add setting to disable LE self-check; set version to 0.9.38.8 for maintenance/bugfix release

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

.github/CONTRIBUTING.md

@@ -0,0 +1,58 @@
+# Contributing
+
+Before you start working on a PR, contact us via IRC in #froxlor on Freenode or
+the forum at https://forum.froxlor.org to get a clue whether someone else isn't
+already working on it or if we don't want to invest the effort in favour of
+working on Froxlor 2.0.
+Of course, bug fixes are always welcome.
+However, at this stage of the 0.9.x branch, we are not looking for new
+features or refactoring, especially not the kind which requires changes to a
+lot of files.
+Currently, we are working on a complete re-write, which, at this point in
+time, is not yet public to keep delays due to discussions about internal
+details to a minimum.
+
+
+
+
+## Checklist
+
+General rules for PRs are:
+* Please save us all some trouble and unnecessary round-trips by _testing_ your
+changes.
+
+* Re-write your commit history to provide a CLEAN history!
+
+	* i.e. do not provide PRs which contain a commit that changes something,
+	the next changes it back, a third one changes it again, only a little
+	differently...
+
+
+Thanks!
+
+
+
+
+### Webserver changes
+If you make changes to the functionality of webserver configuration, please
+make sure your implementation covers both apache **and** nginx.
+
+
+
+
+### l10n
+
+If you add new language strings, please make sure you add the english fallback
+strings in
+
+* `lng/english.lng.php`
+* `install/lng/english.lng.php` (if applicable)
+
+
+
+
+### New settings
+If you add new settings, please make sure you add the default values to
+
+* `install/froxlor.sql`
+* handle the update (see `install/updates/froxlor/0.9/update_0.9.inc.php`)

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,64 @@
+# Bug report vs. support request
+If you're unsure of whether your problem is a bug or a configuration error
+* contact us via IRC in #froxlor on freenode
+* or post a thread in our forum at https://forum.froxlor.org
+
+As a rule of thumb: before reporting an issue
+* see if it hasn't been [reported](https://github.com/Froxlor/froxlor/issues) (and possibly already been [fixed](https://github.com/Froxlor/froxlor/issues?utf8=✓&q=is:issue%20is:closed)) first
+* try with the git master
+
+
+
+
+
+# Summary
+
+Please provide a concise summary of the problem you're experiencing...
+
+
+
+
+# System information
+* Froxlor version: $version/$gitSHA1
+* Web server: apache2/nginx/lighttpd
+* DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)
+* POP/IMAP server: Courier/Dovecot
+* SMTP server: postfix/exim
+* FTP server: proftpd/pureftpd
+* OS/Version: ...
+
+
+
+
+# Steps to reproduce
+
+1.
+2.
+3.
+
+
+
+
+# Expected behavior
+
+1.
+2.
+3.
+
+
+
+
+# Actual behavior
+
+1.
+2.
+3.
+
+
+
+
+# Log files/log entries
+syslog:
+<pre>
+example
+</pre>

README.md

@@ -11,13 +11,13 @@ Developed by experienced server administrators, this panel simplifies the effort
 3. Point your browser to http://[ip-of-webserver]/froxlor
 4. Follow the installer
 5. Login as administrator
-6. Adjust "Server > Settings" according to your needs
-7. Choose your distribution under "Server > Configuration"
+6. Adjust "System > Settings" according to your needs
+7. Choose your distribution under "System > Configuration"
 8. Follow the steps for your services
 9. Have fun!
 
