set version to 0.9.39.1 for maintenance release

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
fix include path in lib/ajax.php
2018-02-10 16:06:57 +01:00 · 2018-02-10 10:13:55 +01:00 · 2018-02-09 13:57:23 +01:00 · 2018-02-09 10:50:14 +01:00 · 2018-02-09 09:20:46 +01:00 · 2018-02-09 07:33:28 +01:00
175 changed files with 18806 additions and 8570 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,58 @@
+# Contributing
+
+Before you start working on a PR, contact us via IRC in #froxlor on Freenode or
+the forum at https://forum.froxlor.org to get a clue whether someone else isn't
+already working on it or if we don't want to invest the effort in favour of
+working on Froxlor 2.0.
+Of course, bug fixes are always welcome.
+However, at this stage of the 0.9.x branch, we are not looking for new
+features or refactoring, especially not the kind which requires changes to a
+lot of files.
+Currently, we are working on a complete re-write, which, at this point in
+time, is not yet public to keep delays due to discussions about internal
+details to a minimum.
+
+
+
+
+## Checklist
+
+General rules for PRs are:
+* Please save us all some trouble and unnecessary round-trips by _testing_ your
+changes.
+
+* Re-write your commit history to provide a CLEAN history!
+
+	* i.e. do not provide PRs which contain a commit that changes something,
+	the next changes it back, a third one changes it again, only a little
+	differently...
+
+
+Thanks!
+
+
+
+
+### Webserver changes
+If you make changes to the functionality of webserver configuration, please
+make sure your implementation covers both apache **and** nginx.
+
+
+
+
+### l10n
+
+If you add new language strings, please make sure you add the english fallback
+strings in
+
+* `lng/english.lng.php`
+* `install/lng/english.lng.php` (if applicable)
+
+
+
+
+### New settings
+If you add new settings, please make sure you add the default values to
+
+* `install/froxlor.sql`
+* handle the update (see `install/updates/froxlor/0.9/update_0.9.inc.php`)
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,64 @@
+# Bug report vs. support request
+If you're unsure of whether your problem is a bug or a configuration error
+* contact us via IRC in #froxlor on freenode
+* or post a thread in our forum at https://forum.froxlor.org
+
+As a rule of thumb: before reporting an issue
+* see if it hasn't been [reported](https://github.com/Froxlor/froxlor/issues) (and possibly already been [fixed](https://github.com/Froxlor/froxlor/issues?utf8=✓&q=is:issue%20is:closed)) first
+* try with the git master
+
+
+
+
+
+# Summary
+
+Please provide a concise summary of the problem you're experiencing...
+
+
+
+
+# System information
+* Froxlor version: $version/$gitSHA1
+* Web server: apache2/nginx/lighttpd
+* DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)
+* POP/IMAP server: Courier/Dovecot
+* SMTP server: postfix/exim
+* FTP server: proftpd/pureftpd
+* OS/Version: ...
+
+
+
+
+# Steps to reproduce
+
+1.
+2.
+3.
+
+
+
+
+# Expected behavior
+
+1.
+2.
+3.
+
+
+
+
+# Actual behavior
+
+1.
+2.
+3.
+
+
+
+
+# Log files/log entries
+syslog:
+<pre>
+example
+</pre>
--- a/README.md
+++ b/README.md
@@ -11,13 +11,13 @@ Developed by experienced server administrators, this panel simplifies the effort
 3. Point your browser to http://[ip-of-webserver]/froxlor
 4. Follow the installer
 5. Login as administrator
-6. Adjust "Server > Settings" according to your needs
-7. Choose your distribution under "Server > Configuration"
+6. Adjust "System > Settings" according to your needs
+7. Choose your distribution under "System > Configuration"
 8. Follow the steps for your services
 9. Have fun!

 ### Detailed installation
-http://redmine.froxlor.org/projects/froxlor/wiki/Installationtarball
+https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-tarball

 ## Help

@@ -30,12 +30,12 @@ irc://chat.freenode.net/froxlor

 ### Forum

-The community is located on http://forum.froxlor.org
+The community is located on https://forum.froxlor.org/

 ### Wiki

 More documentation may be found in the froxlor - wiki:
-http://redmine.froxlor.org/projects/froxlor/wiki
+https://github.com/Froxlor/Froxlor/wiki

 ## License

@@ -44,31 +44,21 @@ May be found in COPYING
 ## Downloads

 ### Tarball
-http://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](http://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](http://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)
+https://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](https://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)

 ### Debian repository

-[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationdebian)
+[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-debian)

 /etc/apt/sources.list.d/froxlor.list
 > deb http://debian.froxlor.org {wheezy|jessie} main

 ### Gentoo repository

-[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationgentoo)
+[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-gentoo)

-http://files.froxlor.org/gentoo/repositories.xml
+https://files.froxlor.org/gentoo/repositories.xml

-## Let's Encrypt support
-
-This version of Froxlor contains a test implementation of support for [Let's Encrypt](https://letsencrypt.org). This is (as Let's Encrypt is in itself)
-still a beta version and may break your system. The way it currently works is by creating a (sub-)domain with the default system - certificate,
-after which the Let's Encrypt cronjob orders the certificate for this (sub-)domain and inserts the certificates in the database. With the next run
-of the default cronjob, the certificates will be updated on the disk and the webserver reloaded.
-
-This has 2 known side-effects at the moment:
-* The basic ip/port combinations don't work with the Froxlor - integration of Let's Encrypt, since it needs a certificate for the very first creation
-* After creating a domain, it will have the default certificate for a short time (by default 5 minutes until the cronjob runs the next time)
-
-It may be possible to fix these issues, but they are not a priority at the moment
+## Contributing

+[see here](.github/CONTRIBUTING.md)
--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -234,6 +234,7 @@ return array(
 					'type' => 'option',
 					'default' => '',
 					'option_mode' => 'multiple',
+					'option_emptyallowed' => true,
 					'option_options' => array(
 						'email'                       => $lng['menue']['email']['email'],
 						'mysql'                       => $lng['menue']['mysql']['mysql'],
--- a/actions/admin/settings/120.system.php
+++ b/actions/admin/settings/120.system.php
@@ -69,14 +69,6 @@ return array(
 					'save_method' => 'storeSettingHostname',
 					'plausibility_check_method' => 'checkHostname',
 					),
-				'system_froxlordirectlyviahostname' => array(
-					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
-					'settinggroup' => 'system',
-					'varname' => 'froxlordirectlyviahostname',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					),
 				'system_validatedomain' => array(
 					'label' => $lng['serversettings']['validate_domain'],
 					'settinggroup' => 'system',
@@ -102,6 +94,14 @@ return array(
 					'plausibility_check_method' => 'checkMysqlAccessHost',
 					'save_method' => 'storeSettingMysqlAccessHost',
 					),
+				'system_nssextrausers' => array(
+					'label' => $lng['serversettings']['nssextrausers'],
+					'settinggroup' => 'system',
+					'varname' => 'nssextrausers',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+					),
 				'system_index_file_extension' => array(
 					'label' => $lng['serversettings']['index_file_extension'],
 					'settinggroup' => 'system',
@@ -160,6 +160,65 @@ return array(
 					'default' => 90,
 					'save_method' => 'storeSettingField',
 					),
+
+				'system_mail_use_smtp' => array(
+					'label' => $lng['serversettings']['mail_use_smtp'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_use_smtp',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_host' => array(
+					'label' => $lng['serversettings']['mail_smtp_host'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_host',
+					'type' => 'string',
+					'default' => 'localhost',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_port' => array(
+					'label' => $lng['serversettings']['mail_smtp_port'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_port',
+					'type' => 'int',
+					'int_min' => 1,
+					'int_max' => 65535,
+					'default' => 25,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_usetls' => array(
+					'label' => $lng['serversettings']['mail_smtp_usetls'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_usetls',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_auth' => array(
+					'label' => $lng['serversettings']['mail_smtp_auth'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_auth',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_user' => array(
+					'label' => $lng['serversettings']['mail_smtp_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_user',
+					'type' => 'string',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
+				'system_mail_smtp_passwd' => array(
+					'label' => $lng['serversettings']['mail_smtp_passwd'],
+					'settinggroup' => 'system',
+					'varname' => 'mail_smtp_passwd',
+					'type' => 'hiddenString',
+					'default' => '',
+					'save_method' => 'storeSettingField',
+					),
 				),
 			),
 		),
--- a/actions/admin/settings/122.froxlorvhost.php
+++ b/actions/admin/settings/122.froxlorvhost.php
@@ -0,0 +1,205 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2016 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2016-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Settings
+ *
+ */
+return array(
+	'groups' => array(
+		'froxlorvhost' => array(
+			'title' => $lng['admin']['froxlorvhost'],
+			'fields' => array(
+				/**
+				 * Webserver-Vhost
+				 */
+				'system_froxlordirectlyviahostname' => array(
+					'label' => $lng['serversettings']['froxlordirectlyviahostname'],
+					'settinggroup' => 'system',
+					'varname' => 'froxlordirectlyviahostname',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				),
+				/**
+				 * SSL / Let's Encrypt
+				 */
+				'system_le_froxlor_enabled' => array(
+					'label' => $lng['serversettings']['le_froxlor_enabled'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_enabled',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingClearCertificates',
+					'visible' => Settings::Get('system.leenabled')
+				),
+				'system_le_froxlor_redirect' => array(
+					'label' => $lng['serversettings']['le_froxlor_redirect'],
+					'settinggroup' => 'system',
+					'varname' => 'le_froxlor_redirect',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_maxage' => array(
+					'label' => $lng['admin']['domain_hsts_maxage'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_maxage',
+					'type' => 'int',
+					'int_min' => 0,
+					'int_max' => 94608000, // 3-years
+					'default' => 0,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_incsub' => array(
+					'label' => $lng['admin']['domain_hsts_incsub'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_incsub',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_preload' => array(
+					'label' => $lng['admin']['domain_hsts_preload'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_preload',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_http2_support' => array(
+					'label' => $lng['serversettings']['http2_support'],
+					'settinggroup' => 'system',
+					'varname' => 'http2_support',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					),
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				/**
+				 * FCGID
+				 */
+				'system_mod_fcgid_enabled_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpuser' => array(
+					'label' => $lng['admin']['mod_fcgid_user'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_httpgroup' => array(
+					'label' => $lng['admin']['mod_fcgid_group'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				'system_mod_fcgid_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'system',
+					'varname' => 'mod_fcgid_defaultini_ownvhost',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2'
+					),
+					'visible' => Settings::Get('system.mod_fcgid')
+				),
+				/**
+				 * php-fpm
+				 */
+				'system_phpfpm_enabled_ownvhost' => array(
+					'label' => $lng['phpfpm']['ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'enabled_ownvhost',
+					'type' => 'bool',
+					'default' => true,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpuser' => array(
+					'label' => $lng['phpfpm']['vhost_httpuser'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpuser',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingWebserverFcgidFpmUser',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_httpgroup' => array(
+					'label' => $lng['phpfpm']['vhost_httpgroup'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_httpgroup',
+					'type' => 'string',
+					'default' => 'froxlorlocal',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				'system_phpfpm_defaultini_ownvhost' => array(
+					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'vhost_defaultini',
+					'type' => 'option',
+					'default' => '2',
+					'option_mode' => 'one',
+					'option_options_method' => 'getPhpConfigs',
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('phpfpm.enabled')
+				),
+				/**
+				 * DNS
+				 */
+				'system_dns_createhostnameentry' => array(
+					'label' => $lng['serversettings']['dns_createhostnameentry'],
+					'settinggroup' => 'system',
+					'varname' => 'dns_createhostnameentry',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.bind_enable')
+				)
+			)
+		)
+	)
+);
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -260,11 +260,7 @@ return array(
 					'varname' => 'enabled',
 					'type' => 'bool',
 					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				),
 				'customredirect_default' => array(
 					'label' => $lng['serversettings']['customredirect_default'],
@@ -274,11 +270,7 @@ return array(
 					'default' => '1',
 					'option_mode' => 'one',
 					'option_options_method' => 'getRedirectCodes',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'apache2',
-						'lighttpd'
-					)
+					'save_method' => 'storeSettingField'
 				)
 			)
 		)
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -16,7 +16,6 @@
 * @package    Settings
 *
 */
-
 return array(
 	'groups' => array(
 		'ssl' => array(
@@ -31,6 +30,20 @@ return array(
 					'save_method' => 'storeSettingField',
 					'overview_option' => true
 				),
+				'system_ssl_protocols' => array(
+					'label' => $lng['serversettings']['ssl']['ssl_protocols'],
+					'settinggroup' => 'system',
+					'varname' => 'ssl_protocols',
+					'type' => 'option',
+					'default' => 'TLSv1,TLSv1.2',
+					'option_mode' => 'multiple',
+					'option_options' => array(
+						'TLSv1' => 'TLSv1',
+						'TLSv1.1' => 'TLSv1.1',
+						'TLSv1.2' => 'TLSv1.2'
+					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_ssl_cipher_list' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_cipher_list'],
 					'settinggroup' => 'system',
@@ -38,7 +51,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => false,
 					'default' => 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_cert_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_cert_file'],
@@ -48,7 +61,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '/etc/apache2/apache2.pem',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_key_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_key_file'],
@@ -58,7 +71,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '/etc/apache2/apache2.key',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_cert_chainfile' => array(
 					'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile'],
@@ -68,7 +81,7 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_ssl_ca_file' => array(
 					'label' => $lng['serversettings']['ssl']['ssl_ca_file'],
@@ -78,7 +91,18 @@ return array(
 					'string_type' => 'file',
 					'string_emptyallowed' => true,
 					'default' => '',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
+				),
+				'system_apache24_ocsp_cache_path' => array(
+					'label' => $lng['serversettings']['ssl']['apache24_ocsp_cache_path'],
+					'settinggroup' => 'system',
+					'varname' => 'apache24_ocsp_cache_path',
+					'type' => 'string',
+					'string_type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)',
+					'visible' => Settings::Get('system.webserver') == "apache2" && Settings::Get('system.apache24') == 1,
+					'save_method' => 'storeSettingField'
 				),
 				'system_leenabled' => array(
 					'label' => $lng['serversettings']['leenabled'],
@@ -89,6 +113,28 @@ return array(
 					'cronmodule' => 'froxlor/letsencrypt',
 					'save_method' => 'storeSettingField'
 				),
+				'system_letsencryptacmeconf' => array(
+					'label' => $lng['serversettings']['letsencryptacmeconf'],
+					'settinggroup' => 'system',
+					'varname' => 'letsencryptacmeconf',
+					'type' => 'string',
+					'string_type' => 'file',
+					'default' => '/etc/apache2/conf-enabled/acme.conf',
+					'save_method' => 'storeSettingField'
+				),
+				'system_leapiversion' => array(
+					'label' => $lng['serversettings']['leapiversion'],
+					'settinggroup' => 'system',
+					'varname' => 'leapiversion',
+					'type' => 'option',
+					'default' => '1',
+					'option_mode' => 'one',
+					'option_options' => array(
+						'1' => 'ACME v1',
+						'2' => 'ACME v2'
+					),
+					'save_method' => 'storeSettingField'
+				),
 				'system_letsencryptca' => array(
 					'label' => $lng['serversettings']['letsencryptca'],
 					'settinggroup' => 'system',
@@ -96,8 +142,11 @@ return array(
 					'type' => 'option',
 					'default' => 'testing',
 					'option_mode' => 'one',
-									'option_options' => array('testing' => 'https://acme-staging.api.letsencrypt.org (Test)', 'production' => 'https://acme-v01.api.letsencrypt.org (Live)'),
-									'save_method' => 'storeSettingField',
+					'option_options' => array(
+						'testing' => 'https://acme-staging' . (Settings::Get('system.leapiversion') == '2' ? '-v02' : '') . '.api.letsencrypt.org (Test)',
+						'production' => 'https://acme-v0' . Settings::Get('system.leapiversion') . '.api.letsencrypt.org (Live)'
+					),
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptcountrycode' => array(
 					'label' => $lng['serversettings']['letsencryptcountrycode'],
@@ -106,7 +155,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => false,
 					'default' => 'DE',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptstate' => array(
 					'label' => $lng['serversettings']['letsencryptstate'],
@@ -115,7 +164,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => false,
 					'default' => 'Hessen',
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptchallengepath' => array(
 					'label' => $lng['serversettings']['letsencryptchallengepath'],
@@ -124,7 +173,7 @@ return array(
 					'type' => 'string',
 					'string_emptyallowed' => false,
 					'default' => FROXLOR_INSTALL_DIR,
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptkeysize' => array(
 					'label' => $lng['serversettings']['letsencryptkeysize'],
@@ -133,7 +182,7 @@ return array(
 					'type' => 'int',
 					'int_min' => 2048,
 					'default' => 4096,
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
 				'system_letsencryptreuseold' => array(
 					'label' => $lng['serversettings']['letsencryptreuseold'],
@@ -141,8 +190,16 @@ return array(
 					'varname' => 'letsencryptreuseold',
 					'type' => 'bool',
 					'default' => false,
-									'save_method' => 'storeSettingField',
+					'save_method' => 'storeSettingField'
 				),
+				'system_disable_le_selfcheck' => array(
+					'label' => $lng['serversettings']['disable_le_selfcheck'],
+					'settinggroup' => 'system',
+					'varname' => 'disable_le_selfcheck',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+				)
 			)
 		)
 	)
--- a/actions/admin/settings/135.fcgid.php
+++ b/actions/admin/settings/135.fcgid.php
@@ -97,44 +97,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField',
 					),
-				'system_mod_fcgid_enabled_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpuser' => array(
-					'label' => $lng['admin']['mod_fcgid_user'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_httpgroup' => array(
-					'label' => $lng['admin']['mod_fcgid_group'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
-				'system_mod_fcgid_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'system',
-					'varname' => 'mod_fcgid_defaultini_ownvhost',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array('apache2')
-					),
 				'system_mod_fcgid_idle_timeout' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['idle_timeout'],
 					'settinggroup' => 'system',
@@ -142,7 +104,7 @@ return array(
 					'type' => 'int',
 					'default' => 30,
 					'save_method' => 'storeSettingField'
-					),
+					)
 				)
 			)
 		)
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -30,30 +30,6 @@ return array(
 					'plausibility_check_method' => 'checkFcgidPhpFpm',
 					'overview_option' => true
 					),
-				'system_phpfpm_enabled_ownvhost' => array(
-					'label' => $lng['phpfpm']['ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'enabled_ownvhost',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_httpuser' => array(
-					'label' => $lng['phpfpm']['vhost_httpuser'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpuser',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingWebserverFcgidFpmUser'
-					),
-				'system_phpfpm_httpgroup' => array(
-					'label' => $lng['phpfpm']['vhost_httpgroup'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_httpgroup',
-					'type' => 'string',
-					'default' => 'froxlorlocal',
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_defaultini' => array(
 					'label' => $lng['serversettings']['mod_fcgid']['defaultini'],
 					'settinggroup' => 'phpfpm',
@@ -64,25 +40,6 @@ return array(
 					'option_options_method' => 'getPhpConfigs',
 					'save_method' => 'storeSettingField'
 					),
-				'system_phpfpm_defaultini_ownvhost' => array(
-					'label' => $lng['serversettings']['mod_fcgid']['defaultini_ownvhost'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'vhost_defaultini',
-					'type' => 'option',
-					'default' => '2',
-					'option_mode' => 'one',
-					'option_options_method' => 'getPhpConfigs',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_configdir' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'configdir',
-					'type' => 'string',
-					'string_type' => 'confdir',
-					'default' => '/etc/php-fpm.d/',
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_aliasconfigdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['aliasconfigdir'],
 					'settinggroup' => 'phpfpm',
@@ -107,9 +64,22 @@ return array(
 					'varname' => 'peardir',
 					'type' => 'string',
 					'string_type' => 'dir',
+					'string_delimiter' => ':',
+					'string_emptyallowed' => true,
 					'default' => '/usr/share/php/:/usr/share/php5/',
 					'save_method' => 'storeSettingField'
 					),
+				'system_phpfpm_envpath' => array(
+					'label' => $lng['serversettings']['phpfpm_settings']['envpath'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'envpath',
+					'type' => 'string',
+					'string_type' => 'dir',
+					'string_delimiter' => ':',
+					'string_emptyallowed' => true,
+					'default' => '/usr/local/bin:/usr/bin:/bin',
+					'save_method' => 'storeSettingField'
+				),
 				'system_phpfpm_fastcgi_ipcdir' => array(
 					'label' => $lng['serversettings']['phpfpm_settings']['ipcdir'],
 					'settinggroup' => 'phpfpm',
@@ -119,72 +89,6 @@ return array(
 					'default' => '/var/lib/apache2/fastcgi/',
 					'save_method' => 'storeSettingField'
 					),
-				'system_phpfpm_reload' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['reload'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'reload',
-					'type' => 'string',
-					'default' => '/etc/init.d/php-fpm restart',
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_pm' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['pm'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'pm',
-					'type' => 'option',
-					'default' => 'static',
-					'option_mode' => 'one',
-					'option_options' => array('static' => 'static', 'dynamic' => 'dynamic', 'ondemand' => 'ondemand'),
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_max_children' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['max_children'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'max_children',
-					'type' => 'int',
-					'default' => 1,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_start_servers' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['start_servers'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'start_servers',
-					'type' => 'int',
-					'default' => 20,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_min_spare_servers' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'min_spare_servers',
-					'type' => 'int',
-					'default' => 5,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_max_spare_servers' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'max_spare_servers',
-					'type' => 'int',
-					'default' => 35,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_max_requests' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['max_requests'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'max_requests',
-					'type' => 'int',
-					'default' => 0,
-					'save_method' => 'storeSettingField'
-					),
-				'system_phpfpm_idle_timeout' => array(
-					'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout'],
-					'settinggroup' => 'phpfpm',
-					'varname' => 'idle_timeout',
-					'type' => 'int',
-					'default' => 30,
-					'save_method' => 'storeSettingField'
-					),
 				'system_phpfpm_use_mod_proxy' => array(
 					'label' => $lng['phpfpm']['use_mod_proxy'],
 					'settinggroup' => 'phpfpm',
@@ -194,6 +98,38 @@ return array(
 					'visible' => Settings::Get('system.apache24'),
 					'save_method' => 'storeSettingField'
 					),
+				'system_phpfpm_ini_flags' => array(
+					'label' => $lng['phpfpm']['ini_flags'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_flags',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_values' => array(
+					'label' => $lng['phpfpm']['ini_values'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_values',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_admin_flags' => array(
+					'label' => $lng['phpfpm']['ini_admin_flags'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_admin_flags',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				),
+				'system_phpfpm_ini_admin_values' => array(
+					'label' => $lng['phpfpm']['ini_admin_values'],
+					'settinggroup' => 'phpfpm',
+					'varname' => 'ini_admin_values',
+					'type' => 'text',
+					'default' => '',
+					'save_method' => 'storeSettingField'
+				)
 				),
 			),
 		),
--- a/actions/admin/settings/160.nameserver.php
+++ b/actions/admin/settings/160.nameserver.php
@@ -97,14 +97,6 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField',
 				),
-				'system_dns_createhostnameentry' => array(
-					'label' => $lng['serversettings']['dns_createhostnameentry'],
-					'settinggroup' => 'system',
-					'varname' => 'dns_createhostnameentry',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-				),
 				'system_dns_createmailentry' => array(
 					'label' => $lng['serversettings']['mail_also_with_mxservers'],
 					'settinggroup' => 'system',
@@ -127,5 +119,3 @@ return array(
 			),
 		),
 	);
-
-?>
--- a/actions/admin/settings/210.security.php
+++ b/actions/admin/settings/210.security.php
@@ -63,6 +63,23 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
+					),
+				'system_allow_customer_shell' => array(
+					'label' => $lng['serversettings']['allow_allow_customer_shell'],
+					'settinggroup' => 'system',
+					'varname' => 'allow_customer_shell',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					),
+				'system_available_shells' => array(
+					'label' => $lng['serversettings']['available_shells'],
+					'settinggroup' => 'system',
+					'varname' => 'available_shells',
+					'type' => 'string',
+					'string_emptyallowed' => true,
+					'default' => '',
+					'save_method' => 'storeSettingField',
 					)
 				)
 			)
--- a/admin_admins.php
+++ b/admin_admins.php
@@ -440,7 +440,7 @@ if ($page == 'admins'
 		} else {

 			$language_options = '';
-			while (list($language_file, $language_name) = each($languages)) {
+			foreach ($languages as $language_file => $language_name) {
 				$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true);
 			}

@@ -840,13 +840,13 @@ if ($page == 'admins'
 				}

 				$language_options = '';
-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, $result['def_language'], true);
 				}

 				$ipaddress = makeoption($lng['admin']['allips'], "-1", $result['ip']);
 				$ipsandports_stmt = Database::query("
-					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `ip` ORDER BY `ip`, `port` ASC
+					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `id`, `ip` ORDER BY `ip`, `port` ASC
 				");

 				while ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {
--- a/admin_autoupdate.php
+++ b/admin_autoupdate.php
@@ -17,7 +17,6 @@
 * @since      0.9.35
 *
 */
-
 define('AREA', 'admin');
 require './lib/init.php';

@@ -26,14 +25,13 @@ define('UPDATE_URI', "https://version.froxlor.org/Froxlor/legacy/" . $version);
 define('RELEASE_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip");
 define('CHECKSUM_URI', "https://autoupdate.froxlor.org/froxlor-{version}.zip.sha256");

-// check for allow_url_fopen
-if (ini_get('allow_url_fopen') === false) {
-	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 1));
-}
-
 // check for archive-stuff
-if (function_exists('gzopen') === false) {
-	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 2));
+if (! extension_loaded('zip')) {
+	redirectTo($filename, array(
+		's' => $s,
+		'page' => 'error',
+		'errno' => 2
+	));
 }

 // display initial version check
@@ -43,14 +41,11 @@ if ($page == 'overview') {
 	$log->logAction(ADM_ACTION, LOG_NOTICE, "checking auto-update");
 	
 	// check for new version
-	$latestversion = @file(UPDATE_URI);
+	$latestversion = HttpClient::urlGet(UPDATE_URI);
 	
-	if (isset($latestversion[0])) {
-		$latestversion = explode('|', $latestversion[0]);
+	$latestversion = explode('|', $latestversion);
 	
-		if (is_array($latestversion)
-				&& count($latestversion) >= 1
-		) {
+	if (is_array($latestversion) && count($latestversion) >= 1) {
 		$_version = $latestversion[0];
 		$_message = isset($latestversion[1]) ? $latestversion[1] : '';
 		$_link = isset($latestversion[2]) ? $latestversion[2] : htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
@@ -65,7 +60,11 @@ if ($page == 'overview') {
 		if (! preg_match('/^((\d+\\.)(\d+\\.)(\d+\\.)?(\d+)?(\-(svn|dev|rc)(\d+))?)$/', $_version)) {
 			// check for customized version to not output
 			// "There is a newer version of froxlor" besides the error-message
-				redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 3));
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 3
+			));
 		} elseif (version_compare2($version, $_version) == - 1) {
 			// there is a newer version - yay
 			$isnewerversion = 1;
@@ -81,20 +80,15 @@ if ($page == 'overview') {
 			$hiddenparams = '<input type="hidden" name="newversion" value="' . $_version . '" />';
 			$yesfile = $filename . '?s=' . $s . '&amp;page=getdownload';
 			eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
-				exit;
-			}
-			elseif ($isnewerversion == 0) {
+			exit();
+		} elseif ($isnewerversion == 0) {
 			// all good
 			standard_success('noupdatesavail');
 		} else {
 			standard_error('customized_version');
 		}
 	}
-	}
-	// error (something weird came from version.froxlor.org)
-	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 5));
-}
-// download the new archive
+}// download the new archive
 elseif ($page == 'getdownload') {
 	
 	// retrieve the new version from the form
@@ -107,9 +101,6 @@ elseif ($page == 'getdownload') {
 		$toLoad = str_replace('{version}', $newversion, RELEASE_URI);
 		$toCheck = str_replace('{version}', $newversion, CHECKSUM_URI);
 		
-		// get archive data
-		$newArchive = @file_get_contents($toLoad);
-
 		// check for local destination folder
 		if (! is_dir(FROXLOR_INSTALL_DIR . '/updates/')) {
 			mkdir(FROXLOR_INSTALL_DIR . '/updates/');
@@ -125,17 +116,19 @@ elseif ($page == 'getdownload') {
 			@unlink($localArchive);
 		}
 		
-		// store archive
-		$fh = fopen($localArchive, 'w');
-		if (!fwrite($fh, $newArchive)) {
-			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 4));
+		// get archive data
+		try {
+			HttpClient::fileGet($toLoad, $localArchive);
+		} catch (Exception $e) {
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 4
+			));
 		}
 		
-		// close file-handle
-		fclose($fh);
-
 		// validate the integrity of the downloaded file
-		$_shouldsum = @file_get_contents($toCheck);
+		$_shouldsum = HttpClient::urlGet($toCheck);
 		if (! empty($_shouldsum)) {
 			$_t = explode(" ", $_shouldsum);
 			$shouldsum = $_t[0];
@@ -145,43 +138,62 @@ elseif ($page == 'getdownload') {
 		$filesum = hash_file('sha256', $localArchive);
 		
 		if ($filesum != $shouldsum) {
-		    redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 9));
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 9
+			));
 		}
 		
 		// to the next step
-		redirectTo($filename, array('s' => $s, 'page' => 'extract', 'archive' => basename($localArchive)));
+		redirectTo($filename, array(
+			's' => $s,
+			'page' => 'extract',
+			'archive' => basename($localArchive)
+		));
 	}
-	redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 6));
-}
-// extract and install new version
+	redirectTo($filename, array(
+		's' => $s,
+		'page' => 'error',
+		'errno' => 6
+	));
+}// extract and install new version
 elseif ($page == 'extract') {
 	
 	$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
 	$localArchive = FROXLOR_INSTALL_DIR . '/updates/' . $toExtract;
 	
-	if (isset($_POST['send'])
-			&& $_POST['send'] == 'send'
-	) {
+	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		// decompress from zip
-		$zip = new ZipArchive;
+		$zip = new ZipArchive();
 		$res = $zip->open($localArchive);
 		if ($res === true) {
-		    $log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting ".$localArchive." to ".dirname(FROXLOR_INSTALL_DIR));
-			$zip->extractTo(dirname(FROXLOR_INSTALL_DIR));
+			$log->logAction(ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . FROXLOR_INSTALL_DIR);
+			$zip->extractTo(FROXLOR_INSTALL_DIR);
 			$zip->close();
 			// success - remove unused archive
 			@unlink($localArchive);
 		} else {
 			// error
-			redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 8));
+			redirectTo($filename, array(
+				's' => $s,
+				'page' => 'error',
+				'errno' => 8
+			));
 		}
 		
 		// redirect to update-page?
-		redirectTo('admin_updates.php', array('s' => $s));
+		redirectTo('admin_updates.php', array(
+			's' => $s
+		));
 	}
 	
 	if (! file_exists($localArchive)) {
-		redirectTo($filename, array('s' => $s, 'page' => 'error', 'errno' => 7));
+		redirectTo($filename, array(
+			's' => $s,
+			'page' => 'error',
+			'errno' => 7
+		));
 	}
 	
 	$text = 'Extract downloaded archive "' . $toExtract . '"?';
@@ -189,14 +201,12 @@ elseif ($page == 'extract') {
 	$yesfile = $filename . '?s=' . $s . '&amp;page=extract&amp;archive=' . $toExtract;
 	eval("echo \"" . getTemplate("misc/question_yesno", true) . "\";");
 }
-
 // display error
 elseif ($page == 'error') {
 	
 	// retrieve error-number via url-parameter
 	$errno = isset($_GET['errno']) ? (int) $_GET['errno'] : 0;
 	
-	// 1 = no allow_url_fopen
 	// 2 = no Zlib
 	// 3 = custom version detected
 	// 4 = could not store archive to local hdd
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -30,15 +30,30 @@ if ($userinfo['change_serversettings'] == '1') {
 		$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
 	}

+	// try to convert namserver hosts to ip's
+	$ns_ips = "";
+	if (Settings::Get('system.nameservers') != '') {
+		$nameservers = explode(',', Settings::Get('system.nameservers'));
+		foreach ($nameservers as $nameserver) {
+			$nameserver = trim($nameserver);
+			$nameserver_ips = gethostbynamel($nameserver);
+			if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+				$ns_ips .= implode(",", $nameserver_ips);
+			}
+		}
+	}
+
 	$replace_arr = Array(
 		'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
-		'<SQL_UNPRIVILEGED_PASSWORD>' => 'MYSQL_PASSWORD',
+		'<SQL_UNPRIVILEGED_PASSWORD>' => 'FROXLOR_MYSQL_PASSWORD',
 		'<SQL_DB>' => $sql['db'],
 		'<SQL_HOST>' => $sql['host'],
 		'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
 		'<SERVERNAME>' => Settings::Get('system.hostname'),
 		'<SERVERIP>' => Settings::Get('system.ipaddress'),
 		'<NAMESERVERS>' => Settings::Get('system.nameservers'),
+		'<NAMESERVERS_IP>' => $ns_ips,
+		'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
 		'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
 		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
@@ -67,6 +82,12 @@ if ($userinfo['change_serversettings'] == '1') {
 	$config_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . '/lib/configfiles/');

 	if ($distribution != "") {
+
+		if (!file_exists($config_dir . '/' . $distribution . ".xml")) {
+			trigger_error("Unknown distribution, are you playing around with the URL?");
+			exit;
+		}
+
 		// create configparser object
 		$configfiles = new ConfigParser($config_dir . '/' . $distribution . ".xml");

@@ -78,6 +99,11 @@ if ($userinfo['change_serversettings'] == '1') {

 		if ($service != "") {

+			if (!isset($services[$service])) {
+				trigger_error("Unknown service, are you playing around with the URL?");
+				exit;
+			}
+
 			$daemons = $services[$service]->getDaemons();

 			if ($daemon == "") {
@@ -121,6 +147,11 @@ if ($userinfo['change_serversettings'] == '1') {

 	if ($distribution != "" && $service != "" && $daemon != "") {

+		if (!isset($daemons[$daemon])) {
+			trigger_error("Unknown daemon, are you playing around with the URL?");
+			exit;
+		}
+
 		$confarr = $daemons[$daemon]->getConfig();

 		$configpage = '';
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -84,6 +84,15 @@ if ($page == 'customers'
 				$domains = $domains_stmt->fetch(PDO::FETCH_ASSOC);
 				$row['domains'] = intval($domains['domains']);
 				$dec_places = Settings::Get('panel.decimal_places');
+
+				// get disk-space usages for web, mysql and mail
+				$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+				$usages = Database::pexecute_first($usages_stmt, array('cid' => $row['customerid']));
+
+				$row['webspace_used'] = round($usages['webspace'] / 1024, $dec_places);
+				$row['mailspace_used'] = round($usages['mail'] / 1024, $dec_places);
+				$row['dbspace_used'] = round($usages['mysql'] / 1024, $dec_places);
+
 				$row['traffic_used'] = round($row['traffic_used'] / (1024 * 1024), $dec_places);
 				$row['traffic'] = round($row['traffic'] / (1024 * 1024), $dec_places);
 				$row['diskspace_used'] = round($row['diskspace_used'] / 1024, $dec_places);
@@ -523,6 +532,14 @@ if ($page == 'customers'
 					$phpenabled = intval($_POST['phpenabled']);
 				}

+				$allowed_phpconfigs = array();
+				if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+					foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+						$allowed_phpconfig = intval($allowed_phpconfig);
+						$allowed_phpconfigs[] = $allowed_phpconfig;
+					}
+				}
+
 				$perlenabled = 0;
 				if (isset($_POST['perlenabled'])) {
 					$perlenabled = intval($_POST['perlenabled']);
@@ -684,6 +701,7 @@ if ($page == 'customers'
 						'tickets' => $tickets,
 						'mysqls' => $mysqls,
 						'phpenabled' => $phpenabled,
+						'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
 						'perlenabled' => $perlenabled,
@@ -724,6 +742,7 @@ if ($page == 'customers'
 						`mysqls` = :mysqls,
 						`standardsubdomain` = '0',
 						`phpenabled` = :phpenabled,
+						`allowed_phpconfigs` = :allowed_phpconfigs,
 						`imap` = :imap,
 						`pop3` = :pop3,
 						`perlenabled` = :perlenabled,
@@ -869,7 +888,7 @@ if ($page == 'customers'
 						}
 						// check froxlor-local user membership in ftp-group
 						// without this check addition may duplicate user in list if httpuser == local_user
-						if (strpos($ins_data['members'], $local_user) !== false) {
+						if (strpos($ins_data['members'], $local_user) == false) {
 							$ins_data['members'] .= ','.$local_user;
 						}
 					}
@@ -901,7 +920,8 @@ if ($page == 'customers'
 							'customerid' => $customerid,
 							'adminid' => $userinfo['adminid'],
 							'docroot' => $documentroot,
-							'adddate' => date('Y-m-d')
+							'adddate' => time(),
+							'phpenabled' => $phpenabled
 						);
 						$ins_stmt = Database::prepare("
 							INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -919,6 +939,7 @@ if ($page == 'customers'
 							`dkim_id` = '0',
 							`dkim_privkey` = '',
 							`dkim_pubkey` = '',
+							`phpenabled` = :phpenabled,
 							`add_date` = :adddate"
 						);
 						Database::pexecute($ins_stmt, $ins_data);
@@ -1013,7 +1034,7 @@ if ($page == 'customers'
 			} else {
 				$language_options = '';

-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, Settings::Get('panel.standardlanguage'), true);
 				}

@@ -1032,6 +1053,26 @@ if ($page == 'customers'
 				$gender_options .= makeoption($lng['gender']['male'], 1, null, true, true);
 				$gender_options .= makeoption($lng['gender']['female'], 2, null, true, true);

+				$phpconfigs = array();
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . " [".$row['interpreter']."]<br />",
+							'value' => $row['id']
+						);
+					} else {
+						$phpconfigs[] = array(
+							'label' => $row['description']."<br />",
+							'value' => $row['id']
+						);
+					}
+				}
+
 				$customer_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/customer/formfield.customer_add.php';
 				$customer_add_form = htmlform::genHTMLForm($customer_add_data);

@@ -1194,6 +1235,14 @@ if ($page == 'customers'
 					$phpenabled = intval($_POST['phpenabled']);
 				}

+				$allowed_phpconfigs = array();
+				if (isset($_POST['allowed_phpconfigs']) && is_array($_POST['allowed_phpconfigs'])) {
+					foreach ($_POST['allowed_phpconfigs'] as $allowed_phpconfig) {
+						$allowed_phpconfig = intval($allowed_phpconfig);
+						$allowed_phpconfigs[] = $allowed_phpconfig;
+					}
+				}
+
 				$perlenabled = 0;
 				if (isset($_POST['perlenabled'])) {
 					$perlenabled = intval($_POST['perlenabled']);
@@ -1272,7 +1321,7 @@ if ($page == 'customers'
 								'customerid' => $result['customerid'],
 								'adminid' => $userinfo['adminid'],
 								'docroot' => $result['documentroot'],
-								'adddate' => date('Y-m-d')
+								'adddate' => time()
 						);
 						$ins_stmt = Database::prepare("
 							INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -1446,6 +1495,7 @@ if ($page == 'customers'
 						'mysqls' => $mysqls,
 						'deactivated' => $deactivated,
 						'phpenabled' => $phpenabled,
+						'allowed_phpconfigs' => empty($allowed_phpconfigs) ? "" : json_encode($allowed_phpconfigs),
 						'imap' => $email_imap,
 						'pop3' => $email_pop3,
 						'perlenabled' => $perlenabled,
@@ -1479,6 +1529,7 @@ if ($page == 'customers'
 						`mysqls` = :mysqls,
 						`deactivated` = :deactivated,
 						`phpenabled` = :phpenabled,
+						`allowed_phpconfigs` = :allowed_phpconfigs,
 						`email_quota` = :email_quota,
 						`imap` = :imap,
 						`pop3` = :pop3,
@@ -1619,7 +1670,7 @@ if ($page == 'customers'
 			} else {
 				$language_options = '';

