in that order if not specified
      * @var string
      */
     public $AuthType = '';
@@ -395,7 +395,7 @@ class PHPMailer
 
     /**
      * DKIM Identity.
-     * Usually the email address used as the source of the email
+     * Usually the email address used as the source of the email.
      * @var string
      */
     public $DKIM_identity = '';
@@ -681,7 +681,9 @@ class PHPMailer
         } else {
             $subject = $this->encodeHeader($this->secureHeader($subject));
         }
-        if (ini_get('safe_mode') || !($this->UseSendmailOptions)) {
+        //Can't use additional_parameters in safe_mode
+        //@link http://php.net/manual/en/function.mail.php
+        if (ini_get('safe_mode') or !$this->UseSendmailOptions) {
             $result = @mail($to, $subject, $body, $header);
         } else {
             $result = @mail($to, $subject, $body, $header, $params);
@@ -1425,9 +1427,9 @@ class PHPMailer
         }
         $to = implode(', ', $toArr);
 
-        if (empty($this->Sender)) {
-            $params = ' ';
-        } else {
+        $params = null;
+        //This sets the SMTP envelope sender which gets turned into a return-path header by the receiver
+        if (!empty($this->Sender)) {
             $params = sprintf('-f%s', $this->Sender);
         }
         if ($this->Sender != '' and !ini_get('safe_mode')) {
@@ -1435,7 +1437,7 @@ class PHPMailer
             ini_set('sendmail_from', $this->Sender);
         }
         $result = false;
-        if ($this->SingleTo && count($toArr) > 1) {
+        if ($this->SingleTo and count($toArr) > 1) {
             foreach ($toArr as $toAddr) {
                 $result = $this->mailPassthru($toAddr, $this->Subject, $body, $header, $params);
                 $this->doCallback($result, array($toAddr), $this->cc, $this->bcc, $this->Subject, $body, $this->From);
@@ -1541,12 +1543,17 @@ class PHPMailer
      * @throws phpmailerException
      * @return boolean
      */
-    public function smtpConnect($options = array())
+    public function smtpConnect($options = null)
     {
         if (is_null($this->smtp)) {
             $this->smtp = $this->getSMTPInstance();
         }
 
+        //If no options are provided, use whatever is set in the instance
+        if (is_null($options)) {
+            $options = $this->SMTPOptions;
+        }
+
         // Already connected?
         if ($this->smtp->connected()) {
             return true;
@@ -1616,7 +1623,7 @@ class PHPMailer
                         if (!$this->smtp->startTLS()) {
                             throw new phpmailerException($this->lang('connect_host'));
                         }
-                        // We must resend HELO after tls negotiation
+                        // We must resend EHLO after TLS negotiation
                         $this->smtp->hello($hello);
                     }
                     if ($this->SMTPAuth) {
@@ -2125,12 +2132,12 @@ class PHPMailer
         //Can we do a 7-bit downgrade?
         if ($bodyEncoding == '8bit' and !$this->has8bitChars($this->Body)) {
             $bodyEncoding = '7bit';
+            //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit
             $bodyCharSet = 'us-ascii';
         }
         //If lines are too long, and we're not already using an encoding that will shorten them,
-        //change to quoted-printable transfer encoding
+        //change to quoted-printable transfer encoding for the body part only
         if ('base64' != $this->Encoding and self::hasLineLongerThanMax($this->Body)) {
-            $this->Encoding = 'quoted-printable';
             $bodyEncoding = 'quoted-printable';
         }
 
@@ -2139,10 +2146,11 @@ class PHPMailer
         //Can we do a 7-bit downgrade?
         if ($altBodyEncoding == '8bit' and !$this->has8bitChars($this->AltBody)) {
             $altBodyEncoding = '7bit';
+            //All ISO 8859, Windows codepage and UTF-8 charsets are ascii compatible up to 7-bit
             $altBodyCharSet = 'us-ascii';
         }
         //If lines are too long, and we're not already using an encoding that will shorten them,
-        //change to quoted-printable transfer encoding
+        //change to quoted-printable transfer encoding for the alt body part only
         if ('base64' != $altBodyEncoding and self::hasLineLongerThanMax($this->AltBody)) {
             $altBodyEncoding = 'quoted-printable';
         }
@@ -2246,8 +2254,10 @@ class PHPMailer
                 $body .= $this->attachAll('attachment', $this->boundary[1]);
                 break;
             default:
-                // catch case 'plain' and case ''
-                $body .= $this->encodeString($this->Body, $bodyEncoding);
+                // Catch case 'plain' and case '', applies to simple `text/plain` and `text/html` body content types
+                //Reset the `Encoding` property in case we changed it for line length reasons
+                $this->Encoding = $bodyEncoding;
+                $body .= $this->encodeString($this->Body, $this->Encoding);
                 break;
         }
 
@@ -2353,8 +2363,7 @@ class PHPMailer
 
     /**
      * Set the message type.
-     * PHPMailer only supports some preset message types,
-     * not arbitrary MIME structures.
+     * PHPMailer only supports some preset message types, not arbitrary MIME structures.
      * @access protected
      * @return void
      */
@@ -2372,6 +2381,7 @@ class PHPMailer
         }
         $this->message_type = implode('_', $type);
         if ($this->message_type == '') {
+            //The 'plain' message_type refers to the message having a single body element, not that it is plain-text
             $this->message_type = 'plain';
         }
     }

lib/classes/phpmailer/class.SMTP.php

@@ -30,7 +30,7 @@ class SMTP
      * The PHPMailer SMTP version number.
      * @var string
      */
-    const VERSION = '5.2.15';
+    const VERSION = '5.2.16';
 
     /**
      * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
      * @deprecated Use the `VERSION` constant instead
      * @see SMTP::VERSION
      */
-    public $Version = '5.2.15';
+    public $Version = '5.2.16';
 
     /**
      * SMTP server port number.
@@ -400,7 +400,7 @@ class SMTP
             );
 
             if (empty($authtype)) {
-                foreach (array('LOGIN', 'CRAM-MD5', 'NTLM', 'PLAIN', 'XOAUTH2') as $method) {
+                foreach (array('CRAM-MD5', 'LOGIN', 'PLAIN', 'NTLM', 'XOAUTH2') as $method) {
                     if (in_array($method, $this->server_caps['AUTH'])) {
                         $authtype = $method;
                         break;

lib/classes/settings/class.Settings.php

@@ -124,6 +124,23 @@ class Settings {
 		return $result;
 	}
 
+	/**
+	 * tests if a setting-value that i s a comma separated list contains an entry
+	 *
+	 * @param string $setting a group and a varname separated by a dot (group.varname)
+	 * @param string $entry the entry that is expected to be in the list
+	 *
+	 * @return boolean true, if the list contains $entry
+	 */
+	public function pIsInList($setting = null, $entry = null) {
+		$s=Settings::Get($setting);
+		if ($s==null) {
+			return false;
+		}
+		$slist = explode(",",$s);
+		return in_array($entry, $slist);
+	}
+
 	/**
 	 * update a setting / set a new value
 	 *

lib/classes/ssl/class.lescript.php

@@ -29,7 +29,8 @@
 class lescript
 {
 
-	public $license = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf';
+	// https://letsencrypt.org/repository/
+	public $license;
 
 	private $logger;
 
@@ -37,9 +38,12 @@ class lescript
 
 	private $accountKey;
 
-	public function __construct($logger)
+	private $version;
+
+	public function __construct($logger, $version = '1')
 	{
 		$this->logger = $logger;
+		$this->version = $version;
 		if (Settings::Get('system.letsencryptca') == 'production') {
 			$ca = 'https://acme-v01.api.letsencrypt.org';
 		} else {
@@ -49,7 +53,7 @@ class lescript
 		$this->log("Using '$ca' to generate certificate");
 	}
 
-	public function initAccount($certrow)
+	public function initAccount($certrow, $isFroxlorVhost = false)
 	{
 		// Let's see if we have the private accountkey
 		$this->accountKey = $certrow['leprivatekey'];
@@ -62,24 +66,30 @@ class lescript
 			$keys = $this->generateKey();
 			// Only store the accountkey in production, in staging always generate a new key
 			if (Settings::Get('system.letsencryptca') == 'production') {
-				$upd_stmt = Database::prepare(
-					"UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " .
-						 "WHERE `customerid` = :customerid;");
-				Database::pexecute($upd_stmt,
-					array(
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " . "WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
 						'public' => $keys['public'],
 						'private' => $keys['private'],
 						'customerid' => $certrow['customerid']
 					));
+				}
 			}
 			$this->accountKey = $keys['private'];
 
 			$response = $this->postNewReg();
 			if ($this->client->getLastCode() != 201) {
-				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . $response);
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
 			}
+			$this->license = $this->client->getAgreementURL();
 
-			$this->postNewReg();
+			// Terms of Servce are optional according to ACME specs; if no ToS are presented, no need to update registration
+			if (!empty($this->license)) {
+				$this->postRegAgreement(parse_url($this->client->getLastLocation(), PHP_URL_PATH));
+			}
 			$this->log('New account certificate registered');
 		} else {
 
@@ -87,6 +97,16 @@ class lescript
 		}
 	}
 
+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
 	public function signDomains(array $domains, $domainkey = null, $csr = null)
 	{
 		if (! $this->accountKey) {
@@ -108,14 +128,13 @@ class lescript
 
 			$this->log("Requesting challenge for $domain");
 
-			$response = $this->signedRequest("/acme/new-authz",
-				array(
-					"resource" => "new-authz",
-					"identifier" => array(
-						"type" => "dns",
-						"value" => $domain
-					)
-				));
+			$response = $this->signedRequest("/acme/new-authz", array(
+				"resource" => "new-authz",
+				"identifier" => array(
+					"type" => "dns",
+					"value" => $domain
+				)
+			));
 
 			// if response is not an array but a string, it's most likely a server-error, e.g.
 			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
@@ -129,12 +148,13 @@ class lescript
 			}
 
 			// choose http-01 challenge only
-			$challenge = array_reduce($response['challenges'],
-				function ($v, $w) {
-					return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
-				});
-			if (! $challenge)
+			$challenge = array_reduce($response['challenges'], function ($v, $w) {
+				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
+			});
+
+			if (! $challenge) {
 				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}
 
 			$this->log("Got challenge token for $domain");
 			$location = $this->client->getLastLocation();
@@ -168,7 +188,9 @@ class lescript
 			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
 
 			// simple self check
-			if ($payload !== trim(@file_get_contents($uri))) {
+			$selfcheckContextOptions = array('http' => array('header' => "User Agent: Froxlor/".$this->version));
+			$selfcheckContext = stream_context_create($selfcheckContextOptions);
+			if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
 				$errmsg = json_encode(error_get_last());
 				if ($errmsg != "null") {
 					$errmsg = "; PHP error: " . $errmsg;
@@ -176,19 +198,18 @@ class lescript
 					$errmsg = "";
 				}
 				@unlink($tokenPath);
-				throw new \RuntimeException("Please check $uri - token not available" . $errmsg);
+				$this->logger->logAction(CRON_ACTION, LOG_ERR, "letsencrypt Please check $uri - token not available" . $errmsg);
 			}
 
 			$this->log("Sending request to challenge");
 
 			// send request to challenge
-			$result = $this->signedRequest($challenge['uri'],
-				array(
-					"resource" => "challenge",
-					"type" => "http-01",
-					"keyAuthorization" => $payload,
-					"token" => $challenge['token']
-				));
+			$result = $this->signedRequest($challenge['uri'], array(
+				"resource" => "challenge",
+				"type" => "http-01",
+				"keyAuthorization" => $payload,
+				"token" => $challenge['token']
+			));
 
 			// waiting loop
 			// we wait for a maximum of 30 seconds to avoid endless loops
@@ -227,7 +248,9 @@ class lescript
 
 		$this->client->getLastLinks();
 
-		$csr = $this->generateCSR($privateDomainKey, $domains);
+		if (empty($csr)) {
+			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}
 
 		// request certificates creation
 		$result = $this->signedRequest("/acme/new-cert", array(
@@ -302,6 +325,16 @@ class lescript
 		));
 	}
 
+	private function postRegAgreement($uri)
+	{
+		$this->log('Accepting agreement at URL: ' . $this->license);
+
+		return $this->signedRequest($uri, array(
+			'resource' => 'reg',
+			'agreement' => $this->license
+		));
+	}
+
 	private function generateCSR($privateKey, array $domains)
 	{
 		$domain = reset($domains);
@@ -313,8 +346,7 @@ class lescript
 		$tmpConfPath = $tmpConfMeta["uri"];
 
 		// workaround to get SAN working
-		fwrite($tmpConf,
-			'HOME = .
+		fwrite($tmpConf, 'HOME = .
 RANDFILE = $ENV::HOME/.rnd
 [ req ]
 default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
@@ -328,16 +360,15 @@ basicConstraints = CA:FALSE
 subjectAltName = ' . $san . '
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
 