 ### Detailed installation
-http://redmine.froxlor.org/projects/froxlor/wiki/Installationtarball
+https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-from-tarball
 
 ## Help
 
@@ -35,7 +35,7 @@ The community is located on http://forum.froxlor.org
 ### Wiki
 
 More documentation may be found in the froxlor - wiki:
-http://redmine.froxlor.org/projects/froxlor/wiki
+https://github.com/Froxlor/Froxlor/wiki
 
 ## License
 
@@ -48,14 +48,14 @@ http://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](http://files.froxl
 
 ### Debian repository
 
-[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationdebian)
+[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-debian)
 
 /etc/apt/sources.list.d/froxlor.list
 > deb http://debian.froxlor.org {wheezy|jessie} main
 
 ### Gentoo repository
 
-[HowTo](http://redmine.froxlor.org/projects/froxlor/wiki/Installationgentoo)
+[HowTo](https://github.com/Froxlor/Froxlor/wiki/Install-froxlor-on-gentoo)
 
 http://files.froxlor.org/gentoo/repositories.xml
 
@@ -72,3 +72,6 @@ This has 2 known side-effects at the moment:
 
 It may be possible to fix these issues, but they are not a priority at the moment
 
+## Contributing
+
+[see here](.github/CONTRIBUTING.md)

actions/admin/settings/120.system.php

@@ -94,6 +94,14 @@ return array(
 					'plausibility_check_method' => 'checkMysqlAccessHost',
 					'save_method' => 'storeSettingMysqlAccessHost',
 					),
+				'system_nssextrausers' => array(
+					'label' => $lng['serversettings']['nssextrausers'],
+					'settinggroup' => 'system',
+					'varname' => 'nssextrausers',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField'
+					),
 				'system_index_file_extension' => array(
 					'label' => $lng['serversettings']['index_file_extension'],
 					'settinggroup' => 'system',

actions/admin/settings/122.froxlorvhost.php

@@ -49,7 +49,49 @@ return array(
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField',
-					'visible' => Settings::Get('system.leenabled')
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_maxage' => array(
+					'label' => $lng['admin']['domain_hsts_maxage'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_maxage',
+					'type' => 'int',
+					'int_min' => 0,
+					'int_max' => 94608000, // 3-years
+					'default' => 0,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_incsub' => array(
+					'label' => $lng['admin']['domain_hsts_incsub'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_incsub',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_hsts_preload' => array(
+					'label' => $lng['admin']['domain_hsts_preload'],
+					'settinggroup' => 'system',
+					'varname' => 'hsts_preload',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'visible' => Settings::Get('system.use_ssl')
+				),
+				'system_http2_support' => array(
+					'label' => $lng['serversettings']['http2_support'],
+					'settinggroup' => 'system',
+					'varname' => 'http2_support',
+					'type' => 'bool',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+					'websrv_avail' => array(
+						'apache2',
+						'nginx'
+					),
+					'visible' => Settings::Get('system.use_ssl')
 				),
 				/**
 				 * FCGID

actions/admin/settings/130.webserver.php

@@ -179,17 +179,6 @@ return array(
 						'nginx'
 					)
 				),
-				'system_nginx_http2_support' => array(
-					'label' => $lng['serversettings']['nginx_http2_support'],
-					'settinggroup' => 'system',
-					'varname' => 'nginx_http2_support',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					'websrv_avail' => array(
-						'nginx'
-					)
-				),
 				'system_nginx_php_backend' => array(
 					'label' => $lng['serversettings']['nginx_php_backend'],
 					'settinggroup' => 'system',