-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, $result['def_language'], true);
 				}

@@ -1684,6 +1735,26 @@ if ($page == 'customers'
 				$gender_options .= makeoption($lng['gender']['male'], 1, ($result['gender'] == '1' ? true : false), true, true);
 				$gender_options .= makeoption($lng['gender']['female'], 2, ($result['gender'] == '2' ? true : false), true, true);

+				$phpconfigs = array();
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs[] = array(
+							'label' => $row['description'] . " [".$row['interpreter']."]<br />",
+							'value' => $row['id']
+						);
+					} else {
+						$phpconfigs[] = array(
+							'label' => $row['description']."<br />",
+							'value' => $row['id']
+						);
+					}
+				}
+
 				$customer_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/customer/formfield.customer_edit.php';
 				$customer_edit_form = htmlform::genHTMLForm($customer_edit_data);

--- a/admin_domains.php
+++ b/admin_domains.php
@@ -166,7 +166,7 @@ if ($page == 'domains' || $page == 'overview') {

 				$subresult_stmt = Database::prepare("
 					SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "`
-					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ") AND `isemaildomain` = '1'");
+					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ")");
 				Database::pexecute($subresult_stmt, array(
 					'id' => $id
 				));
@@ -189,12 +189,27 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain/s from mail-tables");
 				}

+				// if mainbutsubto-domains are not to be deleted, re-assign the (ismainbutsubto value of the main
+				// domain which is being deleted) as their new ismainbutsubto value
+				if ($remove_subbutmain_domains !== 1) {
+					$upd_stmt = Database::prepare("
+						UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
+						`ismainbutsubto` = :newIsMainButSubtoValue
+						WHERE `ismainbutsubto` = :deletedMainDomainId
+						");
+					Database::pexecute($upd_stmt, array(
+						'newIsMainButSubtoValue' => $result['ismainbutsubto'],
+						'deletedMainDomainId' => $id,
+					));
+				}
+
 				$del_stmt = Database::prepare("
 					DELETE FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `id` = :id OR `parentdomainid` = :id " . $rsd_sql);
 				Database::pexecute($del_stmt, array(
 					'id' => $id
 				));
+
 				$deleted_domains = $del_stmt->rowCount();

 				$upd_stmt = Database::prepare("
@@ -291,7 +306,7 @@ if ($page == 'domains' || $page == 'overview') {
 					standard_error('admin_domain_emailsystemhostname');
 				}

-				if (strpos($_POST['domain'], '--') !== false) {
+				if (substr($_POST['domain'], 0, 4) == 'xn--') {
 					standard_error('domain_nopunycode');
 				}

@@ -380,6 +395,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}

 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
@@ -387,6 +405,9 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}

 				if ($userinfo['change_serversettings'] == '1') {

@@ -434,6 +455,7 @@ if ($page == 'domains' || $page == 'overview') {

 				if ($userinfo['caneditphpsettings'] == '1' || $userinfo['change_serversettings'] == '1') {

+					$phpenabled  = isset($_POST['phpenabled']) ? intval($_POST['phpenabled']) : 0;
 					$openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0;

 					if ((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
@@ -474,7 +496,9 @@ if ($page == 'domains' || $page == 'overview') {
 					}
 				} else {

+					$phpenabled = '1';
 					$openbasedir = '1';
+
 					if ((int) Settings::Get('phpfpm.enabled') == 1) {
 						$phpsettingid = Settings::Get('phpfpm.defaultini');
 					} else {
@@ -565,25 +589,59 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
+						$http2 = isset($_POST['http2']) && (int)$_POST['http2'] == 1 ? 1 : 0;
+
+						// HSTS
+						$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+						$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+						$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
+						// OCSP stapling
+						$ocsp_stapling = isset($_POST['ocsp_stapling']) && (int)$_POST['ocsp_stapling'] == 1 ? 1 : 0;
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
+						$http2 = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
+
+						// OCSP stapling
+						$ocsp_stapling = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
 					$letsencrypt = 0;
+					$http2 = 0;
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
+
+					// OCSP stapling
+					$ocsp_stapling = 0;
 				}

-				// We can't enable let's encrypt for wildcard - domains
-				if ($serveraliasoption == '0' && $letsencrypt == '1') {
+				// We can't enable let's encrypt for wildcard - domains if using acme-v1
+				if ($serveraliasoption == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '1') {
 					standard_error('nowildcardwithletsencrypt');
 				}
+				// if using acme-v2 we cannot issue wildcard-certificates
+				// because they currently only support the dns-01 challenge
+				if ($serveraliasoption == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '2') {
+					standard_error('nowildcardwithletsencryptv2');
+				}

 				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
 				if ($ssl_redirect > 0 && $letsencrypt == 1) {
@@ -654,6 +712,10 @@ if ($page == 'domains' || $page == 'overview') {
 					standard_error('noipportgiven');
 				}

+				if ($phpenabled != '1') {
+					$phpenabled = '0';
+				}
+
 				if ($openbasedir != '1') {
 					$openbasedir = '0';
 				}
@@ -733,6 +795,7 @@ if ($page == 'domains' || $page == 'overview') {
 						'ipandport' => serialize($ipandports),
 						'ssl_redirect' => $ssl_redirect,
 						'ssl_ipandport' => serialize($ssl_ipandports),
+						'phpenabled' => $phpenabled,
 						'openbasedir' => $openbasedir,
 						'phpsettingid' => $phpsettingid,
 						'mod_fcgid_starter' => $mod_fcgid_starter,
@@ -741,7 +804,12 @@ if ($page == 'domains' || $page == 'overview') {
 						'registration_date' => $registration_date,
 						'termination_date' => $termination_date,
 						'issubof' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'http2' => $http2,
+						'hsts_maxage' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload,
+						'ocsp_stapling' => $ocsp_stapling
 					);

 					$security_questions = array(
@@ -778,6 +846,7 @@ if ($page == 'domains' || $page == 'overview') {
 						'email_only' => $email_only,
 						'subcanemaildomain' => $subcanemaildomain,
 						'caneditdomain' => $caneditdomain,
+						'phpenabled' => $phpenabled,
 						'openbasedir' => $openbasedir,
 						'speciallogfile' => $speciallogfile,
 						'specialsettings' => $specialsettings,
@@ -789,7 +858,12 @@ if ($page == 'domains' || $page == 'overview') {
 						'mod_fcgid_starter' => $mod_fcgid_starter,
 						'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 						'ismainbutsubto' => $issubof,
-						'letsencrypt' => $letsencrypt
+						'letsencrypt' => $letsencrypt,
+						'http2' => $http2,
+						'hsts' => $hsts_maxage,
+						'hsts_sub' => $hsts_sub,
+						'hsts_preload' => $hsts_preload,
+						'ocsp_stapling' => $ocsp_stapling
 					);

 					$ins_stmt = Database::prepare("
@@ -811,6 +885,7 @@ if ($page == 'domains' || $page == 'overview') {
 						`email_only` = :email_only,
 						`subcanemaildomain` = :subcanemaildomain,
 						`caneditdomain` = :caneditdomain,
+						`phpenabled` = :phpenabled,
 						`openbasedir` = :openbasedir,
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
@@ -822,7 +897,12 @@ if ($page == 'domains' || $page == 'overview') {
 						`mod_fcgid_starter` = :mod_fcgid_starter,
 						`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
 						`ismainbutsubto` = :ismainbutsubto,
-						`letsencrypt` = :letsencrypt
+						`letsencrypt` = :letsencrypt,
+						`http2` = :http2,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload,
+						`ocsp_stapling` = :ocsp_stapling
 					");
 					Database::pexecute($ins_stmt, $ins_data);
 					$domainid = Database::lastInsertId();
@@ -1002,11 +1082,15 @@ if ($page == 'domains' || $page == 'overview') {
 				}

 				$phpconfigs = '';
-				$configs = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
+				$configs = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");

 				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
 					if ((int) Settings::Get('phpfpm.enabled') == 1) {
-						$phpconfigs .= makeoption($row['description'], $row['id'], Settings::Get('phpfpm.defaultini'), true, true);
+						$phpconfigs .= makeoption($row['description'] . " [".$row['interpreter']."]", $row['id'], Settings::Get('phpfpm.defaultini'), true, true);
 					} else {
 						$phpconfigs .= makeoption($row['description'], $row['id'], Settings::Get('system.mod_fcgid_defaultini'), true, true);
 					}
@@ -1037,8 +1121,12 @@ if ($page == 'domains' || $page == 'overview') {
 	} elseif ($action == 'edit' && $id != 0) {

 		$result_stmt = Database::prepare("
-			SELECT `d`.*, `c`.`customerid` FROM `" . TABLE_PANEL_DOMAINS . "` `d` LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
-			WHERE `d`.`parentdomainid` = '0' AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid"));
+			SELECT `d`.*, `c`.`customerid`
+			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+			LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
+			WHERE `d`.`parentdomainid` = '0'
+			AND `d`.`id` = :id" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid")
+		);
 		$params = array(
 			'id' => $id
 		);
@@ -1183,7 +1271,7 @@ if ($page == 'domains' || $page == 'overview') {
 					$adminid = $result['adminid'];
 				}

-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;
 				$issubof = intval($_POST['issubof']);
 				$subcanemaildomain = intval($_POST['subcanemaildomain']);
 				$caneditdomain = isset($_POST['caneditdomain']) ? intval($_POST['caneditdomain']) : 0;
@@ -1193,12 +1281,18 @@ if ($page == 'domains' || $page == 'overview') {
 					'0',
 					''
 				));
+				if ($registration_date == '0000-00-00') {
+					$registration_date = null;
+				}
 				$termination_date = trim($_POST['termination_date']);
 				$termination_date = validate($termination_date, 'termination_date', '/^(19|20)\d\d[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])$/', '', array(
 					'0000-00-00',
 					'0',
 					''
 				));
+				if ($termination_date == '0000-00-00') {
+					$termination_date = null;
+				}

 				$isemaildomain = 0;
 				if (isset($_POST['isemaildomain'])) {
@@ -1272,7 +1366,9 @@ if ($page == 'domains' || $page == 'overview') {

 				if ($userinfo['caneditphpsettings'] == '1' || $userinfo['change_serversettings'] == '1') {

+					$phpenabled  = isset($_POST['phpenabled']) ? intval($_POST['phpenabled']) : 0;
 					$openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0;
+					$phpfs = (isset($_POST['phpsettingsforsubdomains']) && intval($_POST['phpsettingsforsubdomains']) == 1) ? 1 : 0;

 					if ((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
 						$phpsettingid = (int) $_POST['phpsettingid'];
@@ -1302,12 +1398,15 @@ if ($page == 'domains' || $page == 'overview') {
 						}
 					} else {
 						$phpsettingid = $result['phpsettingid'];
+						$phpfs = 1;
 						$mod_fcgid_starter = $result['mod_fcgid_starter'];
 						$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];
 					}
 				} else {
+					$phpenabled = $result['phpenabled'];
 					$openbasedir = $result['openbasedir'];
 					$phpsettingid = $result['phpsettingid'];
+					$phpfs = 1;
 					$mod_fcgid_starter = $result['mod_fcgid_starter'];
 					$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];
 				}
@@ -1348,6 +1447,16 @@ if ($page == 'domains' || $page == 'overview') {
 						$letsencrypt = (int) $_POST['letsencrypt'];
 					}

+					$http2 = isset($_POST['http2']) && (int)$_POST['http2'] == 1 ? 1 : 0;
+
+					// HSTS
+					$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+					$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+					$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
+					// OCSP stapling
+					$ocsp_stapling = isset($_POST['ocsp_stapling']) && (int)$_POST['ocsp_stapling'] == 1 ? 1 : 0;
+
 					$ssl_ipandports = array();
 					if (isset($_POST['ssl_ipandport']) && ! is_array($_POST['ssl_ipandport'])) {
 						$_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']);
@@ -1373,25 +1482,49 @@ if ($page == 'domains' || $page == 'overview') {
 								$ssl_ipandports[] = $ssl_ipandport;
 							}
 						}
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
+						$http2 = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
+
+						// HSTS
+						$hsts_maxage = 0;
+						$hsts_sub = 0;
+						$hsts_preload = 0;
+
+						// OCSP stapling
+						$ocsp_stapling = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
 					$letsencrypt = 0;
+					$http2 = 0;
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
+
+					// HSTS
+					$hsts_maxage = 0;
+					$hsts_sub = 0;
+					$hsts_preload = 0;
+
+					// OCSP stapling
+					$ocsp_stapling = 0;
 				}

-				// We can't enable let's encrypt for wildcard domains
-				if ($serveraliasoption == '0' && $letsencrypt == '1') {
+				// We can't enable let's encrypt for wildcard domains when using acme-v1
+				if ($serveraliasoption == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '1') {
 					standard_error('nowildcardwithletsencrypt');
 				}
+				// if using acme-v2 we cannot issue wildcard-certificates
+				// because they currently only support the dns-01 challenge
+				if ($serveraliasoption == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '2') {
+					standard_error('nowildcardwithletsencryptv2');
+				}

 				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
 				if ($ssl_redirect > 0 && $letsencrypt == 1 && $result['letsencrypt'] != $letsencrypt) {
@@ -1402,6 +1535,10 @@ if ($page == 'domains' || $page == 'overview') {
 					$documentroot = makeCorrectDir($documentroot);
 				}

+				if ($phpenabled != '1') {
+					$phpenabled = '0';
+				}
+
 				if ($openbasedir != '1') {
 					$openbasedir = '0';
 				}
@@ -1510,8 +1647,10 @@ if ($page == 'domains' || $page == 'overview') {
 					'dkim' => $dkim,
 					'selectserveralias' => $serveraliasoption,
 					'ssl_redirect' => $ssl_redirect,
+					'phpenabled' => $phpenabled,
 					'openbasedir' => $openbasedir,
 					'phpsettingid' => $phpsettingid,
+					'phpsettingsforsubdomains' => $phpfs,
 					'mod_fcgid_starter' => $mod_fcgid_starter,
 					'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 					'specialsettings' => $specialsettings,
@@ -1523,7 +1662,12 @@ if ($page == 'domains' || $page == 'overview') {
 					'speciallogverified' => $speciallogverified,
 					'ipandport' => serialize($ipandports),
 					'ssl_ipandport' => serialize($ssl_ipandports),
-					'letsencrypt' => $letsencrypt
+					'letsencrypt' => $letsencrypt,
+					'http2' => $http2,
+					'hsts_maxage' => $hsts_maxage,
+					'hsts_sub' => $hsts_sub,
+					'hsts_preload' => $hsts_preload,
+					'ocsp_stapling' => $ocsp_stapling
 				);

 				$security_questions = array(
@@ -1542,7 +1686,28 @@ if ($page == 'domains' || $page == 'overview') {
 				$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';
 				$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';

-				if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt']) {
+				if (
+					$documentroot != $result['documentroot'] ||
+					$ssl_redirect != $result['ssl_redirect'] ||
+					$wwwserveralias != $result['wwwserveralias'] ||
+					$iswildcarddomain != $result['iswildcarddomain'] ||
+					$phpenabled != $result['phpenabled'] ||
+					$openbasedir != $result['openbasedir'] ||
+					$phpsettingid != $result['phpsettingid'] ||
+					$mod_fcgid_starter != $result['mod_fcgid_starter'] ||
+					$mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] ||
+					$specialsettings != $result['specialsettings'] ||
+					$aliasdomain != $result['aliasdomain'] ||
+					$issubof != $result['ismainbutsubto'] ||
+					$email_only != $result['email_only'] ||
+					($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') ||
+					$letsencrypt != $result['letsencrypt'] ||
+					$http2 != $result['http2'] ||
+					$hsts_maxage != $result['hsts'] ||
+					$hsts_sub != $result['hsts_sub'] ||
+					$hsts_preload != $result['hsts_preload'] ||
+					$ocsp_stapling != $result['ocsp_stapling']
+				) {
 					inserttask('1');
 				}

@@ -1571,6 +1736,16 @@ if ($page == 'domains' || $page == 'overview') {
 					$log->logAction(ADM_ACTION, LOG_NOTICE, "deleted domain #" . $id . " from mail-tables");
 				}

+				// check whether LE has been disabled, so we remove the certificate
+				if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+					$del_stmt = Database::prepare("
+						DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+					");
+					Database::pexecute($del_stmt, array(
+						'id' => $id
+					));
+				}
+
 				$updatechildren = '';

 				if ($subcanemaildomain == '0' && $result['subcanemaildomain'] != '0') {
@@ -1673,6 +1848,7 @@ if ($page == 'domains' || $page == 'overview') {
 				$update_data['zonefile'] = $zonefile;
 				$update_data['wwwserveralias'] = $wwwserveralias;
 				$update_data['iswildcarddomain'] = $iswildcarddomain;
+				$update_data['phpenabled'] = $phpenabled;
 				$update_data['openbasedir'] = $openbasedir;
 				$update_data['speciallogfile'] = $speciallogfile;
 				$update_data['phpsettingid'] = $phpsettingid;
@@ -1683,6 +1859,11 @@ if ($page == 'domains' || $page == 'overview') {
 				$update_data['termination_date'] = $termination_date;
 				$update_data['ismainbutsubto'] = $issubof;
 				$update_data['letsencrypt'] = $letsencrypt;
+				$update_data['http2'] = $http2;
+				$update_data['hsts'] = $hsts_maxage;
+				$update_data['hsts_sub'] = $hsts_sub;
+				$update_data['hsts_preload'] = $hsts_preload;
+				$update_data['ocsp_stapling'] = $ocsp_stapling;
 				$update_data['id'] = $id;

 				$update_stmt = Database::prepare("
@@ -1701,6 +1882,7 @@ if ($page == 'domains' || $page == 'overview') {
 					`zonefile` = :zonefile,
 					`wwwserveralias` = :wwwserveralias,
 					`iswildcarddomain` = :iswildcarddomain,
+					`phpenabled` = :phpenabled,
 					`openbasedir` = :openbasedir,
 					`speciallogfile` = :speciallogfile,
 					`phpsettingid` = :phpsettingid,
@@ -1710,19 +1892,32 @@ if ($page == 'domains' || $page == 'overview') {
 					`registration_date` = :registration_date,
 					`termination_date` = :termination_date,
 					`ismainbutsubto` = :ismainbutsubto,
-					`letsencrypt` = :letsencrypt
+					`letsencrypt` = :letsencrypt,
+					`http2` = :http2,
+					`hsts` = :hsts,
+					`hsts_sub` = :hsts_sub,
+					`hsts_preload` = :hsts_preload,
+					`ocsp_stapling` = :ocsp_stapling
 					WHERE `id` = :id
 				");
 				Database::pexecute($update_stmt, $update_data);

 				$_update_data['customerid'] = $customerid;
 				$_update_data['adminid'] = $adminid;
+				$_update_data['phpenabled'] = $phpenabled;
 				$_update_data['openbasedir'] = $openbasedir;
-				$_update_data['phpsettingid'] = $phpsettingid;
 				$_update_data['mod_fcgid_starter'] = $mod_fcgid_starter;
 				$_update_data['mod_fcgid_maxrequests'] = $mod_fcgid_maxrequests;
 				$_update_data['parentdomainid'] = $id;

+				// if php config is to be set for all subdomains, check here
+				$update_phpconfig = '';
+				$phpfs = isset($_POST['phpsettingsforsubdomains']) ? 1 : 0;
+				if ($phpfs == 1) {
+					$_update_data['phpsettingid'] = $phpsettingid;
+					$update_phpconfig = ", `phpsettingid` = :phpsettingid";
+				}
+
 				// if we have no more ssl-ip's for this domain,
 				// all its subdomains must have "ssl-redirect = 0"
 				// and disable let's encrypt
@@ -1735,11 +1930,11 @@ if ($page == 'domains' || $page == 'overview') {
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
 					`customerid` = :customerid,
 					`adminid` = :adminid,
+					`phpenabled` = :phpenabled,
 					`openbasedir` = :openbasedir,
-					`phpsettingid` = :phpsettingid,
 					`mod_fcgid_starter` = :mod_fcgid_starter,
 					`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests
-					" . $upd_specialsettings . $updatechildren . $update_sslredirect . "
+					" . $update_phpconfig . $upd_specialsettings . $updatechildren . $update_sslredirect . "
 					WHERE `parentdomainid` = :parentdomainid
 				");
 				Database::pexecute($_update_stmt, $_update_data);
@@ -2009,10 +2204,25 @@ if ($page == 'domains' || $page == 'overview') {
 				$result['add_date'] = date('Y-m-d', $result['add_date']);

 				$phpconfigs = '';
-				$phpconfigs_result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
+				$phpconfigs_result_stmt = Database::query("
+					SELECT c.*, fc.description as interpreter
+					FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+					LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+				");
+				$c_allowed_configs = getCustomerDetail($result['customerid'], 'allowed_phpconfigs');
+				if (!empty($c_allowed_configs)) {
+					$c_allowed_configs = json_decode($c_allowed_configs, true);
+				} else {
+					$c_allowed_configs = array();
+				}

 				while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
-					$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+					$disabled = !empty($c_allowed_configs) && !in_array($phpconfigs_row['id'], $c_allowed_configs);
+					if ((int) Settings::Get('phpfpm.enabled') == 1) {
+						$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], $result['phpsettingid'], true, true, null, $disabled);
+					} else {
+						$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true, null, $disabled);
+					}
 				}

 				$result = htmlentities_array($result);
@@ -2028,6 +2238,13 @@ if ($page == 'domains' || $page == 'overview') {
 				eval("echo \"" . getTemplate("domains/domains_edit") . "\";");
 			}
 		}
+	} elseif ($action == 'jqGetCustomerPHPConfigs') {
+		
+		$customerid = intval($_POST['customerid']);
+		$allowed_phpconfigs = getCustomerDetail($customerid, 'allowed_phpconfigs');
+		echo !empty($allowed_phpconfigs) ? $allowed_phpconfigs : json_encode(array());
+		exit;
+		
 	} elseif ($action == 'import') {

 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
@@ -2052,6 +2269,8 @@ if ($page == 'domains' || $page == 'overview') {

 			// update customer/admin counters
 			updateCounters(false);
+			inserttask('1');
+			inserttask('4');

 			$result_str = $result['imported'] . ' / ' . $result['all'];
 			standard_success('domain_import_successfully', $result_str, array(
@@ -2086,6 +2305,11 @@ if ($page == 'domains' || $page == 'overview') {
 } elseif ($page == 'domaindnseditor' && Settings::Get('system.dnsenabled') == '1') {

 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }

 function formatDomainEntry(&$row, &$idna_convert)
--- a/admin_index.php
+++ b/admin_index.php
@@ -86,12 +86,8 @@ if ($page == 'overview') {
 		|| (isset($lookfornewversion) && $lookfornewversion == 'yes')
 	) {
 		$update_check_uri = 'http://version.froxlor.org/Froxlor/legacy/' . $version;
-
-		if (ini_get('allow_url_fopen')) {
-			$latestversion = @file($update_check_uri);
-
-			if (isset($latestversion[0])) {
-				$latestversion = explode('|', $latestversion[0]);
+		$latestversion = HttpClient::urlGet($update_check_uri);
+		$latestversion = explode('|', $latestversion);

 		if (is_array($latestversion)
 			&& count($latestversion) >= 1
@@ -119,12 +115,6 @@ if ($page == 'overview') {
 		} else {
 			redirectTo($update_check_uri.'/pretty', NULL, false);
 		}
-			} else {
-				redirectTo($update_check_uri.'/pretty', NULL, false);
-			}
-		} else {
-			redirectTo($update_check_uri.'/pretty', NULL, false);
-		}
 	} else {
 		$lookfornewversion_lable = $lng['admin']['lookfornewversion']['clickhere'];
 		$lookfornewversion_link = htmlspecialchars($filename . '?s=' . urlencode($s) . '&page=' . urlencode($page) . '&lookfornewversion=yes');
@@ -144,6 +134,15 @@ if ($page == 'overview') {
 	$cron_last_runs = getCronjobsLastRun();
 	$outstanding_tasks = getOutstandingTasks();

+	$system_hostname = gethostname();
+	$meminfo= explode("\n", @file_get_contents("/proc/meminfo"));
+	$memory = "";
+	for ($i = 0; $i < sizeof($meminfo); ++$i) {
+		if (substr($meminfo[$i], 0, 3) === "Mem") {
+			$memory.= $meminfo[$i] . PHP_EOL;
+		}
+	}
+
 	if (function_exists('sys_getloadavg')) {
 		$loadArray = sys_getloadavg();
 		$load = number_format($loadArray[0], 2, '.', '') . " / " . number_format($loadArray[1], 2, '.', '') . " / " . number_format($loadArray[2], 2, '.', '');
@@ -271,7 +270,7 @@ if ($page == 'overview') {
 			$default_lang = $userinfo['def_language'];
 		}

-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options.= makeoption($language_name, $language_file, $default_lang, true);
 		}

@@ -360,7 +359,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = nl2br($mail_body);

--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -33,6 +33,7 @@ if ($page == 'ipsandports'
 	$websrv = Settings::Get('system.webserver');
 	$is_nginx = ($websrv == 'nginx');
 	$is_apache = ($websrv == 'apache2');
+	$is_apache24 = $is_apache && (Settings::Get('system.apache24') === '1');

 	if ($action == '') {

--- a/admin_logger.php
+++ b/admin_logger.php
@@ -30,11 +30,11 @@ if ($page == 'log'
 			'user' => $lng['logger']['user'],
 			'text' => $lng['logger']['action']
 		);
-		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc');
-		$result_stmt = Database::query('
-			SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
-		);
-		$logs_count = Database::num_rows();
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc', 30);
+		$query = 'SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy();
+		$result_stmt = Database::query($query . ' ' . $paging->getSqlLimit());
+		$result_cnt_stmt = Database::query($query);
+		$logs_count = $result_cnt_stmt->rowCount();
 		$paging->setEntries($logs_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -67,7 +67,7 @@ if ($page == 'log'
 		foreach ($clog as $action => $logrows) {
 			$_action = 0;
 			foreach ($logrows as $row) {
-				if ($paging->checkDisplay($i)) {
+				// if ($paging->checkDisplay($i)) {
 					$row = htmlentities_array($row);
 					$row['date'] = date("d.m.y H:i:s", $row['date']);

@@ -105,7 +105,7 @@ if ($page == 'log'
 					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
 					$count++;
 					$_action = $action;
-				}
+				// }
 				$i++;
 			}
 			$i++;
--- a/admin_phpsettings.php
+++ b/admin_phpsettings.php
@@ -16,7 +16,6 @@
 * @package    Panel
 *
 */
-
 define('AREA', 'admin');
 require './lib/init.php';

@@ -32,12 +31,19 @@ if ($page == 'overview') {
 		
 		$tablecontent = '';
 		$count = 0;
-		$result = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
+		$result = Database::query("
+			SELECT c.*, fd.description as fpmdesc
+			FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+			LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fd ON fd.id = c.fpmsettingid
+			ORDER BY c.description ASC
+		");
 		
 		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
 			
 			$domainresult = false;
-			$query_params = array('id' => $row['id']);
+			$query_params = array(
+				'id' => $row['id']
+			);
 			
 			$query = "SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `phpsettingid` = :id
@@ -51,8 +57,7 @@ if ($page == 'overview') {
 			if ((int) Settings::Get('panel.phpconfigs_hidestdsubdomain') == 1) {
 				$ssdids_res = Database::query("
 					SELECT DISTINCT `standardsubdomain` FROM `" . TABLE_PANEL_CUSTOMERS . "`
-					WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;"
-				);
+					WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;");
 				$ssdids = array();
 				while ($ssd = $ssdids_res->fetch(PDO::FETCH_ASSOC)) {
 					$ssdids[] = $ssd['standardsubdomain'];
@@ -73,9 +78,7 @@ if ($page == 'overview') {
 			}
 			
 			// check whether we use that config as froxor-vhost config
-			if (Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id']
-				|| Settings::Get('phpfpm.vhost_defaultini') == $row['id']
-			) {
+			if (Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $row['id'] || Settings::Get('phpfpm.vhost_defaultini') == $row['id']) {
 				$domains .= Settings::Get('system.hostname');
 			}
 			
@@ -84,11 +87,7 @@ if ($page == 'overview') {
 			}
 			
 			// check whether this is our default config
-			if ((Settings::Get('system.mod_fcgid') == '1'
-				&& Settings::Get('system.mod_fcgid_defaultini') == $row['id'])
-				|| (Settings::Get('phpfpm.enabled') == '1'
-				&& Settings::Get('phpfpm.defaultini') == $row['id'])
-			) {
+			if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini') == $row['id']) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.defaultini') == $row['id'])) {
 				$row['description'] = '<b>' . $row['description'] . '</b>';
 			}
 			
@@ -104,27 +103,34 @@ if ($page == 'overview') {
 		
 		if ((int) $userinfo['change_serversettings'] == 1) {
 			
-			if (isset($_POST['send'])
-				&& $_POST['send'] == 'send'
-			) {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$description = validate($_POST['description'], 'description');
 				$phpsettings = validate(str_replace("\r\n", "\n", $_POST['phpsettings']), 'phpsettings', '/^[^\0]*$/');
 				
 				if (Settings::Get('system.mod_fcgid') == 1) {
 					$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
 					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
-					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
-					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
+					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
 					$mod_fcgid_umask = validate($_POST['mod_fcgid_umask'], 'mod_fcgid_umask', '/^[0-9]*$/');
 					// disable fpm stuff
+					$fpm_config_id = 1;
 					$fpm_enableslowlog = 0;
 					$fpm_reqtermtimeout = 0;
 					$fpm_reqslowtimeout = 0;
-				}
-				elseif (Settings::Get('phpfpm.enabled') == 1) {
+					$fpm_pass_authorizationheader = 0;
+				} elseif (Settings::Get('phpfpm.enabled') == 1) {
+					$fpm_config_id = intval($_POST['fpmconfig']);
 					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int) $_POST['phpfpm_enable_slowlog'] : 0;
 					$fpm_reqtermtimeout = validate($_POST['phpfpm_reqtermtimeout'], 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/');
 					$fpm_reqslowtimeout = validate($_POST['phpfpm_reqslowtimeout'], 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					$fpm_pass_authorizationheader = isset($_POST['phpfpm_pass_authorizationheader']) ? (int) $_POST['phpfpm_pass_authorizationheader'] : 0;
 					// disable fcgid stuff
 					$binary = '/usr/bin/php-cgi';
 					$file_extensions = 'php';
@@ -133,9 +139,7 @@ if ($page == 'overview') {
 					$mod_fcgid_umask = "022";
 				}
 				
-				if (strlen($description) == 0
-					|| strlen($description) > 50
-				) {
+				if (strlen($description) == 0 || strlen($description) > 50) {
 					standard_error('descriptioninvalid');
 				}
 				
@@ -150,8 +154,9 @@ if ($page == 'overview') {
 						`fpm_slowlog` = :fpmslow,
 						`fpm_reqterm` = :fpmreqterm,
 						`fpm_reqslow` = :fpmreqslow,
-						`phpsettings` = :phpsettings"
-				);
+						`phpsettings` = :phpsettings,
+						`fpmsettingid` = :fpmsettingid,
+						`pass_authorizationheader` = :fpmpassauth");
 				$ins_data = array(
 					'desc' => $description,
 					'binary' => $binary,
@@ -162,19 +167,29 @@ if ($page == 'overview') {
 					'fpmslow' => $fpm_enableslowlog,
 					'fpmreqterm' => $fpm_reqtermtimeout,
 					'fpmreqslow' => $fpm_reqslowtimeout,
-					'phpsettings' => $phpsettings
+					'phpsettings' => $phpsettings,
+					'fpmsettingid' => $fpm_config_id,
+					'fpmpassauth' => $fpm_pass_authorizationheader
 				);
 				Database::pexecute($ins_stmt, $ins_data);
 				
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, array('page' => $page, 's' => $s));
-
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
 				
 				$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = 1");
 				$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 				
+				$fpmconfigs = '';
+				$configs = Database::query("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` ORDER BY `description` ASC");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					$fpmconfigs .= makeoption($row['description'], $row['id'], 1, true, true);
+				}
+				
 				$phpconfig_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php';
 				$phpconfig_add_form = htmlform::genHTMLForm($phpconfig_add_data);
 				
@@ -183,7 +198,6 @@ if ($page == 'overview') {
 				
 				eval("echo \"" . getTemplate("phpconfig/overview_add") . "\";");
 			}
-
 		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
@@ -192,54 +206,50 @@ if ($page == 'overview') {
 	if ($action == 'delete') {
 		
 		$result_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
-		);
-		$result = Database::pexecute_first($result_stmt, array('id' => $id));
+			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
 		
-		if ((Settings::Get('system.mod_fcgid') == '1'
-			&& Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $id)
-			|| (Settings::Get('phpfpm.enabled') == '1'
-			&& Settings::Get('phpfpm.vhost_defaultini') == $id)
-		) {
+		if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini_ownvhost') == $id) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.vhost_defaultini') == $id)) {
 			standard_error('cannotdeletehostnamephpconfig');
 		}
 		
-		if ((Settings::Get('system.mod_fcgid') == '1'
-			&& Settings::Get('system.mod_fcgid_defaultini') == $id)
-			|| (Settings::Get('phpfpm.enabled') == '1'
-			&& Settings::Get('phpfpm.defaultini') == $id)
-		) {
+		if ((Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_defaultini') == $id) || (Settings::Get('phpfpm.enabled') == '1' && Settings::Get('phpfpm.defaultini') == $id)) {
 			standard_error('cannotdeletedefaultphpconfig');
 		}
 		
-		if ($result['id'] != 0
-			&& $result['id'] == $id
-			&& (int)$userinfo['change_serversettings'] == 1
-			&& $id != 1 // cannot delete the default php.config
-		) {
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
+		{
 			
-			if (isset($_POST['send'])
-				&& $_POST['send'] == 'send'
-			) {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				// set php-config to default for all domains using the
 				// config that is to be deleted
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
-					`phpsettingid` = '1' WHERE `phpsettingid` = :id"
-				);
-				Database::pexecute($upd_stmt, array('id' => $id));
+					`phpsettingid` = '1' WHERE `phpsettingid` = :id");
+				Database::pexecute($upd_stmt, array(
+					'id' => $id
+				));
 				
 				$del_stmt = Database::prepare("
-					DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
-				);
-				Database::pexecute($del_stmt, array('id' => $id));
+					DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
+				Database::pexecute($del_stmt, array(
+					'id' => $id
+				));
 				
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with id #" . (int) $id . " has been deleted by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, array('page' => $page, 's' => $s));
-
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {
-				ask_yesno('phpsetting_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['description']);
+				ask_yesno('phpsetting_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['description']);
 			}
 		} else {
 			standard_error('nopermissionsorinvalidid');
@@ -249,36 +259,41 @@ if ($page == 'overview') {
 	if ($action == 'edit') {
 		
 		$result_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
-		);
-		$result = Database::pexecute_first($result_stmt, array('id' => $id));
+			SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
 		
-		if ($result['id'] != 0
-			&& $result['id'] == $id
-			&& (int)$userinfo['change_serversettings'] == 1
-		) {
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1) {
 			
-			if (isset($_POST['send'])
-				&& $_POST['send'] == 'send'
-			) {
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$description = validate($_POST['description'], 'description');
 				$phpsettings = validate(str_replace("\r\n", "\n", $_POST['phpsettings']), 'phpsettings', '/^[^\0]*$/');
 				
 				if (Settings::Get('system.mod_fcgid') == 1) {
 					$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
 					$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
-					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
-					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
+					$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
+					$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array(
+						'-1',
+						''
+					));
 					$mod_fcgid_umask = validate($_POST['mod_fcgid_umask'], 'mod_fcgid_umask', '/^[0-9]*$/');
 					// disable fpm stuff
+					$fpm_config_id = 1;
 					$fpm_enableslowlog = 0;
 					$fpm_reqtermtimeout = 0;
 					$fpm_reqslowtimeout = 0;
-				}
-				elseif (Settings::Get('phpfpm.enabled') == 1) {
+					$fpm_pass_authorizationheader = 0;
+				} elseif (Settings::Get('phpfpm.enabled') == 1) {
+					$fpm_config_id = intval($_POST['fpmconfig']);
 					$fpm_enableslowlog = isset($_POST['phpfpm_enable_slowlog']) ? (int) $_POST['phpfpm_enable_slowlog'] : 0;
 					$fpm_reqtermtimeout = validate($_POST['phpfpm_reqtermtimeout'], 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/');
 					$fpm_reqslowtimeout = validate($_POST['phpfpm_reqslowtimeout'], 'phpfpm_reqslowtimeout', '/^([0-9]+)(|s|m|h|d)$/');
+					$fpm_pass_authorizationheader = isset($_POST['phpfpm_pass_authorizationheader']) ? (int) $_POST['phpfpm_pass_authorizationheader'] : 0;
 					// disable fcgid stuff
 					$binary = '/usr/bin/php-cgi';
 					$file_extensions = 'php';
@@ -287,9 +302,7 @@ if ($page == 'overview') {
 					$mod_fcgid_umask = "022";
 				}
 				
-				if (strlen($description) == 0
-					|| strlen($description) > 50
-				) {
+				if (strlen($description) == 0 || strlen($description) > 50) {
 					standard_error('descriptioninvalid');
 				}
 				
@@ -304,9 +317,10 @@ if ($page == 'overview') {
 						`fpm_slowlog` = :fpmslow,
 						`fpm_reqterm` = :fpmreqterm,
 						`fpm_reqslow` = :fpmreqslow,
-						`phpsettings` = :phpsettings
-					WHERE `id` = :id"
-				);
+						`phpsettings` = :phpsettings,
+						`fpmsettingid` = :fpmsettingid,
+						`pass_authorizationheader` = :fpmpassauth
+					WHERE `id` = :id");
 				$upd_data = array(
 					'desc' => $description,
 					'binary' => $binary,
@@ -318,16 +332,26 @@ if ($page == 'overview') {
 					'fpmreqterm' => $fpm_reqtermtimeout,
 					'fpmreqslow' => $fpm_reqslowtimeout,
 					'phpsettings' => $phpsettings,
+					'fpmsettingid' => $fpm_config_id,
+					'fpmpassauth' => $fpm_pass_authorizationheader,
 					'id' => $id
 				);
 				Database::pexecute($upd_stmt, $upd_data);
 				
 				inserttask('1');
 				$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'");
-				redirectTo($filename, array('page' => $page, 's' => $s));
-
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
 			} else {

+				$fpmconfigs = '';
+				$configs = Database::query("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` ORDER BY `description` ASC");
+				while ($row = $configs->fetch(PDO::FETCH_ASSOC)) {
+					$fpmconfigs .= makeoption($row['description'], $row['id'], $result['fpmsettingid'], true, true);
+				}
+
 				$phpconfig_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php';
 				$phpconfig_edit_form = htmlform::genHTMLForm($phpconfig_edit_data);