-		$csr = openssl_csr_new(
-			array(
-				"CN" => $domain,
-				"ST" => Settings::Get('system.letsencryptstate'),
-				"C" => Settings::Get('system.letsencryptcountrycode'),
-				"O" => "Unknown"
-			), $privateKey, array(
-				"config" => $tmpConfPath,
-				"digest_alg" => "sha256"
-			));
+		$csr = openssl_csr_new(array(
+			"CN" => $domain,
+			"ST" => Settings::Get('system.letsencryptstate'),
+			"C" => Settings::Get('system.letsencryptcountrycode'),
+			"O" => "Unknown"
+		), $privateKey, array(
+			"config" => $tmpConfPath,
+			"digest_alg" => "sha256"
+		));
 
 		if (! $csr)
 			throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
@@ -352,11 +383,10 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
 
 	private function generateKey()
 	{
-		$res = openssl_pkey_new(
-			array(
-				"private_key_type" => OPENSSL_KEYTYPE_RSA,
-				"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
-			));
+		$res = openssl_pkey_new(array(
+			"private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
+		));
 
 		if (! openssl_pkey_export($res, $privateKey)) {
 			throw new \RuntimeException("Key export failed!");
@@ -506,6 +536,13 @@ class Client
 		preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
 		return $matches[1];
 	}
+
+	public function getAgreementURL()
+	{
+		preg_match_all('~Link: <(.+)>;rel="terms-of-service"~', $this->lastHeader, $matches);
+		return $matches[1][0];
+	}
+
 }
 
 class Base64UrlSafeEncoder

lib/classes/webserver/class.DomainSSL.php

@@ -46,7 +46,7 @@ class DomainSSL {
 				|| $dom_certs['ssl_cert_file'] == ''
 		) {
 			// maybe its parent?
-			if ($domain['parentdomainid'] != 0) {
+			if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
 				$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
 			}
 		}

lib/configfiles/gentoo.xml

@@ -64,7 +64,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -96,7 +96,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -267,7 +267,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -3875,7 +3875,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/configfiles/jessie.xml

@@ -68,7 +68,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -287,7 +287,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -4696,7 +4696,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/configfiles/precise.xml

@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -246,7 +246,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -1695,7 +1695,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/configfiles/rhel_centos.xml

@@ -46,7 +46,7 @@
 				<daemon name="apache" version="2.4" title="Apache 2.4"
 					default="true">
 					<include>//service[@type='http']/general/commands</include>
-					<file name="/etc/httpd/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[

lib/configfiles/trusty.xml

@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -279,7 +279,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -1703,7 +1703,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/configfiles/wheezy.xml

@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -319,7 +319,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -5504,7 +5504,7 @@ aliases:     files
 					<commands index="3">
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<visibility mode="usernotexists">{{settings.phpfpm.vhost_httpuser}}
+						<visibility mode="usernamenotexists">{{settings.phpfpm.vhost_httpuser}}
 						</visibility>
 						<command><![CDATA[groupadd -f {{settings.phpfpm.vhost_httpgroup}}]]></command>
 						<command><![CDATA[useradd -s /bin/false -g {{settings.phpfpm.vhost_httpgroup}} {{settings.phpfpm.vhost_httpuser}}]]></command>

lib/formfields/admin/domains/formfield.domains_add.php

@@ -101,40 +101,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => '',
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -161,6 +127,76 @@ return array(
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => '',
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+				),
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_add.png',

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -113,40 +113,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => $usedips,
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['ssl_redirect'])
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['letsencrypt'])
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -184,6 +150,76 @@ return array(
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => $usedips,
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['ssl_redirect'])
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['letsencrypt'])
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_sub'])
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_preload'])
+					),
+				)
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_edit.png',

lib/formfields/admin/ipsandports/formfield.ipsandports_add.php

@@ -49,7 +49,7 @@ return array(
 						'value' => array('1')
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(

lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php

@@ -51,7 +51,7 @@ return array(
 						'value' => array($result['listen_statement'])
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(

lib/formfields/customer/domains/formfield.domains_add.php

@@ -54,7 +54,7 @@ return array(
 						'type' => 'text'
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -66,33 +66,69 @@ return array(
 						'type' => 'label',
 						'value' => $lng['customer']['selectserveralias_addinfo']
 					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array()
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['customer']['letsencrypt']['title'],
-						'desc' => $lng['customer']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
-						'value' => array()
-					),
 					'openbasedir_path' => array(
 						'label' => $lng['domain']['openbasedirpath'],
 						'type' => 'select',
 						'select_var' => $openbasedir
 					)
 				)
-			)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['customer']['letsencrypt']['title'],
+						'desc' => $lng['customer']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+				),
+			),
 		)
 	)
 );

lib/formfields/customer/domains/formfield.domains_edit.php

@@ -54,7 +54,7 @@ return array(
 						'value' => $urlvalue
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -76,14 +76,27 @@ return array(
 									),
 						'value' => array($result['isemaildomain'])
 					),
+					'openbasedir_path' => array(
+						'visible' => ($result['openbasedir'] == '1') ? true : false,
+						'label' => $lng['domain']['openbasedirpath'],
+						'type' => 'select',
+						'select_var' => $openbasedir
+					)
+				)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
 					'ssl_redirect' => array(
 						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
 						'label' => $lng['domains']['ssl_redirect']['title'],
 						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
 						'value' => array($result['ssl_redirect'])
 					),
 					'letsencrypt' => array(
@@ -92,18 +105,41 @@ return array(
 						'desc' => $lng['customer']['letsencrypt']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
-									),
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
 						'value' => array($result['letsencrypt'])
 					),
-					'openbasedir_path' => array(
-						'visible' => ($result['openbasedir'] == '1') ? true : false,
-						'label' => $lng['domain']['openbasedirpath'],
-						'type' => 'select',
-						'select_var' => $openbasedir
-					)
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_incsub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_sub'])
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_preload'])
+					),
 				)
-			)
+			),
 		)
 	)
 );

lib/formfields/customer/ftp/formfield.ftp_add.php

@@ -64,6 +64,12 @@ return array(
 									),
 						'value' => array()
 					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
+					)
 				)
 			)
 		)

lib/formfields/customer/ftp/formfield.ftp_edit.php

@@ -51,6 +51,12 @@ return array(
 						'type' => 'text',
 						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
+					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
 					)
 				)
 			)

lib/functions/dns/function.createDomainZone.php

@@ -55,8 +55,8 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 	if ($domain['isemaildomain'] === '1') {
 		addRequiredEntry('@', 'MX', $required_entries);
 		if (Settings::Get('system.dns_createmailentry')) {
-			foreach(['imap', 'pop3', 'mail', 'smtp'] as $record) {
-				foreach(['AAAA', 'A'] as $type) {
+			foreach(array('imap', 'pop3', 'mail', 'smtp') as $record) {
+				foreach(array('AAAA', 'A') as $type) {
 					addRequiredEntry($record, $type, $required_entries);
 				}
 			}
@@ -205,6 +205,7 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			if (Settings::Get('system.mxservers') != '') {
 				$mxservers = explode(',', Settings::Get('system.mxservers'));
 				foreach ($mxservers as $mxserver) {
+					$mxserver = trim($mxserver);
 					if (substr($mxserver, - 1, 1) != '.') {
 						$mxserver .= '.';
 					}
@@ -274,13 +275,11 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			Database::pexecute($upd_stmt, array('serial' => $domain['bindserial'], 'id' => $domain['id']));
 		}
 
-		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " (" . PHP_EOL;
-		$soa_content .= $domain['bindserial'] . "\t; serial" . PHP_EOL;
+		// PowerDNS does not like multi-line-format
+		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " ";
+		$soa_content .= $domain['bindserial'] . " ";
 		// TODO for now, dummy time-periods
-		$soa_content .= "1800\t; refresh (30 mins)" . PHP_EOL;
-		$soa_content .= "900\t; retry (15 mins)" . PHP_EOL;
-		$soa_content .= "604800\t; expire (7 days)" . PHP_EOL;
-		$soa_content .= "1200\t)\t; minimum (20 mins)";
+		$soa_content .= "1800 900 604800 1200";
 
 		$soa_record = new DnsEntry('@', 'SOA', $soa_content);
 		array_unshift($zonerecords, $soa_record);

lib/functions/filedir/function.findDirs.php

@@ -17,27 +17,57 @@
  *
  */
 
+
 /**
  * Returns an array of found directories
  *
  * This function checks every found directory if they match either $uid or $gid, if they do
  * the found directory is valid. It uses recursive-iterators to find subdirectories.
  *
- * @param  string $path the path to start searching in
- * @param  int $uid the uid which must match the found directories
- * @param  int $gid the gid which must match the found direcotries
+ * @param string $path
+ *        	the path to start searching in
+ * @param int $uid
+ *        	the uid which must match the found directories
+ * @param int $gid
+ *        	the gid which must match the found direcotries
  *
  * @return array Array of found valid paths
  */
-function findDirs($path, $uid, $gid) {
-
-	$_fileList = array ();
+function findDirs($path, $uid, $gid)
+{
+	$_fileList = array();
 	$path = makeCorrectDir($path);
 
 	// valid directory?
 	if (is_dir($path)) {
+
+		// Will exclude everything under these directories
+		$exclude = array(
+			'awstats',
+			'webalizer'
+		);
+
+		/**
+		 *
+		 * @param SplFileInfo $file
+		 * @param mixed $key
+		 * @param RecursiveCallbackFilterIterator $iterator
+		 * @return bool True if you need to recurse or if the item is acceptable
+		 */
+		$filter = function ($file, $key, $iterator) use ($exclude) {
+			if (in_array($file->getFilename(), $exclude)) {
+				return false;
+			}
+			return true;
+		};
+
 		// create RecursiveIteratorIterator
-		$its = new RecursiveIteratorIterator(new IgnorantRecursiveDirectoryIterator($path));
+		$its = new RecursiveIteratorIterator(
+			new RecursiveCallbackFilterIterator(
+				new IgnorantRecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
+				$filter
+			)
+		);
 		// we can limit the recursion-depth, but will it be helpful or
 		// will people start asking "why do I only see 2 subdirectories, i want to use /a/b/c"
 		// let's keep this in mind and see whether it will be useful
@@ -50,24 +80,27 @@ function findDirs($path, $uid, $gid) {
 				$_fileList[] = makeCorrectDir(dirname($fullFileName));
 			}
 		}
+		$_fileList[] = $path;
 	}
 
 	return array_unique($_fileList);
-
 }
 
 /**
-* If you use RecursiveDirectoryIterator with RecursiveIteratorIterator and run
-* into UnexpectedValueException you may use this little hack to ignore those
-* directories, such as lost+found on linux.
-* (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
-**/
-class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator {
-    function getChildren() {
-        try {
-            return new IgnorantRecursiveDirectoryIterator($this->getPathname());
-        } catch(UnexpectedValueException $e) {
-            return new RecursiveArrayIterator(array());
-        }
-    }
+ * If you use RecursiveDirectoryIterator with RecursiveIteratorIterator and run
+ * into UnexpectedValueException you may use this little hack to ignore those
+ * directories, such as lost+found on linux.
+ * (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
+ */
+class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator
+{
+
+	function getChildren()
+	{
+		try {
+			return new IgnorantRecursiveDirectoryIterator($this->getPathname());
+		} catch (UnexpectedValueException $e) {
+			return new RecursiveArrayIterator(array());
+		}
+	}
 }

lib/functions/filedir/function.makeCorrectDir.php

@@ -26,7 +26,7 @@
  */
 function makeCorrectDir($dir) {
 
-	assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
+	assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
 
 	$dir = trim($dir);
 

lib/functions/filedir/function.makePathfield.php

@@ -64,7 +64,12 @@ function makePathfield($path, $uid, $gid, $value = '', $dom = false) {
 				$_field = '';
 				foreach ($dirList as $key => $dir) {
 					if (strpos($dir, $path) === 0) {
-						$dir = makeCorrectDir(substr($dir, strlen($path)));
+						$dir = substr($dir, strlen($path));
+						// docroot cut off of current directory == empty -> directory is the docroot
+						if (empty($dir)) {
+							$dir = '/';
+						}
+						$dir = makeCorrectDir($dir);
 					}
 					$_field.= makeoption($dir, $dir, $value);
 				}

lib/functions/formfields/bool/function.getFormFieldOutputBool.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputBool($fieldname, $fielddata)
+function getFormFieldOutputBool($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$boolswitch = makeYesNo($fieldname, '1', '0', $fielddata['value']);

lib/functions/formfields/date/function.getFormFieldOutputDate.php

@@ -17,12 +17,12 @@
  *
  */
 
-function getFormFieldOutputDate($fieldname, $fielddata)
+function getFormFieldOutputDate($fieldname, $fielddata, $do_show = true)
 {
 	if(isset($fielddata['date_timestamp']) && $fielddata['date_timestamp'] === true)
 	{
 		$fielddata['value'] = date('Y-m-d', $fielddata['value']);
 	}
 
-	return getFormFieldOutputString($fieldname, $fielddata);
+	return getFormFieldOutputString($fieldname, $fielddata, $do_show);
 }

lib/functions/formfields/file/function.getFormFieldOutputFile.php

@@ -15,7 +15,7 @@
  *
  */
 
-function getFormFieldOutputFile($fieldname, $fielddata)
+function getFormFieldOutputFile($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);

lib/functions/formfields/function.buildFormEx.php

@@ -49,7 +49,7 @@ function buildFormEx($form, $part = '') {
 					$do_show = $groupdetails['visible'];
 				}
 