actions/admin/settings/131.ssl.php

@@ -79,6 +79,18 @@ return array(
 					'default' => '',
 					'save_method' => 'storeSettingField'
 				),
+				'system_apache24_ocsp_cache_path' => array(
+					'label' => $lng['serversettings']['ssl']['apache24_ocsp_cache_path'],
+					'settinggroup' => 'system',
+					'varname' => 'apache24_ocsp_cache_path',
+					'type' => 'string',
+					'string_type' => 'string',
+					'string_emptyallowed' => false,
+					'default' => 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)',
+					'visible' => Settings::Get('system.webserver') == "apache2" &&
+							Settings::Get('system.apache24') == 1,
+					'save_method' => 'storeSettingField'
+				),
 				'system_leenabled' => array(
 					'label' => $lng['serversettings']['leenabled'],
 					'settinggroup' => 'system',
@@ -154,32 +166,14 @@ return array(
 					'default' => false,
 					'save_method' => 'storeSettingField'
 				),
-				'system_hsts_maxage' => array(
-					'label' => $lng['admin']['domain_hsts_maxage'],
+				'system_disable_le_selfcheck' => array(
+					'label' => $lng['serversettings']['disable_le_selfcheck'],
 					'settinggroup' => 'system',
-					'varname' => 'hsts_maxage',
-					'type' => 'int',
-					'int_min' => 0,
-					'int_max' => 94608000, // 3-years
-					'default' => 0,
-					'save_method' => 'storeSettingField'
-				),
-				'system_hsts_incsub' => array(
-					'label' => $lng['admin']['domain_hsts_incsub'],
-					'settinggroup' => 'system',
-					'varname' => 'hsts_incsub',
+					'varname' => 'disable_le_selfcheck',
 					'type' => 'bool',
 					'default' => false,
 					'save_method' => 'storeSettingField'
-				),
-				'system_hsts_preload' => array(
-					'label' => $lng['admin']['domain_hsts_preload'],
-					'settinggroup' => 'system',
-					'varname' => 'hsts_preload',
-					'type' => 'bool',
-					'default' => false,
-					'save_method' => 'storeSettingField'
-				),
+				)
 			)
 		)
 	)

actions/admin/settings/135.fcgid.php

@@ -104,7 +104,7 @@ return array(
 					'type' => 'int',
 					'default' => 30,
 					'save_method' => 'storeSettingField'
-					),
+					)
 				)
 			)
 		)

actions/admin/settings/136.phpfpm.php

@@ -73,6 +73,8 @@ return array(
 					'varname' => 'peardir',
 					'type' => 'string',
 					'string_type' => 'dir',
+					'string_delimiter' => ':',
+					'string_emptyallowed' => true,
 					'default' => '/usr/share/php/:/usr/share/php5/',
 					'save_method' => 'storeSettingField'
 					),
@@ -159,7 +161,7 @@ return array(
 					'default' => false,
 					'visible' => Settings::Get('system.apache24'),
 					'save_method' => 'storeSettingField'
-					),
+					)
 				),
 			),
 		),

admin_admins.php

@@ -440,7 +440,7 @@ if ($page == 'admins'
 		} else {
 
 			$language_options = '';
-			while (list($language_file, $language_name) = each($languages)) {
+			foreach ($languages as $language_file => $language_name) {
 				$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true);
 			}
 
@@ -840,13 +840,13 @@ if ($page == 'admins'
 				}
 
 				$language_options = '';
-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, $result['def_language'], true);
 				}
 
 				$ipaddress = makeoption($lng['admin']['allips'], "-1", $result['ip']);
 				$ipsandports_stmt = Database::query("
-					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `ip` ORDER BY `ip`, `port` ASC
+					SELECT `id`, `ip` FROM `" . TABLE_PANEL_IPSANDPORTS . "` GROUP BY `id`, `ip` ORDER BY `ip`, `port` ASC
 				");
 
 				while ($row = $ipsandports_stmt->fetch(PDO::FETCH_ASSOC)) {

admin_configfiles.php

@@ -30,15 +30,30 @@ if ($userinfo['change_serversettings'] == '1') {
 		$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
 	}
 