@@ -336,7 +360,249 @@ if ($page == 'overview') {
 				
 				eval("echo \"" . getTemplate("phpconfig/overview_edit") . "\";");
 			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	}
+} elseif ($page == 'fpmdaemons') {
 	
+	if ($action == '') {
+		
+		$tablecontent = '';
+		$count = 0;
+		$result = Database::query("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` ORDER BY `description` ASC");
+		
+		while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
+
+			$query_params = array(
+				'id' => $row['id']
+			);
+			
+			$query = "SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `fpmsettingid` = :id";
+			
+			$configresult_stmt = Database::prepare($query);
+			Database::pexecute($configresult_stmt, $query_params);
+			
+			$configs = '';
+			if (Database::num_rows() > 0) {
+				while ($row2 = $configresult_stmt->fetch(PDO::FETCH_ASSOC)) {
+					$configs .= $row2['description'] . '<br/>';
+				}
+			}
+			
+			if ($configs == '') {
+				$configs = $lng['admin']['phpsettings']['notused'];
+			}
+			
+			$count ++;
+			eval("\$tablecontent.=\"" . getTemplate("phpconfig/fpmdaemons_overview") . "\";");
+		}
+		
+		$log->logAction(ADM_ACTION, LOG_INFO, "fpm daemons setting overview has been viewed by '" . $userinfo['loginname'] . "'");
+		eval("echo \"" . getTemplate("phpconfig/fpmdaemons") . "\";");
+	}
+	
+	if ($action == 'add') {
+		
+		if ((int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				$description = validate($_POST['description'], 'description');
+				$reload_cmd = validate($_POST['reload_cmd'], 'reload_cmd');
+				$config_dir = validate($_POST['config_dir'], 'config_dir');
+				$pm = $_POST['pm'];
+				$max_children = isset($_POST['max_children']) ? (int) $_POST['max_children'] : 0;
+				$start_servers = isset($_POST['start_servers']) ? (int) $_POST['start_servers'] : 0;
+				$min_spare_servers = isset($_POST['min_spare_servers']) ? (int) $_POST['min_spare_servers'] : 0;
+				$max_spare_servers = isset($_POST['max_spare_servers']) ? (int) $_POST['max_spare_servers'] : 0;
+				$max_requests = isset($_POST['max_requests']) ? (int) $_POST['max_requests'] : 0;
+				$idle_timeout = isset($_POST['idle_timeout']) ? (int) $_POST['idle_timeout'] : 0;
+				$limit_extensions = validate($_POST['limit_extensions'], 'limit_extensions', '/^(\.[a-z]([a-z0-9]+)\ ?)+$/');
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
+					standard_error('descriptioninvalid');
+				}
+				
+				$ins_stmt = Database::prepare("
+					INSERT INTO `" . TABLE_PANEL_FPMDAEMONS . "` SET
+					`description` = :desc,
+					`reload_cmd` = :reload_cmd,
+					`config_dir` = :config_dir,
+					`pm` = :pm,
+					`max_children` = :max_children,
+					`start_servers` = :start_servers,
+					`min_spare_servers` = :min_spare_servers,
+					`max_spare_servers` = :max_spare_servers,
+					`max_requests` = :max_requests,
+					`idle_timeout` = :idle_timeout,
+					`limit_extensions` = :limit_extensions
+				");
+				$ins_data = array(
+					'desc' => $description,
+					'reload_cmd' => $reload_cmd,
+					'config_dir' => makeCorrectDir($config_dir),
+					'pm' => $pm,
+					'max_children' => $max_children,
+					'start_servers' => $start_servers,
+					'min_spare_servers' => $min_spare_servers,
+					'max_spare_servers' => $max_spare_servers,
+					'max_requests' => $max_requests,
+					'idle_timeout' => $idle_timeout,
+					'limit_extensions' => $limit_extensions
+				);
+				Database::pexecute($ins_stmt, $ins_data);
+				
+				inserttask('1');
+				$log->logAction(ADM_ACTION, LOG_INFO, "fpm-daemon setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				
+				$pm_select = makeoption('static', 'static', 'static', true, true);
+				$pm_select.= makeoption('dynamic', 'dynamic', 'static', true, true);
+				$pm_select.= makeoption('ondemand', 'ondemand', 'static', true, true);
+
+				$fpmconfig_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.fpmconfig_add.php';
+				$fpmconfig_add_form = htmlform::genHTMLForm($fpmconfig_add_data);
+				
+				$title = $fpmconfig_add_data['fpmconfig_add']['title'];
+				$image = $fpmconfig_add_data['fpmconfig_add']['image'];
+				
+				eval("echo \"" . getTemplate("phpconfig/fpmconfig_add") . "\";");
+			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	}
+	
+	if ($action == 'delete') {
+		
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+
+		if ($id == 1) {
+			standard_error('cannotdeletedefaultphpconfig');
+		}
+
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
+		{
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				// set default fpm daemon config for all php-config that use this config that is to be deleted
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET
+					`fpmsettingid` = '1' WHERE `fpmsettingid` = :id");
+				Database::pexecute($upd_stmt, array(
+					'id' => $id
+				));
+				
+				$del_stmt = Database::prepare("
+					DELETE FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+				Database::pexecute($del_stmt, array(
+					'id' => $id
+				));
+				
+				inserttask('1');
+				$log->logAction(ADM_ACTION, LOG_INFO, "fpm-daemon setting with id #" . (int) $id . " has been deleted by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				ask_yesno('fpmsetting_reallydelete', $filename, array(
+					'id' => $id,
+					'page' => $page,
+					'action' => $action
+				), $result['description']);
+			}
+		} else {
+			standard_error('nopermissionsorinvalidid');
+		}
+	}
+	
+	if ($action == 'edit') {
+		
+		$result_stmt = Database::prepare("
+			SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+		$result = Database::pexecute_first($result_stmt, array(
+			'id' => $id
+		));
+		
+		if ($result['id'] != 0 && $result['id'] == $id && (int) $userinfo['change_serversettings'] == 1) {
+			
+			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				$description = validate($_POST['description'], 'description');
+				$reload_cmd = validate($_POST['reload_cmd'], 'reload_cmd');
+				$config_dir = validate($_POST['config_dir'], 'config_dir');
+				$pm = $_POST['pm'];
+				$max_children = isset($_POST['max_children']) ? (int) $_POST['max_children'] : $result['max_children'];
+				$start_servers = isset($_POST['start_servers']) ? (int) $_POST['start_servers'] : $result['start_servers'];
+				$min_spare_servers = isset($_POST['min_spare_servers']) ? (int) $_POST['min_spare_servers'] : $result['min_spare_servers'];
+				$max_spare_servers = isset($_POST['max_spare_servers']) ? (int) $_POST['max_spare_servers'] : $result['max_spare_servers'];
+				$max_requests = isset($_POST['max_requests']) ? (int) $_POST['max_requests'] : $result['max_requests'];
+				$idle_timeout = isset($_POST['idle_timeout']) ? (int) $_POST['idle_timeout'] : $result['idle_timeout'];
+				$limit_extensions = validate($_POST['limit_extensions'], 'limit_extensions', '/^(\.[a-z]([a-z0-9]+)\ ?)+$/');
+				
+				if (strlen($description) == 0 || strlen($description) > 50) {
+					standard_error('descriptioninvalid');
+				}
+				
+				$upd_stmt = Database::prepare("
+					UPDATE `" . TABLE_PANEL_FPMDAEMONS . "` SET
+					`description` = :desc,
+					`reload_cmd` = :reload_cmd,
+					`config_dir` = :config_dir,
+					`pm` = :pm,
+					`max_children` = :max_children,
+					`start_servers` = :start_servers,
+					`min_spare_servers` = :min_spare_servers,
+					`max_spare_servers` = :max_spare_servers,
+					`max_requests` = :max_requests,
+					`idle_timeout` = :idle_timeout,
+					`limit_extensions` = :limit_extensions
+					WHERE `id` = :id
+				");
+				$upd_data = array(
+					'desc' => $description,
+					'reload_cmd' => $reload_cmd,
+					'config_dir' => makeCorrectDir($config_dir),
+					'pm' => $pm,
+					'max_children' => $max_children,
+					'start_servers' => $start_servers,
+					'min_spare_servers' => $min_spare_servers,
+					'max_spare_servers' => $max_spare_servers,
+					'max_requests' => $max_requests,
+					'idle_timeout' => $idle_timeout,
+					'limit_extensions' => $limit_extensions,
+					'id' => $id
+				);
+				Database::pexecute($upd_stmt, $upd_data);
+				
+				inserttask('1');
+				$log->logAction(ADM_ACTION, LOG_INFO, "fpm-daemon setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'");
+				redirectTo($filename, array(
+					'page' => $page,
+					's' => $s
+				));
+			} else {
+				
+				$pm_select = makeoption('static', 'static', $result['pm'], true, true);
+				$pm_select.= makeoption('dynamic', 'dynamic', $result['pm'], true, true);
+				$pm_select.= makeoption('ondemand', 'ondemand', $result['pm'], true, true);
+
+				$fpmconfig_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/phpconfig/formfield.fpmconfig_edit.php';
+				$fpmconfig_edit_form = htmlform::genHTMLForm($fpmconfig_edit_data);
+				
+				$title = $fpmconfig_edit_data['fpmconfig_edit']['title'];
+				$image = $fpmconfig_edit_data['fpmconfig_edit']['image'];
+				
+				eval("echo \"" . getTemplate("phpconfig/fpmconfig_edit") . "\";");
+			}
 		} else {
 			standard_error('nopermissionsorinvalidid');
 		}
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -290,3 +290,107 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	}
 	eval("echo \"" . getTemplate("settings/integritycheck") . "\";");
 }
+elseif ($page == 'importexport' && $userinfo['change_serversettings'] == '1')
+{
+	// check for json-stuff
+	if (! extension_loaded('json')) {
+		standard_error('jsonextensionnotfound');
+	}
+
+	if (isset($_GET['action']) && $_GET['action'] == "export") {
+		// export
+		try {
+			$json_export = SImExporter::export();
+		} catch(Exception $e) {
+			dynamic_error($e->getMessage());
+		}
+		header('Content-disposition: attachment; filename=Froxlor_settings-'.$version.'-'.$dbversion.'_'.date('d.m.Y').'.json');
+		header('Content-type: application/json');
+		echo $json_export;
+		exit;
+	} elseif (isset($_GET['action']) && $_GET['action'] == "import") {
+		// import
+		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			// get uploaded file
+			if (isset($_FILES["import_file"]["tmp_name"])) {
+				$imp_content = file_get_contents($_FILES["import_file"]["tmp_name"]);
+				try {
+					SImExporter::import($imp_content);
+				} catch(Exception $e) {
+					dynamic_error($e->getMessage());
+				}
+				standard_success('settingsimported', '', array('filename' => 'admin_settings.php'));
+			}
+			dynamic_error("Upload failed");
+		}
+	} else {
+		eval("echo \"" . getTemplate("settings/importexport/index") . "\";");
+	}
+}
+elseif ($page == 'testmail')
+{
+		if (isset($_POST['send']) && $_POST['send'] == 'send')
+		{
+			$test_addr = isset($_POST['test_addr']) ? $_POST['test_addr'] : null;
+
+			/**
+			 * Initialize the mailingsystem
+			 */
+			$testmail = new PHPMailer(true);
+			$testmail->CharSet = "UTF-8";
+
+			if (Settings::Get('system.mail_use_smtp')) {
+				$testmail->isSMTP();
+				$testmail->Host = Settings::Get('system.mail_smtp_host');
+				$testmail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+				$testmail->Username = Settings::Get('system.mail_smtp_user');
+				$testmail->Password = Settings::Get('system.mail_smtp_passwd');
+				if (Settings::Get('system.mail_smtp_usetls')) {
+					$testmail->SMTPSecure = 'tls';
+				} else {
+					$testmail->SMTPAutoTLS = false;
+				}
+				$testmail->Port = Settings::Get('system.mail_smtp_port');
+			}
+
+			$_mailerror = false;
+			if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
+				// set return-to address and custom sender-name, see #76
+				$testmail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
+				if (Settings::Get('panel.adminmail_return') != '') {
+					$testmail->AddReplyTo(Settings::Get('panel.adminmail_return'), Settings::Get('panel.adminmail_defname'));
+				}
+
+				try {
+					$testmail->Subject = "Froxlor Test-Mail";
+					$mail_body = "Yay, this worked :)";
+					$testmail->AltBody = $mail_body;
+					$testmail->MsgHTML(str_replace("\n", "<br />", $mail_body));
+					$testmail->AddAddress($test_addr);
+					$testmail->Send();
+				} catch(phpmailerException $e) {
+					$mailerr_msg = $e->errorMessage();
+					$_mailerror = true;
+				} catch (Exception $e) {
+					$mailerr_msg = $e->getMessage();
+					$_mailerror = true;
+				}
+
+				if (!$_mailerror) {
+					// success
+					$mail->ClearAddresses();
+					standard_success('testmailsent', '', array('filename' => 'admin_settings.php', 'page' => 'testmail'));
+				}
+			} else {
+				// invalid sender e-mail
+				$mailerr_msg = "Invalid sender e-mail address: ".Settings::Get('panel.adminmail');
+				$_mailerror = true;
+			}
+		}
+
+		$mail_smtp_user = Settings::Get('system.mail_smtp_user');
+		$mail_smtp_host = Settings::Get('system.mail_smtp_host');
+		$mail_smtp_port = Settings::Get('system.mail_smtp_port');
+
+		eval("echo \"" . getTemplate("settings/testmail") . "\";");
+}
--- a/admin_templates.php
+++ b/admin_templates.php
@@ -99,7 +99,7 @@ if ($action == '') {
 	}

 	$add = false;
-	while (list($language_file, $language_name) = each($languages)) {
+	foreach ($languages as $language_file => $language_name) {

 		$templates_done = array();
 		$result_stmt = Database::prepare("
@@ -328,7 +328,7 @@ if ($action == '') {
 		$language_options = '';
 		$template_options = '';

-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$templates = array();
 			$result_stmt = Database::prepare("
 				SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -260,12 +260,12 @@ if ($page == 'overview') {
 		if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {

-				if (strpos($_POST['subdomain'], '--') !== false) {
+				if (substr($_POST['subdomain'], 0, 4) == 'xn--') {
 					standard_error('domain_nopunycode');
 				}

 				$subdomain = $idna_convert->encode(preg_replace(array('/\:(\d)+$/', '/^https?\:\/\//'), '', validate($_POST['subdomain'], 'subdomain', '', 'subdomainiswrong')));
-				$domain = $idna_convert->encode($_POST['domain']);
+				$domain = $_POST['domain'];
 				$domain_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain` = :domain
 					AND `customerid` = :customerid
@@ -277,6 +277,13 @@ if ($page == 'overview') {

 				$completedomain = $subdomain . '.' . $domain;

+				if (Settings::Get('system.validate_domain') && ! validateDomain($completedomain)) {
+					standard_error(array(
+						'stringiswrong',
+						'mydomain'
+					));
+				}
+
 				if ($completedomain == Settings::Get('system.hostname')) {
 					standard_error('admin_domain_emailsystemhostname');
 				}
@@ -312,14 +319,17 @@ if ($page == 'overview') {
 					triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 				}

-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
+					if (strstr($path, ":") !== FALSE) {
+						standard_error('pathmaynotcontaincolon');
+					}
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -327,9 +337,6 @@ if ($page == 'overview') {
 					} else {
 						$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 					}
-					if (strstr($path, ":") !== FALSE) {
-						standard_error('pathmaynotcontaincolon');
-					}
 				} else {
 					$_doredirect = true;
 				}
@@ -367,6 +374,11 @@ if ($page == 'overview') {
 					$ssl_redirect = 2;
 				}

+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} elseif ($subdomain == '') {
@@ -393,6 +405,10 @@ if ($page == 'overview') {
 						// assign default config
 						$phpsid_result['phpsettingid'] = 1;
 					}
+					// check whether the customer has chosen its own php-config
+					if (isset($_POST['phpsettingid']) && intval($_POST['phpsettingid']) != $phpsid_result['phpsettingid']) {
+						$phpsid_result['phpsettingid'] = intval($_POST['phpsettingid']);
+					}

 					$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 						`customerid` = :customerid,
@@ -403,13 +419,17 @@ if ($page == 'overview') {
 						`wwwserveralias` = :wwwserveralias,
 						`isemaildomain` = :isemaildomain,
 						`iswildcarddomain` = :iswildcarddomain,
+						`phpenabled` = :phpenabled,
 						`openbasedir` = :openbasedir,
 						`openbasedir_path` = :openbasedir_path,
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
 						`ssl_redirect` = :ssl_redirect,
 						`phpsettingid` = :phpsettingid,
-						`letsencrypt` = :letsencrypt"
+						`letsencrypt` = :letsencrypt,
+						`hsts` = :hsts,
+						`hsts_sub` = :hsts_sub,
+						`hsts_preload` = :hsts_preload"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -422,11 +442,15 @@ if ($page == 'overview') {
 						"isemaildomain" => $domain_check['subcanemaildomain'] == '3' ? '1' : '0',
 						"openbasedir" => $domain_check['openbasedir'],
 						"openbasedir_path" => $openbasedir_path,
+						"phpenabled" => $domain_check['phpenabled'],
 						"speciallogfile" => $domain_check['speciallogfile'],
 						"specialsettings" => $domain_check['specialsettings'],
 						"ssl_redirect" => $ssl_redirect,
 						"phpsettingid" => $phpsid_result['phpsettingid'],
-						"letsencrypt" => $letsencrypt
+						"letsencrypt" => $letsencrypt,
+						"hsts" => $hsts_maxage,
+						"hsts_sub" => $hsts_sub,
+						"hsts_preload" => $hsts_preload
 					);
 					Database::pexecute($stmt, $params);

@@ -499,7 +523,12 @@ if ($page == 'overview') {

 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE pip.`ssl`='1'
+				");
 				Database::pexecute($ssl_ip_stmt);
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
@@ -509,6 +538,27 @@ if ($page == 'overview') {
 				$openbasedir = makeoption($lng['domain']['docroot'], 0, NULL, true) . makeoption($lng['domain']['homedir'], 1, NULL, true);
 				$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);

+				$phpconfigs = '';
+				$has_phpconfigs = false;
+				if (isset($userinfo['allowed_phpconfigs']) && !empty($userinfo['allowed_phpconfigs']))
+				{
+					$has_phpconfigs = true;
+					$allowed_cfg = json_decode($userinfo['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY);
+					$phpconfigs_result_stmt = Database::query("
+						SELECT c.*, fc.description as interpreter
+						FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+						LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+						WHERE c.id IN (".implode(", ", $allowed_cfg).")
+					");
+					while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
+						if ((int) Settings::Get('phpfpm.enabled') == 1) {
+							$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], Settings::Get('phpfpm.defaultini'), true, true);
+						} else {
+							$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], Settings::Get('system.mod_fcgid_defaultini'), true, true);
+						}
+					}
+				}
+
 				$subdomain_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/domains/formfield.domains_add.php';
 				$subdomain_add_form = htmlform::genHTMLForm($subdomain_add_data);

@@ -520,8 +570,7 @@ if ($page == 'overview') {
 		}
 	} elseif ($action == 'edit' && $id != 0) {

-		$stmt = Database::prepare("SELECT `d`.`id`, `d`.`customerid`, `d`.`domain`, `d`.`documentroot`, `d`.`isemaildomain`, `d`.`isbinddomain`, `d`.`wwwserveralias`, `d`.`iswildcarddomain`,
-			`d`.`parentdomainid`, `d`.`ssl_redirect`, `d`.`aliasdomain`, `d`.`openbasedir`, `d`.`openbasedir_path`, `d`.`letsencrypt`, `pd`.`subcanemaildomain`
+		$stmt = Database::prepare("SELECT `d`.*, `pd`.`subcanemaildomain`
 			FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_DOMAINS . "` `pd`
 			WHERE `d`.`customerid` = :customerid
 			AND `d`.`id` = :id
@@ -539,14 +588,17 @@ if ($page == 'overview') {

 		if (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
-				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($idna_convert->encode($_POST['url']))) {
+				if (isset($_POST['url']) && $_POST['url'] != '' && validateUrl($_POST['url'])) {
 					$path = $_POST['url'];
 					$_doredirect = true;
 				} else {
 					$path = validate($_POST['path'], 'path');
 				}

-				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($idna_convert->encode($path))) {
+				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
+					if (strstr($path, ":") !== FALSE) {
+						standard_error('pathmaynotcontaincolon');
+					}
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -554,14 +606,11 @@ if ($page == 'overview') {
 					} else {
 						$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 					}
-					if (strstr($path, ":") !== FALSE) {
-						standard_error('pathmaynotcontaincolon');
-					}
 				} else {
 					$_doredirect = true;
 				}

-				$aliasdomain = intval($_POST['alias']);
+				$aliasdomain = isset($_POST['alias']) ? intval($_POST['alias']) : 0;

 				if (isset($_POST['selectserveralias'])) {
 					$iswildcarddomain = ($_POST['selectserveralias'] == '0') ? '1' : '0';
@@ -600,6 +649,13 @@ if ($page == 'overview') {
 					$openbasedir_path = '0';
 				}

+				// check whether the customer has chosen its own php-config
+				if (isset($_POST['phpsettingid'])) {
+					$phpsettingid = intval($_POST['phpsettingid']);
+				} else {
+					$phpsettingid = $result['phpsettingid'];
+				}
+
 				if (isset($_POST['ssl_redirect']) && $_POST['ssl_redirect'] == '1') {
 					// a ssl-redirect only works if there actually is a
 					// ssl ip/port assigned to the domain
@@ -625,16 +681,26 @@ if ($page == 'overview') {
 					$letsencrypt = '0';
 				}

-				// We can't enable let's encrypt for wildcard - domains
-				if ($iswildcarddomain == '1' && $letsencrypt == '1') {
+				// We can't enable let's encrypt for wildcard - domains when using acme-v1
+				if ($iswildcarddomain == '1' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '1') {
 					standard_error('nowildcardwithletsencrypt');
 				}
+				// if using acme-v2 we cannot issue wildcard-certificates
+				// because they currently only support the dns-01 challenge
+				if ($iswildcarddomain == '0' && $letsencrypt == '1' && Settings::Get('system.leapiversion') == '2') {
+					standard_error('nowildcardwithletsencryptv2');
+				}

 				// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
 				if ($ssl_redirect > 0 && $letsencrypt == 1 && $result['letsencrypt'] != $letsencrypt) {
 					$ssl_redirect = 2;
 				}

+				// HSTS
+				$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
+				$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
+				$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
+
 				if ($path == '') {
 					standard_error('patherror');
 				} else {
@@ -659,7 +725,12 @@ if ($page == 'overview') {
 						|| $aliasdomain != $result['aliasdomain']
 						|| $openbasedir_path != $result['openbasedir_path']
 						|| $ssl_redirect != $result['ssl_redirect']
-						|| $letsencrypt != $result['letsencrypt']) {
+						|| $letsencrypt != $result['letsencrypt']
+						|| $hsts_maxage != $result['hsts']
+						|| $hsts_sub != $result['hsts_sub']
+						|| $hsts_preload != $result['hsts_preload']
+						|| $phpsettingid != $result['phpsettingid']
+					) {
 						$log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'");

 						$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
@@ -670,7 +741,11 @@ if ($page == 'overview') {
 							`aliasdomain`= :aliasdomain,
 							`openbasedir_path`= :openbasedir_path,
 							`ssl_redirect`= :ssl_redirect,
-							`letsencrypt`= :letsencrypt
+							`letsencrypt`= :letsencrypt,
+							`hsts` = :hsts,
+							`hsts_sub` = :hsts_sub,
+							`hsts_preload` = :hsts_preload,
+							`phpsettingid` = :phpsettingid
 							WHERE `customerid`= :customerid
 							AND `id`= :id"
 						);
@@ -683,6 +758,10 @@ if ($page == 'overview') {
 							"openbasedir_path" => $openbasedir_path,
 							"ssl_redirect" => $ssl_redirect,
 							"letsencrypt" => $letsencrypt,
+							"hsts" => $hsts_maxage,
+							"hsts_sub" => $hsts_sub,
+							"hsts_preload" => $hsts_preload,
+							"phpsettingid" => $phpsettingid,
 							"customerid" => $userinfo['customerid'],
 							"id" => $id
 						);
@@ -692,12 +771,21 @@ if ($page == 'overview') {
 							// trigger when domain id for alias destination has changed: both for old and new destination
 							triggerLetsEncryptCSRForAliasDestinationDomain($result['aliasdomain'], $log);
 							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
-						} else
-							if ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
+						} elseif ($result['wwwserveralias'] != $wwwserveralias || $result['letsencrypt'] != $letsencrypt) {
 							// or when wwwserveralias or letsencrypt was changed
 							triggerLetsEncryptCSRForAliasDestinationDomain($aliasdomain, $log);
 						}

+						// check whether LE has been disabled, so we remove the certificate
+						if ($letsencrypt == '0' && $result['letsencrypt'] == '1')  {
+							$del_stmt = Database::prepare("
+								DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :id
+							");
+							Database::pexecute($del_stmt, array(
+								'id' => $id
+							));
+						}
+
 						inserttask('1');

 						// Using nameserver, insert a task which rebuilds the server config
@@ -723,7 +811,7 @@ if ($page == 'overview') {
 					AND `dip`.`id_ipandports`
 					IN (SELECT `id_ipandports` FROM `".TABLE_DOMAINTOIP."`
 						WHERE `id_domain` = :id)
-					GROUP BY `d`.`domain`
+					GROUP BY `d`.`id`, `d`.`domain`
 					ORDER BY `d`.`domain` ASC"
 				);
 				Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid']));
@@ -732,7 +820,7 @@ if ($page == 'overview') {
 					$domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']);
 				}

-				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) {
+				if (preg_match('/^https?\:\/\//', $result['documentroot']) && validateUrl($result['documentroot'])) {
 					if (Settings::Get('panel.pathedit') == 'Dropdown') {
 						$urlvalue = $result['documentroot'];
 						$pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
@@ -756,8 +844,13 @@ if ($page == 'overview') {

 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
-				Database::pexecute($ssl_ip_stmt);
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE `dti`.`id_domain` = :id_domain AND pip.`ssl`='1'
+				");
+				Database::pexecute($ssl_ip_stmt, array("id_domain" => $result['id']));
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
 					$ssl_ipsandports = 'notempty';
@@ -793,6 +886,27 @@ if ($page == 'overview') {
 					$result_ipandport['ip'] .= $rowip['ip'] . "<br />";
 				}

+				$phpconfigs = '';
+				$has_phpconfigs = false;
+				if (isset($userinfo['allowed_phpconfigs']) && !empty($userinfo['allowed_phpconfigs']))
+				{
+					$has_phpconfigs = true;
+					$allowed_cfg = json_decode($userinfo['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY);
+					$phpconfigs_result_stmt = Database::query("
+						SELECT c.*, fc.description as interpreter
+						FROM `" . TABLE_PANEL_PHPCONFIGS . "` c
+						LEFT JOIN `" . TABLE_PANEL_FPMDAEMONS . "` fc ON fc.id = c.fpmsettingid
+						WHERE c.id IN (".implode(", ", $allowed_cfg).")
+					");
+					while ($phpconfigs_row = $phpconfigs_result_stmt->fetch(PDO::FETCH_ASSOC)) {
+						if ((int) Settings::Get('phpfpm.enabled') == 1) {
+							$phpconfigs .= makeoption($phpconfigs_row['description'] . " [".$phpconfigs_row['interpreter']."]", $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+						} else {
+							$phpconfigs .= makeoption($phpconfigs_row['description'], $phpconfigs_row['id'], $result['phpsettingid'], true, true);
+						}
+					}
+				}
+
 				$domainip = $result_ipandport['ip'];
 				$result = htmlentities_array($result);

@@ -928,4 +1042,9 @@ if ($page == 'overview') {
 } elseif ($page == 'domaindnseditor' && $userinfo['dnsenabled'] == '1' && Settings::Get('system.dnsenabled') == '1') {

 	require_once __DIR__.'/dns_editor.php';
+
+} elseif ($page == 'sslcertificates') {
+
+	require_once __DIR__.'/ssl_certificates.php';
+
 }
--- a/customer_email.php
+++ b/customer_email.php
@@ -96,7 +96,8 @@ if ($page == 'overview') {
 					$row['destination'] = explode(' ', $row['destination']);
 					uasort($row['destination'], 'strcasecmp');

-					while (list($dest_id, $destination) = each($row['destination'])) {
+					$dest_list = $row['destination'];
+					foreach ($dest_list as $dest_id => $destination) {
 						$row['destination'][$dest_id] = $idna_convert->decode($row['destination'][$dest_id]);

 						if ($row['destination'][$dest_id] == $row['email_full']) {
@@ -164,7 +165,7 @@ if ($page == 'overview') {
 						Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $result['popaccountid']));
 						$update_users_query_addon .= " , `email_accounts_used` = `email_accounts_used` - 1 ";
 						$number_forwarders-= 1;
-						$log->logAction(USR_ACTION, LOG_NOTICE, "deleted forwarder for email address '" . $result['email'] . "'");
+						$log->logAction(USR_ACTION, LOG_INFO, "deleted forwarder for email address '" . $result['email'] . "'");
 					}
 				} else {
 					$number_forwarders = 0;
@@ -205,7 +206,8 @@ if ($page == 'overview') {
 		if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				$email_part = $_POST['email_part'];
-				$domain = $idna_convert->encode(validate($_POST['domain'], 'domain'));
+				// domain does not need idna encoding as the value of the select-box is already Punycode
+				$domain = validate($_POST['domain'], 'domain');
 				$stmt = Database::prepare("SELECT `id`, `domain`, `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
 					WHERE `domain`= :domain
 					AND `customerid`= :customerid
@@ -322,7 +324,7 @@ if ($page == 'overview') {
 			$forwarders = '';
 			$forwarders_count = 0;

-			while (list($dest_id, $destination) = each($result['destination'])) {
+			foreach ($result['destination'] as $dest_id => $destination) {
 				$destination = $idna_convert->decode($destination);

 				if ($destination != $result['email_full'] && $destination != '') {
@@ -651,7 +653,7 @@ if ($page == 'overview') {

 				$password = validatePassword($password);

-				$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
+				$log->logAction(USR_ACTION, LOG_INFO, "changed email password for '" . $result['email_full'] . "'");
 				$cryptPassword = makeCryptPassword($password);
 				$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "`
 					SET " . (Settings::Get('system.mailpwcleartext') == '1' ? "`password` = :password, " : '') . "
@@ -698,7 +700,7 @@ if ($page == 'overview') {
 				if ($userinfo['email_quota'] != '-1' && ($quota == 0 || ($quota + $userinfo['email_quota_used'] - $result['quota']) > $userinfo['email_quota'])) {
 					standard_error('allocatetoomuchquota', $quota);
 				} else {
-					$log->logAction(USR_ACTION, LOG_NOTICE, "updated quota for email address '" . $result['email'] . "' to " . $quota . " MB");
+					$log->logAction(USR_ACTION, LOG_INFO, "updated quota for email address '" . $result['email'] . "' to " . $quota . " MB");
 					$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "`
 						SET `quota` = :quota
 						WHERE `id` = :id
@@ -833,7 +835,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($stmt, array("cid" => $userinfo['customerid']));

-						$log->logAction(USR_ACTION, LOG_NOTICE, "added email forwarder for '" . $result['email_full'] . "'");
+						$log->logAction(USR_ACTION, LOG_INFO, "added email forwarder for '" . $result['email_full'] . "'");
 						redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 					}
 				} else {
@@ -894,7 +896,7 @@ if ($page == 'overview') {
 					);
 					Database::pexecute($stmt, array("cid" => $userinfo['customerid']));

-					$log->logAction(USR_ACTION, LOG_NOTICE, "deleted email forwarder for '" . $result['email_full'] . "'");
+					$log->logAction(USR_ACTION, LOG_INFO, "deleted email forwarder for '" . $result['email_full'] . "'");
 					redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 				} else {
 					ask_yesno('email_reallydelete_forwarder', $filename, array('id' => $id, 'forwarderid' => $forwarderid, 'page' => $page, 'action' => $action), $idna_convert->decode($result['email_full']) . ' -> ' . $idna_convert->decode($forwarder));
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -45,7 +45,7 @@ if ($page == 'overview') {
 		);
 		$paging = new paging($userinfo, TABLE_FTP_USERS, $fields);

-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid`= :customerid " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit()
 		);
 		Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
@@ -134,6 +134,12 @@ if ($page == 'overview') {
 				// refs #293
 				if (isset($_POST['delete_userfiles']) && (int)$_POST['delete_userfiles'] == 1) {
 					inserttask('8', $userinfo['loginname'], $result['homedir']);
+				} else {
+					if (Settings::Get('system.nssextrausers') == 1)
+					{
+						// this is used so that the libnss-extrausers cron is fired
+						inserttask(5);
+					}
 				}

 				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
@@ -158,6 +164,10 @@ if ($page == 'overview') {
 				$path = validate($_POST['path'], 'path');
 				$password = validate($_POST['ftp_password'], 'password');
 				$password = validatePassword($password);
+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}

 				$sendinfomail = isset($_POST['sendinfomail']) ? 1 : 0;
 				if ($sendinfomail != 1) {
@@ -205,8 +215,8 @@ if ($page == 'overview') {
 					$cryptPassword = makeCryptPassword($password);

 					$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
-						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`)
-						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid)"
+						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`)
+						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid, :shell)"
 					);
 					$params = array(
 						"customerid" => $userinfo['customerid'],
@@ -214,7 +224,8 @@ if ($page == 'overview') {
 						"description" => $description,
 						"password" => $cryptPassword,
 						"homedir" => $path,
-						"guid" => $userinfo['guid']
+						"guid" => $userinfo['guid'],
+						"shell" => $shell
 					);
 					Database::pexecute($stmt, $params);

@@ -334,6 +345,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", "/bin/false");
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, "/bin/false");
+						}
+					}
+				}
+
 				//$sendinfomail = makeyesno('sendinfomail', '1', '0', '0');

 				$ftp_add_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_add.php';
@@ -346,7 +369,7 @@ if ($page == 'overview') {
 			}
 		}
 	} elseif ($action == 'edit' && $id != 0) {
-		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid` FROM `" . TABLE_FTP_USERS . "`
+		$result_stmt = Database::prepare("SELECT `id`, `username`, `description`, `homedir`, `uid`, `gid`, `shell` FROM `" . TABLE_FTP_USERS . "`
 			WHERE `customerid` = :customerid
 			AND `id` = :id"
 		);
@@ -358,6 +381,11 @@ if ($page == 'overview') {
 				// @FIXME use a good path-validating regex here (refs #1231)
 				$path = validate($_POST['path'], 'path');

+				$shell = "/bin/false";
+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shell = isset($_POST['shell']) ? validate($_POST['shell'], 'shell') : '/bin/false';
+				}
+
 				$_setnewpass = false;
 				if (isset($_POST['ftp_password']) && $_POST['ftp_password'] != '') {
 					$password = validate($_POST['ftp_password'], 'password');
@@ -409,13 +437,14 @@ if ($page == 'overview') {
 				}

 				$log->logAction(USR_ACTION, LOG_INFO, "edited ftp-account '" . $result['username'] . "'");
+				inserttask(5);
 				$description = validate($_POST['ftp_description'], 'description');
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
-					SET `description` = :desc
+					SET `description` = :desc, `shell` = :shell
 					WHERE `customerid` = :customerid
 					AND `id` = :id"
 				);
-				Database::pexecute($stmt, array("desc" => $description, "customerid" => $userinfo['customerid'], "id" => $id));
+				Database::pexecute($stmt, array("desc" => $description, "shell" => $shell, "customerid" => $userinfo['customerid'], "id" => $id));

 				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
@@ -441,6 +470,18 @@ if ($page == 'overview') {
 					}
 				}

+				if (Settings::Get('system.allow_customer_shell') == '1') {
+					$shells = makeoption("/bin/false", "/bin/false", $result['shell']);
+					$shells_avail = Settings::Get('system.available_shells');
+					if (!empty($shells_avail)) {
+						$shells_avail = explode(",", $shells_avail);
+						$shells_avail = array_map("trim", $shells_avail);
+						foreach ($shells_avail as $_shell) {
+							$shells .= makeoption($_shell, $_shell, $result['shell']);
+						}
+					}
+				}
+
 				$ftp_edit_data = include_once dirname(__FILE__).'/lib/formfields/customer/ftp/formfield.ftp_edit.php';
 				$ftp_edit_form = htmlform::genHTMLForm($ftp_edit_data);

--- a/customer_index.php
+++ b/customer_index.php
@@ -78,8 +78,15 @@ if ($page == 'overview') {
 	$yesterday = time() - (60 * 60 * 24);
 	$month = date('M Y', $yesterday);

+	// get disk-space usages for web, mysql and mail
+	$usages_stmt = Database::prepare("SELECT * FROM `".TABLE_PANEL_DISKSPACE."` WHERE `customerid` = :cid ORDER BY `stamp` DESC LIMIT 1");
+	$usages = Database::pexecute_first($usages_stmt, array('cid' => $userinfo['customerid']));
+
 	$userinfo['diskspace'] = round($userinfo['diskspace'] / 1024, Settings::Get('panel.decimal_places'));
-	$userinfo['diskspace_used'] = round($userinfo['diskspace_used'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['diskspace_used'] = round($usages['webspace'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['mailspace_used'] = round($usages['mail'] / 1024, Settings::Get('panel.decimal_places'));
+	$userinfo['dbspace_used'] = round($usages['mysql'] / 1024, Settings::Get('panel.decimal_places'));
+
 	$userinfo['traffic'] = round($userinfo['traffic'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo['traffic_used'] = round($userinfo['traffic_used'] / (1024 * 1024), Settings::Get('panel.decimal_places'));
 	$userinfo = str_replace_array('-1', $lng['customer']['unlimited'], $userinfo, 'diskspace traffic mysqls emails email_accounts email_forwarders email_quota ftps tickets subdomains');
@@ -197,7 +204,7 @@ if ($page == 'overview') {
 		}

 		$language_options = '';
-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options .= makeoption($language_name, $language_file, $default_lang, true);
 		}

@@ -267,7 +274,8 @@ if ($page == 'overview') {
 			$mail_body .= "File: ".$_error['file'].':'.$_error['line']."\n\n";
 			$mail_body .= "Trace:\n".trim($_error['trace'])."\n\n";
 			$mail_body .= "-------------------------------------------------------------\n\n";
-			$mail_body .= "Froxlor-version: ".$version."\n\n";
+			$mail_body .= "Froxlor-version: ".$version."\n";
+			$mail_body .= "DB-version: ".$dbversion."\n\n";
 			$mail_body .= "End of report";
 			$mail_html = str_replace("\n", "<br />", $mail_body);

--- a/customer_logger.php
+++ b/customer_logger.php
@@ -16,7 +16,6 @@
 * @package    Panel
 *
 */
-
 define('AREA', 'customer');
 require './lib/init.php';

@@ -25,8 +24,7 @@ if (Settings::IsInList('panel.customer_hide_options','extras.logger')) {
 	redirectTo('customer_index.php');
 }