-				if ($do_show) {
+				//if ($do_show) {
 					if (isset($groupdetails['title']) && $groupdetails['title'] != '') {
 						$fields .= getFormGroupOutput($groupname, $groupdetails);
 					}
@@ -66,7 +66,7 @@ function buildFormEx($form, $part = '') {
 							$fields .= getFormFieldOutput($fieldname, $fielddetails);
 						}
 					}
-				}
+				//}
 			}
 		}
 	}

lib/functions/formfields/function.getFormFieldData.php

@@ -21,7 +21,8 @@ function getFormFieldData($fieldname, $fielddata, &$input)
 {
 	if(is_array($fielddata) && isset($fielddata['type']) && $fielddata['type'] != '' && function_exists('getFormFieldData' . ucfirst($fielddata['type'])))
 	{
-		$newfieldvalue = call_user_func('getFormFieldData' . ucfirst($fielddata['type']), $fieldname, $fielddata, $input);
+		$gfdFunc = 'getFormFieldData' . ucfirst($fielddata['type']);
+		$newfieldvalue = $gfdFunc($fieldname, $fielddata, $input);
 	}
 	else
 	{
@@ -38,6 +39,6 @@ function getFormFieldData($fieldname, $fielddata, &$input)
 			$newfieldvalue = false;
 		}
 	}
-	
+
 	return trim($newfieldvalue);
 }

lib/functions/formfields/function.getFormFieldOutput.php

@@ -19,6 +19,8 @@
 
 function getFormFieldOutput($fieldname, $fielddata) {
 
+	global $lng;
+
 	$returnvalue = '';
 	if (is_array($fielddata)
 		&& isset($fielddata['type'])
@@ -51,6 +53,7 @@ function getFormFieldOutput($fieldname, $fielddata) {
 			$websrv = Settings::Get('system.webserver');
 			if (!in_array($websrv, $fielddata['websrv_avail'])) {
 				$do_show = false;
+				$fielddata['label'].= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $fielddata['websrv_avail']));
 			}
 		}
 
@@ -59,11 +62,14 @@ function getFormFieldOutput($fieldname, $fielddata) {
 		// be false due to websrv_avail
 		if (isset($fielddata['visible']) && $do_show) {
 			$do_show = $fielddata['visible'];
+			if (!$do_show) {
+				$fielddata['label'].= $lng['serversettings']['option_unavailable'];
+			}
 		}
 
-		if ($do_show) {
-			$returnvalue = call_user_func('getFormFieldOutput' . ucfirst($fielddata['type']), $fieldname, $fielddata);
-		}
+		//if ($do_show) {
+			$returnvalue = call_user_func('getFormFieldOutput' . ucfirst($fielddata['type']), $fieldname, $fielddata, $do_show);
+		//}
 	}
 	return $returnvalue;
 }

lib/functions/formfields/function.getFormGroupOutput.php

@@ -81,11 +81,13 @@ function getFormOverviewGroupOutput($groupname, $groupdetails) {
 		$websrv = Settings::Get('system.webserver');
 		if (!in_array($websrv, $groupdetails['websrv_avail'])) {
 			$do_show = false;
+			$title .= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $groupdetails['websrv_avail']));
+			// hack disabled flag into select-box
+			$option = str_replace('<select class', '<select disabled="disabled" class', $option);
 		}
 	}
 
-	if ($do_show) {
-		eval("\$group = \"" . getTemplate("settings/settings_overviewgroup") . "\";");
-	}
+	eval("\$group = \"" . getTemplate("settings/settings_overviewgroup") . "\";");
+
 	return $group;
 }

lib/functions/formfields/hiddenstring/function.getFormFieldOutputString.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputHiddenString($fieldname, $fielddata)
+function getFormFieldOutputHiddenString($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);

lib/functions/formfields/int/function.getFormFieldOutputInt.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputInt($fieldname, $fielddata)
+function getFormFieldOutputInt($fieldname, $fielddata, $do_show = true)
 {
-	return getFormFieldOutputString($fieldname, $fielddata);
+	return getFormFieldOutputString($fieldname, $fielddata, $do_show);
 }

lib/functions/formfields/option/function.getFormFieldOutputOption.php

@@ -17,10 +17,10 @@
  *
  */
 
-function getFormFieldOutputOption($fieldname, $fielddata)
+function getFormFieldOutputOption($fieldname, $fielddata, $do_show = true)
 {
 	$returnvalue = '';
-	
+
 	if(isset($fielddata['option_options']) && is_array($fielddata['option_options']) && !empty($fielddata['option_options']))
 	{
 		if(isset($fielddata['option_mode']) && $fielddata['option_mode'] == 'multiple')

lib/functions/formfields/option/function.validateFormFieldOption.php

@@ -20,7 +20,7 @@
 function validateFormFieldOption($fieldname, $fielddata, $newfieldvalue)
 {
 	$returnvalue = true;
-	
+
 	if(isset($fielddata['option_mode']) && $fielddata['option_mode'] == 'multiple')
 	{
 		$options = explode(',', $newfieldvalue);
@@ -33,13 +33,16 @@ function validateFormFieldOption($fieldname, $fielddata, $newfieldvalue)
 	{
 		$returnvalue = isset($fielddata['option_options'][$newfieldvalue]);
 	}
-	
+
 	if($returnvalue === true)
 	{
 		return true;
 	}
 	else
 	{
+		if (isset($fielddata['option_emptyallowed']) && $fielddata['option_emptyallowed']) {
+			return true;
+		}
 		return 'not in option';
 	}
 }

lib/functions/formfields/string/function.getFormFieldOutputString.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputString($fieldname, $fielddata)
+function getFormFieldOutputString($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);

lib/functions/formfields/text/function.getFormFieldOutputText.php

@@ -17,7 +17,7 @@
  *
  */
 
-function getFormFieldOutputText($fieldname, $fielddata)
+function getFormFieldOutputText($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);

lib/functions/froxlor/function.CorrectErrorDocument.php

@@ -32,7 +32,7 @@ function correctErrorDocument($errdoc = null) {
 		// not a URL
 		if ((strtoupper(substr($errdoc, 0, 5)) != 'HTTP:'
 				&& strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:')
-				|| !validateUrl($idna_convert->encode($errdoc))
+				|| !validateUrl($errdoc)
 		) {
 			// a file
 			if (substr($errdoc, 0, 1) != '"') {

lib/functions/output/function.dieWithMail.php

@@ -34,6 +34,18 @@ function dieWithMail($message, $subject = "[froxlor] Cronjob error") {
 		$_mail = new PHPMailer(true);
 		$_mail->CharSet = "UTF-8";
 
+		if (Settings::Get('system.mail_use_smtp')) {
+			$_mail->isSMTP();
+			$_mail->Host = Settings::Get('system.mail_smtp_host');
+			$_mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+			$_mail->Username = Settings::Get('system.mail_smtp_user');
+			$_mail->Password = Settings::Get('system.mail_smtp_passwd');
+			if (Settings::Get('system.mail_smtp_usetls')) {
+				$_mail->SMTPSecure = 'tls';
+			}
+			$_mail->Port = Settings::Get('system.mail_smtp_port');
+		}
+
 		if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
 			// set return-to address and custom sender-name, see #76
 			$_mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));

lib/functions/settings/function.storeSettingClearCertificates.php

@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+* Copyright (c) 2003-2009 the SysCP Team (see authors).
+* Copyright (c) 2010 the Froxlor Team (see authors).
+*
+* For the full copyright and license information, please view the COPYING
+* file that was distributed with this source code. You can also view the
+* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+*
+* @copyright  (c) the authors
+* @author     Froxlor team <team@froxlor.org> (2010-)
+* @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+* @package    Functions
+*
+*/
+
+function storeSettingClearCertificates($fieldname, $fielddata, $newfieldvalue) {
+
+	$returnvalue = storeSettingField($fieldname, $fielddata, $newfieldvalue);
+
+	if ($returnvalue !== false
+		&& is_array($fielddata)
+		&& isset($fielddata['settinggroup'])
+		&& $fielddata['settinggroup'] == 'system'
+		&& isset($fielddata['varname'])
+		&& $fielddata['varname'] == 'le_froxlor_enabled'
+		&& $newfieldvalue == '0'
+		) {
+			Database::query("
+				DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
+			");
+		}
+
+		return $returnvalue;
+}

lib/init.php

@@ -39,11 +39,6 @@ header("X-XSS-Protection: 1; mode=block");
 // Don't allow to load Froxlor in an iframe to prevent i.e. clickjacking
 header("X-Frame-Options: DENY");
 
-// If Froxlor was called via HTTPS -> enforce it for the next time
-if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
-	header("Strict-Transport-Security: max-age=15768000");
-}
-
 // Internet Explorer shall not guess the Content-Type, see:
 // http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
 header("X-Content-Type-Options: nosniff");
@@ -127,6 +122,24 @@ require FROXLOR_INSTALL_DIR.'/lib/tables.inc.php';
  */
 $idna_convert = new idna_convert_wrapper();
 
+/**
+ * If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
+ */
+if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
+	$maxage = Settings::Get('system.hsts_maxage');
+	if (empty($maxage)) {
+		$maxage = 0;
+	}
+	$hsts_header = "Strict-Transport-Security: max-age=".$maxage;
+	if (Settings::Get('system.hsts_incsub') == '1') {
+		$hsts_header .= "; includeSubDomains";
+	}
+	if (Settings::Get('system.hsts_preload') == '1') {
+		$hsts_header .= "; preload";
+	}
+	header($hsts_header);
+}
+
 /**
  * disable magic_quotes_runtime if enabled
  */
@@ -142,7 +155,7 @@ if (version_compare(PHP_VERSION, "5.4.0", "<")) {
 	 */
 	if (get_magic_quotes_gpc()) {
 		$in = array(&$_GET, &$_POST, &$_COOKIE);
-	
+
 		while (list($k, $v) = each($in)) {
 			foreach ($v as $key => $val) {
 				if (!is_array($val)) {
@@ -265,7 +278,7 @@ while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 	// versions didn't have that and it will
 	// lead to a lot of undfined variables
 	// before the admin can even update
-	if (isset($row['iso'])) { 
+	if (isset($row['iso'])) {
 		$iso[$row['iso']] = $row['language'];
 	}
 }
@@ -542,6 +555,18 @@ if ($page == '') {
 $mail = new PHPMailer(true);
 $mail->CharSet = "UTF-8";
 
+if (Settings::Get('system.mail_use_smtp')) {
+	$mail->isSMTP();
+	$mail->Host = Settings::Get('system.mail_smtp_host');
+	$mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+	$mail->Username = Settings::Get('system.mail_smtp_user');
+	$mail->Password = Settings::Get('system.mail_smtp_passwd');
+	if (Settings::Get('system.mail_smtp_usetls')) {
+		$mail->SMTPSecure = 'tls';
+	}
+	$mail->Port = Settings::Get('system.mail_smtp_port');
+}
+
 if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
 	// set return-to address and custom sender-name, see #76
 	$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));