+	// try to convert namserver hosts to ip's
+	$ns_ips = "";
+	if (Settings::Get('system.nameservers') != '') {
+		$nameservers = explode(',', Settings::Get('system.nameservers'));
+		foreach ($nameservers as $nameserver) {
+			$nameserver = trim($nameserver);
+			$nameserver_ips = gethostbynamel($nameserver);
+			if (is_array($nameserver_ips) && count($nameserver_ips) > 0) {
+				$ns_ips .= implode(",", $nameserver_ips);
+			}
+		}
+	}
+
 	$replace_arr = Array(
 		'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
-		'<SQL_UNPRIVILEGED_PASSWORD>' => 'MYSQL_PASSWORD',
+		'<SQL_UNPRIVILEGED_PASSWORD>' => 'FROXLOR_MYSQL_PASSWORD',
 		'<SQL_DB>' => $sql['db'],
 		'<SQL_HOST>' => $sql['host'],
 		'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
 		'<SERVERNAME>' => Settings::Get('system.hostname'),
 		'<SERVERIP>' => Settings::Get('system.ipaddress'),
 		'<NAMESERVERS>' => Settings::Get('system.nameservers'),
+		'<NAMESERVERS_IP>' => $ns_ips,
+		'<AXFRSERVERS>' => Settings::Get('system.axfrservers'),
 		'<VIRTUAL_MAILBOX_BASE>' => Settings::Get('system.vmail_homedir'),
 		'<VIRTUAL_UID_MAPS>' => Settings::Get('system.vmail_uid'),
 		'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
@@ -67,6 +82,12 @@ if ($userinfo['change_serversettings'] == '1') {
 	$config_dir = makeCorrectDir(FROXLOR_INSTALL_DIR . '/lib/configfiles/');
 
 	if ($distribution != "") {
+
+		if (!file_exists($config_dir . '/' . $distribution . ".xml")) {
+			trigger_error("Unknown distribution, are you playing around with the URL?");
+			exit;
+		}
+
 		// create configparser object
 		$configfiles = new ConfigParser($config_dir . '/' . $distribution . ".xml");
 
@@ -78,6 +99,11 @@ if ($userinfo['change_serversettings'] == '1') {
 
 		if ($service != "") {
 
+			if (!isset($services[$service])) {
+				trigger_error("Unknown service, are you playing around with the URL?");
+				exit;
+			}
+
 			$daemons = $services[$service]->getDaemons();
 
 			if ($daemon == "") {
@@ -121,6 +147,11 @@ if ($userinfo['change_serversettings'] == '1') {
 
 	if ($distribution != "" && $service != "" && $daemon != "") {
 
+		if (!isset($daemons[$daemon])) {
+			trigger_error("Unknown daemon, are you playing around with the URL?");
+			exit;
+		}
+
 		$confarr = $daemons[$daemon]->getConfig();
 
 		$configpage = '';

admin_customers.php

@@ -910,7 +910,8 @@ if ($page == 'customers'
 							'customerid' => $customerid,
 							'adminid' => $userinfo['adminid'],
 							'docroot' => $documentroot,
-							'adddate' => date('Y-m-d')
+							'adddate' => time(),
+							'phpenabled' => $phpenabled
 						);
 						$ins_stmt = Database::prepare("
 							INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -928,6 +929,7 @@ if ($page == 'customers'
 							`dkim_id` = '0',
 							`dkim_privkey` = '',
 							`dkim_pubkey` = '',
+							`phpenabled` = :phpenabled,
 							`add_date` = :adddate"
 						);
 						Database::pexecute($ins_stmt, $ins_data);
@@ -1022,7 +1024,7 @@ if ($page == 'customers'
 			} else {
 				$language_options = '';
 
-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, Settings::Get('panel.standardlanguage'), true);
 				}
 
@@ -1281,7 +1283,7 @@ if ($page == 'customers'
 								'customerid' => $result['customerid'],
 								'adminid' => $userinfo['adminid'],
 								'docroot' => $result['documentroot'],
-								'adddate' => date('Y-m-d')
+								'adddate' => time()
 						);
 						$ins_stmt = Database::prepare("
 							INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
@@ -1628,7 +1630,7 @@ if ($page == 'customers'
 			} else {
 				$language_options = '';
 
-				while (list($language_file, $language_name) = each($languages)) {
+				foreach ($languages as $language_file => $language_name) {
 					$language_options.= makeoption($language_name, $language_file, $result['def_language'], true);
 				}
 

admin_domains.php

@@ -210,6 +210,8 @@ if ($page == 'domains' || $page == 'overview') {
 					'id' => $id
 				));
 
+				$deleted_domains = $del_stmt->rowCount();
+
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET
 					`subdomains_used` = `subdomains_used` - :domaincount
@@ -304,7 +306,7 @@ if ($page == 'domains' || $page == 'overview') {
 					standard_error('admin_domain_emailsystemhostname');
 				}
 