-if ($page == 'log'
-) {
+if ($page == 'log') {
 	if ($action == '') {
 		$fields = array(
 			'date' => $lng['logger']['date'],
@@ -34,12 +32,18 @@ if ($page == 'log'
 			'user' => $lng['logger']['user'],
 			'text' => $lng['logger']['action']
 		);
-		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc');
-		$result_stmt = Database::prepare('
-			SELECT * FROM `' . TABLE_PANEL_LOG . '` WHERE `user` = :loginname ' . $paging->getSqlWhere(true) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("loginname" => $userinfo['loginname']));
-		$logs_count = Database::num_rows();
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc', 30);
+		$query = 'SELECT * FROM `' . TABLE_PANEL_LOG . '` WHERE `user` = :loginname ' . $paging->getSqlWhere(true) . ' ' . $paging->getSqlOrderBy();
+		$result_stmt = Database::prepare($query . ' ' . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"loginname" => $userinfo['loginname']
+		));
+		$result_cnt_stmt = Database::prepare($query);
+		Database::pexecute($result_cnt_stmt, array(
+			"loginname" => $userinfo['loginname']
+		));
+		$res_cnt = $result_cnt_stmt->fetch(PDO::FETCH_ASSOC);
+		$logs_count = $result_cnt_stmt->rowCount();
 		$paging->setEntries($logs_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -49,17 +53,13 @@ if ($page == 'log'
 		
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			
-			if (!isset($clog[$row['action']])
-				|| !is_array($clog[$row['action']])
-			) {
+			if (! isset($clog[$row['action']]) || ! is_array($clog[$row['action']])) {
 				$clog[$row['action']] = array();
 			}
 			$clog[$row['action']][$row['logid']] = $row;
 		}
 		
-		if ($paging->sortfield == 'date'
-			&& $paging->sortorder == 'desc'
-		) {
+		if ($paging->sortfield == 'date' && $paging->sortorder == 'desc') {
 			krsort($clog);
 		} else {
 			ksort($clog);
@@ -72,7 +72,7 @@ if ($page == 'log'
 		foreach ($clog as $action => $logrows) {
 			$_action = 0;
 			foreach ($logrows as $row) {
-				if ($paging->checkDisplay($i)) {
+				// if ($paging->checkDisplay($i)) {
 				$row = htmlentities_array($row);
 				$row['date'] = date("d.m.y H:i:s", $row['date']);
 				
@@ -110,13 +110,12 @@ if ($page == 'log'
 				eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
 				$count ++;
 				$_action = $action;
-				}
+				// }
 				$i ++;
 			}
 			$i ++;
 		}
 		
 		eval("echo \"" . getTemplate('logger/logger') . "\";");
-
 	}
 }
--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -20,10 +20,6 @@
 define('AREA', 'customer');
 require './lib/init.php';

-// redirect if this customer page is hidden via settings
-if (Settings::IsInList('panel.customer_hide_options','domains')) {
-	redirectTo('customer_index.php');
-}

 if (isset($_POST['id'])) {

--- a/customer_traffic.php
+++ b/customer_traffic.php
@@ -115,8 +115,7 @@ if (!is_null($month) && !is_null($year)) {
 	$result_stmt = Database::prepare("SELECT `month`, `year`, SUM(`http`) AS http, SUM(`ftp_up`) AS ftp_up, SUM(`ftp_down`) AS ftp_down, SUM(`mail`) AS mail
 		FROM `" . TABLE_PANEL_TRAFFIC . "`
 		WHERE `customerid` = :customerid
-		GROUP BY CONCAT(`year`,`month`)
-		ORDER BY CONCAT(`year`,`month`) DESC
+		GROUP BY `year` DESC, `month` DESC
 		LIMIT 12"
 	);
 	Database::pexecute($result_stmt, array("customerid" => $userinfo['customerid']));
--- a/dns_editor.php
+++ b/dns_editor.php
@@ -56,13 +56,29 @@ if ($action == 'add_record' && ! empty($_POST)) {
 		if (strpos($record, '--') !== false) {
 			$errors[] = $lng['error']['domain_nopunycode'];
 		} else {
+			// check for wildcard-record
+			$add_wildcard_again = false;
+			if (substr($record, 0, 2) == '*.') {
+				$record = substr($record, 2);
+				$add_wildcard_again = true;
+			}
+			// convert entry
 			$record = $idna_convert->encode($record);
+
+			if ($add_wildcard_again) {
+				$record = '*.'.$record;
+			}
+
+			/*
+			 * see https://redmine.froxlor.org/issues/1697
+			 *
 			if ($type != 'SRV' && $type != 'TXT') {
 				$check_dom = $record . '.example.com';
 				if (! validateDomain($check_dom)) {
 					$errors[] = sprintf($lng['error']['subdomainiswrong'], $idna_convert->decode($record));
 				}
 			}
+			*/
 			if (strlen($record) > 63) {
 				$errors[] = $lng['error']['dns_record_toolong'];
 			}
@@ -112,6 +128,9 @@ if ($action == 'add_record' && ! empty($_POST)) {
 		if (substr($content, - 1) == '.') {
 			// remove it for checks
 			$content = substr($content, 0, - 1);
+		} else {
+			// add domain name
+			$content .= '.' . $domain;
 		}
 		if (! validateDomain($content)) {
 			$errors[] = $lng['error']['dns_cname_invaliddom'];
@@ -171,8 +190,8 @@ if ($action == 'add_record' && ! empty($_POST)) {
 				}
 			}
 		}
-		// append trailing dot (again)
-		if ($target != '.') {
+		// append trailing dot if there's none
+		if (substr($content, - 1) != '.') {
 			$content .= '.';
 		}
 	}
--- a/index.php
+++ b/index.php
@@ -250,7 +250,7 @@ if ($action == 'login') {
 		$language_options = '';
 		$language_options .= makeoption($lng['login']['profile_lng'], 'profile', 'profile', true, true);

-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options .= makeoption($language_name, $language_file, 'profile', true);
 		}

--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -66,7 +66,7 @@ CREATE TABLE `mail_virtual` (
  `id` int(11) NOT NULL auto_increment,
  `email` varchar(255) NOT NULL default '',
  `email_full` varchar(255) NOT NULL default '',
-  `destination` text NOT NULL,
+  `destination` text,
  `domainid` int(11) NOT NULL default '0',
  `customerid` int(11) NOT NULL default '0',
  `popaccountid` int(11) NOT NULL default '0',
@@ -195,8 +195,10 @@ CREATE TABLE `panel_customers` (
  `theme` varchar(255) NOT NULL default 'Sparkle',
  `custom_notes` text,
  `custom_notes_show` tinyint(1) NOT NULL default '0',
-  `lepublickey` mediumtext DEFAULT NULL,
-  `leprivatekey` mediumtext DEFAULT NULL,
+  `lepublickey` mediumtext default NULL,
+  `leprivatekey` mediumtext default NULL,
+  `leregistered` tinyint(1) NOT NULL default '0',
+  `allowed_phpconfigs` varchar(500) NOT NULL default '',
   PRIMARY KEY  (`customerid`),
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -237,6 +239,7 @@ CREATE TABLE `panel_domains` (
  `dkim_pubkey` text,
  `wwwserveralias` tinyint(1) NOT NULL default '1',
  `parentdomainid` int(11) NOT NULL default '0',
+  `phpenabled` tinyint(1) NOT NULL default '0',
  `openbasedir` tinyint(1) NOT NULL default '0',
  `openbasedir_path` tinyint(1) NOT NULL default '0',
  `speciallogfile` tinyint(1) NOT NULL default '0',
@@ -245,8 +248,8 @@ CREATE TABLE `panel_domains` (
  `deactivated` tinyint(1) NOT NULL default '0',
  `bindserial` varchar(10) NOT NULL default '2000010100',
  `add_date` int( 11 ) NOT NULL default '0',
-  `registration_date` date NOT NULL,
-  `termination_date` date NOT NULL,
+  `registration_date` date DEFAULT NULL,
+  `termination_date` date DEFAULT NULL,
  `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',
  `mod_fcgid_starter` int(4) default '-1',
  `mod_fcgid_maxrequests` int(4) default '-1',
@@ -254,7 +257,9 @@ CREATE TABLE `panel_domains` (
  `letsencrypt` tinyint(1) NOT NULL default '0',
  `hsts` varchar(10) NOT NULL default '0',
  `hsts_sub` tinyint(1) NOT NULL default '0',
-  `hsts_preload` tinyint(1) NOT NULL default '1',
+  `hsts_preload` tinyint(1) NOT NULL default '0',
+  `ocsp_stapling` tinyint(1) DEFAULT '0',
+  `http2` tinyint(1) DEFAULT '0',
  PRIMARY KEY  (`id`),
  KEY `customerid` (`customerid`),
  KEY `parentdomain` (`parentdomainid`),
@@ -280,7 +285,8 @@ CREATE TABLE `panel_ipsandports` (
  `default_vhostconf_domain` text,
  `ssl_cert_chainfile` varchar(255) NOT NULL,
  `docroot` varchar(255) NOT NULL default '',
-  PRIMARY KEY  (`id`)
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `ip_port` (`ip`,`port`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;


@@ -408,6 +414,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('phpfpm', 'max_requests', '0'),
 	('phpfpm', 'tmpdir', '/var/customers/tmp/'),
 	('phpfpm', 'peardir', '/usr/share/php/:/usr/share/php5/'),
+	('phpfpm', 'envpath', '/usr/local/bin:/usr/bin:/bin'),
 	('phpfpm', 'enabled_ownvhost', '0'),
 	('phpfpm', 'vhost_httpuser', 'froxlorlocal'),
 	('phpfpm', 'vhost_httpgroup', 'froxlorlocal'),
@@ -417,6 +424,102 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('phpfpm', 'vhost_defaultini', '2'),
 	('phpfpm', 'fastcgi_ipcdir', '/var/lib/apache2/fastcgi/'),
 	('phpfpm', 'use_mod_proxy', '0'),
+	('phpfpm', 'ini_flags', 'asp_tags
+display_errors
+display_startup_errors
+html_errors
+log_errors
+magic_quotes_gpc
+magic_quotes_runtime
+magic_quotes_sybase
+mail.add_x_header
+session.cookie_secure
+session.use_cookies
+short_open_tag
+track_errors
+xmlrpc_errors
+suhosin.simulation
+suhosin.session.encrypt
+suhosin.session.cryptua
+suhosin.session.cryptdocroot
+suhosin.cookie.encrypt
+suhosin.cookie.cryptua
+suhosin.cookie.cryptdocroot
+suhosin.executor.disable_eval
+mbstring.func_overload'),
+	('phpfpm', 'ini_values', 'auto_append_file
+auto_prepend_file
+date.timezone
+default_charset
+error_reporting
+include_path
+log_errors_max_len
+mail.log
+max_execution_time
+session.cookie_domain
+session.cookie_lifetime
+session.cookie_path
+session.name
+session.serialize_handler
+upload_max_filesize
+xmlrpc_error_number
+session.auto_start
+always_populate_raw_post_data
+suhosin.session.cryptkey
+suhosin.session.cryptraddr
+suhosin.session.checkraddr
+suhosin.cookie.cryptkey
+suhosin.cookie.plainlist
+suhosin.cookie.cryptraddr
+suhosin.cookie.checkraddr
+suhosin.executor.func.blacklist
+suhosin.executor.eval.whitelist'),
+	('phpfpm', 'ini_admin_flags', 'allow_call_time_pass_reference
+allow_url_fopen
+allow_url_include
+auto_detect_line_endings
+cgi.fix_pathinfo
+cgi.force_redirect
+enable_dl
+expose_php
+file_uploads
+ignore_repeated_errors
+ignore_repeated_source
+log_errors
+register_argc_argv
+report_memleaks
+opcache.enable
+opcache.consistency_checks
+opcache.dups_fix
+opcache.load_comments
+opcache.revalidate_path
+opcache.save_comments
+opcache.use_cwd
+opcache.validate_timestamps
+opcache.fast_shutdown'),
+	('phpfpm', 'ini_admin_values', 'cgi.redirect_status_env
+date.timezone
+disable_classes
+disable_functions
+error_log
+gpc_order
+max_input_time
+max_input_vars
+memory_limit
+open_basedir
+output_buffering
+post_max_size
+precision
+sendmail_path
+session.gc_divisor
+session.gc_probability
+variables_order
+opcache.log_verbosity_level
+opcache.restrict_api
+opcache.revalidate_freq
+opcache.max_accelerated_files
+opcache.memory_consumption
+opcache.interned_strings_buffer'),
 	('nginx', 'fastcgiparams', '/etc/nginx/fastcgi_params'),
 	('system', 'lastaccountnumber', '0'),
 	('system', 'lastguid', '9999'),
@@ -496,9 +599,11 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'ssl_cert_chainfile', ''),
 	('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
 	('system', 'nginx_php_backend', '127.0.0.1:8888'),
+	('system', 'http2_support', '0'),
 	('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
 	('system', 'phpreload_command', ''),
-	('system', 'apache24', '0'),
+	('system', 'apache24', '1'),
+	('system', 'apache24_ocsp_cache_path', 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)'),
 	('system', 'documentroot_use_default_value', '0'),
 	('system', 'passwordcryptfunc', '3'),
 	('system', 'axfrservers', ''),
@@ -521,15 +626,35 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'lepublickey', 'unset'),
 	('system', 'letsencryptca', 'production'),
 	('system', 'letsencryptcountrycode', 'DE'),
-	('system', 'letsencryptstate', 'Germany'),
+	('system', 'letsencryptstate', 'Hessen'),
 	('system', 'letsencryptchallengepath', '/var/www/froxlor'),
 	('system', 'letsencryptkeysize', '4096'),
 	('system', 'letsencryptreuseold', 0),
 	('system', 'leenabled', '0'),
+	('system', 'leapiversion', '1'),
 	('system', 'backupenabled', '0'),
 	('system', 'dnsenabled', '0'),
 	('system', 'dns_server', 'bind'),
 	('system', 'apacheglobaldiropt', ''),
+	('system', 'allow_customer_shell', '0'),
+	('system', 'available_shells', ''),
+	('system', 'le_froxlor_enabled', '0'),
+	('system', 'le_froxlor_redirect', '0'),
+	('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),
+	('system', 'mail_use_smtp', '0'),
+	('system', 'mail_smtp_host', 'localhost'),
+	('system', 'mail_smtp_port', '25'),
+	('system', 'mail_smtp_usetls', '1'),
+	('system', 'mail_smtp_auth', '1'),
+	('system', 'mail_smtp_user', ''),
+	('system', 'mail_smtp_passwd', ''),
+	('system', 'hsts_maxage', '0'),
+	('system', 'hsts_incsub', '0'),
+	('system', 'hsts_preload', '0'),
+	('system', 'leregistered', '0'),
+	('system', 'nssextrausers', '0'),
+	('system', 'disable_le_selfcheck', '0'),
+	('system', 'ssl_protocols', 'TLSv1,TLSv1.2'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -560,8 +685,9 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.37'),
-	('panel', 'db_version', '201607210');
+	('panel', 'customer_hide_options', ''),
+	('panel', 'version', '0.9.39.1'),
+	('panel', 'db_version', '201801260');


 DROP TABLE IF EXISTS `panel_tasks`;
@@ -727,6 +853,33 @@ CREATE TABLE IF NOT EXISTS `panel_syslog` (
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;


+
+DROP TABLE IF EXISTS `panel_fpmdaemons`;
+CREATE TABLE `panel_fpmdaemons` (
+  `id` int(11) unsigned NOT NULL auto_increment,
+  `description` varchar(50) NOT NULL,
+  `reload_cmd` varchar(255) NOT NULL,
+  `config_dir` varchar(255) NOT NULL,
+  `pm` varchar(15) NOT NULL DEFAULT 'static',
+  `max_children` int(4) NOT NULL DEFAULT '1',
+  `start_servers` int(4) NOT NULL DEFAULT '20',
+  `min_spare_servers` int(4) NOT NULL DEFAULT '5',
+  `max_spare_servers` int(4) NOT NULL DEFAULT '35',
+  `max_requests` int(4) NOT NULL DEFAULT '0',
+  `idle_timeout` int(4) NOT NULL DEFAULT '30',
+  `limit_extensions` varchar(255) NOT NULL default '.php',
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `reload` (`reload_cmd`),
+  UNIQUE KEY `config` (`config_dir`)
+) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
+
+
+
+INSERT INTO `panel_fpmdaemons` (`id`, `description`, `reload_cmd`, `config_dir`) VALUES
+(1, 'System default', 'service php7.0-fpm restart', '/etc/php/7.0/fpm/pool.d/');
+
+
+
 DROP TABLE IF EXISTS `panel_phpconfigs`;
 CREATE TABLE `panel_phpconfigs` (
  `id` int(11) unsigned NOT NULL auto_increment,
@@ -740,14 +893,17 @@ CREATE TABLE `panel_phpconfigs` (
  `fpm_reqterm` varchar(15) NOT NULL default '60s',
  `fpm_reqslow` varchar(15) NOT NULL default '5s',
  `phpsettings` text NOT NULL,
-  PRIMARY KEY  (`id`)
+  `fpmsettingid` int(11) NOT NULL DEFAULT '1',
+  `pass_authorizationheader` tinyint(1) NOT NULL default '0',
+  PRIMARY KEY  (`id`),
+  KEY `fpmsettingid` (`fpmsettingid`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;



 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
 (1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = "{DOCUMENT_ROOT}"\r\n'),
-(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');
+(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');


 DROP TABLE IF EXISTS `cronjobs_run`;
--- a/install/lib/class.FroxlorInstall.php
+++ b/install/lib/class.FroxlorInstall.php
@@ -74,10 +74,17 @@ class FroxlorInstall
 	/**
 	 * currently used language
 	 *
-	 * @var unknown
+	 * @var string
 	 */
 	private $_activelng = 'english';

+	/**
+	 * check whether to abort due to errors
+	 *
+	 * @var bool
+	 */
+	private $_abort = false;
+
 	/**
 	 * Class constructor
 	 */
@@ -177,10 +184,14 @@ class FroxlorInstall
 		}
 		
 		// check system-hostname to be a FQDN
-		if ($this->_validate_ip($this->_data['servername'], true) !== false) {
+		if ($this->_validate_ip($this->_data['servername']) !== false) {
 			$this->_data['servername'] = '';
 		}
 		
+		if (empty($this->_data['serverip']) || $this->_validate_ip($this->_data['serverip']) == false) {
+			return false;
+		}
+		
 		if (isset($_POST['installstep']) && $_POST['installstep'] == '1' && $this->_data['admin_pass1'] == $this->_data['admin_pass2'] && $this->_data['admin_pass1'] != '' && $this->_data['admin_pass2'] != '' && $this->_data['mysql_unpriv_pass'] != '' && $this->_data['mysql_root_pass'] != '' && $this->_data['servername'] != '' && $this->_data['serverip'] != '' && $this->_data['httpuser'] != '' && $this->_data['httpgroup'] != '' && $this->_data['mysql_unpriv_user'] != $this->_data['mysql_root_user']) {
 			return true;
 		}
@@ -200,7 +211,7 @@ class FroxlorInstall
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_mysql']);
 		
 		$options = array(
-			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
 		);
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";";
 		$fatal_fail = false;
@@ -234,9 +245,10 @@ class FroxlorInstall
 			$content .= $this->_createDatabaseAndUser($db_root);
 			// importing data to new database
 			$content .= $this->_importDatabaseData();
+			if (! $this->_abort) {
 				// create DB object for new database
 				$options = array(
-				'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+					'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
 				);
 				$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 				$another_fail = false;
@@ -247,7 +259,6 @@ class FroxlorInstall
 					$content .= $this->_status_message('red', $e->getMessage());
 					$another_fail = true;
 				}
-			;

 				if (! $another_fail) {
 					// change settings accordingly
@@ -259,11 +270,12 @@ class FroxlorInstall
 					$content .= $this->_createUserdataConf();
 				}
 			}
+		}
 		
 		$content .= "</table>";
 		
 		// check if we have unrecoverable errors
-		if ($fatal_fail || $another_fail) {
+		if ($fatal_fail || $another_fail || $this->_abort) {
 			// D'oh
 			$navigation = '';
 			$msgcolor = 'red';
@@ -507,17 +519,23 @@ class FroxlorInstall
 		$content = "";
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_new_db']);
 		$options = array(
-			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
 		);
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 		$fatal_fail = false;
 		try {
 			$db = new PDO($dsn, $this->_data['mysql_unpriv_user'], $this->_data['mysql_unpriv_pass'], $options);
+			$attributes = array(
+				'ATTR_ERRMODE' => 'ERRMODE_EXCEPTION'
+			);
+			// set attributes
+			foreach ($attributes as $k => $v) {
+				$db->setAttribute(constant("PDO::" . $k), constant("PDO::" . $v));
+			}
 		} catch (PDOException $e) {
 			$content .= $this->_status_message('red', $e->getMessage());
 			$fatal_fail = true;
 		}
-		;
 		
 		if (! $fatal_fail) {
 			
@@ -530,12 +548,21 @@ class FroxlorInstall
 			$sql_query = $this->_split_sql_file($sql_query, ';');
 			for ($i = 0; $i < sizeof($sql_query); $i ++) {
 				if (trim($sql_query[$i]) != '') {
+					try {
 						$result = $db->query($sql_query[$i]);
+					} catch (\PDOException $e) {
+						$content .= $this->_status_message('red', $e->getMessage());
+						$fatal_fail = true;
+						$this->_abort = true;
+						break;
 					}
 				}
+			}
+			
+			if (! $fatal_fail) {
+				$content .= $this->_status_message('green', 'OK');
+			}
 			$db = null;
-
-			$content .= $this->_status_message('green', 'OK');
 		}
 		
 		return $content;
@@ -698,7 +725,7 @@ class FroxlorInstall
 		}
 		// language selection
 		$language_options = '';
-		while (list ($language_file, $language_name) = each($this->_languages)) {
+		foreach ($this->_languages as $language_name => $language_file) {
 			$language_options .= makeoption($language_name, $language_file, $this->_activelng, true, true);
 		}
 		// get language-form-template
@@ -781,7 +808,7 @@ class FroxlorInstall
 		}
 		$formdata .= $this->_getSectionItemString('servername', true, $style);
 		// serverip
-		if (! empty($_POST['installstep']) && $this->_data['serverip'] == '') {
+		if (! empty($_POST['installstep']) && ($this->_data['serverip'] == '' || $this->_validate_ip($this->_data['serverip']) == false)) {
 			$style = 'color:red;';
 		} else {
 			$style = '';
@@ -996,6 +1023,24 @@ class FroxlorInstall
 			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
 		}
 		
+		// check for zip extension
+		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpzip']);
+		
+		if (! extension_loaded('zip')) {
+			$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['zipdescription']);
+		} else {
+			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+		}
+
+		// check for json extension
+		$content .= $this->_status_message('begin', $this->_lng['requirements']['phpjson']);
+		
+		if (! extension_loaded('json')) {
+			$content .= $this->_status_message('orange', $this->_lng['requirements']['notinstalled'] . "<br />" . $this->_lng['requirements']['jsondescription']);
+		} else {
+			$content .= $this->_status_message('green', $this->_lng['requirements']['installed']);
+		}
+
 		// check for open_basedir
 		$content .= $this->_status_message('begin', $this->_lng['requirements']['openbasedir']);
 		$php_ob = @ini_get("open_basedir");
@@ -1155,8 +1200,7 @@ class FroxlorInstall
 			$this->_data['servername'] = $_POST['servername'];
 			return;
 			// from $_SERVER
-		} else
-			if (! empty($_SERVER['SERVER_NAME'])) {
+		} else if (! empty($_SERVER['SERVER_NAME'])) {
 			// no ips
 			if ($this->_validate_ip($_SERVER['SERVER_NAME']) == false) {
 				$this->_data['servername'] = $_SERVER['SERVER_NAME'];
@@ -1195,7 +1239,7 @@ class FroxlorInstall
 			$this->_data['webserver'] = $_POST['webserver'];
 		} else {
 			if (strtoupper(@php_sapi_name()) == "APACHE2HANDLER" || stristr($_SERVER['SERVER_SOFTWARE'], "apache/2")) {
-				$this->_data['webserver'] = 'apache2';
+				$this->_data['webserver'] = 'apache24';
 			} elseif (substr(strtoupper(@php_sapi_name()), 0, 8) == "LIGHTTPD" || stristr($_SERVER['SERVER_SOFTWARE'], "lighttpd")) {
 				$this->_data['webserver'] = 'lighttpd';
 			} elseif (substr(strtoupper(@php_sapi_name()), 0, 8) == "NGINX" || stristr($_SERVER['SERVER_SOFTWARE'], "nginx")) {
--- a/install/lng/english.lng.php
+++ b/install/lng/english.lng.php
@@ -34,7 +34,11 @@ $lng['requirements']['phpposix'] = 'PHP posix-extension...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-extension...';
 $lng['requirements']['phpcurl'] = 'PHP curl-extension...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-extension...';
+$lng['requirements']['phpzip'] = 'PHP zip-extension...';
+$lng['requirements']['phpjson'] = 'PHP json-extension...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-calculation related functions will not work correctly!';
+$lng['requirements']['zipdescription'] = 'The auto-update feature requires the zip extension.';
+$lng['requirements']['jsondescription'] = 'The settings import/export feature requires the json extension.';
 $lng['requirements']['openbasedir'] = 'open_basedir...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor will not work properly with open_basedir enabled. Please disable open_basedir for Froxlor in the coresponding php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Cannot install Froxlor without these requirements! Try to fix them and retry.';
@@ -61,7 +65,7 @@ $lng['install']['serversettings'] = 'Server settings';
 $lng['install']['servername'] = 'Server name (FQDN, no ip-address)';
 $lng['install']['serverip'] = 'Server IP';
 $lng['install']['webserver'] = 'Webserver';
-$lng['install']['apache2'] = 'Apache 2';
+$lng['install']['apache2'] = 'Apache 2.2';
 $lng['install']['apache24'] = 'Apache 2.4';
 $lng['install']['lighttpd'] = 'LigHTTPd';
 $lng['install']['nginx'] = 'NGINX';
@@ -81,8 +85,8 @@ $lng['install']['changing_data'] = 'Adjusting settings...';
 $lng['install']['creating_entries'] = 'Inserting new values...';
 $lng['install']['adding_admin_user'] = 'Creating admin-account...';
 $lng['install']['creating_configfile'] = 'Creating configfile...';
-$lng['install']['creating_configfile_temp'] = 'File was saved in /tmp/userdata.inc.php, please move to lib/.';
-$lng['install']['creating_configfile_failed'] = 'Could not create lib/userdata.inc.php, please create it manually with the following content:';
+$lng['install']['creating_configfile_temp'] = 'File was saved in /tmp/userdata.inc.php, please move to '.dirname(dirname(__DIR__)).'/lib/.';
+$lng['install']['creating_configfile_failed'] = 'Could not create '.dirname(dirname(__DIR__)).'/lib/userdata.inc.php, please create it manually with the following content:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor was installed successfully.';

 $lng['click_here_to_refresh'] = 'Click here to check again';
--- a/install/lng/french.lng.php
+++ b/install/lng/french.lng.php
@@ -79,8 +79,8 @@ $lng['install']['changing_data'] = 'Ajustement des paramètres...';
 $lng['install']['creating_entries'] = 'Insertion des nouvelles valeurs...';
 $lng['install']['adding_admin_user'] = 'Création du compte administrateur...';
 $lng['install']['creating_configfile'] = 'Création du fichier de configuration...';
-$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans /tmp/userdata.inc.php, merci de le déplacer dans lib/.';
-$lng['install']['creating_configfile_failed'] = 'Impossible de créer lib/userdata.inc.php, merci de le créer manuellement avec le contenu suivant:';
+$lng['install']['creating_configfile_temp'] = 'Le fichier a été enregistré dans /tmp/userdata.inc.php, merci de le déplacer dans '.dirname(dirname(__DIR__)).'/lib/.';
+$lng['install']['creating_configfile_failed'] = 'Impossible de créer '.dirname(dirname(__DIR__)).'/lib/userdata.inc.php, merci de le créer manuellement avec le contenu suivant:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor a été installé avec succès.';

 $lng['click_here_to_refresh'] = 'Cliquez ici pour vérifier à nouveau';
--- a/install/lng/german.lng.php
+++ b/install/lng/german.lng.php
@@ -34,7 +34,11 @@ $lng['requirements']['phpposix'] = 'PHP posix-Erweiterung...';
 $lng['requirements']['phpbcmath'] = 'PHP bcmath-Erweiterung...';
 $lng['requirements']['phpcurl'] = 'PHP curl-Erweiterung...';
 $lng['requirements']['phpmbstring'] = 'PHP mbstring-Erweiterung...';
+$lng['requirements']['phpzip'] = 'PHP zip-Erweiterung...';
+$lng['requirements']['phpjson'] = 'PHP json-Erweiterung...';
 $lng['requirements']['bcmathdescription'] = 'Traffic-Berechnungs bezogene Funktionen stehen nicht vollständig zur Verfügung!';
+$lng['requirements']['zipdescription'] = 'Die Auto-Update Funktion benötigt die zip Erweiterung.';
+$lng['requirements']['jsondescription'] = 'Die Einstellungen Import/Export Funktion benötigt die json Erweiterung.';
 $lng['requirements']['openbasedir'] = 'open_basedir genutzt wird...';
 $lng['requirements']['openbasedirenabled'] = 'Froxlor wird mit aktiviertem open_basedir nicht vollständig funktionieren. Bitte deaktivieren Sie open_basedir für Froxlor in der entsprechenden php.ini';
 $lng['requirements']['diedbecauseofrequirements'] = 'Kann Froxlor ohne diese Voraussetzungen nicht installieren! Beheben Sie die angezeigten Probleme und versuchen Sie es erneut.';
@@ -81,8 +85,8 @@ $lng['install']['changing_data'] = 'Einstellungen anpassen...';
 $lng['install']['creating_entries'] = 'Trage neue Werte ein...';
 $lng['install']['adding_admin_user'] = 'Erstelle Admin-Benutzer...';
 $lng['install']['creating_configfile'] = 'Erstelle Konfigurationsdatei...';
-$lng['install']['creating_configfile_temp'] = 'Datei wurde in /tmp/userdata.inc.php gespeichert, bitte nach lib/ verschieben.';
-$lng['install']['creating_configfile_failed'] = 'Konnte lib/userdata.inc.php nicht erstellen, bitte manuell mit folgendem Inhalt anlegen:';
+$lng['install']['creating_configfile_temp'] = 'Datei wurde in /tmp/userdata.inc.php gespeichert, bitte nach '.dirname(dirname(__DIR__)).'/lib/ verschieben.';
+$lng['install']['creating_configfile_failed'] = 'Konnte '.dirname(dirname(__DIR__)).'/lib/userdata.inc.php nicht erstellen, bitte manuell mit folgendem Inhalt anlegen:';
 $lng['install']['froxlor_succ_installed'] = 'Froxlor wurde erfolgreich installiert.';

 $lng['click_here_to_refresh'] = 'Hier klicken, um erneut zu prüfen';
--- a/install/templates/dataitemchk.tpl
+++ b/install/templates/dataitemchk.tpl
@@ -1,4 +1,4 @@
 <p>
 	<label for="{$fieldname}" class="install-block {$style}">{$this->_lng['install']['webserver']} {$fieldlabel}:</label>
-	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}<span>
+	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}</span>
 </p>
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -14,10 +14,12 @@
 * @package    Install
 *
 */
+if (!defined('_CRON_UPDATE')) {
 	if (! defined('AREA') || (defined('AREA') && AREA != 'admin') || ! isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
 		header('Location: ../../../../index.php');
 		exit();
 	}
+}