lib/navigation/00.froxlor.main.php

@@ -16,295 +16,305 @@
  * @package    Navigation
  *
  */
-
-return array (
-	'customer' => array (
-		'index' => array (
+return array(
+	'customer' => array(
+		'index' => array(
 			'url' => 'customer_index.php',
 			'label' => $lng['admin']['overview'],
-			'elements' => array (
-				array (
-					'label' => $lng['menue']['main']['username'],
+			'elements' => array(
+				array(
+					'label' => $lng['menue']['main']['username']
 				),
-				array (
+				array(
 					'url' => 'customer_index.php?page=change_password',
-					'label' => $lng['menue']['main']['changepassword'],
+					'label' => $lng['menue']['main']['changepassword']
 				),
-				array (
+				array(
 					'url' => 'customer_index.php?page=change_language',
-					'label' => $lng['menue']['main']['changelanguage'],
+					'label' => $lng['menue']['main']['changelanguage']
 				),
-				array (
+				array(
 					'url' => 'customer_index.php?page=change_theme',
 					'label' => $lng['menue']['main']['changetheme'],
 					'show_element' => (Settings::Get('panel.allow_theme_change_customer') == true)
 				),
-				array (
+				array(
 					'url' => 'customer_index.php?action=logout',
-					'label' => $lng['login']['logout'],
-				),
-			),
+					'label' => $lng['login']['logout']
+				)
+			)
 		),
-		'email' => array (
+		'email' => array(
 			'url' => 'customer_email.php',
 			'label' => $lng['menue']['email']['email'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'email')),
+			'elements' => array(
+				array(
 					'url' => 'customer_email.php?page=emails',
 					'label' => $lng['menue']['email']['emails'],
-					'required_resources' => 'emails',
+					'required_resources' => 'emails'
 				),
-				array (
+				array(
 					'url' => 'customer_email.php?page=emails&action=add',
 					'label' => $lng['emails']['emails_add'],
 					'required_resources' => 'emails'
 				),
-				array (
+				array(
 					'url' => Settings::Get('panel.webmail_url'),
 					'new_window' => true,
 					'label' => $lng['menue']['email']['webmail'],
 					'required_resources' => 'emails_used',
-					'show_element' => ( Settings::Get('panel.webmail_url') != '' ),
-				),
-			),
+					'show_element' => (Settings::Get('panel.webmail_url') != '')
+				)
+			)
 		),
-		'mysql' => array (
+		'mysql' => array(
 			'url' => 'customer_mysql.php',
 			'label' => $lng['menue']['mysql']['mysql'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'mysql')),
+			'elements' => array(
+				array(
 					'url' => 'customer_mysql.php?page=mysqls',
 					'label' => $lng['menue']['mysql']['databases'],
-					'required_resources' => 'mysqls',
+					'required_resources' => 'mysqls'
 				),
-				array (
+				array(
 					'url' => Settings::Get('panel.phpmyadmin_url'),
 					'new_window' => true,
 					'label' => $lng['menue']['mysql']['phpmyadmin'],
 					'required_resources' => 'mysqls_used',
-					'show_element' => ( Settings::Get('panel.phpmyadmin_url') != '' ),
-				),
-			),
+					'show_element' => (Settings::Get('panel.phpmyadmin_url') != '')
+				)
+			)
 		),
-		'domains' => array (
+		'domains' => array(
 			'url' => 'customer_domains.php',
 			'label' => $lng['menue']['domains']['domains'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'domains')),
+			'elements' => array(
+				array(
 					'url' => 'customer_domains.php?page=domains',
-					'label' => $lng['menue']['domains']['settings'],
+					'label' => $lng['menue']['domains']['settings']
 				),
-			),
+				array(
+					'url' => 'customer_domains.php?page=sslcertificates',
+					'label' => $lng['domains']['ssl_certificates']
+				)
+			)
 		),
-		'ftp' => array (
+		'ftp' => array(
 			'url' => 'customer_ftp.php',
 			'label' => $lng['menue']['ftp']['ftp'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'ftp')),
+			'elements' => array(
+				array(
 					'url' => 'customer_ftp.php?page=accounts',
-					'label' => $lng['menue']['ftp']['accounts'],
+					'label' => $lng['menue']['ftp']['accounts']
 				),
-				array (
+				array(
 					'url' => Settings::Get('panel.webftp_url'),
 					'new_window' => true,
 					'label' => $lng['menue']['ftp']['webftp'],
-					'show_element' => ( Settings::Get('panel.webftp_url') != '' ),
-				),
-			),
+					'show_element' => (Settings::Get('panel.webftp_url') != '')
+				)
+			)
 		),
-		'extras' => array (
+		'extras' => array(
 			'url' => 'customer_extras.php',
 			'label' => $lng['menue']['extras']['extras'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'extras')),
+			'elements' => array(
+				array(
 					'url' => 'customer_extras.php?page=htpasswds',
 					'label' => $lng['menue']['extras']['directoryprotection'],
+					'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'extras.directoryprotection'))
 				),
-				array (
+				array(
 					'url' => 'customer_extras.php?page=htaccess',
 					'label' => $lng['menue']['extras']['pathoptions'],
+					'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'extras.pathoptions'))
 				),
-				array (
+				array(
 					'url' => 'customer_logger.php?page=log',
 					'label' => $lng['menue']['logger']['logger'],
-					'show_element' => ( Settings::Get('logger.enabled') == true )
+					'show_element' => (Settings::Get('logger.enabled') == true) && (! Settings::IsInList('panel.customer_hide_options', 'extras.logger'))
 				),
-				array (
+				array(
 					'url' => 'customer_extras.php?page=backup',
 					'label' => $lng['menue']['extras']['backup'],
-					'show_element' => ( Settings::Get('system.backupenabled') == true ),
-				),
-			),
+					'show_element' => (Settings::Get('system.backupenabled') == true) && (! Settings::IsInList('panel.customer_hide_options', 'extras.backup'))
+				)
+			)
 		),
-		'traffic' => array (
+		'traffic' => array(
 			'url' => 'customer_traffic.php',
 			'label' => $lng['menue']['traffic']['traffic'],
-			'elements' => array (
-				array (
+			'show_element' => (! Settings::IsInList('panel.customer_hide_options', 'traffic')),
+			'elements' => array(
+				array(
 					'url' => 'customer_traffic.php?page=current',
-					'label' => $lng['menue']['traffic']['current'],
-				),
-			),
-		),
+					'label' => $lng['menue']['traffic']['current']
+				)
+			)
+		)
 	),
-	'admin' => array (
-		'index' => array (
+	'admin' => array(
+		'index' => array(
 			'url' => 'admin_index.php',
 			'label' => $lng['admin']['overview'],
-			'elements' => array (
-				array (
-					'label' => $lng['menue']['main']['username'],
+			'elements' => array(
+				array(
+					'label' => $lng['menue']['main']['username']
 				),
-				array (
+				array(
 					'url' => 'admin_index.php?page=change_password',
-					'label' => $lng['menue']['main']['changepassword'],
+					'label' => $lng['menue']['main']['changepassword']
 				),
-				array (
+				array(
 					'url' => 'admin_index.php?page=change_language',
-					'label' => $lng['menue']['main']['changelanguage'],
+					'label' => $lng['menue']['main']['changelanguage']
 				),
-				array (
+				array(
 					'url' => 'admin_index.php?page=change_theme',
 					'label' => $lng['menue']['main']['changetheme'],
 					'show_element' => (Settings::Get('panel.allow_theme_change_admin') == true)
 				),
-				array (
+				array(
 					'url' => 'admin_index.php?action=logout',
-					'label' => $lng['login']['logout'],
-				),
-			),
+					'label' => $lng['login']['logout']
+				)
+			)
 		),
-		'resources' => array (
+		'resources' => array(
 			'label' => $lng['admin']['resources'],
 			'required_resources' => 'customers',
-			'elements' => array (
-				array (
+			'elements' => array(
+				array(
 					'url' => 'admin_customers.php?page=customers',
 					'label' => $lng['admin']['customers'],
-					'required_resources' => 'customers',
+					'required_resources' => 'customers'
 				),
-				array (
+				array(
 					'url' => 'admin_admins.php?page=admins',
 					'label' => $lng['admin']['admins'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
-			    array (
-			        'url' => 'admin_domains.php?page=domains',
-			        'label' => $lng['admin']['domains'],
-			        'required_resources' => 'domains',
-			    ),
-			    array (
-			        'url' => 'admin_ipsandports.php?page=ipsandports',
-			        'label' => $lng['admin']['ipsandports']['ipsandports'],
-			        'required_resources' => 'change_serversettings',
-			    ),
-			    array (
-			        'url' => 'admin_settings.php?page=updatecounters',
-			        'label' => $lng['admin']['updatecounters'],
-			        'required_resources' => 'change_serversettings',
-			    ),
-			),
+				array(
+					'url' => 'admin_domains.php?page=domains',
+					'label' => $lng['admin']['domains'],
+					'required_resources' => 'domains'
+				),
+				array(
+					'url' => 'admin_domains.php?page=sslcertificates',
+					'label' => $lng['domains']['ssl_certificates'],
+					'required_resources' => 'domains'
+				),
+				array(
+					'url' => 'admin_ipsandports.php?page=ipsandports',
+					'label' => $lng['admin']['ipsandports']['ipsandports'],
+					'required_resources' => 'change_serversettings'
+				),
+				array(
+					'url' => 'admin_settings.php?page=updatecounters',
+					'label' => $lng['admin']['updatecounters'],
+					'required_resources' => 'change_serversettings'
+				)
+			)
 		),
-		'traffic' => array (
+		'traffic' => array(
 			'label' => $lng['admin']['traffic'],
 			'required_resources' => 'customers',
-			'elements' => array (
-				array (
+			'elements' => array(
+				array(
 					'url' => 'admin_traffic.php?page=customers',
 					'label' => $lng['admin']['customertraffic'],
-					'required_resources' => 'customers',
-				),
-			),
+					'required_resources' => 'customers'
+				)
+			)
 		),
-		'server' => array (
+		'server' => array(
 			'label' => $lng['admin']['server'],
 			'required_resources' => 'change_serversettings',
-			'elements' => array (
-				array (
+			'elements' => array(
+				array(
 					'url' => 'admin_configfiles.php?page=configfiles',
 					'label' => $lng['admin']['configfiles']['serverconfiguration'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
-				array (
+				array(
 					'url' => 'admin_settings.php?page=overview',
 					'label' => $lng['admin']['serversettings'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
-				array (
+				array(
 					'url' => 'admin_cronjobs.php?page=overview',
 					'label' => $lng['admin']['cron']['cronsettings'],
-					'required_resources' => 'change_serversettings',
+					'required_resources' => 'change_serversettings'
 				),
-			    array (
-			        'url' => 'admin_logger.php?page=log',
-			        'label' => $lng['menue']['logger']['logger'],
-			        'required_resources' => 'change_serversettings',
-			        'show_element' => ( Settings::Get('logger.enabled') == true ),
-			    ),
-				array (
+				array(
+					'url' => 'admin_logger.php?page=log',
+					'label' => $lng['menue']['logger']['logger'],
+					'required_resources' => 'change_serversettings',
+					'show_element' => (Settings::Get('logger.enabled') == true)
+				),
+				array(
 					'url' => 'admin_settings.php?page=rebuildconfigs',
 					'label' => $lng['admin']['rebuildconf'],
+					'required_resources' => 'change_serversettings'
+				),
+				array(
+					'url' => 'admin_autoupdate.php?page=overview',
+					'label' => $lng['admin']['autoupdate'],
 					'required_resources' => 'change_serversettings',
-				),
-			    array (
-			        'url' => 'admin_autoupdate.php?page=overview',
-			        'label' => $lng['admin']['autoupdate'],
-			        'required_resources' => 'change_serversettings',
-			    ),
-			),
+					'show_element' => extension_loaded('zip')
+				)
+			)
 		),
-	    'server_php' => array (
-	        'label' => $lng['admin']['server_php'],
-	        'required_resources' => 'change_serversettings',
-	        'elements' => array (
-	            array (
-	                'url' => 'admin_phpsettings.php?page=overview',
-	                'label' => $lng['menue']['phpsettings']['maintitle'],
-	                'show_element' => (
-	                    Settings::Get('system.mod_fcgid') == true ||
-	                    Settings::Get('phpfpm.enabled') == true
-	                ),
-	            ),
-	            array (
-	                'url' => 'admin_settings.php?page=phpinfo',
-	                'label' => $lng['admin']['phpinfo'],
-	                'required_resources' => 'change_serversettings',
-	            ),
-	            array (
-	                'url' => 'admin_apcuinfo.php?page=showinfo',
-	                'label' => $lng['admin']['apcuinfo'],
-	                'required_resources' => 'change_serversettings',
-	                'show_element' => (
-	                    function_exists('apcu_cache_info') === true
-	                ),
-	            ),
-	            array (
-	                'url' => 'admin_opcacheinfo.php?page=showinfo',
-	                'label' => $lng['admin']['opcacheinfo'],
-	                'required_resources' => 'change_serversettings',
-	                'show_element' => (
-	                    function_exists('opcache_get_configuration') === true
-	                ),
-	            ),
-	        ),
-	    ),
-		'misc' => array (
+		'server_php' => array(
+			'label' => $lng['admin']['server_php'],
+			'required_resources' => 'change_serversettings',
+			'elements' => array(
+				array(
+					'url' => 'admin_phpsettings.php?page=overview',
+					'label' => $lng['menue']['phpsettings']['maintitle'],
+					'show_element' => (Settings::Get('system.mod_fcgid') == true || Settings::Get('phpfpm.enabled') == true)
+				),
+				array(
+					'url' => 'admin_settings.php?page=phpinfo',
+					'label' => $lng['admin']['phpinfo'],
+					'required_resources' => 'change_serversettings'
+				),
+				array(
+					'url' => 'admin_apcuinfo.php?page=showinfo',
+					'label' => $lng['admin']['apcuinfo'],
+					'required_resources' => 'change_serversettings',
+					'show_element' => (function_exists('apcu_cache_info') === true)
+				),
+				array(
+					'url' => 'admin_opcacheinfo.php?page=showinfo',
+					'label' => $lng['admin']['opcacheinfo'],
+					'required_resources' => 'change_serversettings',
+					'show_element' => (function_exists('opcache_get_configuration') === true)
+				)
+			)
+		),
+		'misc' => array(
 			'label' => $lng['admin']['misc'],
-			'elements' => array (
-			    array (
-			        'url' => 'admin_settings.php?page=integritycheck',
-			        'label' => $lng['admin']['integritycheck'],
-			        'required_resources' => 'change_serversettings',
-			    ),
-			    array (
-			        'url' => 'admin_templates.php?page=email',
-			        'label' => $lng['admin']['templates']['email'],
-			    ),
-				array (
-					'url' => 'admin_message.php?page=message',
-					'label' => $lng['admin']['message'],
+			'elements' => array(
+				array(
+					'url' => 'admin_settings.php?page=integritycheck',
+					'label' => $lng['admin']['integritycheck'],
+					'required_resources' => 'change_serversettings'
 				),
-			),
-		),
-	),
+				array(
+					'url' => 'admin_templates.php?page=email',
+					'label' => $lng['admin']['templates']['email']
+				),
+				array(
+					'url' => 'admin_message.php?page=message',
+					'label' => $lng['admin']['message']
+				)
+			)
+		)
+	)
 );

lib/version.inc.php

@@ -16,10 +16,10 @@
  */
 
 // Main version variable
-$version = '0.9.37-rc1';
+$version = '0.9.38-rc2';
 
 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201607140';
+$dbversion = '201610070';
 
 // Distribution branding-tag (used for Debian etc.)
 $branding = '';

lng/english.lng.php

@@ -71,6 +71,7 @@ $lng['customer']['ftps'] = 'FTP-accounts';
 $lng['customer']['subdomains'] = 'Subdomains';
 $lng['customer']['domains'] = 'Domains';
 $lng['customer']['unlimited'] = '∞';
+$lng['customer']['mib'] = 'MiB';
 