-				if (strpos($_POST['domain'], '--') !== false) {
+				if (substr($_POST['domain'], 0, 4) == 'xn--') {
 					standard_error('domain_nopunycode');
 				}
 
@@ -453,6 +455,7 @@ if ($page == 'domains' || $page == 'overview') {
 
 				if ($userinfo['caneditphpsettings'] == '1' || $userinfo['change_serversettings'] == '1') {
 
+					$phpenabled  = isset($_POST['phpenabled']) ? intval($_POST['phpenabled']) : 0;
 					$openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0;
 
 					if ((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
@@ -493,7 +496,9 @@ if ($page == 'domains' || $page == 'overview') {
 					}
 				} else {
 
+					$phpenabled = '1';
 					$openbasedir = '1';
+
 					if ((int) Settings::Get('phpfpm.enabled') == 1) {
 						$phpsettingid = Settings::Get('phpfpm.defaultini');
 					} else {
@@ -585,14 +590,20 @@ if ($page == 'domains' || $page == 'overview') {
 							}
 						}
 
+						$http2 = isset($_POST['http2']) && (int)$_POST['http2'] == 1 ? 1 : 0;
+
 						// HSTS
 						$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
 						$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
 						$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
 
+						// OCSP stapling
+						$ocsp_stapling = isset($_POST['ocsp_stapling']) && (int)$_POST['ocsp_stapling'] == 1 ? 1 : 0;
+
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
+						$http2 = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
@@ -601,10 +612,14 @@ if ($page == 'domains' || $page == 'overview') {
 						$hsts_maxage = 0;
 						$hsts_sub = 0;
 						$hsts_preload = 0;
+
+						// OCSP stapling
+						$ocsp_stapling = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
 					$letsencrypt = 0;
+					$http2 = 0;
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
@@ -613,6 +628,9 @@ if ($page == 'domains' || $page == 'overview') {
 					$hsts_maxage = 0;
 					$hsts_sub = 0;
 					$hsts_preload = 0;
+
+					// OCSP stapling
+					$ocsp_stapling = 0;
 				}
 
 				// We can't enable let's encrypt for wildcard - domains
@@ -689,6 +707,10 @@ if ($page == 'domains' || $page == 'overview') {
 					standard_error('noipportgiven');
 				}
 
+				if ($phpenabled != '1') {
+					$phpenabled = '0';
+				}
+
 				if ($openbasedir != '1') {
 					$openbasedir = '0';
 				}
@@ -768,6 +790,7 @@ if ($page == 'domains' || $page == 'overview') {
 						'ipandport' => serialize($ipandports),
 						'ssl_redirect' => $ssl_redirect,
 						'ssl_ipandport' => serialize($ssl_ipandports),
+						'phpenabled' => $phpenabled,
 						'openbasedir' => $openbasedir,
 						'phpsettingid' => $phpsettingid,
 						'mod_fcgid_starter' => $mod_fcgid_starter,
@@ -777,9 +800,11 @@ if ($page == 'domains' || $page == 'overview') {
 						'termination_date' => $termination_date,
 						'issubof' => $issubof,
 						'letsencrypt' => $letsencrypt,
+						'http2' => $http2,
 						'hsts_maxage' => $hsts_maxage,
 						'hsts_sub' => $hsts_sub,
-						'hsts_preload' => $hsts_preload
+						'hsts_preload' => $hsts_preload,
+						'ocsp_stapling' => $ocsp_stapling
 					);
 