 if (isFroxlorVersion('0.9-r0')) {

@@ -3415,3 +3417,472 @@ if (isFroxlorVersion('0.9.37-rc1')) {
 	showUpdateStep("Updating from 0.9.37-rc1 to 0.9.37 final", false);
 	updateToVersion('0.9.37');
 }
+
+if (isDatabaseVersion('201607210')) {
+
+	showUpdateStep("Adding new settings for customer shell option");
+	Settings::AddNew("system.allow_customer_shell", "0");
+	Settings::AddNew("system.available_shells", "");
+	lastStepStatus(0);
+
+	updateToDbVersion('201608260');
+}
+
+if (isDatabaseVersion('201608260')) {
+
+	showUpdateStep("Adding new settings to use Let's Encrypt for froxlor");
+	Settings::AddNew("system.le_froxlor_enabled", "0");
+	Settings::AddNew("system.le_froxlor_redirect", "0");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609050');
+}
+
+if (isDatabaseVersion('201609050')) {
+
+	showUpdateStep("Adding new settings for acme.conf (Let's Encrypt)");
+	// get user-chosen value
+	$websrv_default = "/etc/apache2/conf-enabled/acme.conf";
+	if (Settings::Get('system.webserver') == 'nginx') {
+		$websrv_default = "/etc/nginx/acme.conf";
+	}
+	$acmeconffile = isset($_POST['acmeconffile']) ? $_POST['acmeconffile'] : $websrv_default;
+	$acmeconffile = makeCorrectFile($acmeconffile);
+	Settings::AddNew("system.letsencryptacmeconf", $acmeconffile);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609120');
+}
+
+if (isDatabaseVersion('201609120')) {
+
+	showUpdateStep("Adding new SMTP settings for emails sent by froxlor");
+	// get user-chosen value
+	$smtp_enable = isset($_POST['smtp_enable']) ? (int) $_POST['smtp_enable'] : 0;
+	$smtp_host = isset($_POST['smtp_host']) ? $_POST['smtp_host'] : "localhost";
+	$smtp_port = isset($_POST['smtp_port']) ? (int)$_POST['smtp_port'] : 25;
+	$smtp_usetls = isset($_POST['smtp_usetls']) ? (int) $_POST['smtp_usetls'] : 1;
+	$smtp_useauth = isset($_POST['smtp_auth']) ? (int) $_POST['smtp_auth'] : 1;
+	$smtp_user = isset($_POST['smtp_user']) ? $_POST['smtp_user'] : "";
+	$smtp_passwd = isset($_POST['smtp_passwd']) ? $_POST['smtp_passwd'] : "";
+
+	Settings::AddNew("system.mail_use_smtp", $smtp_enable);
+	Settings::AddNew("system.mail_smtp_host", $smtp_host);
+	Settings::AddNew("system.mail_smtp_port", $smtp_port);
+	Settings::AddNew("system.mail_smtp_usetls", $smtp_usetls);
+	Settings::AddNew("system.mail_smtp_auth", $smtp_useauth);
+	Settings::AddNew("system.mail_smtp_user", $smtp_user);
+	Settings::AddNew("system.mail_smtp_passwd", $smtp_passwd);
+	lastStepStatus(0);
+
+	updateToDbVersion('201609200');
+}
+
+if (isDatabaseVersion('201609200')) {
+
+	showUpdateStep("Changing tables to be more mysql strict-mode compatible");
+	Database::query("ALTER TABLE `".TABLE_MAIL_VIRTUAL."` CHANGE `destination` `destination` TEXT NOT NULL DEFAULT '';");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `registration_date` `registration_date` DATE NULL DEFAULT NULL;");
+	Database::query("ALTER TABLE `".TABLE_PANEL_DOMAINS."` CHANGE `termination_date` `termination_date` DATE NULL DEFAULT NULL;");
+	lastStepStatus(0);
+
+	updateToDbVersion('201609240');
+}
+
+if (isDatabaseVersion('201609240')) {
+
+	showUpdateStep("Add HSTS settings for froxlor-vhost");
+	Settings::AddNew("system.hsts_maxage", 0);
+	Settings::AddNew("system.hsts_incsub", 0);
+	Settings::AddNew("system.hsts_preload", 0);
+	lastStepStatus(0);
+
+	showUpdateStep("Settings HSTS default values for all domains (deactivated)");
+	Database::query("UPDATE `".TABLE_PANEL_DOMAINS."` SET `hsts_sub` = '0', `hsts_preload` = '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201610070');
+}
+
+if (isFroxlorVersion('0.9.37')) {
+
+	showUpdateStep("Updating from 0.9.37 to 0.9.38-rc1", false);
+	updateToVersion('0.9.38-rc1');
+}
+
+if (isFroxlorVersion('0.9.38-rc1')) {
+
+	showUpdateStep("Updating from 0.9.38-rc1 to 0.9.38-rc2", false);
+	updateToVersion('0.9.38-rc2');
+}
+
+if (isFroxlorVersion('0.9.38-rc2')) {
+
+	showUpdateStep("Updating from 0.9.38-rc2 to 0.9.38 final", false);
+	updateToVersion('0.9.38');
+}
+
+if (isDatabaseVersion('201610070')) {
+
+	showUpdateStep("Add Nginx http2 setting");
+	Settings::AddNew("system.nginx_http2_support", 0);
+	lastStepStatus(0);
+
+	updateToDbVersion('201611180');
+}
+
+if (isFroxlorVersion('0.9.38')) {
+
+	showUpdateStep("Updating from 0.9.38 to 0.9.38.1", false);
+	updateToVersion('0.9.38.1');
+}
+
+if (isFroxlorVersion('0.9.38.1')) {
+
+	showUpdateStep("Updating from 0.9.38.1 to 0.9.38.2", false);
+	updateToVersion('0.9.38.2');
+}
+
+if (isFroxlorVersion('0.9.38.2')) {
+
+	showUpdateStep("Updating from 0.9.38.2 to 0.9.38.3", false);
+	updateToVersion('0.9.38.3');
+}
+
+if (isFroxlorVersion('0.9.38.3')) {
+
+	showUpdateStep("Updating from 0.9.38.3 to 0.9.38.4", false);
+	updateToVersion('0.9.38.4');
+}
+
+if (isDatabaseVersion('201611180')) {
+
+	showUpdateStep("Updating database table definition for panel_domains");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `phpenabled` tinyint(1) NOT NULL default '1' AFTER `parentdomainid`;");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding field for let's-encrypt registration status");
+	Database::query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` add `leregistered` TINYINT(1) NOT NULL DEFAULT 0;");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding system setting for let's-encrypt registration status");
+	Settings::AddNew('system.leregistered', '0');
+	lastStepStatus(0);
+
+  showUpdateStep("Adding unique key to ipsandports table");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_IPSANDPORTS . "` ADD UNIQUE KEY `ip_port` (`ip`,`port`)");
+	lastStepStatus(0);
+
+	updateToDbVersion('201612110');
+}
+
+if (isFroxlorVersion('0.9.38.4')) {
+
+	showUpdateStep("Updating from 0.9.38.4 to 0.9.38.5", false);
+	updateToVersion('0.9.38.5');
+}
+
+if (isFroxlorVersion('0.9.38.5')) {
+
+	showUpdateStep("Updating from 0.9.38.5 to 0.9.38.6", false);
+	updateToVersion('0.9.38.6');
+}
+
+if (isFroxlorVersion('0.9.38.6')) {
+
+	showUpdateStep("Updating from 0.9.38.6 to 0.9.38.7", false);
+	updateToVersion('0.9.38.7');
+}
+
+if (isDatabaseVersion('201612110')) {
+
+	showUpdateStep("Adding field for OCSP stapling");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS .
+		"` ADD `ocsp_stapling` TINYINT(1) NOT NULL DEFAULT '0';");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding default setting for Apache 2.4 OCSP cache path");
+	Settings::AddNew('system.apache24_ocsp_cache_path', 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)');
+	lastStepStatus(0);
+
+	updateToDbVersion('201704100');
+}
+
+if (isDatabaseVersion('201704100')) {
+
+	showUpdateStep("Adding new setting for libnss-extrausers");
+	$system_nssextrausers= isset($_POST['system_nssextrausers']) ? (int) $_POST['system_nssextrausers'] : 0;
+	Settings::AddNew('system.nssextrausers', $system_nssextrausers);
+	lastStepStatus(0);
+
+	updateToDbVersion('201705050');
+}
+
+if (isDatabaseVersion('201705050')) {
+
+	showUpdateStep("Updating HTTP2 setting");
+	if (Settings::Get('system.nginx_http2_support') != null) {
+		Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `varname` = 'http2_support' WHERE `varname` = 'nginx_http2_support';");
+	} else {
+		Settings::AddNew('system.http2_support', 0);
+	}
+	lastStepStatus(0);
+	showUpdateStep("Adding domain field for HTTP2 stapling");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `http2` TINYINT(1) NOT NULL DEFAULT '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201708240');
+}
+
+if (isDatabaseVersion('201708240')) {
+	
+	showUpdateStep("Adding new 'disable LE self-check' setting");
+	$system_disable_le_selfcheck = isset($_POST['system_disable_le_selfcheck']) ? (int) $_POST['system_disable_le_selfcheck'] : 0;
+	Settings::AddNew('system.disable_le_selfcheck', $system_disable_le_selfcheck);
+	lastStepStatus(0);
+
+	updateToDbVersion('201712310');
+
+	showUpdateStep("Updating from 0.9.38.7 to 0.9.38.8", false);
+	updateToVersion('0.9.38.8');
+}
+
+if (isDatabaseVersion('201712310')) {
+
+	showUpdateStep("Adding field for fpm-daemon configs");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `fpmsettingid` int(11) NOT NULL DEFAULT '1';");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding new fpm-daemons table");
+	Database::query("DROP TABLE IF EXISTS `panel_fpmdaemons`;");
+	$sql = "CREATE TABLE `panel_fpmdaemons` (
+	  `id` int(11) unsigned NOT NULL auto_increment,
+	  `description` varchar(50) NOT NULL,
+	  `reload_cmd` varchar(255) NOT NULL,
+	  `config_dir` varchar(255) NOT NULL,
+	  `pm` varchar(15) NOT NULL DEFAULT 'static',
+	  `max_children` int(4) NOT NULL DEFAULT '1',
+	  `start_servers` int(4) NOT NULL DEFAULT '20',
+	  `min_spare_servers` int(4) NOT NULL DEFAULT '5',
+	  `max_spare_servers` int(4) NOT NULL DEFAULT '35',
+	  `max_requests` int(4) NOT NULL DEFAULT '0',
+	  `idle_timeout` int(4) NOT NULL DEFAULT '30',
+	  PRIMARY KEY  (`id`),
+	  UNIQUE KEY `reload` (`reload_cmd`),
+	  UNIQUE KEY `config` (`config_dir`)
+	) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;";
+	Database::query($sql);
+	lastStepStatus(0);
+
+	showUpdateStep("Converting php-fpm settings to new layout");
+	$ins_stmt = Database::prepare("
+		INSERT INTO `panel_fpmdaemons` SET
+		`id` = 1,
+		`description` = 'System default',
+		`reload_cmd` = :reloadcmd,
+		`config_dir` = :confdir,
+		`pm` = :pm,
+		`max_children` = :maxc,
+		`start_servers` = :starts,
+		`min_spare_servers` = :minss,
+		`max_spare_servers` = :maxss,
+		`max_requests` = :maxr,
+		`idle_timeout` = :it
+	");
+	Database::pexecute($ins_stmt, array(
+		'reloadcmd' => Settings::Get('phpfpm.reload'),
+		'confdir' => Settings::Get('phpfpm.configdir'),
+		'pm' => Settings::Get('phpfpm.pm'),
+		'maxc' => Settings::Get('phpfpm.max_children'),
+		'starts' => Settings::Get('phpfpm.start_servers'),
+		'minss' => Settings::Get('phpfpm.min_spare_servers'),
+		'maxss' => Settings::Get('phpfpm.max_spare_servers'),
+		'maxr' => Settings::Get('phpfpm.max_requests'),
+		'it' => Settings::Get('phpfpm.idle_timeout')
+	));
+	lastStepStatus(0);
+
+	showUpdateStep("Deleting unneeded settings");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'reload'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'configdir'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'pm'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'max_children'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'start_servers'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'min_spare_servers'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'max_spare_servers'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'max_requests'");
+	Database::query("DELETE FROM `".TABLE_PANEL_SETTINGS."` WHERE `settinggroup` = 'phpfpm' AND `varname` = 'idle_timeout'");
+	lastStepStatus(0);
+
+	updateToDbVersion('201801070');
+}
+
+if (isDatabaseVersion('201801070')) {
+
+	showUpdateStep("Adding field allowed_phpconfigs for customers");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `allowed_phpconfigs` varchar(500) NOT NULL default '';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201801080');
+}
+
+if (isDatabaseVersion('201801080')) {
+
+	showUpdateStep("Adding new setting for Let's Encrypt ACME version");
+	Settings::AddNew('system.leapiversion', '1');
+	lastStepStatus(0);
+
+	updateToDbVersion('201801090');
+}
+
+if (isDatabaseVersion('201801090')) {
+
+	showUpdateStep("Adding field pass_authorizationheader for php-configs");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_PHPCONFIGS . "` ADD `pass_authorizationheader` tinyint(1) NOT NULL default '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201801091');
+}
+
+if (isDatabaseVersion('201801091')) {
+
+	showUpdateStep("Adding new setting for SSL protocols");
+	Settings::AddNew('system.ssl_protocols', 'TLSv1,TLSv1.2');
+	lastStepStatus(0);
+
+	updateToDbVersion('201801100');
+}
+
+if (isDatabaseVersion('201801100')) {
+
+	showUpdateStep("Adding field for security.limit_extensions fpm-setting");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_FPMDAEMONS . "` ADD `limit_extensions` varchar(255) NOT NULL default '.php';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201801101');
+}
+
+if (isDatabaseVersion('201801101')) {
+
+	showUpdateStep("Adding dynamic php-fpm php.ini settings");
+	Settings::AddNew('phpfpm.ini_flags', 'asp_tags
+display_errors
+display_startup_errors
+html_errors
+log_errors
+magic_quotes_gpc
+magic_quotes_runtime
+magic_quotes_sybase
+mail.add_x_header
+session.cookie_secure
+session.use_cookies
+short_open_tag
+track_errors
+xmlrpc_errors
+suhosin.simulation
+suhosin.session.encrypt
+suhosin.session.cryptua
+suhosin.session.cryptdocroot
+suhosin.cookie.encrypt
+suhosin.cookie.cryptua
+suhosin.cookie.cryptdocroot
+suhosin.executor.disable_eval
+mbstring.func_overload');
+	Settings::AddNew('phpfpm.ini_values', 'auto_append_file
+auto_prepend_file
+date.timezone
+default_charset
+error_reporting
+include_path
+log_errors_max_len
+mail.log
+max_execution_time
+session.cookie_domain
+session.cookie_lifetime
+session.cookie_path
+session.name
+session.serialize_handler
+upload_max_filesize
+xmlrpc_error_number
+session.auto_start
+always_populate_raw_post_data
+suhosin.session.cryptkey
+suhosin.session.cryptraddr
+suhosin.session.checkraddr
+suhosin.cookie.cryptkey
+suhosin.cookie.plainlist
+suhosin.cookie.cryptraddr
+suhosin.cookie.checkraddr
+suhosin.executor.func.blacklist
+suhosin.executor.eval.whitelist');
+	Settings::AddNew('phpfpm.ini_admin_flags', 'allow_call_time_pass_reference
+allow_url_fopen
+allow_url_include
+auto_detect_line_endings
+cgi.fix_pathinfo
+cgi.force_redirect
+enable_dl
+expose_php
+file_uploads
+ignore_repeated_errors
+ignore_repeated_source
+log_errors
+register_argc_argv
+report_memleaks
+opcache.enable
+opcache.consistency_checks
+opcache.dups_fix
+opcache.load_comments
+opcache.revalidate_path
+opcache.save_comments
+opcache.use_cwd
+opcache.validate_timestamps
+opcache.fast_shutdown');
+	Settings::AddNew('phpfpm.ini_admin_values', 'cgi.redirect_status_env
+date.timezone
+disable_classes
+disable_functions
+error_log
+gpc_order
+max_input_time
+max_input_vars
+memory_limit
+open_basedir
+output_buffering
+post_max_size
+precision
+sendmail_path
+session.gc_divisor
+session.gc_probability
+variables_order
+opcache.log_verbosity_level
+opcache.restrict_api
+opcache.revalidate_freq
+opcache.max_accelerated_files
+opcache.memory_consumption
+opcache.interned_strings_buffer');
+	lastStepStatus(0);
+
+	updateToDbVersion('201801110');
+}
+
+if (isDatabaseVersion('201801110')) {
+
+	showUpdateStep("Adding php-fpm php PATH setting for envrironment");
+	Settings::AddNew("phpfpm.envpath",  '/usr/local/bin:/usr/bin:/bin');
+	lastStepStatus(0);
+
+	updateToDbVersion('201801260');
+}
+
+if (isFroxlorVersion('0.9.38.8')) {
+
+	showUpdateStep("Updating from 0.9.38.8 to 0.9.39 final", false);
+	updateToVersion('0.9.39');
+}
+
+if (isFroxlorVersion('0.9.39')) {
+
+	showUpdateStep("Updating from 0.9.39 to 0.9.39.1", false);
+	updateToVersion('0.9.39.1');
+}
--- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php
+++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php
@@ -679,4 +679,52 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 		$question .= $dnsdaemons . '</select>';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201609120')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'You can now customize the path to your acme.conf file (global alias for Let\'s Encrypt). If you already set up Let\'s Encrypt and the acme.conf file, please set this to the complete path to the file!<br /><br />';
+			$question = '<strong>Path to the acme.conf alias-file.</strong><br />';
+			$question .= '<input type="text" class="text" name="acmeconffile" value="/etc/apache2/conf-enabled/acme.conf" /><br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
+
+	if (versionInUpdate($current_db_version, '201609200')) {
+		$has_preconfig = true;
+		$description = 'Specify SMTP settings which froxlor should use to send mail (optional)<br /><br />';
+		$question = '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= makeyesno('smtp_enable', '1', '0', '0') . '<br />';
+		$question .= '<strong>Enable sending mails via SMTP?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_host" value="localhost" /><br />';
+		$question .= '<strong>TCP port to connect to?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_port" value="25" /><br />';
+		$question .= '<strong>Enable TLS encryption?</strong><br />';
+		$question .= makeyesno('smtp_usetls', '1', '0', '1') . '<br />';
+		$question .= '<strong>Enable SMTP authentication?</strong><br />';
+		$question .= makeyesno('smtp_auth', '1', '0', '1') . '<br />';
+		$question .= '<strong>SMTP user?</strong><br />';
+		$question .= '<input type="text" class="text" name="smtp_user" value="" /><br />';
+		$question .= '<strong>SMTP password?</strong><br />';
+		$question .= '<input type="password" class="text" name="smtp_passwd" value="" /><br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201705050')) {
+		$has_preconfig = true;
+		$description = 'DEBIAN/UBUNTU ONLY: Enable usage of libnss-extrausers as alternative to libnss-mysql (NOTE: if enabled, go through the configuration steps right after the update!!!)<br /><br />';
+		$question = '<strong>Enable usage of libnss-extrausers?</strong><br />';
+		$question .= makeyesno('system_nssextrausers', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201712310')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'Chose whether you want to disable the Let\'s Encrypt selfcheck as it causes false positives for some configurations.<br /><br />';
+			$question = '<strong>Disable Let\'s Encrypt self-check?</strong><br />';
+			$question .= makeyesno('system_disable_le_selfcheck', '1', '0', '0') . '<br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
 }
--- a/install/updatesql.php
+++ b/install/updatesql.php
@@ -17,6 +17,7 @@
 *
 */

+if (!defined('_CRON_UPDATE')) {
 	if (!defined('AREA')
 		|| (defined('AREA') && AREA != 'admin')
 		|| !isset($userinfo['loginname'])
@@ -25,6 +26,7 @@ if (!defined('AREA')
 		header('Location: ../index.php');
 		exit;
 	}
+}

 $updatelog = FroxlorLogger::getInstanceOf(array('loginname' => 'updater'));

--- a/lib/ajax.php
+++ b/lib/ajax.php
@@ -27,6 +27,7 @@ require './classes/database/class.Database.php';
 require './classes/settings/class.Settings.php';
 require './functions/validate/function.validate_ip.php';
 require './functions/validate/function.validateDomain.php';
+require './classes/cURL/class.HttpClient.php';

 if (isset($_POST['action'])) {
 	$action = $_POST['action'];
@@ -44,24 +45,16 @@ if ($action == "newsfeed") {
 	}
 	
 	if (function_exists("simplexml_load_file") == false) {
-		die();
+		outputItem("Newsfeed not available due to missing php-simplexml extension", "Please install the php-simplexml extension in order to view our newsfeed.");
+		exit();
 	}
 	
 	if (function_exists('curl_version')) {
-		$ch = curl_init();
-		curl_setopt($ch, CURLOPT_URL, $feed);
-		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/'.$version);
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-		$output = curl_exec($ch);
-		curl_close($ch);
+		$output = HttpClient::urlGet($feed);
 		$news = simplexml_load_string(trim($output));
 	} else {
-		if (ini_get('allow_url_fopen')) {
-			ini_set('user_agent', 'Froxlor/'.$version);
-			$news = simplexml_load_file($feed, null, LIBXML_NOCDATA);
-		} else {
-			$news = false;
-		}
+		outputItem("Newsfeed not available due to missing php-curl extension", "Please install the php-curl extension in order to view our newsfeed.");
+		exit();
 	}
 	
 	if ($news !== false) {
@@ -74,19 +67,7 @@ if ($action == "newsfeed") {
 			$content = preg_replace("/[\r\n]+/", " ", strip_tags($item->description));
 			$content = substr($content, 0, 150) . "...";
 			
-			echo "<li class=\"clearfix\">
-                <div class=\"newsfeed-body clearfix\">
-                    <div class=\"header\">
-                        <strong class=\"primary-font\"><a href=\"{$link}\" target=\"_blank\">{$title}</a></strong>
-                        <small class=\"pull-right text-muted\">
-                            <i class=\"fa fa-clock-o fa-fw\"></i> {$date}
-                        </small>
-                    </div>
-                    <p>
-                        {$content}
-                    </p>
-                </div>
-            </li>";
+			outputItem($title, $content, $link, $date);
 		}
 	} else {
 		echo "";
@@ -94,3 +75,30 @@ if ($action == "newsfeed") {
 } else {
 	echo "No action set.";
 }
+
+function outputItem($title, $content, $link = null, $date = null)
+{
+	echo "<li class=\"clearfix\">
+			<div class=\"newsfeed-body clearfix\">
+				<div class=\"header\">
+					<strong class=\"primary-font\">";
+			if (! empty($link)) {
+				echo "<a href=\"{$link}\" target=\"_blank\">";
+			}
+			echo $title;
+			if (! empty($link)) {
+				echo "</a>";
+			}
+			echo "</strong>";
+			if (! empty($date)) {
+				echo "<small class=\"pull-right text-muted\">
+                            <i class=\"fa fa-clock-o fa-fw\"></i> {$date}
+                        </small>";
+			}
+			echo "</div>
+                    <p>
+                        {$content}
+                    </p>
+                </div>
+            </li>";
+}
--- a/lib/classes/bulk/class.DomainBulkAction.php
+++ b/lib/classes/bulk/class.DomainBulkAction.php
@@ -93,6 +93,13 @@ class DomainBulkAction
 /* 16 */    'use_ssl',
 /* 17 */	'registration_date',
 /* 18 */	'ips',
+/* 19 */	'letsencrypt',
+/* 20 */	'hsts',
+/* 21 */	'hsts_sub',
+/* 22 */	'hsts_preload',
+/* 23 */	'ocsp_stapling',
+/* 24 */	'phpenabled',
+/* 25 */	'http2',
 	    /* automatically added */
 		'adminid',
        'customerid',
@@ -180,13 +187,14 @@ class DomainBulkAction
        }
        
        // preapre insert statement as it is used a few times
+        // leave out aliasdomain for now, cause empty = NULL value which cannot be
+        // added this easily using prepared statements
        $this->_ins_stmt = Database::prepare("
 			INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 				`domain` = :domain,
 				`adminid` = :adminid,
 				`customerid` = :customerid,
 				`documentroot` = :documentroot,
-                `aliasdomain` = :aliasdomain,
 				`isbinddomain` = :isbinddomain,
 				`isemaildomain` = :isemaildomain,
 				`email_only` = :email_only,
@@ -200,7 +208,14 @@ class DomainBulkAction
 				`specialsettings` = :specialsettings,
 				`ssl_redirect` = :ssl_redirect,
 				`registration_date` = :registration_date,
-				`add_date` = :add_date
+				`add_date` = :add_date,
+				`letsencrypt` = :letsencrypt,
+				`hsts` = :hsts,
+				`hsts_sub` = :hsts_sub,
+				`hsts_preload` = :hsts_preload,
+				`ocsp_stapling` = :ocsp_stapling,
+				`phpenabled` = :phpenabled,
+				`http2` = :http2
 		");
        
        // prepare insert statement for ip/port <> domain
@@ -293,6 +308,7 @@ class DomainBulkAction
        }
        
        // check for alias-domain
+        $hasAlias = false;
        if (! empty($domain_data['aliasdomain'])) {
            // format
            $domain_data['aliasdomain'] = $idna_convert->encode(preg_replace(array(
@@ -311,6 +327,7 @@ class DomainBulkAction
                // - we'd better skip
                return false;
            }
+            $hasAlias = $domain_data['aliasdomain'];
        }
        
        // check for use_ssl and ssl_redirect
@@ -335,6 +352,38 @@ class DomainBulkAction
            $domain_data['ssl_redirect'] = 0;
        }
        
+        // only check for letsencrypt, hsts and oscp-stapling if ssl is enabled
+        if ($domain_data['use_ssl'] == 1) {
+			//lets encrypt
+			if ($domain_data['letsencrypt'] != 1 || $domain_data['iswildcarddomain'] == 1) {
+				$domain_data['letsencrypt'] = 0;
+			}
+		} else {
+			$domain_data['letsencrypt'] = 0;
+		}
+
+		// hsts
+		if ($domain_data['hsts'] != 1) {
+			$domain_data['hsts'] = 0;
+		}
+		if ($domain_data['hsts_sub'] != 1) {
+			$domain_data['hsts_sub'] = 0;
+		}
+		if ($domain_data['hsts_preload'] != 1) {
+			$domain_data['hsts_preload'] = 0;
+		}
+		if ($domain_data['ocsp_stapling'] != 1) {
+			$domain_data['ocsp_stapling'] = 0;
+		}
+
+		if ($domain_data['phpenabled'] != 1) {
+			$domain_data['phpenabled'] = 0;
+		}
+
+		if ($domain_data['http2'] != 1) {
+			$domain_data['http2'] = 0;
+		}
+
        // add to known domains
        $this->_knownDomains[] = $domain_data['domain'];
        
@@ -416,6 +465,8 @@ class DomainBulkAction
        $use_ssl = (bool)$domain_data['use_ssl'];
        // don't need that for the domain-insert-statement
        unset($domain_data['use_ssl']);
+        // don't need alias
+        unset($domain_data['aliasdomain']);

        // finally ADD the domain to panel_domains
        Database::pexecute($this->_ins_stmt, $domain_data);
@@ -423,6 +474,12 @@ class DomainBulkAction
        // get the newly inserted domain-id
        $domain_id = Database::lastInsertId();
        
+        // add alias if any
+        if ($hasAlias != false) {
+			$alias_stmt = Database::prepare("UPDATE `".TABLE_PANEL_DOMAINS."` SET `aliasdomain` = :aliasdomain WHERE `id` = :did");
+			Database::pexecute($alias_stmt, array('aliasdomain' => $hasAlias, 'did' => $domain_id));
+        }
+
        // insert domain <-> ip/port reference
        if (empty($iplist)) {
            $iplist = Settings::Get('system.ipaddress');
--- a/lib/classes/cURL/class.HttpClient.php
+++ b/lib/classes/cURL/class.HttpClient.php
@@ -0,0 +1,60 @@
+<?php
+
+class HttpClient
+{
+
+	/**
+	 * Executes simple GET request
+	 *
+	 * @param string $url
+	 *
+	 * @return array
+	 */
+	public static function urlGet($url)
+	{
+		include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL, $url);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		$output = curl_exec($ch);
+		if ($output === false) {
+			$e = curl_error($ch);
+			curl_close($ch);
+			throw new \Exception("Curl error: " . $e);
+		}
+		curl_close($ch);
+		return $output;
+	}
+	
+	/**
+	 * Downloads and stores a file from an url
+	 *
+	 * @param string $url
+	 * @param string $target
+	 *
+	 * @return array
+	 */
+	public static function fileGet($url, $target)
+	{
+		include FROXLOR_INSTALL_DIR . '/lib/version.inc.php';
+		$fh = fopen($target, 'w');
+		$ch = curl_init();
+		curl_setopt($ch, CURLOPT_URL, $url);
+		curl_setopt($ch, CURLOPT_USERAGENT, 'Froxlor/' . $version);
+		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+		curl_setopt($ch, CURLOPT_TIMEOUT, 50);
+		//give curl the file pointer so that it can write to it
+		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+		curl_setopt($ch, CURLOPT_FILE, $fh);
+		$output = curl_exec($ch);
+		if ($output === false) {
+			$e = curl_error($ch);
+			curl_close($ch);
+			throw new \Exception("Curl error: " . $e);
+		}
+		curl_close($ch);
+		return $output;
+	}
+}
--- a/lib/classes/database/class.Database.php
+++ b/lib/classes/database/class.Database.php
@@ -262,7 +262,7 @@ class Database {
 		// build up connection string
 		$driver = 'mysql';
 		$dsn = $driver.":";
-		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'set names utf8');
+		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"');
 		$attributes = array('ATTR_ERRMODE' => 'ERRMODE_EXCEPTION');

 		$dbconf["dsn"] = array(
--- a/lib/classes/database/manager/class.DbManagerMySQL.php
+++ b/lib/classes/database/manager/class.DbManagerMySQL.php
@@ -134,7 +134,7 @@ class DbManagerMySQL {
 	 * @param string $host (unused in mysql)
 	 */
 	public function disableUser($username = null, $host = null) {
-		$stmt = Database::prepare("REVOKE ALL PRIVILEGES, GRANT OPTION FROM `".$row_database['databasename']."`");
+		$stmt = Database::prepare('REVOKE ALL PRIVILEGES, GRANT OPTION FROM `' . $username . '`@`' . $host . '`');
 		Database::pexecute($stmt, array(), false);
 	}

--- a/lib/classes/dns/class.DnsEntry.php
+++ b/lib/classes/dns/class.DnsEntry.php
@@ -41,7 +41,31 @@ class DnsEntry

 	public function __toString()
 	{
-		$result = $this->record . "\t" . $this->ttl . "\t" . $this->class . "\t" . $this->type . "\t" . (($this->priority >= 0 && ($this->type == 'MX' || $this->type == 'SRV')) ? $this->priority . "\t" : "") . $this->content . PHP_EOL;
+		$_content = $this->content;
+		// check content length for txt records for bind9 (multiline)
+		if (Settings::Get('system.dns_server') != 'pdns' && $this->type == 'TXT' && strlen($_content) >= 64) {
+			// split string
+			$_contentlines = str_split($_content, 63);
+			// first line
+			$_l = array_shift($_contentlines);
+			// check for starting quote
+			if (substr($_l, 0, 1) == '"') {
+				$_l = substr($_l, 1);
+			}
+			$_content = '("' . $_l . '"' . PHP_EOL;
+			$_l = array_pop($_contentlines);
+			// check for ending quote
+			if (substr($_l, - 1) == '"') {
+				$_l = substr($_l, 0, - 1);
+			}
+			foreach ($_contentlines as $_cl) {
+				// lines in between
+				$_content .= "\t\t\t\t" . '"' . $_cl . '"' . PHP_EOL;
+			}
+			// last line
+			$_content .= "\t\t\t\t" . '"' . $_l . '")';
+		}
+		$result = $this->record . "\t" . $this->ttl . "\t" . $this->class . "\t" . $this->type . "\t" . (($this->priority >= 0 && ($this->type == 'MX' || $this->type == 'SRV')) ? $this->priority . "\t" : "") . $_content . PHP_EOL;
 		return $result;
 	}
 }
--- a/lib/classes/idna/class.idna_convert_wrapper.php
+++ b/lib/classes/idna/class.idna_convert_wrapper.php
@@ -67,6 +67,16 @@ class idna_convert_wrapper
 		}
 	}

+	public function encode_uri($to_encode)
+	{
+		if (version_compare("5.6.0", PHP_VERSION, ">=")) {
+			return $this->_do_action('encode', $to_encode);
+		} else {
+			$to_encode = $this->is_utf8($to_encode) ? $to_encode : utf8_encode($to_encode);
+			return $this->idna_converter->encodeUri($to_encode);
+		}
+	}
+
 	/**
 	 * Decode a domain name, a email address or a list of one of both.
 	 *
--- a/lib/classes/integrity/class.IntegrityCheck.php
+++ b/lib/classes/integrity/class.IntegrityCheck.php
@@ -85,12 +85,11 @@ class IntegrityCheck {
 				// fix database
 				Database::query('ALTER DATABASE `' . Database::getDbName() . '` CHARACTER SET utf8 COLLATE utf8_general_ci');
 				// fix all tables
-				$handle = Database::query('SHOW TABLES');
-				while ($row = $handle->fetch(PDO::FETCH_ASSOC)) {
-					foreach ($row as $table) {
+				$handle = Database::query('SHOW FULL TABLES WHERE Table_type != "VIEW"');
+				while ($row = $handle->fetch(PDO::FETCH_BOTH)) {
+					$table = $row[0];
 					Database::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');
 				}
-				}
 				$this->_log->logAction(ADM_ACTION, LOG_WARNING, "database charset was different from UTF-8, integrity-check fixed that");
 			} else {
 				return false;
--- a/lib/classes/output/class.htmlform.php
+++ b/lib/classes/output/class.htmlform.php
@@ -122,6 +122,8 @@ class htmlform
 				return self::_checkbox($fieldname, $data); break;
 			case 'file':
 				return self::_file($fieldname, $data); break;
+			case 'int':
+				return self::_int($fieldname, $data); break;
 		}
 	}

@@ -313,4 +315,29 @@ class htmlform
 		return $return;
 	}

+	private static function _int($fieldname = '', $data = array())
+	{
+		$return = '';
+		$extras = '';
+		if(isset($data['int_min'])) {
+			$extras .= ' min="'.$data['int_min'].'"';
+		}
+		if(isset($data['int_max'])) {
+			$extras .= ' max="'.$data['int_max'].'"';
+		}
+
+		// add support to save reloaded forms
+		if (isset($data['value'])) {
+			$value = $data['value'];
+		} elseif (isset($_SESSION['requestData'][$fieldname])) {
+			$value = $_SESSION['requestData'][$fieldname];
+		} else {
+			$value = '';
+		}
+
+		$type = 'number';
+		$ulfield = '';
+		eval("\$return = \"" . getTemplate("misc/form/input_text", "1") . "\";");
+		return $return;
+	}
 }
--- a/lib/classes/output/class.paging.php
+++ b/lib/classes/output/class.paging.php
@@ -89,6 +89,8 @@ class paging {
 	 */
 	private $natSorting = false;
 	
+	private $_limit = 0;
+
 	/**
 	 * Class constructor. Loads settings from request or from userdata and saves them to session.
 	 *
@@ -101,7 +103,7 @@ class paging {
 	 * @param string $default_order default sorting order 'asc' or 'desc'
 	 *
 	 */
-	public function __construct($userinfo, $table, $fields, $entriesperpage = 0, $natSorting = false, $default_field = 0, $default_order = 'asc') {
+	public function __construct($userinfo, $table, $fields, $entriesperpage = 0, $natSorting = false, $default_field = 0, $default_order = 'asc', $limit = 0) {

 		// entries per page and natsorting-flag are not
 		// passed as parameter anymore, because these are
@@ -230,6 +232,8 @@ class paging {
 			'adminsession' => $userinfo['adminsession']
 		);
 		Database::pexecute($upd_stmt, $upd_data);
+		
+		$this->_limit = $limit;
 	}

 	/**
@@ -319,6 +323,8 @@ class paging {
 				$condition.= $searchfield . " ".$oper." " . Database::quote($searchtext);
 			} else {
 				$searchtext = str_replace('*', '%', $this->searchtext);
+				// append wildcards if user did not enter any
+				if (strpos($searchtext,'%') === false) $searchtext='%'.$searchtext.'%';
 				$condition.= $searchfield . " LIKE " . Database::quote($searchtext);
 			}
 			
@@ -376,6 +382,11 @@ class paging {
 	 * @return string always empty
 	 */
 	public function getSqlLimit() {
+
+		if ($this->_limit > 0) {
+			$_offset = ($this->pageno - 1) * $this->_limit;
+			return ' LIMIT '.$_offset.','.$this->_limit;
+		}
 		/**
 		 * currently not in use
 		 */
--- a/lib/classes/phpinterface/class.phpinterface.php
+++ b/lib/classes/phpinterface/class.phpinterface.php
@@ -91,6 +91,12 @@ class phpinterface {
 					SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
 			);
 			$this->_php_configs_cache[$php_config_id] = Database::pexecute_first($stmt, array('id' => $php_config_id));
+			if ((int)Settings::Get('phpfpm.enabled') == 1) {
+				$stmt = Database::prepare("
+					SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id"
+				);
+				$this->_php_configs_cache[$php_config_id]['fpm_settings'] = Database::pexecute_first($stmt, array('id' => $this->_php_configs_cache[$php_config_id]['fpmsettingid']));
+			}
 		}

 		return $this->_php_configs_cache[$php_config_id];
--- a/lib/classes/phpinterface/class.phpinterface_fcgid.php
+++ b/lib/classes/phpinterface/class.phpinterface_fcgid.php
@@ -135,15 +135,6 @@ class phpinterface_fcgid {
 			$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 			$openbasedir .= $_phpappendopenbasedir;

-			$openbasedir = explode(':', $openbasedir);
-			$clean_openbasedir = array();
-			foreach ($openbasedir as $number => $path) {
-				if (trim($path) != '/') {
-					$clean_openbasedir[] = makeCorrectDir($path);
-				}
-			}
-			$openbasedir = implode(':', $clean_openbasedir);
-
 		} else {
 			$openbasedir = 'none';
 			$openbasedirc = ';';
@@ -166,14 +157,13 @@ class phpinterface_fcgid {
 		);

 		//insert a small header for the file
-
 		$phpini_file = ";\n";
 		$phpini_file.= "; php.ini created/changed on " . date("Y.m.d H:i:s") . " for domain '" . $this->_domain['domain'] . "' with id #" . $this->_domain['id'] . " from php template '" . $phpconfig['description'] . "' with id #" . $phpconfig['id'] . "\n";
 		$phpini_file.= "; Do not change anything in this file, it will be overwritten by the Froxlor Cronjob!\n";
 		$phpini_file.= ";\n\n";
 		$phpini_file.= replace_variables($phpconfig['phpsettings'], $php_ini_variables);
 		$phpini_file = str_replace('"none"', 'none', $phpini_file);
-		$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
+		//$phpini_file = preg_replace('/\"+/', '"', $phpini_file);
 		$phpini_file_handler = fopen($this->getIniFile(), 'w');
 		fwrite($phpini_file_handler, $phpini_file);
 		fclose($phpini_file_handler);
--- a/lib/classes/phpinterface/class.phpinterface_fpm.php
+++ b/lib/classes/phpinterface/class.phpinterface_fpm.php
@@ -18,17 +18,26 @@
 * @since      0.9.16
 *
 */
-
-class phpinterface_fpm {
+class phpinterface_fpm
+{

 	/**
 	 * Domain-Data array
+	 *
 	 * @var array
 	 */
 	private $_domain = array();

+	/**
+	 * fpm config
+	 *
+	 * @var array
+	 */
+	private $_fpm_cfg = array();
+
 	/**
 	 * Admin-Date cache array
+	 *
 	 * @var array
 	 */
 	private $_admin_cache = array();
@@ -39,118 +48,37 @@ class phpinterface_fpm {
 	 *
 	 * @var array
 	 */
-	private $_ini = array(
-			'php_value' => array(
-				'auto_append_file',
-				'auto_prepend_file',
-				'date.timezone',
-				'default_charset',
-				'error_reporting',
-				'include_path',
-				'log_errors_max_len',
-				'mail.log',
-				'max_execution_time',
-				'session.cookie_domain',
-				'session.cookie_lifetime',
-				'session.cookie_path',
-				'session.name',
-				'session.serialize_handler',
-				'upload_max_filesize',
-				'xmlrpc_error_number',
-				'session.auto_start',
-				'always_populate_raw_post_data',
-				'suhosin.session.cryptkey',
-				'suhosin.session.cryptraddr',
-				'suhosin.session.checkraddr',
-				'suhosin.cookie.cryptkey',
-				'suhosin.cookie.plainlist',
-				'suhosin.cookie.cryptraddr',
-				'suhosin.cookie.checkraddr',
-				'suhosin.executor.func.blacklist',
-				'suhosin.executor.eval.whitelist'
-			),
-			'php_flag' => array(
-				'asp_tags',
-				'display_errors',
-				'display_startup_errors',
-				'html_errors',
-				'log_errors',
-				'magic_quotes_gpc',
-				'magic_quotes_runtime',
-				'magic_quotes_sybase',
-				'mail.add_x_header',
-				'session.cookie_secure',
-				'session.use_cookies',
-				'short_open_tag',
-				'track_errors',
-				'xmlrpc_errors',
-				'suhosin.simulation',
-				'suhosin.session.encrypt',
-				'suhosin.session.cryptua',
-				'suhosin.session.cryptdocroot',
-				'suhosin.cookie.encrypt',
-				'suhosin.cookie.cryptua',
-				'suhosin.cookie.cryptdocroot',
-				'suhosin.executor.disable_eval',
-				'mbstring.func_overload'
-			),
-			'php_admin_value' => array(
-				'cgi.redirect_status_env',
-				'date.timezone',
-				'disable_classes',
-				'disable_functions',
-				'error_log',
-				'gpc_order',
-				'max_input_time',
-				'max_input_vars',
-				'memory_limit',
-				'open_basedir',
-				'output_buffering',
-				'post_max_size',
-				'precision',
-				'sendmail_path',
-				'session.gc_divisor',
-				'session.gc_probability',
-				'variables_order',
-				'opcache.log_verbosity_level',
-				'opcache.restrict_api',
-				'opcache.revalidate_freq',
-				'opcache.max_accelerated_files',
-				'opcache.memory_consumption',
-				'opcache.interned_strings_buffer'
-			),
-			'php_admin_flag' => array(
-				'allow_call_time_pass_reference',
-				'allow_url_fopen',
-				'allow_url_include',
-				'auto_detect_line_endings',
-				'cgi.fix_pathinfo',
-				'cgi.force_redirect',
-				'enable_dl',
-				'expose_php',
-				'file_uploads',
-				'ignore_repeated_errors',
-				'ignore_repeated_source',
-				'log_errors',
-				'register_argc_argv',
-				'report_memleaks',
-				'opcache.enable',
-				'opcache.consistency_checks',
-				'opcache.dups_fix',
-				'opcache.load_comments',
-				'opcache.revalidate_path',
-				'opcache.save_comments',
-				'opcache.use_cwd',
-				'opcache.validate_timestamps',
-				'opcache.fast_shutdown'
-			)
-	);
+	private $_ini = array();

 	/**
 	 * main constructor
 	 */
-	public function __construct($domain) {
+	public function __construct($domain)
+	{
+		if (!isset($domain['fpm_config_id']) || empty($domain['fpm_config_id'])) {
+			$domain['fpm_config_id'] = 1;
+		}
 		$this->_domain = $domain;
+		$this->_readFpmConfig($domain['fpm_config_id']);
+		$this->_buildIniMapping();
+	}
+
+	private function _buildIniMapping()
+	{
+		$this->_ini = array(
+			'php_flag' => explode("\n", Settings::Get('phpfpm.ini_flags')),
+			'php_value' => explode("\n", Settings::Get('phpfpm.ini_values')),
+			'php_admin_flag' => explode("\n", Settings::Get('phpfpm.ini_admin_flags')),
+			'php_admin_value' => explode("\n", Settings::Get('phpfpm.ini_admin_values'))
+		);
+	}
+
+	private function _readFpmConfig($fpm_config_id)
+	{
+		$stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "` WHERE `id` = :id");
+		$this->_fpm_cfg = Database::pexecute_first($stmt, array(
+			'id' => $fpm_config_id
+		));
 	}

 	/**
@@ -158,18 +86,19 @@ class phpinterface_fpm {
 	 *
 	 * @param array $phpconfig
 	 */
-	public function createConfig($phpconfig) {
-
+	public function createConfig($phpconfig)
+	{
 		$fh = @fopen($this->getConfigFile(), 'w');
 		
 		if ($fh) {
-			$fpm_pm = Settings::Get('phpfpm.pm');
-			$fpm_children = (int)Settings::Get('phpfpm.max_children');
-			$fpm_start_servers = (int)Settings::Get('phpfpm.start_servers');
-			$fpm_min_spare_servers = (int)Settings::Get('phpfpm.min_spare_servers');
-			$fpm_max_spare_servers = (int)Settings::Get('phpfpm.max_spare_servers');
-			$fpm_requests = (int)Settings::Get('phpfpm.max_requests');
-			$fpm_process_idle_timeout = (int)Settings::Get('phpfpm.idle_timeout');
+			$fpm_pm = $this->_fpm_cfg['pm'];
+			$fpm_children = (int) $this->_fpm_cfg['max_children'];
+			$fpm_start_servers = (int) $this->_fpm_cfg['start_servers'];
+			$fpm_min_spare_servers = (int) $this->_fpm_cfg['min_spare_servers'];
+			$fpm_max_spare_servers = (int) $this->_fpm_cfg['max_spare_servers'];
+			$fpm_requests = (int) $this->_fpm_cfg['max_requests'];
+			$fpm_process_idle_timeout = (int) $this->_fpm_cfg['idle_timeout'];
+			$fpm_limit_extensions = $this->_fpm_cfg['limit_extensions'];
 			
 			if ($fpm_children == 0) {
 				$fpm_children = 1;
@@ -233,12 +162,17 @@ class phpinterface_fpm {
 			}
 			
 			$fpm_config .= ';chroot = ' . makeCorrectDir($this->_domain['documentroot']) . "\n";
+			$fpm_config .= 'security.limit_extensions = '.$fpm_limit_extensions . "\n";
 			
 			$tmpdir = makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/');
 			if (! is_dir($tmpdir)) {
 				$this->getTempDir();
 			}
 			