 /**
  * Customermenue
@@ -903,7 +904,7 @@ $lng['serversettings']['mail_quota_enabled']['enforcelink'] = 'Click here to enf
 $lng['question']['admin_quotas_reallywipe'] = 'Do you really want to wipe all quotas on table mail_users? This cannot be reverted!';
 $lng['question']['admin_quotas_reallyenforce'] = 'Do you really want to enforce the default quota to all Users? This cannot be reverted!';
 $lng['error']['vmailquotawrong'] = 'The quotasize must be positive number.';
-$lng['customer']['email_quota'] = 'E-mail quota';
+$lng['customer']['email_quota'] = 'E-mail quota (MiB)';
 $lng['customer']['email_imap'] = 'E-mail IMAP';
 $lng['customer']['email_pop3'] = 'E-mail POP3';
 $lng['customer']['mail_quota'] = 'Mailquota';
@@ -1961,7 +1962,7 @@ $lng['admin']['autoupdate'] = 'Auto-Update';
 $lng['error']['customized_version'] = 'It looks like your Froxlor installation has been customized, no support sorry.';
 $lng['error']['autoupdate_0'] = 'Unknown error';
 $lng['error']['autoupdate_1'] = 'PHP setting allow_url_fopen is disabled. Autoupdate needs this setting to be enabled in php.ini';
-$lng['error']['autoupdate_2'] = 'PHP extension Zlib not found, please ensure it is installed and activated';
+$lng['error']['autoupdate_2'] = 'PHP zip extension not found, please ensure it is installed and activated';
 $lng['error']['autoupdate_4'] = 'The froxlor archive could not be stored to the disk :(';
 $lng['error']['autoupdate_5'] = 'version.froxlor.org returned inacceptable values :(';
 $lng['error']['autoupdate_6'] = 'Woops, there was no (valid) version given to download :(';
@@ -2021,3 +2022,43 @@ $lng['serversettings']['dns_server']['description'] = 'Remember that daemons hav
 $lng['error']['domain_nopunycode'] = 'You must not specify punycode (IDNA). The domain will automatically be converted';
 $lng['admin']['dnsenabled'] = 'Enable DNS editor';
 $lng['error']['dns_record_toolong'] = 'Records/labels can only be up to 63 characters';
+
+// Added in froxlor 0.9.37-rc1
+$lng['serversettings']['panel_customer_hide_options']['title'] = 'Hide menu items and traffic charts in customer panel';
+$lng['serversettings']['panel_customer_hide_options']['description'] = 'Select items to hide in customer panel. To select multiple options, hold down CTRL while selecting.';
+
+// Added in froxlor 0.9.38-rc1
+$lng['serversettings']['allow_allow_customer_shell']['title'] = 'Allow customers to enable shell access for ftp-users';
+$lng['serversettings']['allow_allow_customer_shell']['description'] = '<strong class="red">Please note: Shell access allows the user to execute various binaries on your system. Use with extrem caution. Please only activate this if you REALLY know what you are doing!!!</strong>';
+$lng['serversettings']['available_shells']['title'] = 'List of available shells';
+$lng['serversettings']['available_shells']['description'] = 'Comma seperated list of shells that are available for the customer to chose from for their ftp-users.<br><br>Note that the default shell <strong>/bin/false</strong> will always be a choice (if enabled), even if this setting is empty. It is the default value for ftp-users in any case';
+$lng['panel']['shell'] = 'Shell';
+$lng['serversettings']['le_froxlor_enabled']['title'] = "Enable Let's Encrypt for the froxlor vhost";
+$lng['serversettings']['le_froxlor_enabled']['description'] = "If activated, the froxlor vhost will automatically be secured using a Let's Encrypt certificate.";
+$lng['serversettings']['le_froxlor_redirect']['title'] = "Enable SSL-redirect for the froxlor vhost";
+$lng['serversettings']['le_froxlor_redirect']['description'] = "If activated, all http requests to your froxlor will be redirected to the corresponding SSL site.";
+$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost settings';
+$lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Availble only for: %s</em>';
+$lng['serversettings']['option_unavailable'] = '<br><em class="red">Option not availble due to other settings.</em>';
+$lng['serversettings']['letsencryptacmeconf']['title'] = "Path to the acme.conf snippet";
+$lng['serversettings']['letsencryptacmeconf']['description'] = "File name of the config snippet which allows the web server to serve the acme challenge.";
+$lng['admin']['hostname'] = 'Hostname';
+$lng['admin']['memory'] = 'Memory usage';
+$lng['serversettings']['mail_use_smtp'] = 'Set mailer to use SMTP';
+$lng['serversettings']['mail_smtp_host'] = 'Specify SMTP server';
+$lng['serversettings']['mail_smtp_usetls'] = 'Enable TLS encryption';
+$lng['serversettings']['mail_smtp_auth'] = 'Enable SMTP authentication';
+$lng['serversettings']['mail_smtp_port'] = 'TCP port to connect to';
+$lng['serversettings']['mail_smtp_user'] = 'SMTP username';
+$lng['serversettings']['mail_smtp_passwd'] = 'SMTP password';
+$lng['domains']['ssl_certificates'] = 'SSL certificates';
+$lng['domains']['ssl_certificate_removed'] = 'The certificate with the id #%s has been removed successfully';
+$lng['domains']['ssl_certificate_error'] = "Error reading certificate for domain: %s";
+$lng['domains']['no_ssl_certificates'] = "There are no domains with SSL certificate";
+$lng['admin']['webserversettings_ssl'] = 'Webserver SSL settings';
+$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
+$lng['admin']['domain_hsts_maxage']['description'] = 'Specify the max-age value for the Strict-Transport-Security header<br>The value <i>0</i> will disable HSTS for the domain. Most user set a value of <i>31536000</i> (one year).';
+$lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
+$lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
+$lng['admin']['domain_hsts_preload']['title'] = 'Include domain in <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload list</a>';
+$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.<br>Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.<br>Please read the details at <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> before sending the header with "preload".';

lng/german.lng.php

@@ -900,7 +900,7 @@ $lng['serversettings']['mail_quota_enabled']['enforcelink'] = 'Hier klicken, um
 $lng['question']['admin_quotas_reallywipe'] = 'Sind Sie sicher, dass alle E-Mail-Kontingente aus der Tabelle mail_users entfernt werden sollen? Dieser Schritt kann nicht rückgängig gemacht werden!';
 $lng['question']['admin_quotas_reallyenforce'] = 'Sind Sie sicher, dass Sie allen Benutzern das Default-Quota zuweisen wollen? Dies kann nicht rückgängig gemacht werden!';
 $lng['error']['vmailquotawrong'] = 'Die Kontingent-Größe muss positiv sein.';
-$lng['customer']['email_quota'] = 'E-Mail-Kontingent';
+$lng['customer']['email_quota'] = 'E-Mail-Kontingent (MiB)';
 $lng['customer']['email_imap'] = 'IMAP';
 $lng['customer']['email_pop3'] = 'POP3';
 $lng['customer']['mail_quota'] = 'E-Mail-Kontingent';
@@ -1202,7 +1202,7 @@ $lng['serversettings']['perl_path']['description'] = 'Standard ist /usr/bin/perl
 // ADDED IN FROXLOR 0.9.12-svn1
 $lng['admin']['fcgid_settings'] = 'FCGID';
 $lng['serversettings']['mod_fcgid_ownvhost']['title'] = 'Verwende FCGID im Froxlor-Vhost';
-$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalem Benutzer ausgeführt';
+$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalen Benutzer ausgeführt';
 $lng['admin']['mod_fcgid_user'] = 'Lokaler Benutzer für FCGID (Froxlor Vhost)';
 $lng['admin']['mod_fcgid_group'] = 'Lokale Gruppe für FCGID (Froxlor Vhost)';
 
@@ -1291,7 +1291,7 @@ $lng['error']['fcgidstillenabled'] = 'FCGID ist derzeit aktiviert. Bitte deaktiv
 $lng['phpfpm']['vhost_httpuser'] = 'Lokaler Benutzer für PHP-FPM (Froxlor-Vhost)';
 $lng['phpfpm']['vhost_httpgroup'] = 'Lokale Gruppe für PHP-FPM (Froxlor-Vhost)';
 $lng['phpfpm']['ownvhost']['title'] = 'Verwende PHP-FPM im Froxlor-Vhost';
-$lng['phpfpm']['ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalem Benutzer ausgeführt';
+$lng['phpfpm']['ownvhost']['description'] = 'Wenn verwendet, wird Froxlor selbst unter einem lokalen Benutzer ausgeführt';
 
 // ADDED IN FROXLOR 0.9.17
 $lng['crondesc']['cron_usage_report'] = 'Webspace- und Trafficreport';
@@ -1615,7 +1615,7 @@ $lng['admin']['autoupdate'] = 'Auto-Update';
 $lng['error']['customized_version'] = 'Es scheint als wäre die Froxlor Installation angepasst worden. Kein Support, sorry.';
 $lng['error']['autoupdate_0'] = 'Unbekannter Fehler';
 $lng['error']['autoupdate_1'] = 'PHP Einstellung allow_url_fopen ist deaktiviert. Autoupdate benötigt diese Option, bitte in der php.ini aktivieren.';
-$lng['error']['autoupdate_2'] = 'PHP Extension Zlib nicht gefunden, bitte prüfen, ob diese installiert und aktiviert ist.';
+$lng['error']['autoupdate_2'] = 'PHP zip Erweiterung nicht gefunden, bitte prüfen, ob diese installiert und aktiviert ist.';
 $lng['error']['autoupdate_4'] = 'Das froxlor Archiv konnte nicht auf der Festplatte gespeichert werden :(';
 $lng['error']['autoupdate_5'] = 'version.froxlor.org gab ungültige Werte zurück :(';
 $lng['error']['autoupdate_6'] = 'Woops, keine (gültige) Version angegeben für den Download :(';
@@ -1674,3 +1674,42 @@ $lng['serversettings']['dns_server']['description'] = 'Dienste müssen mit den f
 $lng['error']['domain_nopunycode'] = 'Die Eingabe von Punycode (IDNA) ist nicht notwendig. Die Domain wird automatisch konvertiert.';
 $lng['admin']['dnsenabled'] = 'Zugriff auf DNS Editor';
 $lng['error']['dns_record_toolong'] = 'Records/Labels können maximal 63 Zeichen lang sein';
+
+// Added in froxlor 0.9.37-rc1
+$lng['serversettings']['panel_customer_hide_options']['title'] = 'Menüpunkte und Traffic-Charts im Kundenbereich ausblenden';
+$lng['serversettings']['panel_customer_hide_options']['description'] = 'Wählen Sie hier die gewünschten Menüpunkte und Traffic-Charts aus, welche im Kundenbereich ausgeblendet werden sollen. Für Mehrfachauswahl, halten Sie während der Auswahl STRG gedrückt.';
+
+// Added in froxlor 0.9.38-rc1
+$lng['serversettings']['allow_allow_customer_shell']['title'] = 'Erlaube Kunden für FTP Benutzer eine Shell auszuwählen';
+$lng['serversettings']['allow_allow_customer_shell']['description'] = '<strong class="red">Bitte beachten: Shell Zugriff gestattet dem Benutzer verschiedene Programme auf Ihrem System auszuführen. Mit großer Vorsicht verwenden. Bitte aktiviere dies nur wenn WIRKLICH bekannt ist, was das bedeutet!!!</strong>';
+$lng['serversettings']['available_shells']['title'] = 'Liste der verfügbaren Shells';
+$lng['serversettings']['available_shells']['description'] = 'Komme-getrennte Liste von Shells die der Kunde für seine FTP-Konten wählen kann.<br><br>Hinweis: Die Standard-Shell <strong>/bin/false</strong> wird immer eine Auswahlmöglichkeit sein (wenn aktiviert), auch wenn diese Einstellung leer ist. Sie ist in jedem Fall der Standardwert für alle FTP-Konten';
+$lng['serversettings']['le_froxlor_enabled']['title'] = "Let's Encrypt für den froxlor Vhost verwenden";
+$lng['serversettings']['le_froxlor_enabled']['description'] = "Wenn dies aktiviert ist, erstellt froxlor für seinen vhost automatisch ein Let's Encrypt Zertifikat.";
+$lng['serversettings']['le_froxlor_redirect']['title'] = "SSL-Weiterleitung für den froxlor Vhost aktivieren";
+$lng['serversettings']['le_froxlor_redirect']['description'] = "Wenn dies aktiviert ist, werden alle HTTP Anfragen an die entsprechende SSL Seite weitergeleitet.";
+$lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost Einstellungen';
+$lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Nur verfügbar für: %s</em>';
+$lng['serversettings']['option_unavailable'] = '<br><em class="red">Option aufgrund anderer Einstellungen nicht verfügbar.</em>';
+$lng['serversettings']['letsencryptacmeconf']['title'] = "Pfad zu acme.conf";
+$lng['serversettings']['letsencryptacmeconf']['description'] = "Dateiname der Konfiguration, die dem Webserver erlaubt, die ACME-Challenges zu bedienen.";
+$lng['admin']['hostname'] = 'Hostname';
+$lng['admin']['memory'] = 'Speicherauslastung';
+$lng['serversettings']['mail_use_smtp'] = 'Nutze SMTP für das Senden von E-Mails';
+$lng['serversettings']['mail_smtp_host'] = 'SMTP Server';
+$lng['serversettings']['mail_smtp_usetls'] = 'Aktiviere TLS Verschlüsselung';
+$lng['serversettings']['mail_smtp_auth'] = 'Nutze SMTP Authentifizierung';
+$lng['serversettings']['mail_smtp_port'] = 'TCP Port für SMTP';
+$lng['serversettings']['mail_smtp_user'] = 'SMTP Benutzer';
+$lng['serversettings']['mail_smtp_passwd'] = 'SMTP Passwort';
+$lng['domains']['ssl_certificates'] = 'SSL Zertifikate';
+$lng['domains']['ssl_certificate_removed'] = 'Das Zertifikat mit der ID #%s wurde erfolgreich gelöscht.';
+$lng['domains']['ssl_certificate_error'] = "Fehler beim Lesen des Zertifikats für die Domain: %s";
+$lng['domains']['no_ssl_certificates'] = "Es wurden keine SSL-Zertifikate gefunden";
+$lng['admin']['webserversettings_ssl'] = 'Webserver SSL-Einstellungen';
+$lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
+$lng['admin']['domain_hsts_maxage']['description'] = '"max-age" Wert für den Strict-Transport-Security Header<br>Der Wert <i>0</i> deaktiviert HSTS für diese Domain. Meist wird der Wert <i>31536000</i> gerne genutzt (ein Jahr).';
+$lng['admin']['domain_hsts_incsub']['title'] = 'Inkludiere HSTS für jede Subdomain';
+$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS that the HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
+$lng['admin']['domain_hsts_preload']['title'] = 'Füge Domain in die <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload Liste</a> hinzu';
+$lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.<br>Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.<br>Beachte Details unter <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> bevor ein Header mit "preload" gesendet wird.';