 					$security_questions = array(
@@ -816,6 +841,7 @@ if ($page == 'domains' || $page == 'overview') {
 						'email_only' => $email_only,
 						'subcanemaildomain' => $subcanemaildomain,
 						'caneditdomain' => $caneditdomain,
+						'phpenabled' => $phpenabled,
 						'openbasedir' => $openbasedir,
 						'speciallogfile' => $speciallogfile,
 						'specialsettings' => $specialsettings,
@@ -828,9 +854,11 @@ if ($page == 'domains' || $page == 'overview') {
 						'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 						'ismainbutsubto' => $issubof,
 						'letsencrypt' => $letsencrypt,
+						'http2' => $http2,
 						'hsts' => $hsts_maxage,
 						'hsts_sub' => $hsts_sub,
-						'hsts_preload' => $hsts_preload
+						'hsts_preload' => $hsts_preload,
+						'ocsp_stapling' => $ocsp_stapling
 					);
 
 					$ins_stmt = Database::prepare("
@@ -852,6 +880,7 @@ if ($page == 'domains' || $page == 'overview') {
 						`email_only` = :email_only,
 						`subcanemaildomain` = :subcanemaildomain,
 						`caneditdomain` = :caneditdomain,
+						`phpenabled` = :phpenabled,
 						`openbasedir` = :openbasedir,
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
@@ -864,9 +893,11 @@ if ($page == 'domains' || $page == 'overview') {
 						`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
 						`ismainbutsubto` = :ismainbutsubto,
 						`letsencrypt` = :letsencrypt,
+						`http2` = :http2,
 						`hsts` = :hsts,
 						`hsts_sub` = :hsts_sub,
-						`hsts_preload` = :hsts_preload
+						`hsts_preload` = :hsts_preload,
+						`ocsp_stapling` = :ocsp_stapling
 					");
 					Database::pexecute($ins_stmt, $ins_data);
 					$domainid = Database::lastInsertId();
@@ -1326,6 +1357,7 @@ if ($page == 'domains' || $page == 'overview') {
 
 				if ($userinfo['caneditphpsettings'] == '1' || $userinfo['change_serversettings'] == '1') {
 
+					$phpenabled  = isset($_POST['phpenabled']) ? intval($_POST['phpenabled']) : 0;
 					$openbasedir = isset($_POST['openbasedir']) ? intval($_POST['openbasedir']) : 0;
 
 					if ((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) {
@@ -1360,6 +1392,7 @@ if ($page == 'domains' || $page == 'overview') {
 						$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];
 					}
 				} else {
+					$phpenabled = $result['phpenabled'];
 					$openbasedir = $result['openbasedir'];
 					$phpsettingid = $result['phpsettingid'];
 					$mod_fcgid_starter = $result['mod_fcgid_starter'];
@@ -1402,11 +1435,16 @@ if ($page == 'domains' || $page == 'overview') {
 						$letsencrypt = (int) $_POST['letsencrypt'];
 					}
 
+					$http2 = isset($_POST['http2']) && (int)$_POST['http2'] == 1 ? 1 : 0;
+
 					// HSTS
 					$hsts_maxage = isset($_POST['hsts_maxage']) ? (int)$_POST['hsts_maxage'] : 0;
 					$hsts_sub = isset($_POST['hsts_sub']) && (int)$_POST['hsts_sub'] == 1 ? 1 : 0;
 					$hsts_preload = isset($_POST['hsts_preload']) && (int)$_POST['hsts_preload'] == 1 ? 1 : 0;
 
+					// OCSP stapling
+					$ocsp_stapling = isset($_POST['ocsp_stapling']) && (int)$_POST['ocsp_stapling'] == 1 ? 1 : 0;
+
 					$ssl_ipandports = array();
 					if (isset($_POST['ssl_ipandport']) && ! is_array($_POST['ssl_ipandport'])) {
 						$_POST['ssl_ipandport'] = unserialize($_POST['ssl_ipandport']);
@@ -1436,6 +1474,7 @@ if ($page == 'domains' || $page == 'overview') {
 					} else {
 						$ssl_redirect = 0;
 						$letsencrypt = 0;
+						$http2 = 0;
 						// we need this for the serialize
 						// if ssl is disabled or no ssl-ip/port exists
 						$ssl_ipandports[] = - 1;
@@ -1444,10 +1483,14 @@ if ($page == 'domains' || $page == 'overview') {
 						$hsts_maxage = 0;
 						$hsts_sub = 0;
 						$hsts_preload = 0;
+
+						// OCSP stapling
+						$ocsp_stapling = 0;
 					}
 				} else {
 					$ssl_redirect = 0;
 					$letsencrypt = 0;
+					$http2 = 0;
 					// we need this for the serialize
 					// if ssl is disabled or no ssl-ip/port exists
 					$ssl_ipandports[] = - 1;
@@ -1456,6 +1499,9 @@ if ($page == 'domains' || $page == 'overview') {
 					$hsts_maxage = 0;
 					$hsts_sub = 0;
 					$hsts_preload = 0;
+
+					// OCSP stapling
+					$ocsp_stapling = 0;
 				}
 