+			$env_path = Settings::Get('phpfpm.envpath');
+			if (!empty($env_path)) {
+				$fpm_config .= 'env[PATH] = ' . $env_path . "\n";
+			}
 			$fpm_config .= 'env[TMP] = ' . $tmpdir . "\n";
 			$fpm_config .= 'env[TMPDIR] = ' . $tmpdir . "\n";
 			$fpm_config .= 'env[TEMP] = ' . $tmpdir . "\n";
@@ -257,9 +191,7 @@ class phpinterface_fpm {
 						$_phpappendopenbasedir .= appendOpenBasedirPath($cobd);
 					}
 					
-					if ($this->_domain['openbasedir_path'] == '0'
-							&& strstr($this->_domain['documentroot'], ":") === false
-					) {
+					if ($this->_domain['openbasedir_path'] == '0' && strstr($this->_domain['documentroot'], ":") === false) {
 						$openbasedir = appendOpenBasedirPath($this->_domain['documentroot'], true);
 					} else {
 						$openbasedir = appendOpenBasedirPath($this->_domain['customerroot'], true);
@@ -267,15 +199,6 @@ class phpinterface_fpm {
 					
 					$openbasedir .= appendOpenBasedirPath($this->getTempDir());
 					$openbasedir .= $_phpappendopenbasedir;
-
-					$openbasedir = explode(':', $openbasedir);
-					$clean_openbasedir = array();
-					foreach ($openbasedir as $number => $path) {
-						if (trim($path) != '/') {
-							$clean_openbasedir[] = makeCorrectDir($path);
-						}
-					}
-					$openbasedir = implode(':', $clean_openbasedir);
 				}
 			}
 			$fpm_config .= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
@@ -331,20 +254,22 @@ class phpinterface_fpm {
 	 *
 	 * @param string $phpconfig
 	 */
-	public function createIniFile($phpconfig) {
+	public function createIniFile($phpconfig)
+	{
 		return;
 	}

 	/**
 	 * fpm-config file
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
 	 *        	
 	 * @return string the full path to the file
 	 */
-	public function getConfigFile($createifnotexists = true) {
-
-		$configdir = makeCorrectDir(Settings::Get('phpfpm.configdir'));
+	public function getConfigFile($createifnotexists = true)
+	{
+		$configdir = $this->_fpm_cfg['config_dir'];
 		$config = makeCorrectFile($configdir . '/' . $this->_domain['domain'] . '.conf');
 		
 		if (! is_dir($configdir) && $createifnotexists) {
@@ -357,14 +282,16 @@ class phpinterface_fpm {
 	/**
 	 * return path of fpm-socket file
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
 	 *        	
 	 * @return string the full path to the socket
 	 */
-	public function getSocketFile($createifnotexists = true) {
-
+	public function getSocketFile($createifnotexists = true)
+	{
 		$socketdir = makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir'));
-		$socket = strtolower(makeCorrectFile($socketdir.'/'.$this->_domain['loginname'].'-'.$this->_domain['domain'].'-php-fpm.socket'));
+		// add fpm-config-id to filename so it's unique for the fpm-daemon and doesn't interfere with running configs when reuilding
+		$socket = strtolower(makeCorrectFile($socketdir . '/' . $this->_domain['fpm_config_id'] . '-' . $this->_domain['loginname'] . '-' . $this->_domain['domain'] . '-php-fpm.socket'));
 		
 		if (! is_dir($socketdir) && $createifnotexists) {
 			safe_exec('mkdir -p ' . escapeshellarg($socketdir));
@@ -377,12 +304,13 @@ class phpinterface_fpm {
 	/**
 	 * fpm-temp directory
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
 	 *        	
 	 * @return string the directory
 	 */
-	public function getTempDir($createifnotexists = true) {
-
+	public function getTempDir($createifnotexists = true)
+	{
 		$tmpdir = makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/');
 		
 		if (! is_dir($tmpdir) && $createifnotexists) {
@@ -397,11 +325,13 @@ class phpinterface_fpm {
 	/**
 	 * fastcgi-fakedirectory directory
 	 *
-	 * @param boolean $createifnotexists create the directory if it does not exist
+	 * @param boolean $createifnotexists
+	 *        	create the directory if it does not exist
 	 *        	
 	 * @return string the directory
 	 */
-	public function getAliasConfigDir($createifnotexists = true) {
+	public function getAliasConfigDir($createifnotexists = true)
+	{
 		
 		// ensure default...
 		if (Settings::Get('phpfpm.aliasconfigdir') == null) {
@@ -417,22 +347,45 @@ class phpinterface_fpm {
 		return $configdir;
 	}

+	/**
+	 * create a dummy fpm pool config with minimal configuration
+	 * (this is used whenever a config directory is empty but needs at least one pool to startup/restart)
+	 *
+	 * @param string $configdir
+	 */
+	public static function createDummyPool($configdir)
+	{
+		if (! is_dir($configdir)) {
+			safe_exec('mkdir -p ' . escapeshellarg($configdir));
+		}
+		$config = makeCorrectFile($configdir . '/dummy.conf');
+		$dummy = "[dummy]
+user = ".Settings::Get('system.httpuser')."
+listen = /run/" . md5($configdir) . "-fpm.sock
+pm = static
+pm.max_children = 1
+";
+		file_put_contents($config, $dummy);
+	}
+
 	/**
 	 * return the admin-data of a specific admin
 	 *
-	 * @param int $adminid id of the admin-user
+	 * @param int $adminid
+	 *        	id of the admin-user
 	 *        	
 	 * @return array
 	 */
-	private function _getAdminData($adminid) {
-
+	private function _getAdminData($adminid)
+	{
 		$adminid = intval($adminid);
 		
 		if (! isset($this->_admin_cache[$adminid])) {
 			$stmt = Database::prepare("
-					SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id"
-			);
-			$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array('id' => $adminid));
+					SELECT `email`, `loginname` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `adminid` = :id");
+			$this->_admin_cache[$adminid] = Database::pexecute_first($stmt, array(
+				'id' => $adminid
+			));
 		}
 		return $this->_admin_cache[$adminid];
 	}
--- a/lib/classes/phpmailer/class.PHPMailer.php
+++ b/lib/classes/phpmailer/class.PHPMailer.php
@@ -31,7 +31,7 @@ class PHPMailer
 	 * The PHPMailer Version number.
 	 * @var string
 	 */
-    public $Version = '5.2.16';
+	public $Version = '5.2.26';
 	
 	/**
 	 * Email priority.
@@ -201,6 +201,9 @@ class PHPMailer
 	/**
 	 * An ID to be used in the Message-ID header.
 	 * If empty, a unique id will be generated.
+	 * You can set your own, but it must be in the format "<id@domain>",
+	 * as defined in RFC5322 section 3.6.4 or it will be ignored.
+	 * @see https://tools.ietf.org/html/rfc5322#section-3.6.4
 	 * @var string
 	 */
 	public $MessageID = '';
@@ -420,6 +423,13 @@ class PHPMailer
 	 */
 	public $DKIM_private = '';
 	
+	/**
+	 * DKIM private key string.
+	 * If set, takes precedence over `$DKIM_private`.
+	 * @var string
+	 */
+	public $DKIM_private_string = '';
+	
 	/**
 	 * Callback Action function name.
 	 *
@@ -430,9 +440,9 @@ class PHPMailer
 	 *
 	 * Parameters:
 	 *   boolean $result        result of the send action
-     *   string  $to            email address of the recipient
-     *   string  $cc            cc email addresses
-     *   string  $bcc           bcc email addresses
+	 *   array   $to            email addresses of the recipients
+	 *   array   $cc            cc email addresses
+	 *   array   $bcc           bcc email addresses
 	 *   string  $subject       the subject
 	 *   string  $body          the email body
 	 *   string  $from          email address of sender
@@ -649,6 +659,8 @@ class PHPMailer
 		if ($exceptions !== null) {
 			$this->exceptions = (boolean)$exceptions;
 		}
+		//Pick an appropriate debug output format automatically
+		$this->Debugoutput = (strpos(PHP_SAPI, 'cli') !== false ? 'echo' : 'html');
 	}
 	
 	/**
@@ -681,16 +693,16 @@ class PHPMailer
 		} else {
 			$subject = $this->encodeHeader($this->secureHeader($subject));
 		}
-        //Can't use additional_parameters in safe_mode
+		
+		//Can't use additional_parameters in safe_mode, calling mail() with null params breaks
 		//@link http://php.net/manual/en/function.mail.php
-        if (ini_get('safe_mode') or !$this->UseSendmailOptions) {
+		if (ini_get('safe_mode') or !$this->UseSendmailOptions or is_null($params)) {
 			$result = @mail($to, $subject, $body, $header);
 		} else {
 			$result = @mail($to, $subject, $body, $header, $params);
 		}
 		return $result;
 	}
-
 	/**
 	 * Output debugging info via user-defined method.
 	 * Only generates output if SMTP debug output is enabled (@see SMTP::$do_debug).
@@ -1284,9 +1296,11 @@ class PHPMailer
 			
 			// Sign with DKIM if enabled
 			if (!empty($this->DKIM_domain)
-                && !empty($this->DKIM_private)
 				&& !empty($this->DKIM_selector)
-                && file_exists($this->DKIM_private)) {
+				&& (!empty($this->DKIM_private_string)
+					|| (!empty($this->DKIM_private) && file_exists($this->DKIM_private))
+					)
+				) {
 					$header_dkim = $this->DKIM_Add(
 						$this->MIMEHeader . $this->mailHeader,
 						$this->encodeHeader($this->secureHeader($this->Subject)),
@@ -1352,19 +1366,24 @@ class PHPMailer
 	 */
 	protected function sendmailSend($header, $body)
 	{
-        if ($this->Sender != '') {
+		// CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
+		if (!empty($this->Sender) and self::isShellSafe($this->Sender)) {
 			if ($this->Mailer == 'qmail') {
-                $sendmail = sprintf('%s -f%s', escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
+				$sendmailFmt = '%s -f%s';
 			} else {
-                $sendmail = sprintf('%s -oi -f%s -t', escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender));
+				$sendmailFmt = '%s -oi -f%s -t';
 			}
 		} else {
 			if ($this->Mailer == 'qmail') {
-                $sendmail = sprintf('%s', escapeshellcmd($this->Sendmail));
+				$sendmailFmt = '%s';
 			} else {
-                $sendmail = sprintf('%s -oi -t', escapeshellcmd($this->Sendmail));
+				$sendmailFmt = '%s -oi -t';
 			}
 		}
+		
+		// TODO: If possible, this should be changed to escapeshellarg.  Needs thorough testing.
+		$sendmail = sprintf($sendmailFmt, escapeshellcmd($this->Sendmail), $this->Sender);
+		
 		if ($this->SingleTo) {
 			foreach ($this->SingleToArray as $toAddr) {
 				if (!@$mail = popen($sendmail, 'w')) {
@@ -1410,6 +1429,40 @@ class PHPMailer
 		return true;
 	}
 	
+	/**
+	 * Fix CVE-2016-10033 and CVE-2016-10045 by disallowing potentially unsafe shell characters.
+	 *
+	 * Note that escapeshellarg and escapeshellcmd are inadequate for our purposes, especially on Windows.
+	 * @param string $string The string to be validated
+	 * @see https://github.com/PHPMailer/PHPMailer/issues/924 CVE-2016-10045 bug report
+	 * @access protected
+	 * @return boolean
+	 */
+	protected static function isShellSafe($string)
+	{
+		// Future-proof
+		if (escapeshellcmd($string) !== $string
+			or !in_array(escapeshellarg($string), array("'$string'", "\"$string\""))
+			) {
+				return false;
+			}
+			
+			$length = strlen($string);
+			
+			for ($i = 0; $i < $length; $i++) {
+				$c = $string[$i];
+				
+				// All other characters have a special meaning in at least one common shell, including = and +.
+				// Full stop (.) has a special meaning in cmd.exe, but its impact should be negligible here.
+				// Note that this does permit non-Latin alphanumeric characters based on the current locale.
+				if (!ctype_alnum($c) && strpos('@_-.', $c) === false) {
+					return false;
+				}
+			}
+			
+			return true;
+	}
+	
 	/**
 	 * Send mail using the PHP mail() function.
 	 * @param string $header The message headers
@@ -1429,10 +1482,13 @@ class PHPMailer
 		
 		$params = null;
 		//This sets the SMTP envelope sender which gets turned into a return-path header by the receiver
-        if (!empty($this->Sender)) {
+		if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
+			// CVE-2016-10033, CVE-2016-10045: Don't pass -f if characters will be escaped.
+			if (self::isShellSafe($this->Sender)) {
 				$params = sprintf('-f%s', $this->Sender);
 			}
-        if ($this->Sender != '' and !ini_get('safe_mode')) {
+		}
+		if (!empty($this->Sender) and !ini_get('safe_mode') and $this->validateAddress($this->Sender)) {
 			$old_from = ini_get('sendmail_from');
 			ini_set('sendmail_from', $this->Sender);
 		}
@@ -1486,10 +1542,10 @@ class PHPMailer
 		if (!$this->smtpConnect($this->SMTPOptions)) {
 			throw new phpmailerException($this->lang('smtp_connect_failed'), self::STOP_CRITICAL);
 		}
-        if ('' == $this->Sender) {
-            $smtp_from = $this->From;
-        } else {
+		if (!empty($this->Sender) and $this->validateAddress($this->Sender)) {
 			$smtp_from = $this->Sender;
+		} else {
+			$smtp_from = $this->From;
 		}
 		if (!$this->smtp->mail($smtp_from)) {
 			$this->setError($this->lang('from_failed') . $smtp_from . ' : ' . implode(',', $this->smtp->getError()));
@@ -1568,8 +1624,13 @@ class PHPMailer
 		
 		foreach ($hosts as $hostentry) {
 			$hostinfo = array();
-            if (!preg_match('/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*):?([0-9]*)$/', trim($hostentry), $hostinfo)) {
+			if (!preg_match(
+				'/^((ssl|tls):\/\/)*([a-zA-Z0-9\.-]*|\[[a-fA-F0-9:]+\]):?([0-9]*)$/',
+				trim($hostentry),
+				$hostinfo
+				)) {
 					// Not a valid host entry
+					$this->edebug('Ignoring invalid host: ' . $hostentry);
 					continue;
 				}
 				// $hostinfo[2]: optional ssl or tls prefix
@@ -1681,6 +1742,20 @@ class PHPMailer
 	 */
 	public function setLanguage($langcode = 'en', $lang_path = '')
 	{
+		// Backwards compatibility for renamed language codes
+		$renamed_langcodes = array(
+			'br' => 'pt_br',
+			'cz' => 'cs',
+			'dk' => 'da',
+			'no' => 'nb',
+			'se' => 'sv',
+			'sr' => 'rs'
+		);
+		
+		if (isset($renamed_langcodes[$langcode])) {
+			$langcode = $renamed_langcodes[$langcode];
+		}
+		
 		// Define full set of translatable strings in English
 		$PHPMAILER_LANG = array(
 			'authenticate' => 'SMTP Error: Could not authenticate.',
@@ -1707,6 +1782,10 @@ class PHPMailer
 			// Calculate an absolute path so it can work if CWD is not here
 			$lang_path = dirname(__FILE__). DIRECTORY_SEPARATOR . 'language'. DIRECTORY_SEPARATOR;
 		}
+		//Validate $langcode
+		if (!preg_match('/^[a-z]{2}(?:_[a-zA-Z]{2})?$/', $langcode)) {
+			$langcode = 'en';
+		}
 		$foundlang = true;
 		$lang_file = $lang_path . 'phpmailer.lang-' . $langcode . '.php';
 		// There is no English translation file
@@ -1953,10 +2032,7 @@ class PHPMailer
 	{
 		$result = '';
 		
-        if ($this->MessageDate == '') {
-            $this->MessageDate = self::rfcDate();
-        }
-        $result .= $this->headerLine('Date', $this->MessageDate);
+		$result .= $this->headerLine('Date', $this->MessageDate == '' ? self::rfcDate() : $this->MessageDate);
 		
 		// To be created automatically by mail()
 		if ($this->SingleTo) {
@@ -2000,6 +2076,8 @@ class PHPMailer
 				$result .= $this->headerLine('Subject', $this->encodeHeader($this->secureHeader($this->Subject)));
 			}
 			
+			// Only allow a custom message ID if it conforms to RFC 5322 section 3.6.4
+			// https://tools.ietf.org/html/rfc5322#section-3.6.4
 			if ('' != $this->MessageID and preg_match('/^<.*@.*>$/', $this->MessageID)) {
 				$this->lastMessageID = $this->MessageID;
 			} else {
@@ -2105,6 +2183,14 @@ class PHPMailer
 		return rtrim($this->MIMEHeader . $this->mailHeader, "\n\r") . self::CRLF . self::CRLF . $this->MIMEBody;
 	}
 	
+	/**
+	 * Create unique ID
+	 * @return string
+	 */
+	protected function generateId() {
+		return md5(uniqid(time()));
+	}
+	
 	/**
 	 * Assemble the message body.
 	 * Returns an empty string on failure.
@@ -2116,7 +2202,7 @@ class PHPMailer
 	{
 		$body = '';
 		//Create unique IDs and preset boundaries
-        $this->uniqueid = md5(uniqid(time()));
+		$this->uniqueid = $this->generateId();
 		$this->boundary[1] = 'b1_' . $this->uniqueid;
 		$this->boundary[2] = 'b2_' . $this->uniqueid;
 		$this->boundary[3] = 'b3_' . $this->uniqueid;
@@ -2411,6 +2497,7 @@ class PHPMailer
 	
 	/**
 	 * Add an attachment from a path on the filesystem.
+	 * Never use a user-supplied path to a file!
 	 * Returns false if the file could not be found or read.
 	 * @param string $path Path to the attachment.
 	 * @param string $name Overrides the attachment name.
@@ -2936,6 +3023,7 @@ class PHPMailer
 	 * displayed inline with the message, not just attached for download.
 	 * This is used in HTML messages that embed the images
 	 * the HTML refers to using the $cid value.
+	 * Never use a user-supplied path to a file!
 	 * @param string $path Path to the attachment.
 	 * @param string $cid Content ID of the attachment; Use this to reference
 	 *        the content when using an embedded image in HTML.
@@ -3296,21 +3384,29 @@ class PHPMailer
 	}
 	
 	/**
-     * Create a message from an HTML string.
-     * Automatically makes modifications for inline images and backgrounds
-     * and creates a plain-text version by converting the HTML.
-     * Overwrites any existing values in $this->Body and $this->AltBody
+	 * Create a message body from an HTML string.
+	 * Automatically inlines images and creates a plain-text version by converting the HTML,
+	 * overwriting any existing values in Body and AltBody.
+	 * Do not source $message content from user input!
+	 * $basedir is prepended when handling relative URLs, e.g. <img src="/images/a.png"> and must not be empty
+	 * will look for an image file in $basedir/images/a.png and convert it to inline.
+	 * If you don't provide a $basedir, relative paths will be left untouched (and thus probably break in email)
+	 * If you don't want to apply these transformations to your HTML, just set Body and AltBody directly.
 	 * @access public
 	 * @param string $message HTML message string
-     * @param string $basedir baseline directory for path
+	 * @param string $basedir Absolute path to a base directory to prepend to relative paths to images
 	 * @param boolean|callable $advanced Whether to use the internal HTML to text converter
 	 *    or your own custom converter @see PHPMailer::html2text()
-     * @return string $message
+	 * @return string $message The transformed message Body
 	 */
 	public function msgHTML($message, $basedir = '', $advanced = false)
 	{
 		preg_match_all('/(src|background)=["\'](.*)["\']/Ui', $message, $images);
 		if (array_key_exists(2, $images)) {
+			if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
+				// Ensure $basedir has a trailing /
+				$basedir .= '/';
+			}
 			foreach ($images[2] as $imgindex => $url) {
 				// Convert data URIs into embedded images
 				if (preg_match('#^data:(image[^;,]*)(;base64)?,#', $url, $match)) {
@@ -3328,18 +3424,24 @@ class PHPMailer
 							$message
 							);
 					}
-                } elseif (substr($url, 0, 4) !== 'cid:' && !preg_match('#^[a-z][a-z0-9+.-]*://#i', $url)) {
-                    // Do not change urls for absolute images (thanks to corvuscorax)
+					continue;
+				}
+				if (
+					// Only process relative URLs if a basedir is provided (i.e. no absolute local paths)
+					!empty($basedir)
+					// Ignore URLs containing parent dir traversal (..)
+					&& (strpos($url, '..') === false)
 					// Do not change urls that are already inline images
+					&& substr($url, 0, 4) !== 'cid:'
+					// Do not change absolute URLs, including anonymous protocol
+					&& !preg_match('#^[a-z][a-z0-9+.-]*:?//#i', $url)
+					) {
 						$filename = basename($url);
 						$directory = dirname($url);
 						if ($directory == '.') {
 							$directory = '';
 						}
 						$cid = md5($url) . '@phpmailer.0'; // RFC2392 S 2
-                    if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
-                        $basedir .= '/';
-                    }
 						if (strlen($directory) > 1 && substr($directory, -1) != '/') {
 							$directory .= '/';
 						}
@@ -3375,7 +3477,7 @@ class PHPMailer
 	 * Convert an HTML string into plain text.
 	 * This is used by msgHTML().
 	 * Note - older versions of this function used a bundled advanced converter
-     * which was been removed for license reasons in #232
+	 * which was been removed for license reasons in #232.
 	 * Example usage:
 	 * <code>
 	 * // Use default conversion
@@ -3675,7 +3777,7 @@ class PHPMailer
 	 * @access public
 	 * @param string $signHeader
 	 * @throws phpmailerException
-     * @return string
+	 * @return string The DKIM signature value
 	 */
 	public function DKIM_Sign($signHeader)
 	{
@@ -3685,16 +3787,34 @@ class PHPMailer
 			}
 			return '';
 		}
-        $privKeyStr = file_get_contents($this->DKIM_private);
-        if ($this->DKIM_passphrase != '') {
+		$privKeyStr = !empty($this->DKIM_private_string) ? $this->DKIM_private_string : file_get_contents($this->DKIM_private);
+		if ('' != $this->DKIM_passphrase) {
 			$privKey = openssl_pkey_get_private($privKeyStr, $this->DKIM_passphrase);
 		} else {
 			$privKey = openssl_pkey_get_private($privKeyStr);
 		}
-        if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) { //sha1WithRSAEncryption
+		//Workaround for missing digest algorithms in old PHP & OpenSSL versions
+		//@link http://stackoverflow.com/a/11117338/333340
+		if (version_compare(PHP_VERSION, '5.3.0') >= 0 and
+			in_array('sha256WithRSAEncryption', openssl_get_md_methods(true))) {
+				if (openssl_sign($signHeader, $signature, $privKey, 'sha256WithRSAEncryption')) {
 					openssl_pkey_free($privKey);
 					return base64_encode($signature);
 				}
+			} else {
+				$pinfo = openssl_pkey_get_details($privKey);
+				$hash = hash('sha256', $signHeader);
+				//'Magic' constant for SHA256 from RFC3447
+				//@link https://tools.ietf.org/html/rfc3447#page-43
+				$t = '3031300d060960864801650304020105000420' . $hash;
+				$pslen = $pinfo['bits'] / 8 - (strlen($t) / 2 + 3);
+				$eb = pack('H*', '0001' . str_repeat('FF', $pslen) . '00' . $t);
+				
+				if (openssl_private_encrypt($eb, $signature, $privKey, OPENSSL_NO_PADDING)) {
+					openssl_pkey_free($privKey);
+					return base64_encode($signature);
+				}
+			}
 			openssl_pkey_free($privKey);
 			return '';
 	}
@@ -3918,7 +4038,7 @@ class phpmailerException extends Exception
 	 */
 	public function errorMessage()
 	{
-        $errorMsg = '<strong>' . $this->getMessage() . "</strong><br />\n";
+		$errorMsg = '<strong>' . htmlspecialchars($this->getMessage()) . "</strong><br />\n";
 		return $errorMsg;
 	}
 }
--- a/lib/classes/phpmailer/class.SMTP.php
+++ b/lib/classes/phpmailer/class.SMTP.php
@@ -30,7 +30,7 @@ class SMTP
 	 * The PHPMailer SMTP version number.
 	 * @var string
 	 */
-    const VERSION = '5.2.16';
+	const VERSION = '5.2.26';
 	
 	/**
 	 * SMTP line break constant.
@@ -81,7 +81,7 @@ class SMTP
 	 * @deprecated Use the `VERSION` constant instead
 	 * @see SMTP::VERSION
 	 */
-    public $Version = '5.2.16';
+	public $Version = '5.2.26';
 	
 	/**
 	 * SMTP server port number.
@@ -150,6 +150,22 @@ class SMTP
 	 */
 	public $Timelimit = 300;
 	
+	/**
+	 * @var array Patterns to extract an SMTP transaction id from reply to a DATA command.
+	 * The first capture group in each regex will be used as the ID.
+	 */
+	protected $smtp_transaction_id_patterns = array(
+		'exim' => '/[0-9]{3} OK id=(.*)/',
+		'sendmail' => '/[0-9]{3} 2.0.0 (.*) Message/',
+		'postfix' => '/[0-9]{3} 2.0.0 Ok: queued as (.*)/'
+	);
+	
+	/**
+	 * @var string The last transaction ID issued in response to a DATA command,
+	 * if one was detected
+	 */
+	protected $last_smtp_transaction_id;
+	
 	/**
 	 * The socket for the server connection.
 	 * @var resource
@@ -206,7 +222,7 @@ class SMTP
 		}
 		//Avoid clash with built-in function names
 		if (!in_array($this->Debugoutput, array('error_log', 'html', 'echo')) and is_callable($this->Debugoutput)) {
-            call_user_func($this->Debugoutput, $str, $this->do_debug);
+			call_user_func($this->Debugoutput, $str, $level);
 			return;
 		}
 		switch ($this->Debugoutput) {
@@ -216,12 +232,11 @@ class SMTP
 				break;
 			case 'html':
 				//Cleans up output a bit for a better looking, HTML-safe output
-                echo htmlentities(
+				echo gmdate('Y-m-d H:i:s') . ' ' . htmlentities(
 				preg_replace('/[\r\n]+/', '', $str),
 				ENT_QUOTES,
 				'UTF-8'
-                )
-                . "<br>\n";
+					) . "<br>\n";
 					break;
 			case 'echo':
 			default:
@@ -265,15 +280,16 @@ class SMTP
 		}
 		// Connect to the SMTP server
 		$this->edebug(
-            "Connection: opening to $host:$port, timeout=$timeout, options=".var_export($options, true),
+			"Connection: opening to $host:$port, timeout=$timeout, options=" .
+			var_export($options, true),
 			self::DEBUG_CONNECTION
 			);
 		$errno = 0;
 		$errstr = '';
 		if ($streamok) {
 			$socket_context = stream_context_create($options);
-            //Suppress errors; connection failures are handled at a higher level
-            $this->smtp_conn = @stream_socket_client(
+			set_error_handler(array($this, 'errorHandler'));
+			$this->smtp_conn = stream_socket_client(
 				$host . ":" . $port,
 				$errno,
 				$errstr,
@@ -281,12 +297,14 @@ class SMTP
 				STREAM_CLIENT_CONNECT,
 				$socket_context
 				);
+			restore_error_handler();
 		} else {
 			//Fall back to fsockopen which should work in more places, but is missing some features
 			$this->edebug(
 				"Connection: stream_socket_client not available, falling back to fsockopen",
 				self::DEBUG_CONNECTION
 				);
+			set_error_handler(array($this, 'errorHandler'));
 			$this->smtp_conn = fsockopen(
 				$host,
 				$port,
@@ -294,6 +312,7 @@ class SMTP
 				$errstr,
 				$timeout
 				);
+			restore_error_handler();
 		}
 		// Verify we connected properly
 		if (!is_resource($this->smtp_conn)) {
@@ -348,14 +367,14 @@ class SMTP
 		}
 		
 		// Begin encrypted connection
-        if (!stream_socket_enable_crypto(
+		set_error_handler(array($this, 'errorHandler'));
+		$crypto_ok = stream_socket_enable_crypto(
 			$this->smtp_conn,
 			true,
 			$crypto_method
-        )) {
-            return false;
-        }
-        return true;
+			);
+		restore_error_handler();
+		return $crypto_ok;
 	}
 	
 	/**
@@ -384,8 +403,7 @@ class SMTP
 			}
 			
 			if (array_key_exists('EHLO', $this->server_caps)) {
-        // SMTP extensions are available. Let's try to find a proper authentication method
-
+				// SMTP extensions are available; try to find a proper authentication method
 				if (!array_key_exists('AUTH', $this->server_caps)) {
 					$this->setError('Authentication is not allowed at this stage');
 					// 'at this stage' means that auth may be allowed after the stage changes
@@ -474,7 +492,7 @@ class SMTP
 					$temp = new stdClass;
 					$ntlm_client = new ntlm_sasl_client_class;
 					//Check that functions are available
-                if (!$ntlm_client->Initialize($temp)) {
+					if (!$ntlm_client->initialize($temp)) {
 						$this->setError($temp->error);
 						$this->edebug(
 							'You need to enable some modules in your php.ini file: '
@@ -484,7 +502,7 @@ class SMTP
 						return false;
 					}
 					//msg1
-                $msg1 = $ntlm_client->TypeMsg1($realm, $workstation); //msg1
+					$msg1 = $ntlm_client->typeMsg1($realm, $workstation); //msg1
 					
 					if (!$this->sendCommand(
 						'AUTH NTLM',
@@ -503,7 +521,7 @@ class SMTP
 							$password
 							);
 						//msg3
-                $msg3 = $ntlm_client->TypeMsg3(
+						$msg3 = $ntlm_client->typeMsg3(
 							$ntlm_res,
 							$username,
 							$realm,
@@ -696,6 +714,7 @@ class SMTP
 		$savetimelimit = $this->Timelimit;
 		$this->Timelimit = $this->Timelimit * 2;
 		$result = $this->sendCommand('DATA END', '.', 250);
+		$this->recordLastTransactionID();
 		//Restore timelimit
 		$this->Timelimit = $savetimelimit;
 		return $result;
@@ -879,7 +898,8 @@ class SMTP
 			$code_ex = (count($matches) > 2 ? $matches[2] : null);
 			// Cut off error code from each response line
 			$detail = preg_replace(
-                "/{$code}[ -]".($code_ex ? str_replace('.', '\\.', $code_ex).' ' : '')."/m",
+				"/{$code}[ -]" .
+				($code_ex ? str_replace('.', '\\.', $code_ex) . ' ' : '') . "/m",
 				'',
 				$this->last_reply
 			);
@@ -975,7 +995,10 @@ class SMTP
 	public function client_send($data)
 	{
 		$this->edebug("CLIENT -> SERVER: $data", self::DEBUG_CLIENT);
-        return fwrite($this->smtp_conn, $data);
+		set_error_handler(array($this, 'errorHandler'));
+		$result = fwrite($this->smtp_conn, $data);
+		restore_error_handler();
+		return $result;
 	}
 	
 	/**
@@ -1075,8 +1098,10 @@ class SMTP
 			$this->edebug("SMTP -> get_lines(): \$data is \"$data\"", self::DEBUG_LOWLEVEL);
 			$this->edebug("SMTP -> get_lines(): \$str is  \"$str\"", self::DEBUG_LOWLEVEL);
 			$data .= $str;
-            // If 4th character is a space, we are done reading, break the loop, micro-optimisation over strlen
-            if ((isset($str[3]) and $str[3] == ' ')) {
+			// If response is only 3 chars (not valid, but RFC5321 S4.2 says it must be handled),
+			// or 4th character is a space, we are done reading, break the loop,
+			// string array access is a micro-optimisation over strlen
+			if (!isset($str[3]) or (isset($str[3]) and $str[3] == ' ')) {
 				break;
 			}
 			// Timed-out? Log and break
@@ -1189,4 +1214,63 @@ class SMTP
 	{
 		return $this->Timeout;
 	}
+	
+	/**
+	 * Reports an error number and string.
+	 * @param integer $errno The error number returned by PHP.
+	 * @param string $errmsg The error message returned by PHP.
+	 * @param string $errfile The file the error occurred in
+	 * @param integer $errline The line number the error occurred on
+	 */
+	protected function errorHandler($errno, $errmsg, $errfile = '', $errline = 0)
+	{
+		$notice = 'Connection failed.';
+		$this->setError(
+			$notice,
+			$errno,
+			$errmsg
+			);
+		$this->edebug(
+			$notice . ' Error #' . $errno . ': ' . $errmsg . " [$errfile line $errline]",
+			self::DEBUG_CONNECTION
+			);
+	}
+	
+	/**
+	 * Extract and return the ID of the last SMTP transaction based on
+	 * a list of patterns provided in SMTP::$smtp_transaction_id_patterns.
+	 * Relies on the host providing the ID in response to a DATA command.
+	 * If no reply has been received yet, it will return null.
+	 * If no pattern was matched, it will return false.
+	 * @return bool|null|string
+	 */
+	protected function recordLastTransactionID()
+	{
+		$reply = $this->getLastReply();
+		
+		if (empty($reply)) {
+			$this->last_smtp_transaction_id = null;
+		} else {
+			$this->last_smtp_transaction_id = false;
+			foreach ($this->smtp_transaction_id_patterns as $smtp_transaction_id_pattern) {
+				if (preg_match($smtp_transaction_id_pattern, $reply, $matches)) {
+					$this->last_smtp_transaction_id = $matches[1];
+				}
+			}
+		}
+		
+		return $this->last_smtp_transaction_id;
+	}
+	
+	/**
+	 * Get the queue/transaction ID of the last SMTP transaction
+	 * If no reply has been received yet, it will return null.
+	 * If no pattern was matched, it will return false.
+	 * @return bool|null|string
+	 * @see recordLastTransactionID()
+	 */
+	public function getLastTransactionID()
+	{
+		return $this->last_smtp_transaction_id;
+	}
 }
--- a/lib/classes/settings/class.SImExporter.php
+++ b/lib/classes/settings/class.SImExporter.php
@@ -0,0 +1,114 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2018 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Michael Kaufmann <d00p@froxlor.org>
+ * @author     Froxlor team <team@froxlor.org> (2018-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Classes
+ *
+ * @since      0.9.39
+ *
+ */
+
+/**
+ * Class SImExporter
+ *
+ * Import/Export settings to JSON
+ *
+ * @copyright (c) the authors
+ * @author Michael Kaufmann <d00p@froxlor.org>
+ * @author Froxlor team <team@froxlor.org> (2018-)
+ * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package Classes
+ */
+class SImExporter
+{
+
+	/**
+	 * settings which are not being exported
+	 *
+	 * @var array
+	 */
+	private static $_no_export = [
+		'panel.adminmail',
+		'admin.show_news_feed',
+		'system.lastaccountnumber',
+		'system.lastguid',
+		'system.ipaddress',
+		'system.last_traffic_run',
+		'system.hostname',
+		'system.mysql_access_host',
+		'system.lastcronrun',
+		'system.defaultip',
+		'system.last_tasks_run',
+		'system.last_archive_run',
+		'system.leprivatekey',
+		'system.lepublickey'
+	];
+
+	public static function export()
+	{
+		$result_stmt = Database::query("
+			SELECT * FROM `" . TABLE_PANEL_SETTINGS . "` ORDER BY `settingid` ASC
+		");
+		$_data = array();
+		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			$index = $row['settinggroup'] . "." . $row['varname'];
+			if (! in_array($index, self::$_no_export)) {
+				$_data[$index] = $row['value'];
+			}
+		}
+		// add checksum for validation
+		$_data['_sha'] = sha1(var_export($_data, true));
+		$_export = json_encode($_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+		if (! $_export) {
+			throw new Exception("Error exporting settings: " . json_last_error_msg());
+		}
+		return $_export;
+	}
+
+	public static function import($json_str = null)
+	{
+		// decode data
+		$_data = json_decode($json_str, true);
+		if ($_data) {
+			// get validity check data
+			$_sha = isset($_data['_sha']) ? $_data['_sha'] : false;
+			$_version = isset($_data['panel.version']) ? $_data['panel.version'] : false;
+			$_dbversion = isset($_data['panel.db_version']) ? $_data['panel.db_version'] : false;
+			// check if we have everything we need
+			if (! $_sha || ! $_version || ! $_dbversion) {
+				throw new Exception("Invalid froxlor settings data. Unable to import.");
+			}
+			// validate import file
+			unset($_data['_sha']);
+			// compare
+			if ($_sha != sha1(var_export($_data, true))) {
+				throw new Exception("SHA check of import data failed. Unable to import.");
+			}
+			// do not import version info - but we need that to possibily update settings
+			// when there were changes in the variable-name or similar
+			unset($_data['panel.version']);
+			unset($_data['panel.db_version']);
+			/*
+			// store new data
+			foreach ($_data as $index => $value) {
+				Settings::Set($index, $value);
+			}
+			// save to DB
+			Settings::Flush();
+			*/
+			// all good
+			return true;
+		}
+		throw new Exception("Invalid JSON data: " . json_last_error_msg());
+	}
+}
--- a/lib/classes/settings/class.Settings.php
+++ b/lib/classes/settings/class.Settings.php
@@ -86,6 +86,7 @@ class Settings {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			self::$_data[$row['settinggroup']][$row['varname']] = $row['value'];
 		}
+		return true;
 	}

 	/**
@@ -161,10 +162,16 @@ class Settings {
 			if ($instant_save) {
 				$this->_storeSetting($sstr[0], $sstr[1], $value);
 			} else {
-				if (!is_array(self::$_data[$sstr[0]])) {
+				// set temporary data for usage
+				if (!isset(self::$_data[$sstr[0]]) || !is_array(self::$_data[$sstr[0]])) {
 					self::$_data[$sstr[0]] = array();
 				}
 				self::$_data[$sstr[0]][$sstr[1]] = $value;
+				// set update-data when invoking Flush()
+				if (!isset(self::$_updatedata[$sstr[0]]) || !is_array(self::$_updatedata[$sstr[0]])) {
+					self::$_updatedata[$sstr[0]] = array();
+				}
+				self::$_updatedata[$sstr[0]][$sstr[1]] = $value;
 			}
 			return true;
 		}
@@ -223,8 +230,9 @@ class Settings {
 			// now empty the array
 			self::$_updatedata = array();
 			// re-read in all settings
-			$this->_readSettings();
+			return $this->_readSettings();
 		}
+		return false;
 	}

 	/**
--- a/lib/classes/ssl/class.lescript.php
+++ b/lib/classes/ssl/class.lescript.php
@@ -29,7 +29,7 @@
 class lescript
 {

-	public $license = 'https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf';
+	// https://letsencrypt.org/repository/

 	private $logger;

@@ -37,9 +37,18 @@ class lescript

 	private $accountKey;

-	public function __construct($logger)
+	private $customerid;
+
+	private $isFroxlorVhost;
+
+	private $isLeProduction;
+
+	private $version;
+
+	public function __construct($logger, $version = '1')
 	{
 		$this->logger = $logger;
+		$this->version = $version;
 		if (Settings::Get('system.letsencryptca') == 'production') {
 			$ca = 'https://acme-v01.api.letsencrypt.org';
 		} else {
@@ -49,44 +58,75 @@ class lescript
 		$this->log("Using '$ca' to generate certificate");
 	}

-	public function initAccount($certrow)
+	public function initAccount($certrow, $isFroxlorVhost = false)
 	{
 		// Let's see if we have the private accountkey
 		$this->accountKey = $certrow['leprivatekey'];
-		if (! $this->accountKey || $this->accountKey == 'unset' || Settings::Get('system.letsencryptca') != 'production') {
+		$this->customerId = (!$isFroxlorVhost ? $certrow['customerid'] : null);
+		$this->isFroxlorVhost = $isFroxlorVhost;
+		$this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production');
+
+		$leregistered=$certrow['leregistered'];
+
+		if (! $this->accountKey || $this->accountKey == 'unset' || !$this->isLeProduction) {