scripts/classes/class.DnsBase.php

@@ -1,10 +1,24 @@
 <?php
 
-/***
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ */
+
+/**
  * Class DnsBase
  *
  * Base class for all DNS server configs
- *
  */
 abstract class DnsBase
 {
@@ -69,8 +83,7 @@ abstract class DnsBase
 
 	protected function getDomainList()
 	{
-		$result_domains_stmt = Database::query(
-			"
+		$result_domains_stmt = Database::query("
 			SELECT
 				`d`.`id`,
 				`d`.`domain`,
@@ -131,35 +144,21 @@ abstract class DnsBase
 				$domains[$key]['children'] = array();
 			}
 			if ($domains[$key]['ismainbutsubto'] > 0) {
-				if (isset($domains[  $domains[$key]['ismainbutsubto']  ])) {
-					$domains[  $domains[$key]['ismainbutsubto']  ]['children'][] = $domains[$key]['id'];
+				if (isset($domains[$domains[$key]['ismainbutsubto']])) {
+					$domains[$domains[$key]['ismainbutsubto']]['children'][] = $domains[$key]['id'];
 				} else {
-					$this->_logger->logAction(CRON_ACTION, LOG_ERR,
-						'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key .
-						') is set to to be subdomain to non-existent domain ID #' .
-						$domains[$key]['ismainbutsubto'] .
-						'. No DNS record(s) will be created for this domain.');
+					$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Database inconsistency: domain ' . $domain['domain'] . ' (ID #' . $key . ') is set to to be subdomain to non-existent domain ID #' . $domains[$key]['ismainbutsubto'] . '. No DNS record(s) will be created for this domain.');
 				}
 			}
 		}
 
-		$this->_logger->logAction(CRON_ACTION, LOG_DEBUG,
-			str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') .
-			'ismainbutsubto ' . str_pad('parent domain', 40, ' ') .
-			"list of child domain ids");
-			foreach ($domains as $domain) {
-				$logLine =
-				str_pad($domain['id'], 9, ' ') .
-				str_pad($domain['domain'], 40, ' ') .
-				str_pad($domain['ismainbutsubto'], 15, ' ') .
-				str_pad(((isset($domains[  $domain['ismainbutsubto']  ])) ?
-					$domains[  $domain['ismainbutsubto']  ]['domain'] :
-					'-'), 40, ' ') .
-					join(', ', $domain['children']);
-					$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, $logLine);
-			}
+		$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . 'ismainbutsubto ' . str_pad('parent domain', 40, ' ') . "list of child domain ids");
+		foreach ($domains as $domain) {
+			$logLine = str_pad($domain['id'], 9, ' ') . str_pad($domain['domain'], 40, ' ') . str_pad($domain['ismainbutsubto'], 15, ' ') . str_pad(((isset($domains[$domain['ismainbutsubto']])) ? $domains[$domain['ismainbutsubto']]['domain'] : '-'), 40, ' ') . join(', ', $domain['children']);
+			$this->_logger->logAction(CRON_ACTION, LOG_DEBUG, $logLine);
+		}
 
-			return $domains;
+		return $domains;
 	}
 
 	public function reloadDaemon()
@@ -171,8 +170,7 @@ abstract class DnsBase
 		if ($cmdStatus === 0) {
 			$this->_logger->logAction(CRON_ACTION, LOG_INFO, Settings::Get('system.dns_server') . ' daemon reloaded');
 		} else {
-			$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd .
-				'`: exit code (' . $cmdStatus . ') - please check your system logs');
+			$this->_logger->logAction(CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . '`: exit code (' . $cmdStatus . ') - please check your system logs');
 		}
 	}
 

scripts/classes/class.HttpConfigBase.php

@@ -1,11 +1,28 @@
 <?php
-/***
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ */
+
+/**
  * Class HttpConfigBase
  *
  * Base class for all HTTP server configs
  *
  */
-class HttpConfigBase {
+class HttpConfigBase
+{
 
 	/**
 	 * process special config as template, by substituting {VARIABLE} with the
@@ -13,26 +30,92 @@ class HttpConfigBase {
 	 *
 	 * The following variables are known at the moment:
 	 *
-	 * {DOMAIN}         - domain name
-	 * {IP}             - IP for this domain
-	 * {PORT}           - Port for this domain
-	 * {CUSTOMER}       - customer name
-	 * {IS_SSL}         - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string
-	 * {DOCROOT}        - document root for this domain
+	 * {DOMAIN} - domain name
+	 * {IP} - IP for this domain
+	 * {PORT} - Port for this domain
+	 * {CUSTOMER} - customer name
+	 * {IS_SSL} - evaluates to 'ssl' if domain/ip is ssl, otherwise it is an empty string
+	 * {DOCROOT} - document root for this domain
 	 *
-	 * @param $template
+	 * @param
+	 *        	$template
 	 * @return string
 	 */
-	protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost) {
+	protected function processSpecialConfigTemplate($template, $domain, $ip, $port, $is_ssl_vhost)
+	{
 		$templateVars = array(
 			'DOMAIN' => $domain['domain'],
 			'CUSTOMER' => $domain['loginname'],
 			'IP' => $ip,
 			'PORT' => $port,
-			'SCHEME' => ($is_ssl_vhost)?'https':'http',
+			'SCHEME' => ($is_ssl_vhost) ? 'https' : 'http',
 			'DOCROOT' => $domain['documentroot']
 		);
 		return replace_variables($template, $templateVars);
 	}
 
-} 
+	protected function getMyPath($ip_port = null)
+	{
+		if (! empty($ip_port) && $ip_port['docroot'] == '') {
+			if (Settings::Get('system.froxlordirectlyviahostname')) {
+				$mypath = makeCorrectDir(dirname(dirname(dirname(__FILE__))));
+			} else {
+				$mypath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
+			}
+		} else {
+			// user-defined docroot, #417
+			$mypath = makeCorrectDir($ip_port['docroot']);
+		}
+		return $mypath;
+	}
+
+	protected function checkAlternativeSslPort()
+	{
+		// We must not check if our port differs from port 443,
+		// but if there is a destination-port != 443
+		$_sslport = '';
+		// This returns the first port that is != 443 with ssl enabled,
+		// ordered by ssl-certificate (if any) so that the ip/port combo
+		// with certificate is used
+		$ssldestport_stmt = Database::prepare("
+			SELECT `ip`.`port` FROM " . TABLE_PANEL_IPSANDPORTS . " `ip`
+			WHERE `ip`.`ssl` = '1'  AND `ip`.`port` != 443
+			ORDER BY `ip`.`ssl_cert_file` DESC, `ip`.`port` LIMIT 1;
+		");
+		$ssldestport = Database::pexecute_first($ssldestport_stmt);
+
+		if ($ssldestport['port'] != '') {
+			$_sslport = ":" . $ssldestport['port'];
+		}
+
+		return $_sslport;
+	}
+
+	protected function froxlorVhostHasLetsEncryptCert()
+	{
+		// check whether we have an entry with valid certificates which just does not need
+		// updating yet, so we need to skip this here
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
+			return true;
+		}
+		return false;
+	}
+
+	protected function froxlorVhostLetsEncryptNeedsRenew()
+	{
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+			WHERE `domainid` = '0' AND
+			(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
+			return true;
+		}
+		return false;
+	}
+}

scripts/jobs/cron_letsencrypt.php

@@ -27,8 +27,7 @@ if (! extension_loaded('curl')) {
 	exit();
 }
 
-$certificates_stmt = Database::query(
-	"
+$certificates_stmt = Database::query("
 		SELECT
 			domssl.`id`,
 			domssl.`domainid`,
@@ -63,8 +62,7 @@ $certificates_stmt = Database::query(
 			)
 	");
 
-$aliasdomains_stmt = Database::prepare(
-	"
+$aliasdomains_stmt = Database::prepare("
 		SELECT
 			dom.`id` as domainid,
 			dom.`domain`,
@@ -76,8 +74,7 @@ $aliasdomains_stmt = Database::prepare(
 			AND dom.`iswildcarddomain` = 0
 	");
 
-$updcert_stmt = Database::prepare(
-	"
+$updcert_stmt = Database::prepare("
 		REPLACE INTO
 			`" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
 		SET
@@ -93,7 +90,107 @@ $updcert_stmt = Database::prepare(
 
 $upddom_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `ssl_redirect` = '1' WHERE `id` = :domainid");
 
+// flag for re-generation of vhost files
 $changedetected = 0;
+
+// first - generate LE for system-vhost if enabled
+if (Settings::Get('system.le_froxlor_enabled') == '1') {
+
+	$certrow = array(
+		'loginname' => 'froxlor.panel',
+		'domain' => Settings::Get('system.hostname'),
+		'domainid' => 0,
+		'documentroot' => FROXLOR_INSTALL_DIR,
+		'leprivatekey' => Settings::Get('system.leprivatekey'),
+		'lepublickey' => Settings::Get('system.lepublickey'),
+		'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
+		'expirationdate' => null,
+		'ssl_cert_file' => null,
+		'ssl_key_file' => null,
+		'ssl_ca_file' => null,
+		'ssl_csr_file' => null,
+		'id' => null
+	);
+
+	$froxlor_ssl_settings_stmt = Database::prepare("
+		SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "`
+		WHERE `domainid` = '0' AND
+		(`expirationdate` < DATE_ADD(NOW(), INTERVAL 30 DAY) OR `expirationdate` IS NULL)
+	");
+	$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+
+	$insert_or_update_required = true;
+	if ($froxlor_ssl) {
+		$certrow['id'] = $froxlor_ssl['id'];
+		$certrow['expirationdate'] = $froxlor_ssl['expirationdate'];
+		$certrow['ssl_cert_file'] = $froxlor_ssl['ssl_cert_file'];
+		$certrow['ssl_key_file'] = $froxlor_ssl['ssl_key_file'];
+		$certrow['ssl_ca_file'] = $froxlor_ssl['ssl_ca_file'];
+		$certrow['ssl_csr_file'] = $froxlor_ssl['ssl_csr_file'];
+	} else {
+		// check whether we have an entry with valid certificates which just does not need
+		// updating yet, so we need to skip this here
+		$froxlor_ssl_settings_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = '0'
+		");
+		$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
+		if ($froxlor_ssl && ! empty($froxlor_ssl['ssl_cert_file'])) {
+			$insert_or_update_required = false;
+		}
+	}
+
+	if ($insert_or_update_required) {
+		$domains = array(
+			$certrow['domain']
+		);
+
+		// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
+		// - this temp. deactivation of the ssl-redirect is handled by the webserver-cronjob
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
+
+		$cronlog = FroxlorLogger::getInstanceOf(array(
+			'loginname' => $certrow['loginname']
+		));
+
+		try {
+			// Initialize Lescript with documentroot
+			$le = new lescript($cronlog, $version);
+
+			// Initialize Lescript
+			$le->initAccount($certrow, true);
+
+			// Request the new certificate (old key may be used)
+			$return = $le->signDomains($domains, $certrow['ssl_key_file']);
+
+			// We are interessted in the expirationdate
+			$newcert = openssl_x509_parse($return['crt']);
+
+			// Store the new data
+			Database::pexecute($updcert_stmt, array(
+				'id' => $certrow['id'],
+				'domainid' => $certrow['domainid'],
+				'crt' => $return['crt'],
+				'key' => $return['key'],
+				'ca' => $return['chain'],
+				'chain' => $return['chain'],
+				'csr' => $return['csr'],
+				'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
+			));
+
+			if ($certrow['ssl_redirect'] == 3) {
+				Settings::Set('system.le_froxlor_redirect', '1');
+			}
+
+			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
+
+			$changedetected = 1;
+		} catch (Exception $e) {
+			$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
+		}
+	}
+}
+
+// customer domains
 $certrows = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
 foreach ($certrows as $certrow) {
 