 				// We can't enable let's encrypt for wildcard domains
@@ -1472,6 +1518,10 @@ if ($page == 'domains' || $page == 'overview') {
 					$documentroot = makeCorrectDir($documentroot);
 				}
 
+				if ($phpenabled != '1') {
+					$phpenabled = '0';
+				}
+
 				if ($openbasedir != '1') {
 					$openbasedir = '0';
 				}
@@ -1580,6 +1630,7 @@ if ($page == 'domains' || $page == 'overview') {
 					'dkim' => $dkim,
 					'selectserveralias' => $serveraliasoption,
 					'ssl_redirect' => $ssl_redirect,
+					'phpenabled' => $phpenabled,
 					'openbasedir' => $openbasedir,
 					'phpsettingid' => $phpsettingid,
 					'mod_fcgid_starter' => $mod_fcgid_starter,
@@ -1594,9 +1645,11 @@ if ($page == 'domains' || $page == 'overview') {
 					'ipandport' => serialize($ipandports),
 					'ssl_ipandport' => serialize($ssl_ipandports),
 					'letsencrypt' => $letsencrypt,
+					'http2' => $http2,
 					'hsts_maxage' => $hsts_maxage,
 					'hsts_sub' => $hsts_sub,
-					'hsts_preload' => $hsts_preload
+					'hsts_preload' => $hsts_preload,
+					'ocsp_stapling' => $ocsp_stapling
 				);
 
 				$security_questions = array(
@@ -1615,7 +1668,28 @@ if ($page == 'domains' || $page == 'overview') {
 				$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';
 				$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';
 
-				if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload']) {
+				if (
+					$documentroot != $result['documentroot'] ||
+					$ssl_redirect != $result['ssl_redirect'] ||
+					$wwwserveralias != $result['wwwserveralias'] ||
+					$iswildcarddomain != $result['iswildcarddomain'] ||
+					$phpenabled != $result['phpenabled'] ||
+					$openbasedir != $result['openbasedir'] ||
+					$phpsettingid != $result['phpsettingid'] ||
+					$mod_fcgid_starter != $result['mod_fcgid_starter'] ||
+					$mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] ||
+					$specialsettings != $result['specialsettings'] ||
+					$aliasdomain != $result['aliasdomain'] ||
+					$issubof != $result['ismainbutsubto'] ||
+					$email_only != $result['email_only'] ||
+					($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') ||
+					$letsencrypt != $result['letsencrypt'] ||
+					$http2 != $result['http2'] ||
+					$hsts_maxage != $result['hsts'] ||
+					$hsts_sub != $result['hsts_sub'] ||
+					$hsts_preload != $result['hsts_preload'] ||
+					$ocsp_stapling != $result['ocsp_stapling']
+				) {
 					inserttask('1');
 				}
 