 			// generate and save new private key for account
 			// ---------------------------------------------

-			$this->log('Starting new account registration');
+			$this->log('Creating new account key');
 			$keys = $this->generateKey();
 			// Only store the accountkey in production, in staging always generate a new key
-			if (Settings::Get('system.letsencryptca') == 'production') {
-				$upd_stmt = Database::prepare(
-					"UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " .
-						 "WHERE `customerid` = :customerid;");
-				Database::pexecute($upd_stmt,
-					array(
+			if ($this->isLeProduction) {
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+					Settings::Set('system.leregistered', 0); // key is not registered
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private, `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
 						'public' => $keys['public'],
 						'private' => $keys['private'],
-						'customerid' => $certrow['customerid']
+						'registered' => 0,
+						'customerid' => $this->customerId
 					));
 				}
+			}
+			$leregistered=0;
 			$this->accountKey = $keys['private'];
-
-			$response = $this->postNewReg();
-			if ($this->client->getLastCode() != 201) {
-				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . $response);
-			}
-
-			$this->postNewReg();
-			$this->log('New account certificate registered');
 		} else {
-
-			$this->log('Account already registered. Continuing.');
-		}
+			$this->log('Using existing account key');
 		}

+		if ($leregistered==0) { // Account not registered
+
+			$this->log('Starting new account registration');
+			$response = $this->postNewReg();
+			if ($this->client->getLastCode() == 409) {
+				$this->log('The key was already registered. Using existing account.');
+			} else if ($this->client->getLastCode() == 201) {
+				$this->log('New account registered.');
+			} else {
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
+			}
+			$accountUrl=$this->client->getLastLocation();
+
+			$leregistered = 1;
+			$this->setLeRegisteredState($leregistered); // Account registered
+			$this->log('Lets encrypt Terms of Service accepted');
+		}
+
+	}
+
+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
 	public function signDomains(array $domains, $domainkey = null, $csr = null)
 	{
 		if (! $this->accountKey) {
@@ -108,8 +148,7 @@ class lescript

 			$this->log("Requesting challenge for $domain");

-			$response = $this->signedRequest("/acme/new-authz",
-				array(
+			$response = $this->signedRequest("/acme/new-authz", array(
 				"resource" => "new-authz",
 				"identifier" => array(
 					"type" => "dns",
@@ -117,11 +156,17 @@ class lescript
 				)
 			));

+			if ($this->client->getLastCode() == 403) {
+				$this->log("Got status 403 - setting LE status to unregistered.");
+				$this->setLeRegisteredState(0);
+				throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run.  Whole response: " . json_encode($response));
+			}
+
 			// if response is not an array but a string, it's most likely a server-error, e.g.
 			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
 			// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
 			if (! is_array($response)) {
-				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . $response);
+				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
 			}

 			if (! array_key_exists('challenges', $response)) {
@@ -129,12 +174,13 @@ class lescript
 			}

 			// choose http-01 challenge only
-			$challenge = array_reduce($response['challenges'],
-				function ($v, $w) {
+			$challenge = array_reduce($response['challenges'], function ($v, $w) {
 				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
 			});
-			if (! $challenge)
+
+			if (! $challenge) {
 				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}

 			$this->log("Got challenge token for $domain");
 			$location = $this->client->getLastLocation();
@@ -168,22 +214,24 @@ class lescript
 			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");

 			// simple self check
-			if ($payload !== trim(@file_get_contents($uri))) {
+			if (Settings::Get('system.disable_le_selfcheck') == '0')
+			{
+				$selfcheckpayload = HttpClient::urlGet($uri);
+				if ($payload !== trim($selfcheckpayload)) {
 					$errmsg = json_encode(error_get_last());
 					if ($errmsg != "null") {
 						$errmsg = "; PHP error: " . $errmsg;
 					} else {
 						$errmsg = "";
 					}
-				@unlink($tokenPath);
-				throw new \RuntimeException("Please check $uri - token not available" . $errmsg);
+					$this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg);
+				}
 			}

 			$this->log("Sending request to challenge");

 			// send request to challenge
-			$result = $this->signedRequest($challenge['uri'],
-				array(
+			$result = $this->signedRequest($challenge['uri'], array(
 				"resource" => "challenge",
 				"type" => "http-01",
 				"keyAuthorization" => $payload,
@@ -227,7 +275,9 @@ class lescript

 		$this->client->getLastLinks();

+		if (empty($csr)) {
 			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}

 		// request certificates creation
 		$result = $this->signedRequest("/acme/new-cert", array(
@@ -286,6 +336,21 @@ class lescript
 		);
 	}

+	private function setLeRegisteredState($state)
+	{
+		if ($this->isLeProduction) {
+			if ($this->isFroxlorVhost) {
+				Settings::Set('system.leregistered', $state);
+			} else {
+				$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+				Database::pexecute($upd_stmt, array(
+					'registered' => $state,
+					'customerid' => $this->customerId
+				));
+			}
+		}
+	}
+
 	private function parsePemFromBody($body)
 	{
 		$pem = chunk_split(base64_encode($body), 64, "\n");
@@ -294,11 +359,16 @@ class lescript

 	private function postNewReg()
 	{
+		$this->log('Getting last terms of service URL');
+		$directory = $this->client->get('/directory');
+		if (!isset($directory['meta']) || !isset($directory['meta']['terms-of-service'])) {
+			throw new \RuntimeException("No terms of service link available!");
+		}
 		$this->log('Sending registration to letsencrypt server');

 		return $this->signedRequest('/acme/new-reg', array(
 			'resource' => 'new-reg',
-			'agreement' => $this->license
+			'agreement' => $directory['meta']['terms-of-service']
 		));
 	}

@@ -313,8 +383,7 @@ class lescript
 		$tmpConfPath = $tmpConfMeta["uri"];

 		// workaround to get SAN working
-		fwrite($tmpConf,
-			'HOME = .
+		fwrite($tmpConf, 'HOME = .
 RANDFILE = $ENV::HOME/.rnd
 [ req ]
 default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
@@ -328,8 +397,7 @@ basicConstraints = CA:FALSE
 subjectAltName = ' . $san . '
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment');

-		$csr = openssl_csr_new(
-			array(
+		$csr = openssl_csr_new(array(
 			"CN" => $domain,
 			"ST" => Settings::Get('system.letsencryptstate'),
 			"C" => Settings::Get('system.letsencryptcountrycode'),
@@ -352,8 +420,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment');

 	private function generateKey()
 	{
-		$res = openssl_pkey_new(
-			array(
+		$res = openssl_pkey_new(array(
 			"private_key_type" => OPENSSL_KEYTYPE_RSA,
 			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
 		));
--- a/lib/classes/ssl/class.lescript_v2.php
+++ b/lib/classes/ssl/class.lescript_v2.php
@@ -0,0 +1,594 @@
+<?php
+
+// Copyright (c) 2015, Stanislav Humplik <sh@analogic.cz>
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+// * Neither the name of the <organization> nor the
+// names of its contributors may be used to endorse or promote products
+// derived from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT HOLDER> BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is copied from https://github.com/analogic/lescript
+// and modified to work without files and integrate in Froxlor
+class lescript_v2
+{
+
+	// https://letsencrypt.org/repository/
+	private $logger;
+
+	private $client;
+
+	private $accountKey;
+
+	private $customerid;
+
+	private $isFroxlorVhost;
+
+	private $isLeProduction;
+
+	private $version;
+
+	private $_req_uris = array();
+
+	private $_acc_location = null;
+
+	public function __construct($logger, $version = '2')
+	{
+		$this->logger = $logger;
+		$this->version = $version;
+		if (Settings::Get('system.letsencryptca') == 'production') {
+			$ca = 'https://acme-v02.api.letsencrypt.org';
+		} else {
+			$ca = 'https://acme-staging-v02.api.letsencrypt.org';
+		}
+		$this->client = new Client($ca);
+		$this->log("Using '$ca' to generate certificate");
+		
+		// get request-uris from /directory
+		$response = $this->client->get('/directory');
+		$this->_req_uris['newAccount'] = $response['newAccount'];
+		$this->_req_uris['newOrder'] = $response['newOrder'];
+		$this->_req_uris['newNonce'] = $response['newNonce'];
+		$this->_req_uris['revokeCert'] = $response['revokeCert'];
+	}
+
+	public function initAccount($certrow, $isFroxlorVhost = false)
+	{
+		// Let's see if we have the private accountkey
+		$this->accountKey = $certrow['leprivatekey'];
+		$this->customerId = (! $isFroxlorVhost ? $certrow['customerid'] : null);
+		$this->isFroxlorVhost = $isFroxlorVhost;
+		$this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production');
+		
+		$leregistered = $certrow['leregistered'];
+		
+		if (! $this->accountKey || $this->accountKey == 'unset' || ! $this->isLeProduction) {
+			
+			// generate and save new private key for account
+			// ---------------------------------------------
+			
+			$this->log('Creating new account key');
+			$keys = $this->generateKey();
+			// Only store the accountkey in production, in staging always generate a new key
+			if ($this->isLeProduction) {
+				if ($isFroxlorVhost) {
+					Settings::Set('system.lepublickey', $keys['public']);
+					Settings::Set('system.leprivatekey', $keys['private']);
+					Settings::Set('system.leregistered', 0); // key is not registered
+				} else {
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private, `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+					Database::pexecute($upd_stmt, array(
+						'public' => $keys['public'],
+						'private' => $keys['private'],
+						'registered' => 0,
+						'customerid' => $this->customerId
+					));
+				}
+			}
+			$leregistered = 0;
+			$this->accountKey = $keys['private'];
+		} else {
+			$this->log('Using existing account key');
+		}
+		
+		if ($leregistered == 0) { // Account not registered
+			
+			$this->log('Starting new account registration');
+			$response = $this->postNewReg();
+			if ($this->client->getLastCode() == 409) {
+				$this->log('The key was already registered. Using existing account.');
+			} else if ($this->client->getLastCode() == 201) {
+				$this->log('New account registered.');
+			} else {
+				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
+			}
+			$this->_acc_location = $this->client->getLastLocation();
+			
+			$leregistered = 1;
+			$this->setLeRegisteredState($leregistered);
+		}
+	}
+
+	/**
+	 *
+	 * @param array $domains
+	 * @param string $domainkey
+	 * @param string $csr
+	 *        	optional, same behavior as $reuseCsr from the original class, but we're passing the content of the csr already
+	 *        	
+	 * @throws \RuntimeException
+	 * @return string[]
+	 */
+	public function signDomains(array $domains, $domainkey = null, $csr = null)
+	{
+		if (! $this->accountKey) {
+			throw new \RuntimeException("Account not initialized");
+		}
+		
+		$this->log('Starting certificate generation process for domains');
+		
+		$privateAccountKey = openssl_pkey_get_private($this->accountKey);
+		$accountKeyDetails = openssl_pkey_get_details($privateAccountKey);
+		
+		// start domains authentication
+		// ----------------------------
+		
+		foreach ($domains as $domain) {
+			
+			// 1. getting available authentication options
+			// -------------------------------------------
+			
+			$this->log("Requesting challenge for $domain");
+			
+			$response = $this->signedRequest($this->_req_uris['newOrder'], array(
+				"identifiers" => array(
+					array(
+						"type" => "dns",
+						"value" => $domain
+					)
+				)
+			), false);
+			
+			if ($this->client->getLastCode() == 403) {
+				$this->log("Got status 403 - setting LE status to unregistered.");
+				$this->setLeRegisteredState(0);
+				throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run.  Whole response: " . json_encode($response));
+			}
+			
+			// if response is not an array but a string, it's most likely a server-error, e.g.
+			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
+			// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
+			if (! is_array($response)) {
+				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
+			}
+			
+			if (! array_key_exists('authorizations', $response)) {
+				throw new RuntimeException("No authorizations received for $domain. Whole response: " . json_encode($response));
+			}
+			
+			// get authorization
+			$auth_response = $this->client->get($response['authorizations'][0]);
+			
+			if (! array_key_exists('challenges', $auth_response)) {
+				throw new RuntimeException("No challenges received for $domain. Whole response: " . json_encode($auth_response));
+			}
+			
+			// choose http-01 challenge only
+			$challenge = array_reduce($auth_response['challenges'], function ($v, $w) {
+				return $v ? $v : ($w['type'] == 'http-01' ? $w : false);
+			});
+			
+			if (! $challenge) {
+				throw new RuntimeException("HTTP Challenge for $domain is not available. Whole response: " . json_encode($response));
+			}
+			
+			$this->log("Got challenge token for $domain");
+			$location = $challenge['url'];
+			$finalizeLink = $response['finalize'];
+			
+			// 2. saving authentication token for web verification
+			// ---------------------------------------------------
+			
+			$directory = Settings::Get('system.letsencryptchallengepath') . '/.well-known/acme-challenge';
+			$tokenPath = $directory . '/' . $challenge['token'];
+			
+			if (! file_exists($directory) && ! @mkdir($directory, 0755, true)) {
+				throw new \RuntimeException("Couldn't create directory to expose challenge: ${tokenPath}");
+			}
+			
+			$header = array(
+				// need to be in precise order!
+				"e" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["e"]),
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($accountKeyDetails["rsa"]["n"])
+			);
+			$payload = $challenge['token'] . '.' . Base64UrlSafeEncoder::encode(hash('sha256', json_encode($header), true));
+			
+			file_put_contents($tokenPath, $payload);
+			chmod($tokenPath, 0644);
+			
+			// 3. verification process itself
+			// -------------------------------
+			
+			$uri = "http://${domain}/.well-known/acme-challenge/${challenge['token']}";
+			
+			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
+			
+			// simple self check
+			if (Settings::Get('system.disable_le_selfcheck') == '0') {
+				$selfcheckpayload = HttpClient::urlGet($uri);
+				if ($payload !== trim($selfcheckpayload)) {
+					$errmsg = json_encode(error_get_last());
+					if ($errmsg != "null") {
+						$errmsg = "; PHP error: " . $errmsg;
+					} else {
+						$errmsg = "";
+					}
+					$this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg);
+				}
+			}
+			
+			$this->log("Sending request to challenge");
+			
+			// send request to challenge
+			$result = $this->signedRequest($challenge['url'], array(
+				"type" => "http-01",
+				"keyAuthorization" => $payload,
+				"token" => $challenge['token']
+			), false);
+			
+			// waiting loop
+			// we wait for a maximum of 30 seconds to avoid endless loops
+			$count = 0;
+			do {
+				if (empty($result['status']) || $result['status'] == "invalid") {
+					@unlink($tokenPath);
+					throw new \RuntimeException("Verification ended with error: " . json_encode($result));
+				}
+				$ended = ! ($result['status'] === "pending" || $result['status'] === "processing");
+				
+				if (! $ended) {
+					$this->log("Verification " . $result['status'] . ", sleeping 1s");
+					sleep(1);
+					$count ++;
+				}
+				
+				$result = $this->client->get($location);
+			} while (! $ended && $count < 30);
+			
+			$this->log("Verification ended with status: ${result['status']}");
+			@unlink($tokenPath);
+		}
+		
+		// requesting certificate
+		// ----------------------
+		
+		// generate private key for domain if not exist
+		if (empty($domainkey) || Settings::Get('system.letsencryptreuseold') == 0) {
+			$keys = $this->generateKey();
+			$domainkey = $keys['private'];
+		}
+		
+		// load domain key
+		$privateDomainKey = openssl_pkey_get_private($domainkey);
+		
+		if (empty($csr)) {
+			$csr = $this->generateCSR($privateDomainKey, $domains);
+		}
+		
+		// request certificates creation
+		$result = $this->signedRequest($finalizeLink, array(
+			'csr' => $csr
+		), false);
+		if ($this->client->getLastCode() !== 200) {
+			throw new \RuntimeException("Invalid response code: " . $this->client->getLastCode() . ", " . json_encode($result));
+		}
+		if (! isset($result['certificate'])) {
+			throw new \RuntimeException("No certificate URL specified in result");
+		}
+		
+		$certificates = array();
+		$certdata = $this->client->get($result['certificate']);
+		$this->log("Got certificate! YAY!");
+		$certificates[] = $certdata;
+		foreach ($this->client->getLastLinks() as $link) {
+			$this->log("Requesting chained cert at $link");
+			$result = $this->client->get($link);
+			$certificates[] = $result;
+		}
+		
+		if (empty($certificates))
+			throw new \RuntimeException('No certificates generated');
+		
+		$fullchain = implode("\n", $certificates);
+		$crt = array_shift($certificates);
+		$chain = implode("\n", $certificates);
+		
+		$this->log("Done, returning new certificates and key");
+		return array(
+			'fullchain' => $fullchain,
+			'crt' => $crt,
+			'chain' => $chain,
+			'key' => $domainkey,
+			'csr' => $csr
+		);
+	}
+
+	private function setLeRegisteredState($state)
+	{
+		if ($this->isLeProduction) {
+			if ($this->isFroxlorVhost) {
+				Settings::Set('system.leregistered', $state);
+			} else {
+				$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+				Database::pexecute($upd_stmt, array(
+					'registered' => $state,
+					'customerid' => $this->customerId
+				));
+			}
+		}
+	}
+
+	private function parsePemFromBody($body)
+	{
+		$pem = chunk_split(base64_encode($body), 64, "\n");
+		return "-----BEGIN CERTIFICATE-----\n" . $pem . "-----END CERTIFICATE-----\n";
+	}
+
+	private function postNewReg()
+	{
+		$this->log('Getting last terms of service URL');
+		$directory = $this->client->get('/directory');
+		if (! isset($directory['meta']) || ! isset($directory['meta']['termsOfService'])) {
+			throw new \RuntimeException("No terms of service link available!");
+		}
+		$this->log('Sending registration to letsencrypt server');
+		
+		return $this->signedRequest($this->_req_uris['newAccount'], array(
+			'termsOfServiceAgreed' => true
+		));
+	}
+
+	private function generateCSR($privateKey, array $domains)
+	{
+		$domain = reset($domains);
+		$san = implode(",", array_map(function ($dns) {
+			return "DNS:" . $dns;
+		}, $domains));
+		$tmpConf = tmpfile();
+		$tmpConfMeta = stream_get_meta_data($tmpConf);
+		$tmpConfPath = $tmpConfMeta["uri"];
+		
+		// workaround to get SAN working
+		fwrite($tmpConf, 'HOME = .
+RANDFILE = $ENV::HOME/.rnd
+[ req ]
+default_bits = ' . Settings::Get('system.letsencryptkeysize') . '
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+[ v3_req ]
+basicConstraints = CA:FALSE
+subjectAltName = ' . $san . '
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
+		
+		$csr = openssl_csr_new(array(
+			"CN" => $domain,
+			"ST" => Settings::Get('system.letsencryptstate'),
+			"C" => Settings::Get('system.letsencryptcountrycode'),
+			"O" => "Unknown"
+		), $privateKey, array(
+			"config" => $tmpConfPath,
+			"digest_alg" => "sha256"
+		));
+		
+		if (! $csr)
+			throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
+		
+		openssl_csr_export($csr, $csr);
+		fclose($tmpConf);
+		
+		preg_match('~REQUEST-----(.*)-----END~s', $csr, $matches);
+		
+		return trim(Base64UrlSafeEncoder::encode(base64_decode($matches[1])));
+	}
+
+	private function generateKey()
+	{
+		$res = openssl_pkey_new(array(
+			"private_key_type" => OPENSSL_KEYTYPE_RSA,
+			"private_key_bits" => (int) Settings::Get('system.letsencryptkeysize')
+		));
+		
+		if (! openssl_pkey_export($res, $privateKey)) {
+			throw new \RuntimeException("Key export failed!");
+		}
+		
+		$details = openssl_pkey_get_details($res);
+		
+		return array(
+			'private' => $privateKey,
+			'public' => $details['key']
+		);
+	}
+
+	private function signedRequest($uri, array $payload, $needs_jwk = true)
+	{
+		$privateKey = openssl_pkey_get_private($this->accountKey);
+		$details = openssl_pkey_get_details($privateKey);
+		
+		$header = array(
+			"alg" => "RS256"
+		);
+		
+		if ($needs_jwk) {
+			$header["jwk"] = array(
+				"kty" => "RSA",
+				"n" => Base64UrlSafeEncoder::encode($details["rsa"]["n"]),
+				"e" => Base64UrlSafeEncoder::encode($details["rsa"]["e"])
+			);
+		} else {
+			// need account-url
+			$header["kid"] = $this->_acc_location;
+		}
+		
+		$protected = $header;
+		$protected["nonce"] = $this->client->getLastNonce();
+		$protected["url"] = $uri;
+		
+		$payload64 = Base64UrlSafeEncoder::encode(json_encode($payload, JSON_UNESCAPED_SLASHES));
+		$protected64 = Base64UrlSafeEncoder::encode(json_encode($protected));
+		
+		openssl_sign($protected64 . '.' . $payload64, $signed, $privateKey, "SHA256");
+		
+		$signed64 = Base64UrlSafeEncoder::encode($signed);
+		
+		$data = array(
+			'protected' => $protected64,
+			'payload' => $payload64,
+			'signature' => $signed64
+		);
+		
+		$this->log("Sending signed request to $uri");
+		return $this->client->post($uri, json_encode($data));
+	}
+
+	protected function log($message)
+	{
+		$this->logger->logAction(CRON_ACTION, LOG_INFO, "letsencrypt-v2 " . $message);
+	}
+}
+
+class Client
+{
+
+	private $lastCode;
+
+	public $lastHeader;
+
+	private $base;
+
+	public function __construct($base)
+	{
+		$this->base = $base;
+	}
+
+	private function curl($method, $url, $data = null)
+	{
+		$headers = array(
+			'Accept: application/json',
+			'Content-Type: application/json'
+		);
+		$handle = curl_init();
+		curl_setopt($handle, CURLOPT_URL, preg_match('~^http~', $url) ? $url : $this->base . $url);
+		curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
+		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($handle, CURLOPT_HEADER, true);
+		
+		// DO NOT DO THAT!
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, false);
+		// curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, false);
+		
+		switch ($method) {
+			case 'GET':
+				break;
+			case 'POST':
+				curl_setopt($handle, CURLOPT_POST, true);
+				curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
+				break;
+		}
+		$response = curl_exec($handle);
+		
+		if (curl_errno($handle)) {
+			throw new \RuntimeException('Curl: ' . curl_error($handle));
+		}
+		
+		$header_size = curl_getinfo($handle, CURLINFO_HEADER_SIZE);
+		
+		$header = substr($response, 0, $header_size);
+		$body = substr($response, $header_size);
+		
+		$this->lastHeader = $header;
+		$this->lastCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
+		
+		$data = json_decode($body, true);
+		return $data === null ? $body : $data;
+	}
+
+	public function post($url, $data)
+	{
+		return $this->curl('POST', $url, $data);
+	}
+
+	public function get($url)
+	{
+		return $this->curl('GET', $url);
+	}
+
+	public function getLastNonce()
+	{
+		if (preg_match('~Replay\-Nonce: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+		
+		$this->curl('GET', '/directory');
+		return $this->getLastNonce();
+	}
+
+	public function getLastLocation()
+	{
+		if (preg_match('~Location: (.+)~i', $this->lastHeader, $matches)) {
+			return trim($matches[1]);
+		}
+		return null;
+	}
+
+	public function getLastCode()
+	{
+		return $this->lastCode;
+	}
+
+	public function getLastLinks()
+	{
+		preg_match_all('~Link: <(.+)>;rel="up"~', $this->lastHeader, $matches);
+		return $matches[1];
+	}
+}
+
+class Base64UrlSafeEncoder
+{
+
+	public static function encode($input)
+	{
+		return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
+	}
+
+	public static function decode($input)
+	{
+		$remainder = strlen($input) % 4;
+		if ($remainder) {
+			$padlen = 4 - $remainder;
+			$input .= str_repeat('=', $padlen);
+		}
+		return base64_decode(strtr($input, '-_', '+/'));
+	}
+}
--- a/lib/classes/webserver/class.ConfigIO.php
+++ b/lib/classes/webserver/class.ConfigIO.php
@@ -17,13 +17,14 @@
 * @since      0.9.29
 *
 */
-
-class ConfigIO {
+class ConfigIO
+{

 	/**
 	 * constructor
 	 */
-	public function __construct() {}
+	public function __construct()
+	{}

 	/**
 	 * clean up former created configs, including (if enabled)
@@ -32,7 +33,8 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	public function cleanUp() {
+	public function cleanUp()
+	{
 		
 		// old error logs
 		$this->_cleanErrLogs();
@@ -56,14 +58,14 @@ class ConfigIO {
 		$this->_cleanCustomerSslCerts();
 	}

-	private function _cleanErrLogs() {
-
+	private function _cleanErrLogs()
+	{
 		$err_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . "/logs/");
 		if (@is_dir($err_dir)) {
 			// now get rid of old stuff
 			// (but append /*.log so we don't delete the directory)
 			$err_dir .= '/*.log';
-	        safe_exec('rm -rf '. makeCorrectFile($err_dir));
+			safe_exec('rm -f ' . makeCorrectFile($err_dir));
 		}
 	}

@@ -73,7 +75,8 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanCustomerSslCerts() {
+	private function _cleanCustomerSslCerts()
+	{
 		
 		/*
 		 * only clean up if we're actually using SSL
@@ -89,7 +92,7 @@ class ConfigIO {
 					// now get rid of old stuff
 					// (but append /* so we don't delete the directory)
 					$configdir .= '/*';
-					safe_exec('rm -rf '. makeCorrectFile($configdir));
+					safe_exec('rm -f ' . makeCorrectFile($configdir));
 				}
 			}
 		}
@@ -100,7 +103,8 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanWebserverConfigs() {
+	private function _cleanWebserverConfigs()
+	{
 		
 		// get directories
 		$configdirs = array();
@@ -122,9 +126,7 @@ class ConfigIO {
 			if (@is_dir($config_dir)) {
 				
 				// create directory iterator
-				$its = new RecursiveIteratorIterator(
-						new RecursiveDirectoryIterator($config_dir)
-				);
+				$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($config_dir));
 				
 				// iterate through all subdirs,
 				// look for vhost/diroption files
@@ -144,7 +146,8 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanHtpasswdFiles() {
+	private function _cleanHtpasswdFiles()
+	{
 		
 		// get correct directory
 		$configdir = $this->_getFile('system', 'apacheconf_htpasswddir');
@@ -156,7 +159,7 @@ class ConfigIO {
 				// now get rid of old stuff
 				// (but append /* so we don't delete the directory)
 				$configdir .= '/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				safe_exec('rm -f ' . makeCorrectFile($configdir));
 			}
 		}
 	}
@@ -166,8 +169,8 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanAwstatsFiles() {
-
+	private function _cleanAwstatsFiles()
+	{
 		if (Settings::Get('system.awstats_enabled') == '0') {
 			return;
 		}
@@ -179,7 +182,8 @@ class ConfigIO {
 		
 		/**
 		 * don't do anything if the directory does not exist
-		 * (e.g. awstats not installed yet or whatever)
+		 * (e.g.
+		 * awstats not installed yet or whatever)
 		 * fixes #45
 		 */
 		if ($awstatsclean['path'] !== false && is_dir($awstatsclean['path'])) {
@@ -194,9 +198,7 @@ class ConfigIO {
 					$awstatsclean['headerRead'] = fgets($awstatsclean['fh'], strlen($awstatsclean['header']) + 1);
 					fclose($awstatsclean['fh']);
 					
-					if ($awstatsclean['headerRead'] == $awstatsclean['header']
-							|| $awstatsclean['headerRead'] == $awstatsclean['headerold']
-					) {
+					if ($awstatsclean['headerRead'] == $awstatsclean['header'] || $awstatsclean['headerRead'] == $awstatsclean['headerold']) {
 						$awstats_conf_file = makeCorrectFile($awstatsclean['fullentry']);
 						@unlink($awstats_conf_file);
 					}
@@ -212,8 +214,8 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanFcgidFiles() {
-
+	private function _cleanFcgidFiles()
+	{
 		if (Settings::Get('system.mod_fcgid') == '0') {
 			return;
 		}
@@ -226,9 +228,7 @@ class ConfigIO {
 			
 			if (@is_dir($configdir)) {
 				// create directory iterator
-				$its = new RecursiveIteratorIterator(
-						new RecursiveDirectoryIterator($configdir)
-				);
+				$its = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($configdir));
 				
 				// iterate through all subdirs,
 				// look for php-fcgi-starter files
@@ -254,23 +254,26 @@ class ConfigIO {
 	 *
 	 * @return null
 	 */
-	private function _cleanFpmFiles() {
-
+	private function _cleanFpmFiles()
+	{
 		if (Settings::Get('phpfpm.enabled') == '0') {
 			return;
 		}
 		
-		// get correct directory
-		$configdir = $this->_getFile('phpfpm', 'configdir');
-		if ($configdir !== false) {
-
-			$configdir = makeCorrectDir($configdir);
-
+		// get all fpm config paths
+		$fpmconf_sel = Database::prepare("SELECT config_dir FROM `" . TABLE_PANEL_FPMDAEMONS . "`");
+		Database::pexecute($fpmconf_sel);
+		$fpmconf_paths = $fpmconf_sel->fetchAll(PDO::FETCH_ASSOC);
+		// clean all php-fpm config-dirs
+		foreach ($fpmconf_paths as $configdir) {
+			$configdir = makeCorrectDir($configdir['config_dir']);
 			if (@is_dir($configdir)) {
 				// now get rid of old stuff
-				//(but append /* so we don't delete the directory)
-				$configdir.='/*';
-				safe_exec('rm -rf '. makeCorrectFile($configdir));
+				// (but append /*.conf so we don't delete the directory)
+				$configdir .= '/*.conf';
+				safe_exec('rm -f ' . makeCorrectFile($configdir));
+			} else {
+				safe_exec('mkdir -p ' . $configdir);
 			}
 		}
 		
@@ -288,13 +291,17 @@ class ConfigIO {
 	/**
 	 * returns a file/direcotry from the settings and checks whether it exists
 	 *
-	 * @param string $group         settings-group
-	 * @param string $varname       var-name
-	 * @param boolean $check_exists check if the file exists
+	 * @param string $group
+	 *        	settings-group
+	 * @param string $varname
+	 *        	var-name
+	 * @param boolean $check_exists
+	 *        	check if the file exists
 	 *        	
 	 * @return string|boolean complete path including filename if any or false on error
 	 */
-	private function _getFile($group, $varname, $check_exists = true) {
+	private function _getFile($group, $varname, $check_exists = true)
+	{
 		
 		// read from settings
 		$file = Settings::Get($group . '.' . $varname);
--- a/lib/classes/webserver/class.DomainSSL.php
+++ b/lib/classes/webserver/class.DomainSSL.php
@@ -46,7 +46,7 @@ class DomainSSL {
 				|| $dom_certs['ssl_cert_file'] == ''
 		) {
 			// maybe its parent?
-			if ($domain['parentdomainid'] != 0) {
+			if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
 				$dom_certs = Database::pexecute_first($dom_certs_stmt, array('domid' => $domain['parentdomainid']));
 			}
 		}
--- a/lib/classes/webserver/class.WebserverBase.php
+++ b/lib/classes/webserver/class.WebserverBase.php
@@ -17,8 +17,8 @@
 * @since      0.9.31
 *
 */
-
-class WebserverBase {
+class WebserverBase
+{

 	/**
 	 * returns an array with all entries required for all
@@ -26,13 +26,15 @@ class WebserverBase {
 	 *
 	 * @return array
 	 */
-	public static function getVhostsToCreate() {
-
+	public static function getVhostsToCreate()
+	{
 		$query = "SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`,
 				`d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`,
 				`c`.`documentroot` AS `customerroot`, `c`.`deactivated`,
-				`c`.`phpenabled` AS `phpenabled`, `d`.`mod_fcgid_starter`,
-				`d`.`mod_fcgid_maxrequests`
+				`c`.`phpenabled` AS `phpenabled_customer`,
+				`d`.`phpenabled` AS `phpenabled_vhost`,
+				`d`.`mod_fcgid_starter`,`d`.`mod_fcgid_maxrequests`,
+				`d`.`ocsp_stapling`
 				FROM `" . TABLE_PANEL_DOMAINS . "` `d`

 				LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
@@ -44,6 +46,22 @@ class WebserverBase {
 		
 		$result_domains_stmt = Database::query($query);
 		
+		// prepare IP statement
+		$ip_stmt = Database::prepare("
+			SELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
+			FROM `" . TABLE_DOMAINTOIP . "` `di`, `" . TABLE_PANEL_IPSANDPORTS . "` `p`
+			WHERE `p`.`id` = `di`.`id_ipandports`
+			AND `di`.`id_domain` = :domainid
+			AND `p`.`ssl` = '1'
+		");
+		
+		// prepare fpm-config select query
+		$fpm_sel_stmt = Database::prepare("
+			SELECT f.id FROM `" . TABLE_PANEL_FPMDAEMONS . "` f
+			LEFT JOIN `" . TABLE_PANEL_PHPCONFIGS . "` p ON p.fpmsettingid = f.id
+			WHERE p.id = :phpconfigid
+		");
+		
 		$domains = array();
 		while ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
 			
@@ -60,14 +78,9 @@ class WebserverBase {
 			// the corresponding information from the db
 			if (domainHasSslIpPort($domain['id'])) {

-				$ip_stmt = Database::prepare("
-						SELECT `di`.`id_domain` , `p`.`ssl`, `p`.`ssl_cert_file`, `p`.`ssl_key_file`, `p`.`ssl_ca_file`, `p`.`ssl_cert_chainfile`
-						FROM `".TABLE_DOMAINTOIP."` `di`, `".TABLE_PANEL_IPSANDPORTS."` `p`
-						WHERE `p`.`id` = `di`.`id_ipandports`
-						AND `di`.`id_domain` = :domainid
-						AND `p`.`ssl` = '1'
-						");
-				$ssl_ip = Database::pexecute_first($ip_stmt, array('domainid' => $domain['id']));
+				$ssl_ip = Database::pexecute_first($ip_stmt, array(
+					'domainid' => $domain['id']
+				));
 				
 				// set ssl info for domain
 				$domains[$domain['domain']]['ssl'] = '1';
@@ -75,11 +88,23 @@ class WebserverBase {
 				$domains[$domain['domain']]['ssl_key_file'] = $ssl_ip['ssl_key_file'];
 				$domains[$domain['domain']]['ssl_ca_file'] = $ssl_ip['ssl_ca_file'];
 				$domains[$domain['domain']]['ssl_cert_chainfile'] = $ssl_ip['ssl_cert_chainfile'];
+			}
 			
+			// read fpm-config-id if using fpm
+			if ((int) Settings::Get('phpfpm.enabled') == 1) {
+
+				$fpm_config = Database::pexecute_first($fpm_sel_stmt, array(
+					'phpconfigid' => $domain['phpsettingid']
+				));
+				if ($fpm_config) {
+					$domains[$domain['domain']]['fpm_config_id'] = $fpm_config['id'];
+				} else {
+					// fallback
+					$domains[$domain['domain']]['fpm_config_id'] = 1;
+				}
 			}
 		}
 		
 		return $domains;
 	}
-
 }
--- a/lib/configfiles/gentoo.xml
+++ b/lib/configfiles/gentoo.xml
@@ -64,7 +64,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -96,7 +96,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/modules.d/80_acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -267,7 +267,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -396,7 +396,8 @@ mail	IN		A	<SERVERIP>
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -938,7 +939,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
--- a/lib/configfiles/jessie.xml
+++ b/lib/configfiles/jessie.xml
@@ -68,7 +68,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -287,7 +287,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -380,7 +380,8 @@ exit "$RETVAL"
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -921,7 +922,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -4467,9 +4469,9 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				<!-- libnss-mysql -->
 				<daemon name="libnss" title="libnss-mysql (required for FCGID/php-fpm/mpm-itk)">
 					<install><![CDATA[apt-get install nscd
-wget http://ftp.us.debian.org/debian/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
-dpkg -i libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
-rm libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
+wget http://debian.froxlor.org/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-3+frx1_amd64.deb
+dpkg -i libnss-mysql-bg_1.5-3+frx1_amd64.deb
+rm libnss-mysql-bg_1.5-3+frx1_amd64.deb
 ]]></install>
 					<file name="/etc/libnss-mysql.cfg" chown="root:root" chmod="0600"
 						backup="true">
@@ -4632,6 +4634,42 @@ aliases:     files
 						</content>
 					</file>
 				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/{passwd,group,shadow}]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have extrausers in their lines
+# You should place extrausers at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">
 					<install><![CDATA[apt-get install logrotate]]></install>
--- a/lib/configfiles/precise.xml
+++ b/lib/configfiles/precise.xml
@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -246,7 +246,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -346,7 +346,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -407,7 +408,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180
@@ -1622,6 +1624,42 @@ netmasks:    files
 netgroup:    files
 bootparams:  files

+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/{passwd,group,shadow}]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have extrausers in their lines
+# You should place extrausers at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
 automount:   files
 aliases:     files
 ]]>
--- a/lib/configfiles/rhel_centos.xml
+++ b/lib/configfiles/rhel_centos.xml
@@ -46,7 +46,7 @@
 				<daemon name="apache" version="2.4" title="Apache 2.4"
 					default="true">
 					<include>//service[@type='http']/general/commands</include>
-					<file name="/etc/httpd/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -2089,7 +2089,7 @@ LoadModule mod_ctrls_admin.c
 # (http://www.castaglia.org/proftpd/modules/mod_vroot.html)
 # Using this module rather than the kernel's chroot() system call works
 # around issues with PAM and chroot (http://bugzilla.redhat.com/506735)
-LoadModule mod_vroot.c
+# LoadModule mod_vroot.c
 #
 # Provide a flexible way of specifying that certain configuration directives
 # only apply to certain sessions, based on credentials such as connection
--- a/lib/configfiles/stretch.xml
+++ b/lib/configfiles/stretch.xml
--- a/lib/configfiles/trusty.xml
+++ b/lib/configfiles/trusty.xml
@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -279,7 +279,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -379,7 +379,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -417,7 +418,8 @@ gmysql-password=
 					<install><![CDATA[apt-get install pdns-server]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -441,7 +443,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180
@@ -1639,6 +1642,42 @@ aliases:     files
 					<!-- clear group chache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/{passwd,group,shadow}]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have extrausers in their lines
+# You should place extrausers at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">
 					<install><![CDATA[apt-get install logrotate]]></install>
--- a/lib/configfiles/wheezy.xml
+++ b/lib/configfiles/wheezy.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <froxlor>
-	<distribution name="Debian" codename="Wheezy" version="7.x" defaulteditor="/usr/bin/nano">
+	<distribution name="Debian" codename="Wheezy" version="7.x" defaulteditor="/usr/bin/nano" deprecated="true">
 		<services>
 			<!-- HTTP -->
 			<service type="http" title="{{lng.admin.configfiles.http}}">
@@ -66,7 +66,7 @@
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf.d/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -100,7 +100,7 @@ Alias "/.well-known/acme-challenge" "{{settings.system.letsencryptchallengepath}
 ]]>
 						</content>
 					</file>
-					<file name="/etc/apache2/conf-enabled/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -319,7 +319,7 @@ fastcgi_param  REDIRECT_STATUS    200;
 ]]>
 						</content>
 					</file>
-					<file name="/etc/nginx/acme.conf">
+					<file name="{{settings.system.letsencryptacmeconf}}">
 						<visibility mode="true">{{settings.system.leenabled}}
 						</visibility>
 						<content><![CDATA[
@@ -424,7 +424,8 @@ exit "$RETVAL"
 # allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
 #                   IP addresses
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-recursion	List of netmasks that are allowed to recurse
@@ -763,7 +764,8 @@ gmysql-password=
 # allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
 #                   IP addresses
 #
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>