@@ -104,15 +201,15 @@ foreach ($certrows as $certrow) {
 
 	// Only renew let's encrypt certificate if no broken ssl_redirect is enabled
 	if ($certrow['ssl_redirect'] != 2) {
-		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Updating " . $certrow['domain']);
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, "Updating " . $certrow['domain']);
 
-		$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $certrow['domain']);
+		$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $certrow['domain']);
 		$domains = array(
 			$certrow['domain']
 		);
 		// add www.<domain> to SAN list
 		if ($certrow['wwwserveralias'] == 1) {
-			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $certrow['domain']);
+			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $certrow['domain']);
 			$domains[] = 'www.' . $certrow['domain'];
 		}
 
@@ -122,39 +219,38 @@ foreach ($certrows as $certrow) {
 		));
 		$aliasdomains = $aliasdomains_stmt->fetchAll(PDO::FETCH_ASSOC);
 		foreach ($aliasdomains as $aliasdomain) {
-			$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: " . $aliasdomain['domain']);
+			$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: " . $aliasdomain['domain']);
 			$domains[] = $aliasdomain['domain'];
 			if ($aliasdomain['wwwserveralias'] == 1) {
-				$cronlog->logAction(CRON_ACTION, LOG_DEBUG, "Adding SAN entry: www." . $aliasdomain['domain']);
+				$cronlog->logAction(CRON_ACTION, LOG_INFO, "Adding SAN entry: www." . $aliasdomain['domain']);
 				$domains[] = 'www.' . $aliasdomain['domain'];
 			}
 		}
 
 		try {
 			// Initialize Lescript with documentroot
-			$le = new lescript($cronlog);
+			$le = new lescript($cronlog, $version);
 
 			// Initialize Lescript
 			$le->initAccount($certrow);
 
 			// Request the new certificate (old key may be used)
-			$return = $le->signDomains($domains, $certrow['ssl_key_file'], $certrow['ssl_csr_file']);
+			$return = $le->signDomains($domains, $certrow['ssl_key_file']);
 
 			// We are interessted in the expirationdate
 			$newcert = openssl_x509_parse($return['crt']);
 
 			// Store the new data
-			Database::pexecute($updcert_stmt,
-				array(
-					'id' => $certrow['id'],
-					'domainid' => $certrow['domainid'],
-					'crt' => $return['crt'],
-					'key' => $return['key'],
-					'ca' => $return['chain'],
-					'chain' => $return['chain'],
-					'csr' => $return['csr'],
-					'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
-				));
+			Database::pexecute($updcert_stmt, array(
+				'id' => $certrow['id'],
+				'domainid' => $certrow['domainid'],
+				'crt' => $return['crt'],
+				'key' => $return['key'],
+				'ca' => $return['chain'],
+				'chain' => $return['chain'],
+				'csr' => $return['csr'],
+				'expirationdate' => date('Y-m-d H:i:s', $newcert['validTo_time_t'])
+			));
 
 			if ($certrow['ssl_redirect'] == 3) {
 				Database::pexecute($upddom_stmt, array(
@@ -166,12 +262,10 @@ foreach ($certrows as $certrow) {
 
 			$changedetected = 1;
 		} catch (Exception $e) {
-			$cronlog->logAction(CRON_ACTION, LOG_ERR,
-				"Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
+			$cronlog->logAction(CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ": " . $e->getMessage());
 		}
 	} else {
-		$cronlog->logAction(CRON_ACTION, LOG_WARNING,
-			"Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
+		$cronlog->logAction(CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
 	}
 }
 

scripts/jobs/cron_tasks.inc.dns.20.pdns.php

@@ -29,11 +29,11 @@ class pdns extends DnsBase
 		// connect to db
 		$this->_connectToPdnsDb();
 
-		// clean up
-		$this->_clearZoneTables();
-
 		$domains = $this->getDomainList();
 
+		// clean up
+		$this->_clearZoneTables($domains);
+
 		if (empty($domains)) {
 			$this->_logger->logAction(CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, skipping...');
 			return;
@@ -62,7 +62,7 @@ class pdns extends DnsBase
 		}
 
 		if ($domain['zonefile'] == '') {
-			// check for system-hostname
+		// check for system-hostname
 			$isFroxlorHostname = false;
 			if (isset($domain['froxlorhost']) && $domain['froxlorhost'] == 1) {
 				$isFroxlorHostname = true;
@@ -91,19 +91,30 @@ class pdns extends DnsBase
 			}
 		} else {
 			$this->_logger->logAction(CRON_ACTION, LOG_ERROR,
-				'Zonefiles are NOT supported when PowerDNS is selected as DNS daemon (triggered by: ' .
+				'Custom zonefiles are NOT supported when PowerDNS is selected as DNS daemon (triggered by: ' .
 				$domain['domain'] . ')');
-			$this->_bindconf_file .= $this->_generateDomainConfig($domain);
 		}
 	}
 
-	private function _clearZoneTables()
+	private function _clearZoneTables($domains = null)
 	{
 		$this->_logger->logAction(CRON_ACTION, LOG_INFO, 'Cleaning dns zone entries from database');
 
-		$this->pdns_db->query("TRUNCATE TABLE `records`");
-		$this->pdns_db->query("TRUNCATE TABLE `domains`");
-		$this->pdns_db->query("TRUNCATE TABLE `domainmetadata`");
+		$pdns_domains_stmt = $this->pdns_db->prepare("SELECT `id`, `name` FROM `domains` WHERE `name` = :domain");
+
+		$del_rec_stmt = $this->pdns_db->prepare("DELETE FROM `records` WHERE `domain_id` = :did");
+		$del_meta_stmt = $this->pdns_db->prepare("DELETE FROM `domainmetadata` WHERE `domain_id` = :did");
+		$del_dom_stmt = $this->pdns_db->prepare("DELETE FROM `domains` WHERE `id` = :did");
+
+		foreach ($domains as $domain)
+		{
+			$pdns_domains_stmt->execute(array('domain' => $domain['domain']));
+			$pdns_domain = $pdns_domains_stmt->fetch(\PDO::FETCH_ASSOC);
+
+			$del_rec_stmt->execute(array('did' => $pdns_domain['id']));
+			$del_meta_stmt->execute(array('did' => $pdns_domain['id']));
+			$del_dom_stmt->execute(array('did' => $pdns_domain['id']));
+		}
 	}
 
 	private function _insertZone($domainname, $serial = 0)

scripts/jobs/cron_usage_report.php

@@ -26,6 +26,18 @@ $yesterday = time() - (60 * 60 * 24);
 $mail = new PHPMailer(true);
 $mail->CharSet = "UTF-8";
 
+if (Settings::Get('system.mail_use_smtp')) {
+	$mail->isSMTP();
+	$mail->Host = Settings::Get('system.mail_smtp_host');
+	$mail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+	$mail->Username = Settings::Get('system.mail_smtp_user');
+	$mail->Password = Settings::Get('system.mail_smtp_passwd');
+	if (Settings::Get('system.mail_smtp_usetls')) {
+		$mail->SMTPSecure = 'tls';
+	}
+	$mail->Port = Settings::Get('system.mail_smtp_port');
+}
+
 if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
 	// set return-to address and custom sender-name, see #76
 	$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));

ssl_certificates.php

@@ -0,0 +1,152 @@
+<?php
+if (! defined('AREA'))
+	die('You cannot access this file directly!');
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright (c) the authors
+ * @author Froxlor team <team@froxlor.org> (2016-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Panel
+ *
+ */
+
+// This file is being included in admin_domains and customer_domains
+	// and therefore does not need to require lib/init.php
+
+$del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE id = :id");
+$success_message = "";
+
+// do the delete and then just showa success-message and the certificates list again
+if ($action == 'delete') {
+	$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
+	if ($id > 0) {
+		Database::pexecute($del_stmt, array(
+			'id' => $id
+		));
+		$success_message = sprintf($lng['domains']['ssl_certificate_removed'], $id);
+	}
+}
+
+$log->logAction(USR_ACTION, LOG_NOTICE, "viewed domains::ssl_certificates");
+$fields = array(
+	'd.domain' => $lng['domains']['domainname']
+);
+$paging = new paging($userinfo, TABLE_PANEL_DOMAIN_SSL_SETTINGS, $fields);
+
+// select all my (accessable) certificates
+$certs_stmt_query = "SELECT s.*, d.domain, d.letsencrypt, c.customerid, c.loginname
+	FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s
+	LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` d ON `d`.`id` = `s`.`domainid`
+	LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` c ON `c`.`customerid` = `d`.`customerid`
+	WHERE ";
+
+$qry_params = array();
+
+if (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
+	// admin with only customer-specific permissions
+	$certs_stmt_query .= "d.adminid = :adminid ";
+	$qry_params['adminid'] = $userinfo['adminid'];
+} elseif (AREA == 'customer') {
+	// customer-area
+	$certs_stmt_query .= "d.customerid = :cid ";
+	$qry_params['cid'] = $userinfo['customerid'];
+} else {
+	$certs_stmt_query .= "1 ";
+}
+
+// sorting by domain-name
+$certs_stmt_query .= $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit();
+
+$certs_stmt = Database::prepare($certs_stmt_query);
+Database::pexecute($certs_stmt, $qry_params);
+$all_certs = $certs_stmt->fetchAll(PDO::FETCH_ASSOC);
+$certificates = "";
+
+if (count($all_certs) == 0) {
+	$message = $lng['domains']['no_ssl_certificates'];
+	$sortcode = "";
+	$arrowcode = array('d.domain' => '');
+	$searchcode = "";
+	$pagingcode = "";
+	eval("\$certificates.=\"" . getTemplate("ssl_certificates/certs_error", true) . "\";");
+} else {
+	$paging->setEntries(count($all_certs));
+	$sortcode = $paging->getHtmlSortCode($lng);
+	$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
+	$searchcode = $paging->getHtmlSearchCode($lng);
+	$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
+
+	foreach ($all_certs as $idx => $cert) {
+		if ($paging->checkDisplay($idx)) {
+
+			// respect froxlor-hostname
+			if ($cert['domainid'] == 0) {
+				$cert['domain'] = Settings::Get('system.hostname');
+				$cert['letsencrypt'] = Settings::Get('system.le_froxlor_enabled');
+				$cert['loginname'] = 'froxlor.panel';
+			}
+
+			if (empty($cert['domain']) || empty($cert['ssl_cert_file'])) {
+				// no domain found to the entry or empty entry - safely delete it from the DB
+				Database::pexecute($del_stmt, array(
+					'id' => $cert['id']
+				));
+				continue;
+			}
+
+			$cert_data = openssl_x509_parse($cert['ssl_cert_file']);
+
+			$cert['domain'] = $idna_convert->decode($cert['domain']);
+
+			$adminCustomerLink = "";
+			if (AREA == 'admin' && $cert['domainid'] > 0) {
+				if (! empty($cert['loginname'])) {
+					$adminCustomerLink = '&nbsp;(<a href="' . $linker->getLink(array(
+						'section' => 'customers',
+						'page' => 'customers',
+						'action' => 'su',
+						'id' => $cert['customerid']
+					)) . '" rel="external">' . $cert['loginname'] . '</a>)';
+				}
+			}
+
+			if ($cert_data) {
+				$validFrom = date('d.m.Y H:i:s', $cert_data['validFrom_time_t']);
+				$validTo = date('d.m.Y H:i:s', $cert_data['validTo_time_t']);
+
+				$isValid = true;
+				if ($cert_data['validTo_time_t'] < time()) {
+					$isValid = false;
+				}
+
+				$san_list = "";
+				if (isset($cert_data['extensions']['subjectAltName']) && !empty($cert_data['extensions']['subjectAltName'])) {
+					$SANs = explode(",", $cert_data['extensions']['subjectAltName']);
+					$SANs = array_map('trim', $SANs);
+					foreach ($SANs as $san) {
+						$san = str_replace("DNS:", "", $san);
+						if ($san != $cert_data['subject']['CN'] && strpos($san, "othername:") === false) {
+							$san_list .= $san."<br>";
+						}
+					}
+				}
+
+				$row = htmlentities_array($cert);
+				eval("\$certificates.=\"" . getTemplate("ssl_certificates/certs_cert", true) . "\";");
+			} else {
+				$message = sprintf($lng['domains']['ssl_certificate_error'], $cert['domain']);
+				eval("\$certificates.=\"" . getTemplate("ssl_certificates/certs_error", true) . "\";");
+			}
+		} else {
+			continue;
+		}
+	}
+}
+eval("echo \"" . getTemplate("ssl_certificates/certs_list", true) . "\";");

templates/Sparkle/admin/customers/customers_customer.tpl

@@ -26,16 +26,16 @@
 				<span>Webspace:</span>
 				<if $row['diskspace'] != 'UL'>
 					<if (($row['diskspace']/100)*(int)Settings::Get('system.report_webmax')) < $row['diskspace_used']>
-						<div class="progress progress-danger tipper" title="{$row['diskspace_used']} MiB {$lng['panel']['used']}, {$row['diskspace']} MiB {$lng['panel']['assigned']}">
+						<div class="progress progress-danger tipper" title="{$lng['panel']['used']}:<br>web: {$row['webspace_used']} {$lng['customer']['mib']}<br>mail: {$row['mailspace_used']} {$lng['customer']['mib']}<br>mysql: {$row['dbspace_used']} MiB<br><br>{$lng['panel']['assigned']}:<br>{$row['diskspace']} {$lng['customer']['mib']}">
 							<div class="bar" aria-valuenow="{$disk_percent}" aria-valuemin="0" aria-valuemax="100"></div>
 						</div>
 					<else>
 						<if (($row['diskspace']/100)*((int)Settings::Get('system.report_webmax') - 15)) < $row['diskspace_used']>
-							<div class="progress progress-warn tipper" title="{$row['diskspace_used']} MiB {$lng['panel']['used']}, {$row['diskspace']} MiB {$lng['panel']['assigned']}">
+							<div class="progress progress-warn tipper" title="{$lng['panel']['used']}:<br>web: {$row['webspace_used']} {$lng['customer']['mib']}<br>mail: {$row['mailspace_used']} {$lng['customer']['mib']}<br>mysql: {$row['dbspace_used']} MiB<br><br>{$lng['panel']['assigned']}:<br>{$row['diskspace']} {$lng['customer']['mib']}">
 								<div class="bar" aria-valuenow="{$disk_percent}" aria-valuemin="0" aria-valuemax="100"></div>
 							</div>
 						<else>
-							<div class="progress tipper" title="{$row['diskspace_used']} MiB {$lng['panel']['used']}, {$row['diskspace']} MiB {$lng['panel']['assigned']}">
+							<div class="progress tipper" title="{$lng['panel']['used']}:<br>web: {$row['webspace_used']} {$lng['customer']['mib']}<br>mail: {$row['mailspace_used']} {$lng['customer']['mib']}<br>mysql: {$row['dbspace_used']} MiB<br><br>{$lng['panel']['assigned']}:<br>{$row['diskspace']} {$lng['customer']['mib']}">
 								<div class="bar" aria-valuenow="{$disk_percent}" aria-valuemin="0" aria-valuemax="100"></div>
 							</div>
 						</if>

templates/Sparkle/admin/domains/domains_domain.tpl

@@ -20,8 +20,13 @@
 		<a href="{$linker->getLink(array('section' => 'domains', 'page' => $page, 'action' => 'edit', 'id' => $row['id']))}">
 			<img src="templates/{$theme}/assets/img/icons/edit.png" alt="{$lng['panel']['edit']}" title="{$lng['panel']['edit']}" />
 		</a>
+		<if $row['isbinddomain'] == '1' && Settings::Get('system.bind_enable') == '1' && Settings::Get('system.dnsenabled') == '1'>
+			&nbsp;<a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domaindnseditor', 'domain_id' => $row['id']))}">
+				<img src="templates/{$theme}/assets/img/icons/dns_edit.png" alt="{$lng['dnseditor']['edit']}" title="{$lng['dnseditor']['edit']}" />
+			</a>
+		</if>
 		<if $row['letsencrypt'] == '1'>
-			<img src="templates/{$theme}/assets/img/icons/ssl_letsencrypt.png" alt="{$lng['panel']['letsencrypt']}" title="{$lng['panel']['letsencrypt']}" />
+			&nbsp;<img src="templates/{$theme}/assets/img/icons/ssl_letsencrypt.png" alt="{$lng['panel']['letsencrypt']}" title="{$lng['panel']['letsencrypt']}" />
 		</if>
 		<if !(isset($row['domainaliasid']) && $row['domainaliasid'] != 0) && $row['id'] != Settings::Get('system.hostname_id')>
 			<if !(isset($row['standardsubdomain']) && $row['standardsubdomain'] == $row['id'])>

templates/Sparkle/admin/domains/domains_edit.tpl

@@ -4,7 +4,7 @@ $header
 			<h2>
 				<img src="templates/{$theme}/assets/img/icons/domain_edit_big.png" alt="{$title}" />&nbsp;
 				{$title}
-				<if $result['isbinddomain'] == '1' && Settings::Get('system.dnsenabled') == '1'>
+				<if $result['isbinddomain'] == '1' && Settings::Get('system.bind_enable') == '1' && Settings::Get('system.dnsenabled') == '1'>
 					&nbsp;(<small><a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domaindnseditor', 'domain_id' => $id))}">{$lng['dnseditor']['edit']}</a></small>)
 				</if>
 			</h2>

templates/Sparkle/admin/index/index.tpl

@@ -211,6 +211,10 @@ $header
 						</tr>
 					</thead>
 					<tbody>
+						<tr>
+							<td>{$lng['admin']['hostname']}:</td>
+							<td>{$system_hostname}</td>
+						</tr>
 						<tr>
 							<td>{$lng['admin']['serversoftware']}:</td>
 							<td>{$_SERVER['SERVER_SOFTWARE']}</td>
@@ -227,6 +231,10 @@ $header
 							<td>{$lng['admin']['webserverinterface']}:</td>
 							<td>$webserverinterface</td>
 						</tr>
+						<tr>
+							<td>{$lng['admin']['memory']}:</td>
+							<td><pre>$memory</pre></td>
+						</tr>
 						<tr>
 							<td>{$lng['admin']['sysload']}:</td>
 							<td>$load</td>

templates/Sparkle/assets/js/traffic.js

@@ -93,9 +93,9 @@ $(document).ready(function() {
 	};
 
 
-	$.plot('#ftpchart', ftpdata, options);
-	$.plot('#httpchart', httpdata, options);
-	$.plot('#mailchart', maildata, options);
+	$('#ftpchart').plot(ftpdata, options);
+	$('#httpchart').plot(httpdata, options);
+	$('#mailchart').plot(maildata, options);
 
 	$("<div id='tooltip'></div>").css({
 		position: "absolute",

templates/Sparkle/customer/domains/domains_domain.tpl

@@ -1,14 +1,15 @@
 <if $row['termination_date'] != ''>
-    <tr class="{$row['termination_css']}">
+	<tr class="{$row['termination_css']}">
 </if>
 <if $row['termination_date'] == ''>
-    <tr>
+	<tr>
 </if>
-	<td><a href="http://{$row['domain']}" target="_blank">{$row['domain']}</a>
-            <if $row['termination_date'] != ''>
-                    <br><small><div class="red">({$lng['domains']['termination_date_overview']} {$row['termination_date']})</div></small>
-            </if>
-        </td>
+	<td>
+		<a href="http://{$row['domain']}" target="_blank">{$row['domain']}</a>
+		<if $row['termination_date'] != ''>
+			<br><small><div class="red">({$lng['domains']['termination_date_overview']} {$row['termination_date']})</div></small>
+		</if>
+	</td>
 	<td>
 		<if $row['aliasdomain'] == ''>{$row['documentroot']}</if>
 		<if isset($row['aliasdomainid']) && $row['aliasdomainid'] != 0>{$lng['domains']['aliasdomain']} {$row['aliasdomain']}</if>
@@ -24,6 +25,11 @@
 				<img src="templates/{$theme}/assets/img/icons/delete.png" alt="{$lng['panel']['delete']}" title="{$lng['panel']['delete']}" />
 			</a>&nbsp;
 		</if>
+		<if $row['isbinddomain'] == '1' && $userinfo['dnsenabled'] == '1' && $row['caneditdomain'] == '1' && Settings::Get('system.bind_enable') == '1' && Settings::Get('system.dnsenabled') == '1'>
+			<a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domaindnseditor', 'domain_id' => $row['id']))}">
+				<img src="templates/{$theme}/assets/img/icons/dns_edit.png" alt="{$lng['dnseditor']['edit']}" title="{$lng['dnseditor']['edit']}" />
+			</a>&nbsp;
+		</if>
 		<if $show_ssledit == 1>
 			<a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domainssleditor', 'action' => 'view', 'id' => $row['id']))}">
 				<img src="templates/{$theme}/assets/img/icons/ssl_<if $row['domain_hascert'] == 1>customer</if><if $row['domain_hascert'] == 2>shared</if><if $row['domain_hascert'] == 0>global</if>.png" alt="{$lng['panel']['ssleditor']}" title="{$lng['panel']['ssleditor']}" />

templates/Sparkle/customer/domains/domains_edit.tpl

@@ -4,7 +4,7 @@ $header
 		<h2>
 			<img src="templates/{$theme}/assets/img/icons/domain_edit_big.png" alt="{$title}" />&nbsp;
 			{$title}
-			<if $result['isbinddomain'] == '1' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1'>
+			<if $result['isbinddomain'] == '1' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.bind_enable') == '1' && Settings::Get('system.dnsenabled') == '1'>
 				&nbsp;(<small><a href="{$linker->getLink(array('section' => 'domains', 'page' => 'domaindnseditor', 'domain_id' => $id))}">{$lng['dnseditor']['edit']}</a></small>)
 			</if>
 		</h2>

templates/Sparkle/customer/ftp/accounts.tpl

@@ -30,6 +30,9 @@
 							<th>{$lng['login']['username']}&nbsp;{$arrowcode['username']}</th>
 							<th>{$lng['panel']['ftpdesc']}&nbsp;{$arrowcode['description']}</th>
 							<th>{$lng['panel']['path']}&nbsp;{$arrowcode['homedir']}</th>
+							<if Settings::Get('system.allow_customer_shell') == '1' >
+							<th>{$lng['panel']['shell']}</th>
+							</if>
 							<th>{$lng['panel']['options']}</th>
 						</tr>
 					</thead>
@@ -58,4 +61,3 @@
 		</section>
 	</article>
 $footer
-

templates/Sparkle/customer/ftp/accounts_account.tpl

@@ -2,6 +2,9 @@
 	<td>{$row['username']}</td>
 	<td>{$row['description']}</td>
 	<td>{$row['documentroot']}</td>
+	<if Settings::Get('system.allow_customer_shell') == '1' >
+		<td>{$row['shell']}</td>
+	</if>
 	<td>
 		<a href="{$linker->getLink(array('section' => 'ftp', 'page' => 'accounts', 'action' => 'edit', 'id' => $row['id']))}">
 			<img src="templates/{$theme}/assets/img/icons/edit.png" alt="{$lng['panel']['edit']}" title="{$lng['panel']['edit']}" />

templates/Sparkle/customer/index/index.tpl

@@ -71,8 +71,9 @@ $header
 					<small>
 						{$userinfo['email_accounts_used']} {$lng['panel']['used']}<br />
 						<if $userinfo['email_accounts'] != '∞'>
-						{$userinfo['email_accounts']} {$lng['panel']['available']}
+						{$userinfo['email_accounts']} {$lng['panel']['available']}<br />
 						</if>
+						{$userinfo['mailspace_used']} {$lng['customer']['mib']}
 					</small>
 				</div>
 				</if>
@@ -113,8 +114,9 @@ $header
 					<small>
 						{$userinfo['mysqls_used']} {$lng['panel']['used']}<br />
 						<if $userinfo['mysqls'] != '∞'>
-						{$userinfo['mysqls']} {$lng['panel']['available']}
+						{$userinfo['mysqls']} {$lng['panel']['available']}<br />
 						</if>
+						{$userinfo['dbspace_used']} {$lng['customer']['mib']}
 					</small>
 				</div>
 				</if>
@@ -248,4 +250,3 @@ $header
 		</div>
 	</article>
 $footer
-

templates/Sparkle/customer/traffic/traffic.tpl

@@ -37,12 +37,18 @@ $header
 	</form>
 	
 	<div id="charts" class="hidden">
-		<h3>HTTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['http']})</h3>
-		<div id="httpchart" class="trafficchart"></div>
-		<h3>FTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['ftp']})</h3>
-		<div id="ftpchart" class="trafficchart"></div>
-		<h3>Mail {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['mail']})</h3>
-		<div id="mailchart" class="trafficchart"></div>
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.http')>
+			<h3>HTTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['http']})</h3>
+			<div id="httpchart" class="trafficchart"></div>
+		</if>			
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.ftp')>
+			<h3>FTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['ftp']})</h3>
+			<div id="ftpchart" class="trafficchart"></div>
+		</if>			
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.mail')>
+			<h3>Mail {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['mail']})</h3>
+			<div id="mailchart" class="trafficchart"></div>
+		</if>			
 	</div>
 </article>
 $footer

templates/Sparkle/customer/traffic/traffic_details.tpl

@@ -31,12 +31,18 @@ $header
 		</tbody>
 	</table>
 	<div id="charts" class="hidden">
-		<h3>HTTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['http']})</h3>
-		<div id="httpchart" class="trafficchart"></div>
-		<h3>FTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['ftp']})</h3>
-		<div id="ftpchart" class="trafficchart"></div>
-		<h3>Mail {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['mail']})</h3>
-		<div id="mailchart" class="trafficchart"></div>
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.http')>
+			<h3>HTTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['http']})</h3>
+			<div id="httpchart" class="trafficchart"></div>
+		</if>
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.ftp')>
+			<h3>FTP {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['ftp']})</h3>
+			<div id="ftpchart" class="trafficchart"></div>
+		</if>
+		<if !Settings::IsInList('panel.customer_hide_options','traffic.mail')>
+			<h3>Mail {$lng['admin']['traffic']} ({$lng['traffic']['months']['total']} {$traffic_complete['mail']})</h3>
+			<div id="mailchart" class="trafficchart"></div>
+		</if>
 	</div>
 </article>
 $footer