 #################################
 # allow-recursion	List of netmasks that are allowed to recurse
@@ -5431,6 +5433,42 @@ netmasks:    files
 netgroup:    files
 bootparams:  files

+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/{passwd,group,shadow}]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have extrausers in their lines
+# You should place extrausers at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
 automount:   files
 aliases:     files
 ]]>
--- a/lib/cron_init.php
+++ b/lib/cron_init.php
@@ -205,6 +205,7 @@ if (hasUpdates($version) || hasDbUpdates($dbversion)
 		fwrite($debugHandler, '*** WARNING *** - all new settings etc. will be stored with the default value, that might not always be right for your system!' . "\n");
 		fwrite($debugHandler, "*** WARNING *** - If you don't want this to happen in the future consider removing the --allow-autoupdate flag from the cronjob\n");
 		// including update procedures
+		define('_CRON_UPDATE', 1);
 		include_once FROXLOR_INSTALL_DIR.'/install/updatesql.php';
 		// pew - everything went better than expected
 		$cronlog->logAction(CRON_ACTION, LOG_WARNING, 'Automatic update done - you should check your settings to be sure everything is fine');
--- a/lib/formfields/admin/customer/formfield.customer_add.php
+++ b/lib/formfields/admin/customer/formfield.customer_add.php
@@ -14,7 +14,6 @@
 * @package    Formfields
 *
 */
-
 return array(
 	'customer_add' => array(
 		'title' => $lng['admin']['customer_add'],
@@ -32,17 +31,27 @@ return array(
 						'label' => $lng['admin']['stdsubdomain_add'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'store_defaultindex' => array(
 						'label' => $lng['admin']['store_defaultindex'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'new_customer_password' => array(
 						'label' => $lng['login']['password'],
@@ -53,15 +62,20 @@ return array(
 						'label' => $lng['customer']['generated_pwd'],
 						'type' => 'text',
 						'visible' => (Settings::Get('panel.password_regex') == ''),
-						'value' => generatePassword(),
+						'value' => generatePassword()
 					),
 					'sendpassword' => array(
 						'label' => $lng['admin']['sendpassword'],
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'def_language' => array(
 						'label' => $lng['login']['language'],
@@ -135,7 +149,10 @@ return array(
 						'label' => $lng['usersettings']['custom_notes']['show'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					)
@@ -206,18 +223,28 @@ return array(
 						'label' => $lng['customer']['email_imap'],
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
 						),
-						'value' => array('1'),
 						'mandatory' => true
 					),
 					'email_pop3' => array(
 						'label' => $lng['customer']['email_pop3'],
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
 						),
-						'value' => array('1'),
 						'mandatory' => true
 					),
 					'ftps' => array(
@@ -247,25 +274,48 @@ return array(
 						'label' => $lng['admin']['phpenabled'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
+					),
+					'allowed_phpconfigs' => array(
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'label' => $lng['admin']['phpsettings']['title'],
+						'type' => 'checkbox',
+						'values' => $phpconfigs,
+						'value' => ((int) Settings::Get('system.mod_fcgid') == 1 ? array(
+							Settings::Get('system.mod_fcgid_defaultini')
+						) : (int) Settings::Get('phpfpm.enabled') == 1) ? array(
+							Settings::Get('phpfpm.defaultini')
+						) : array(),
+						'is_array' => 1
 					),
 					'perlenabled' => array(
 						'label' => $lng['admin']['perlenabled'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						)
 					),
 					'dnsenabled' => array(
 						'label' => $lng['admin']['dnsenabled'] . '?',
 						'type' => 'checkbox',
 						'values' => array(
-										array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'visible' => (Settings::Get('system.dnsenabled') == '1' ? true : false)
-					),
+					)
 				)
 			)
 		)
--- a/lib/formfields/admin/customer/formfield.customer_edit.php
+++ b/lib/formfields/admin/customer/formfield.customer_edit.php
@@ -260,6 +260,14 @@ return array(
 						),
 						'value' => array($result['phpenabled'])
 					),
+					'allowed_phpconfigs' => array(
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'label' => $lng['admin']['phpsettings']['title'],
+						'type' => 'checkbox',
+						'values' => $phpconfigs,
+						'value' => isset($result['allowed_phpconfigs']) && !empty($result['allowed_phpconfigs']) ? json_decode($result['allowed_phpconfigs'], JSON_OBJECT_AS_ARRAY) : array(),
+						'is_array' => 1
+					),
 					'perlenabled' => array(
 						'label' => $lng['admin']['perlenabled'].'?',
 						'type' => 'checkbox',
--- a/lib/formfields/admin/domains/formfield.domains_add.php
+++ b/lib/formfields/admin/domains/formfield.domains_add.php
@@ -14,7 +14,6 @@
 * @package    Formfields
 *
 */
-
 return array(
 	'domain_add' => array(
 		'title' => $lng['admin']['domain_add'],
@@ -27,20 +26,20 @@ return array(
 					'domain' => array(
 						'label' => 'Domain',
 						'type' => 'text',
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'customerid' => array(
 						'label' => $lng['admin']['customer'],
 						'type' => 'select',
 						'select_var' => $customers,
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'adminid' => array(
 						'visible' => ($userinfo['customers_see_all'] == '1' ? true : false),
 						'label' => $lng['admin']['admin'],
 						'type' => 'select',
 						'select_var' => $admins,
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'alias' => array(
 						'label' => $lng['domains']['aliasdomain'],
@@ -58,9 +57,14 @@ return array(
 						'desc' => $lng['admin']['domain_editable']['desc'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'add_date' => array(
 						'label' => $lng['domains']['add_date'],
@@ -101,40 +105,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => '',
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array()
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -146,7 +116,10 @@ return array(
 						'desc' => $lng['admin']['speciallogfile']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -161,6 +134,118 @@ return array(
 					)
 				)
 			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => '',
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'http2' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && Settings::Get('system.webserver') != 'lighttpd' && Settings::Get('system.http2_support') == '1',
+						'label' => $lng['admin']['domain_http2']['title'],
+						'desc' => $lng['admin']['domain_http2']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_sub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'ocsp_stapling' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) &&
+								Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_ocsp_stapling']['title'],
+						'desc' => $lng['admin']['domain_ocsp_stapling']['description'] .
+								(Settings::Get('system.webserver') == 'nginx' ?
+								$lng['admin']['domain_ocsp_stapling']['nginx_version_warning'] :
+								""),
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+				)
+			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
 				'image' => 'icons/domain_add.png',
@@ -170,9 +255,27 @@ return array(
 						'label' => 'OpenBasedir',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
+					),
+					'phpenabled' => array(
+						'label' => $lng['admin']['phpenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
 					),
 					'phpsettingid' => array(
 						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
@@ -201,9 +304,14 @@ return array(
 						'label' => 'Nameserver',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
@@ -220,15 +328,23 @@ return array(
 						'label' => $lng['admin']['emaildomain'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'email_only' => array(
 						'label' => $lng['admin']['email_only'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -242,9 +358,14 @@ return array(
 						'label' => 'DomainKeys',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					)
 				)
 			)
--- a/lib/formfields/admin/domains/formfield.domains_edit.php
+++ b/lib/formfields/admin/domains/formfield.domains_edit.php
@@ -14,7 +14,6 @@
 * @package    Formfields
 *
 */
-
 return array(
 	'domain_edit' => array(
 		'title' => $lng['admin']['domain_edit'],
@@ -28,14 +27,14 @@ return array(
 						'label' => 'Domain',
 						'type' => 'label',
 						'value' => $result['domain'],
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'customerid' => array(
 						'label' => $lng['admin']['customer'],
 						'type' => (Settings::Get('panel.allow_domain_change_customer') == '1' ? 'select' : 'label'),
 						'select_var' => (isset($customers) ? $customers : null),
 						'value' => (isset($result['customername']) ? $result['customername'] : null),
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'adminid' => array(
 						'visible' => ($userinfo['customers_see_all'] == '1' ? true : false),
@@ -43,7 +42,7 @@ return array(
 						'type' => (Settings::Get('panel.allow_domain_change_admin') == '1' ? 'select' : 'label'),
 						'select_var' => (isset($admins) ? $admins : null),
 						'value' => (isset($result['adminname']) ? $result['adminname'] : null),
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'alias' => array(
 						'visible' => ($alias_check == '0' ? true : false),
@@ -67,9 +66,14 @@ return array(
 						'desc' => $lng['admin']['domain_editable']['desc'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['caneditdomain'])
+						'value' => array(
+							$result['caneditdomain']
+						)
 					),
 					'add_date' => array(
 						'label' => $lng['domains']['add_date'],
@@ -113,40 +117,6 @@ return array(
 						'is_array' => 1,
 						'mandatory' => true
 					),
-					'ssl_ipandport' => array(
-						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
-						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
-						'type' => 'checkbox',
-						'values' => $ssl_ipsandports,
-						'value' => $usedips,
-						'is_array' => 1
-					),
-					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
-						'label' => $lng['domains']['ssl_redirect']['title'],
-						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['ssl_redirect'])
-					),
-					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
-						'label' => $lng['admin']['letsencrypt']['title'],
-						'desc' => $lng['admin']['letsencrypt']['description'],
-						'type' => 'checkbox',
-						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array($result['letsencrypt'])
-					),
-					'no_ssl_available_info' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports == '' ? true : false) : false),
-						'label' => 'SSL',
-						'type' => 'label',
-						'value' => $lng['panel']['nosslipsavailable']
-					),
 					'selectserveralias' => array(
 						'label' => $lng['admin']['selectserveralias'],
 						'desc' => $lng['admin']['selectserveralias_desc'],
@@ -158,9 +128,14 @@ return array(
 						'desc' => $lng['admin']['speciallogfile']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['speciallogfile'])
+						'value' => array(
+							$result['speciallogfile']
+						)
 					),
 					'specialsettings' => array(
 						'visible' => ($userinfo['change_serversettings'] == '1' ? true : false),
@@ -178,10 +153,139 @@ return array(
 						'desc' => $lng['serversettings']['specialsettingsforsubdomains']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
-						),
-						'value' => array('1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
 							)
+						),
+						'value' => array(
+							'1'
+						)
+					)
+				)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'fields' => array(
+					'ssl_ipandport' => array(
+						'label' => $lng['domains']['ipandport_ssl_multi']['title'],
+						'desc' => $lng['domains']['ipandport_ssl_multi']['description'],
+						'type' => 'checkbox',
+						'values' => $ssl_ipsandports,
+						'value' => $usedips,
+						'is_array' => 1
+					),
+					'ssl_redirect' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['domains']['ssl_redirect']['title'],
+						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ssl_redirect']
+						)
+					),
+					'letsencrypt' => array(
+						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'label' => $lng['admin']['letsencrypt']['title'],
+						'desc' => $lng['admin']['letsencrypt']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['letsencrypt']
+						)
+					),
+					'http2' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && Settings::Get('system.webserver') != 'lighttpd' && Settings::Get('system.http2_support') == '1',
+						'label' => $lng['admin']['domain_http2']['title'],
+						'desc' => $lng['admin']['domain_http2']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['http2']
+						)
+					),
+					'no_ssl_available_info' => array(
+						'visible' => ($ssl_ipsandports == '' ? true : false),
+						'label' => 'SSL',
+						'type' => 'label',
+						'value' => $lng['panel']['nosslipsavailable']
+					),
+					'hsts_maxage' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_sub' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['hsts_sub']
+						)
+					),
+					'hsts_preload' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false),
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['hsts_preload']
+						)
+					),
+					'ocsp_stapling' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) &&
+								Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_ocsp_stapling']['title'],
+						'desc' => $lng['admin']['domain_ocsp_stapling']['description'] .
+								(Settings::Get('system.webserver') == 'nginx' ?
+								$lng['admin']['domain_ocsp_stapling']['nginx_version_warning'] :
+								""),
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ocsp_stapling']
+						)
+					),
 				)
 			),
 			'section_c' => array(
@@ -193,9 +297,27 @@ return array(
 						'label' => 'OpenBasedir',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['openbasedir'])
+						'value' => array(
+							$result['openbasedir']
+						)
+					),
+					'phpenabled' => array(
+						'label' => $lng['admin']['phpenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['phpenabled']
+						)
 					),
 					'phpsettingid' => array(
 						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
@@ -203,6 +325,21 @@ return array(
 						'type' => 'select',
 						'select_var' => $phpconfigs
 					),
+					'phpsettingsforsubdomains' => array(
+						'visible' => ($userinfo['change_serversettings'] == '1' ? true : false),
+						'label' => $lng['admin']['phpsettingsforsubdomains'],
+						'desc' => $lng['serversettings']['phpsettingsforsubdomains']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
+					),
 					'mod_fcgid_starter' => array(
 						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_starter']['title'],
@@ -226,9 +363,14 @@ return array(
 						'label' => 'Nameserver',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['isbinddomain'])
+						'value' => array(
+							$result['isbinddomain']
+						)
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
@@ -246,17 +388,27 @@ return array(
 						'label' => $lng['admin']['emaildomain'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['isemaildomain'])
+						'value' => array(
+							$result['isemaildomain']
+						)
 					),
 					'email_only' => array(
 						'label' => $lng['admin']['email_only'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['email_only'])
+						'value' => array(
+							$result['email_only']
+						)
 					),
 					'subcanemaildomain' => array(
 						'label' => $lng['admin']['subdomainforemail'],
@@ -268,9 +420,14 @@ return array(
 						'label' => 'DomainKeys',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['dkim'])
+						'value' => array(
+							$result['dkim']
+						)
 					)
 				)
 			)
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_add.php
@@ -49,7 +49,7 @@ return array(
 						'value' => array('1')
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(
--- a/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
+++ b/lib/formfields/admin/ipsandports/formfield.ipsandports_edit.php
@@ -51,7 +51,7 @@ return array(
 						'value' => array($result['listen_statement'])
 					),
 					'namevirtualhost_statement' => array(
-						'visible' => $is_apache,
+						'visible' => $is_apache && !$is_apache24,
 						'label' => $lng['admin']['ipsandports']['create_namevirtualhost_statement'],
 						'type' => 'checkbox',
 						'values' => array(
--- a/lib/formfields/admin/phpconfig/formfield.fpmconfig_add.php
+++ b/lib/formfields/admin/phpconfig/formfield.fpmconfig_add.php
@@ -0,0 +1,95 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Formfields
+ *
+ */
+
+return array(
+	'fpmconfig_add' => array(
+		'title' => $lng['admin']['phpsettings']['addsettings'],
+		'image' => 'icons/phpsettings_add.png',
+		'sections' => array(
+			'section_a' => array(
+				'title' => $lng['admin']['phpsettings']['addsettings'],
+				'image' => 'icons/phpsettings_add.png',
+				'fields' => array(
+					'description' => array(
+						'label' => $lng['admin']['phpsettings']['description'],
+						'type' => 'text',
+						'maxlength' => 50
+					),
+					'reload_cmd' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['reload'],
+						'type' => 'text',
+						'maxlength' => 255,
+						'value' => 'service php7.0-fpm restart'
+					),
+					'config_dir' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
+						'type' => 'text',
+						'maxlength' => 255,
+						'value' => '/etc/php/7.0/fpm/pool.d/'
+					),
+					'pm' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['pm'],
+						'type' => 'select',
+						'select_var' => $pm_select
+					),
+					'max_children' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_children']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_children']['description'],
+						'type' => 'int',
+						'value' => 1
+					),
+					'start_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['start_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['start_servers']['description'],
+						'type' => 'int',
+						'value' => 20
+					),
+					'min_spare_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['description'],
+						'type' => 'int',
+						'value' => 5
+					),
+					'max_spare_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['description'],
+						'type' => 'int',
+						'value' => 35
+					),
+					'max_requests' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_requests']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_requests']['description'],
+						'type' => 'int',
+						'value' => 0
+					),
+					'idle_timeout' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['description'],
+						'type' => 'int',
+						'value' => 30
+					),
+					'limit_extensions' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'],
+						'type' => 'text',
+						'value' => '.php'
+					)
+				)
+			)
+		)
+	)
+);
--- a/lib/formfields/admin/phpconfig/formfield.fpmconfig_edit.php
+++ b/lib/formfields/admin/phpconfig/formfield.fpmconfig_edit.php
@@ -0,0 +1,96 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2010-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Formfields
+ *
+ */
+
+return array(
+	'fpmconfig_edit' => array(
+		'title' => $lng['admin']['phpsettings']['editsettings'],
+		'image' => 'icons/phpsettings_edit.png',
+		'sections' => array(
+			'section_a' => array(
+				'title' => $lng['admin']['phpsettings']['editsettings'],
+				'image' => 'icons/phpsettings_edit.png',
+				'fields' => array(
+					'description' => array(
+						'label' => $lng['admin']['phpsettings']['description'],
+						'type' => 'text',
+						'maxlength' => 50,
+						'value' => $result['description']
+					),
+					'reload_cmd' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['reload'],
+						'type' => 'text',
+						'maxlength' => 255,
+						'value' => $result['reload_cmd']
+					),
+					'config_dir' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['configdir'],
+						'type' => 'text',
+						'maxlength' => 255,
+						'value' => $result['config_dir']
+					),
+					'pm' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['pm'],
+						'type' => 'select',
+						'select_var' => $pm_select
+					),
+					'max_children' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_children']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_children']['description'],
+						'type' => 'int',
+						'value' => $result['max_children']
+					),
+					'start_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['start_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['start_servers']['description'],
+						'type' => 'int',
+						'value' => $result['start_servers']
+					),
+					'min_spare_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['min_spare_servers']['description'],
+						'type' => 'int',
+						'value' => $result['min_spare_servers']
+					),
+					'max_spare_servers' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_spare_servers']['description'],
+						'type' => 'int',
+						'value' => $result['max_spare_servers']
+					),
+					'max_requests' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['max_requests']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['max_requests']['description'],
+						'type' => 'int',
+						'value' => $result['max_requests']
+					),
+					'idle_timeout' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['idle_timeout']['description'],
+						'type' => 'int',
+						'value' => $result['idle_timeout']
+					),
+					'limit_extensions' => array(
+						'label' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['title'],
+						'desc' => $lng['serversettings']['phpfpm_settings']['limit_extensions']['description'],
+						'type' => 'text',
+						'value' => $result['limit_extensions']
+					)
+				)
+			)
+		)
+	)
+);
--- a/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php
+++ b/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php
@@ -36,6 +36,12 @@ return array(
 						'maxlength' => 255,
 						'value' => '/usr/bin/php-cgi'
 					),
+					'fpmconfig' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['fpmdesc'],
+						'type' => 'select',
+						'select_var' => $fpmconfigs
+					),
 					'file_extensions' => array(
 						'visible' => (Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['phpsettings']['file_extensions'],
@@ -84,6 +90,15 @@ return array(
 						'maxlength' => 10,
 						'value' => '5s'
 					),
+					'phpfpm_pass_authorizationheader' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['pass_authorizationheader'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
 					'phpsettings' => array(
 						'style' => 'align-top',
 						'label' => $lng['admin']['phpsettings']['phpinisettings'],
--- a/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php
+++ b/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php
@@ -37,6 +37,12 @@ return array(
 						'maxlength' => 255,
 						'value' => $result['binary']
 					),
+					'fpmconfig' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['fpmdesc'],
+						'type' => 'select',
+						'select_var' => $fpmconfigs
+					),
 					'file_extensions' => array(
 						'visible' => (Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['phpsettings']['file_extensions'],
@@ -87,6 +93,15 @@ return array(
 						'maxlength' => 10,
 						'value' => $result['fpm_reqslow']
 					),
+					'phpfpm_pass_authorizationheader' => array(
+						'visible' => (Settings::Get('phpfpm.enabled') == 1 ? true : false),
+						'label' => $lng['admin']['phpsettings']['pass_authorizationheader'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['pass_authorizationheader'])
+					),
 					'phpsettings' => array(
 						'style' => 'align-top',
 						'label' => $lng['admin']['phpsettings']['phpinisettings'],
--- a/lib/formfields/customer/domains/formfield.domains_add.php
+++ b/lib/formfields/customer/domains/formfield.domains_add.php
@@ -54,7 +54,7 @@ return array(
 						'type' => 'text'
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -66,8 +66,25 @@ return array(
 						'type' => 'label',
 						'value' => $lng['customer']['selectserveralias_addinfo']
 					),
+					'openbasedir_path' => array(
+						'label' => $lng['domain']['openbasedirpath'],
+						'type' => 'select',
+						'select_var' => $openbasedir
+					),
+					'phpsettingid' => array(
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) && $has_phpconfigs ? true : false),
+						'label' => $lng['admin']['phpsettings']['title'],
+						'type' => 'select',
+						'select_var' => $phpconfigs
+					)
+				)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_add.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false,
+				'fields' => array(
 					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
 						'label' => $lng['domains']['ssl_redirect']['title'],
 						'desc' => $lng['domains']['ssl_redirect']['description'],
 						'type' => 'checkbox',
@@ -77,7 +94,7 @@ return array(
 						'value' => array()
 					),
 					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false) : false),
+						'visible' => (Settings::Get('system.leenabled') == '1' ? true : false),
 						'label' => $lng['customer']['letsencrypt']['title'],
 						'desc' => $lng['customer']['letsencrypt']['description'],
 						'type' => 'checkbox',
@@ -86,13 +103,34 @@ return array(
 						),
 						'value' => array()
 					),
-					'openbasedir_path' => array(
-						'label' => $lng['domain']['openbasedirpath'],
-						'type' => 'select',
-						'select_var' => $openbasedir
-					)
-				)
-			)
+					'hsts_maxage' => array(
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => 0
+					),
+					'hsts_sub' => array(
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+					'hsts_preload' => array(
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array()
+					),
+				),
+			),
 		)
 	)
 );
--- a/lib/formfields/customer/domains/formfield.domains_edit.php
+++ b/lib/formfields/customer/domains/formfield.domains_edit.php
@@ -54,7 +54,7 @@ return array(
 						'value' => $urlvalue
 					),
 					'redirectcode' => array(
-						'visible' => ((Settings::Get('system.webserver') == 'apache2' && Settings::Get('customredirect.enabled') == '1') ? true : false),
+						'visible' => (Settings::Get('customredirect.enabled') == '1' ? true : false),
 						'label' => $lng['domains']['redirectifpathisurl'],
 						'desc' => $lng['domains']['redirectifpathisurlinfo'],
 						'type' => 'select',
@@ -76,8 +76,26 @@ return array(
 									),
 						'value' => array($result['isemaildomain'])
 					),
+					'openbasedir_path' => array(
+						'visible' => ($result['openbasedir'] == '1') ? true : false,
+						'label' => $lng['domain']['openbasedirpath'],
+						'type' => 'select',
+						'select_var' => $openbasedir
+					),
+					'phpsettingid' => array(
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) && $has_phpconfigs ? true : false),
+						'label' => $lng['admin']['phpsettings']['title'],
+						'type' => 'select',
+						'select_var' => $phpconfigs
+					)
+				)
+			),
+			'section_bssl' => array(
+				'title' => $lng['admin']['webserversettings_ssl'],
+				'image' => 'icons/domain_edit.png',
+				'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false,
+				'fields' => array(
 					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
 						'label' => $lng['domains']['ssl_redirect']['title'],
 						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
 						'type' => 'checkbox',
@@ -87,7 +105,7 @@ return array(
 						'value' => array($result['ssl_redirect'])
 					),
 					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false) : false),
+						'visible' => Settings::Get('system.leenabled') == '1' ? true : false,
 						'label' => $lng['customer']['letsencrypt']['title'],
 						'desc' => $lng['customer']['letsencrypt']['description'],
 						'type' => 'checkbox',
@@ -96,14 +114,34 @@ return array(
 						),
 						'value' => array($result['letsencrypt'])
 					),
-					'openbasedir_path' => array(
-						'visible' => ($result['openbasedir'] == '1') ? true : false,
-						'label' => $lng['domain']['openbasedirpath'],
-						'type' => 'select',
-						'select_var' => $openbasedir
-					)
-				)
+					'hsts_maxage' => array(
+						'label' => $lng['admin']['domain_hsts_maxage']['title'],
+						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
+						'type' => 'int',
+						'int_min' => 0,
+						'int_max' => 94608000, // 3-years
+						'value' => $result['hsts']
+					),
+					'hsts_sub' => array(
+						'label' => $lng['admin']['domain_hsts_incsub']['title'],
+						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_sub'])
+					),
+					'hsts_preload' => array(
+						'label' => $lng['admin']['domain_hsts_preload']['title'],
+						'desc' => $lng['admin']['domain_hsts_preload']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array ('label' => $lng['panel']['yes'], 'value' => '1')
+						),
+						'value' => array($result['hsts_preload'])
+					),
 				)
+			),
 		)
 	)
 );
--- a/lib/formfields/customer/ftp/formfield.ftp_add.php
+++ b/lib/formfields/customer/ftp/formfield.ftp_add.php
@@ -64,6 +64,12 @@ return array(
 									),
 						'value' => array()
 					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
+					)
 				)
 			)
 		)
--- a/lib/formfields/customer/ftp/formfield.ftp_edit.php
+++ b/lib/formfields/customer/ftp/formfield.ftp_edit.php
@@ -51,6 +51,12 @@ return array(
 						'type' => 'text',
 						'visible' => (Settings::Get('panel.password_regex') == ''),
 						'value' => generatePassword(),
+					),
+					'shell' => array(
+						'visible' => (Settings::Get('system.allow_customer_shell') == '1' ? true : false),
+						'label' => $lng['panel']['shell'],
+						'type' => 'select',
+						'select_var' => (isset($shells) ? $shells : ""),
 					)
 				)
 			)
--- a/lib/functions/dns/function.createDomainZone.php
+++ b/lib/functions/dns/function.createDomainZone.php
@@ -55,8 +55,8 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 	if ($domain['isemaildomain'] === '1') {
 		addRequiredEntry('@', 'MX', $required_entries);
 		if (Settings::Get('system.dns_createmailentry')) {
-			foreach(['imap', 'pop3', 'mail', 'smtp'] as $record) {
-				foreach(['AAAA', 'A'] as $type) {
+			foreach(array('imap', 'pop3', 'mail', 'smtp') as $record) {
+				foreach(array('AAAA', 'A') as $type) {
 					addRequiredEntry($record, $type, $required_entries);
 				}
 			}
@@ -205,6 +205,7 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			if (Settings::Get('system.mxservers') != '') {
 				$mxservers = explode(',', Settings::Get('system.mxservers'));
 				foreach ($mxservers as $mxserver) {
+					$mxserver = trim($mxserver);
 					if (substr($mxserver, - 1, 1) != '.') {
 						$mxserver .= '.';
 					}
@@ -274,13 +275,11 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 			Database::pexecute($upd_stmt, array('serial' => $domain['bindserial'], 'id' => $domain['id']));
 		}

-		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " (" . PHP_EOL;
-		$soa_content .= $domain['bindserial'] . "\t; serial" . PHP_EOL;
+		// PowerDNS does not like multi-line-format
+		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " ";
+		$soa_content .= $domain['bindserial'] . " ";
 		// TODO for now, dummy time-periods
-		$soa_content .= "1800\t; refresh (30 mins)" . PHP_EOL;
-		$soa_content .= "900\t; retry (15 mins)" . PHP_EOL;
-		$soa_content .= "604800\t; expire (7 days)" . PHP_EOL;
-		$soa_content .= "1200\t)\t; minimum (20 mins)";
+		$soa_content .= "3600 900 604800 1200";

 		$soa_record = new DnsEntry('@', 'SOA', $soa_content);
 		array_unshift($zonerecords, $soa_record);
--- a/lib/functions/dns/function.generateDkimEntries.php
+++ b/lib/functions/dns/function.generateDkimEntries.php
@@ -54,20 +54,8 @@ function generateDkimEntries($domain)
 		// end-part
 		$dkim_txt .= 't=s';

-		if (Settings::Get('system.dns_server') == 'pdns') {
-			// PowerDNS does not need/want splitted content
-			$txt_record_split = $dkim_txt;
-		} else {
-			// split if necessary
-			$txt_record_split = '';
-			$lbr = 50;
-			for ($pos = 0; $pos <= strlen($dkim_txt) - 1; $pos += $lbr) {
-				$txt_record_split .= (($pos == 0) ? '("' : "\t\t\t\t\t \"") . substr($dkim_txt, $pos, $lbr) . (($pos >= strlen($dkim_txt) - $lbr) ? '")' : '"') . "\n";
-			}
-		}
-
 		// dkim-entry
-		$zone_dkim[] = $txt_record_split;
+		$zone_dkim[] = $dkim_txt;

 		// adsp-entry
 		if (Settings::Get('dkim.dkim_add_adsp') == "1") {
--- a/lib/functions/filedir/function.findDirs.php
+++ b/lib/functions/filedir/function.findDirs.php
@@ -17,27 +17,57 @@
 *
 */

+
 /**
 * Returns an array of found directories
 *
 * This function checks every found directory if they match either $uid or $gid, if they do
 * the found directory is valid. It uses recursive-iterators to find subdirectories.
 *
- * @param  string $path the path to start searching in
- * @param  int $uid the uid which must match the found directories
- * @param  int $gid the gid which must match the found direcotries
+ * @param string $path
+ *        	the path to start searching in
+ * @param int $uid
+ *        	the uid which must match the found directories
+ * @param int $gid
+ *        	the gid which must match the found direcotries
 *
 * @return array Array of found valid paths
 */
-function findDirs($path, $uid, $gid) {
-
+function findDirs($path, $uid, $gid)
+{
 	$_fileList = array();
 	$path = makeCorrectDir($path);

 	// valid directory?
 	if (is_dir($path)) {
+
+		// Will exclude everything under these directories
+		$exclude = array(
+			'awstats',
+			'webalizer'
+		);
+
+		/**
+		 *
+		 * @param SplFileInfo $file
+		 * @param mixed $key
+		 * @param RecursiveCallbackFilterIterator $iterator
+		 * @return bool True if you need to recurse or if the item is acceptable
+		 */
+		$filter = function ($file, $key, $iterator) use ($exclude) {
+			if (in_array($file->getFilename(), $exclude)) {
+				return false;
+			}
+			return true;
+		};
+
 		// create RecursiveIteratorIterator
-		$its = new RecursiveIteratorIterator(new IgnorantRecursiveDirectoryIterator($path));
+		$its = new RecursiveIteratorIterator(
+			new RecursiveCallbackFilterIterator(
+				new IgnorantRecursiveDirectoryIterator($path, RecursiveDirectoryIterator::SKIP_DOTS),
+				$filter
+			)
+		);
 		// we can limit the recursion-depth, but will it be helpful or
 		// will people start asking "why do I only see 2 subdirectories, i want to use /a/b/c"
 		// let's keep this in mind and see whether it will be useful
@@ -50,10 +80,10 @@ function findDirs($path, $uid, $gid) {
 				$_fileList[] = makeCorrectDir(dirname($fullFileName));
 			}
 		}
+		$_fileList[] = $path;
 	}

 	return array_unique($_fileList);
-
 }

 /**
@@ -61,9 +91,12 @@ function findDirs($path, $uid, $gid) {
 * into UnexpectedValueException you may use this little hack to ignore those
 * directories, such as lost+found on linux.
 * (User "antennen" @ http://php.net/manual/en/class.recursivedirectoryiterator.php#101654)
-**/
-class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator {
-    function getChildren() {
+ */
+class IgnorantRecursiveDirectoryIterator extends RecursiveDirectoryIterator
+{
+
+	function getChildren()
+	{
 		try {
 			return new IgnorantRecursiveDirectoryIterator($this->getPathname());
 		} catch (UnexpectedValueException $e) {
--- a/lib/functions/filedir/function.makeCorrectDir.php
+++ b/lib/functions/filedir/function.makeCorrectDir.php
@@ -26,7 +26,11 @@
 */
 function makeCorrectDir($dir) {

+	if (version_compare("5.4.6", PHP_VERSION, ">")) {
 		assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
+	} else {
+		assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
+	}

 	$dir = trim($dir);

--- a/lib/functions/filedir/function.makePathfield.php
+++ b/lib/functions/filedir/function.makePathfield.php
@@ -64,7 +64,12 @@ function makePathfield($path, $uid, $gid, $value = '', $dom = false) {
 				$_field = '';
 				foreach ($dirList as $key => $dir) {
 					if (strpos($dir, $path) === 0) {
-						$dir = makeCorrectDir(substr($dir, strlen($path)));
+						$dir = substr($dir, strlen($path));
+						// docroot cut off of current directory == empty -> directory is the docroot
+						if (empty($dir)) {
+							$dir = '/';
+						}
+						$dir = makeCorrectDir($dir);
 					}
 					$_field.= makeoption($dir, $dir, $value);
 				}
--- a/lib/functions/formfields/bool/function.getFormFieldOutputBool.php
+++ b/lib/functions/formfields/bool/function.getFormFieldOutputBool.php
@@ -17,7 +17,7 @@
 *
 */

-function getFormFieldOutputBool($fieldname, $fielddata)
+function getFormFieldOutputBool($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$boolswitch = makeYesNo($fieldname, '1', '0', $fielddata['value']);
--- a/lib/functions/formfields/date/function.getFormFieldOutputDate.php
+++ b/lib/functions/formfields/date/function.getFormFieldOutputDate.php
@@ -17,12 +17,12 @@
 *
 */

-function getFormFieldOutputDate($fieldname, $fielddata)
+function getFormFieldOutputDate($fieldname, $fielddata, $do_show = true)
 {
 	if(isset($fielddata['date_timestamp']) && $fielddata['date_timestamp'] === true)
 	{
 		$fielddata['value'] = date('Y-m-d', $fielddata['value']);
 	}

-	return getFormFieldOutputString($fieldname, $fielddata);
+	return getFormFieldOutputString($fieldname, $fielddata, $do_show);
 }
--- a/lib/functions/formfields/file/function.getFormFieldOutputFile.php
+++ b/lib/functions/formfields/file/function.getFormFieldOutputFile.php
@@ -15,7 +15,7 @@
 *
 */

-function getFormFieldOutputFile($fieldname, $fielddata)
+function getFormFieldOutputFile($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);
--- a/lib/functions/formfields/function.buildFormEx.php
+++ b/lib/functions/formfields/function.buildFormEx.php
@@ -49,7 +49,7 @@ function buildFormEx($form, $part = '') {
 					$do_show = $groupdetails['visible'];
 				}

-				if ($do_show) {
+				//if ($do_show) {
 					if (isset($groupdetails['title']) && $groupdetails['title'] != '') {
 						$fields .= getFormGroupOutput($groupname, $groupdetails);
 					}
@@ -66,7 +66,7 @@ function buildFormEx($form, $part = '') {
 							$fields .= getFormFieldOutput($fieldname, $fielddetails);
 						}
 					}
-				}
+				//}
 			}
 		}
 	}
--- a/lib/functions/formfields/function.getFormFieldOutput.php
+++ b/lib/functions/formfields/function.getFormFieldOutput.php
@@ -19,6 +19,8 @@

 function getFormFieldOutput($fieldname, $fielddata) {

+	global $lng;
+
 	$returnvalue = '';
 	if (is_array($fielddata)
 		&& isset($fielddata['type'])
@@ -51,6 +53,7 @@ function getFormFieldOutput($fieldname, $fielddata) {
 			$websrv = Settings::Get('system.webserver');
 			if (!in_array($websrv, $fielddata['websrv_avail'])) {
 				$do_show = false;
+				$fielddata['label'].= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $fielddata['websrv_avail']));
 			}
 		}

@@ -59,11 +62,14 @@ function getFormFieldOutput($fieldname, $fielddata) {
 		// be false due to websrv_avail
 		if (isset($fielddata['visible']) && $do_show) {
 			$do_show = $fielddata['visible'];
+			if (!$do_show) {
+				$fielddata['label'].= $lng['serversettings']['option_unavailable'];
+			}
 		}

-		if ($do_show) {
-			$returnvalue = call_user_func('getFormFieldOutput' . ucfirst($fielddata['type']), $fieldname, $fielddata);
-		}
+		//if ($do_show) {
+			$returnvalue = call_user_func('getFormFieldOutput' . ucfirst($fielddata['type']), $fieldname, $fielddata, $do_show);
+		//}
 	}
 	return $returnvalue;
 }
--- a/lib/functions/formfields/function.getFormGroupOutput.php
+++ b/lib/functions/formfields/function.getFormGroupOutput.php
@@ -81,11 +81,13 @@ function getFormOverviewGroupOutput($groupname, $groupdetails) {
 		$websrv = Settings::Get('system.webserver');
 		if (!in_array($websrv, $groupdetails['websrv_avail'])) {
 			$do_show = false;
+			$title .= sprintf($lng['serversettings']['option_unavailable_websrv'], implode(", ", $groupdetails['websrv_avail']));
+			// hack disabled flag into select-box
+			$option = str_replace('<select class', '<select disabled="disabled" class', $option);
 		}
 	}

-	if ($do_show) {
 	eval("\$group = \"" . getTemplate("settings/settings_overviewgroup") . "\";");
-	}
+
 	return $group;
 }
--- a/lib/functions/formfields/hiddenstring/function.getFormFieldOutputString.php
+++ b/lib/functions/formfields/hiddenstring/function.getFormFieldOutputString.php
@@ -17,7 +17,7 @@
 *
 */

-function getFormFieldOutputHiddenString($fieldname, $fielddata)
+function getFormFieldOutputHiddenString($fieldname, $fielddata, $do_show = true)
 {
 	$label = $fielddata['label'];
 	$value = htmlentities($fielddata['value']);
--- a/lib/functions/formfields/int/function.getFormFieldOutputInt.php
+++ b/lib/functions/formfields/int/function.getFormFieldOutputInt.php
@@ -17,7 +17,7 @@
 *
 */

-function getFormFieldOutputInt($fieldname, $fielddata)
+function getFormFieldOutputInt($fieldname, $fielddata, $do_show = true)
 {
-	return getFormFieldOutputString($fieldname, $fielddata);
+	return getFormFieldOutputString($fieldname, $fielddata, $do_show);
 }
--- a/lib/functions/formfields/option/function.getFormFieldOutputOption.php
+++ b/lib/functions/formfields/option/function.getFormFieldOutputOption.php
@@ -17,7 +17,7 @@
 *
 */

-function getFormFieldOutputOption($fieldname, $fielddata)
+function getFormFieldOutputOption($fieldname, $fielddata, $do_show = true)
 {
 	$returnvalue = '';

--- a/lib/functions/formfields/option/function.validateFormFieldOption.php
+++ b/lib/functions/formfields/option/function.validateFormFieldOption.php
@@ -40,6 +40,9 @@ function validateFormFieldOption($fieldname, $fielddata, $newfieldvalue)
 	}
 	else
 	{
+		if (isset($fielddata['option_emptyallowed']) && $fielddata['option_emptyallowed']) {
+			return true;
+		}
 		return 'not in option';
 	}
 }
--- a/Show More
+++ b/Show More