@@ -1756,6 +1830,7 @@ if ($page == 'domains' || $page == 'overview') {
 				$update_data['zonefile'] = $zonefile;
 				$update_data['wwwserveralias'] = $wwwserveralias;
 				$update_data['iswildcarddomain'] = $iswildcarddomain;
+				$update_data['phpenabled'] = $phpenabled;
 				$update_data['openbasedir'] = $openbasedir;
 				$update_data['speciallogfile'] = $speciallogfile;
 				$update_data['phpsettingid'] = $phpsettingid;
@@ -1766,9 +1841,11 @@ if ($page == 'domains' || $page == 'overview') {
 				$update_data['termination_date'] = $termination_date;
 				$update_data['ismainbutsubto'] = $issubof;
 				$update_data['letsencrypt'] = $letsencrypt;
+				$update_data['http2'] = $http2;
 				$update_data['hsts'] = $hsts_maxage;
 				$update_data['hsts_sub'] = $hsts_sub;
 				$update_data['hsts_preload'] = $hsts_preload;
+				$update_data['ocsp_stapling'] = $ocsp_stapling;
 				$update_data['id'] = $id;
 
 				$update_stmt = Database::prepare("
@@ -1787,6 +1864,7 @@ if ($page == 'domains' || $page == 'overview') {
 					`zonefile` = :zonefile,
 					`wwwserveralias` = :wwwserveralias,
 					`iswildcarddomain` = :iswildcarddomain,
+					`phpenabled` = :phpenabled,
 					`openbasedir` = :openbasedir,
 					`speciallogfile` = :speciallogfile,
 					`phpsettingid` = :phpsettingid,
@@ -1797,15 +1875,18 @@ if ($page == 'domains' || $page == 'overview') {
 					`termination_date` = :termination_date,
 					`ismainbutsubto` = :ismainbutsubto,
 					`letsencrypt` = :letsencrypt,
+					`http2` = :http2,
 					`hsts` = :hsts,
 					`hsts_sub` = :hsts_sub,
-					`hsts_preload` = :hsts_preload
+					`hsts_preload` = :hsts_preload,
+					`ocsp_stapling` = :ocsp_stapling
 					WHERE `id` = :id
 				");
 				Database::pexecute($update_stmt, $update_data);
 
 				$_update_data['customerid'] = $customerid;
 				$_update_data['adminid'] = $adminid;
+				$_update_data['phpenabled'] = $phpenabled;
 				$_update_data['openbasedir'] = $openbasedir;
 				$_update_data['phpsettingid'] = $phpsettingid;
 				$_update_data['mod_fcgid_starter'] = $mod_fcgid_starter;
@@ -1824,6 +1905,7 @@ if ($page == 'domains' || $page == 'overview') {
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
 					`customerid` = :customerid,
 					`adminid` = :adminid,
+					`phpenabled` = :phpenabled,
 					`openbasedir` = :openbasedir,
 					`phpsettingid` = :phpsettingid,
 					`mod_fcgid_starter` = :mod_fcgid_starter,
@@ -2141,6 +2223,8 @@ if ($page == 'domains' || $page == 'overview') {
 
 			// update customer/admin counters
 			updateCounters(false);
+			inserttask('1');
+			inserttask('4');
 
 			$result_str = $result['imported'] . ' / ' . $result['all'];
 			standard_success('domain_import_successfully', $result_str, array(

admin_index.php

@@ -280,7 +280,7 @@ if ($page == 'overview') {
 			$default_lang = $userinfo['def_language'];
 		}
 
-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options.= makeoption($language_name, $language_file, $default_lang, true);
 		}
 

admin_logger.php

@@ -30,11 +30,11 @@ if ($page == 'log'
 			'user' => $lng['logger']['user'],
 			'text' => $lng['logger']['action']
 		);
-		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc');
-		$result_stmt = Database::query('
-			SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
-		);
-		$logs_count = Database::num_rows();
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc', 30);
+		$query = 'SELECT * FROM `' . TABLE_PANEL_LOG . '` ' . $paging->getSqlWhere(false) . ' ' . $paging->getSqlOrderBy();
+		$result_stmt = Database::query($query . ' ' . $paging->getSqlLimit());
+		$result_cnt_stmt = Database::query($query);
+		$logs_count = $result_cnt_stmt->rowCount();
 		$paging->setEntries($logs_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
@@ -67,7 +67,7 @@ if ($page == 'log'
 		foreach ($clog as $action => $logrows) {
 			$_action = 0;
 			foreach ($logrows as $row) {
-				if ($paging->checkDisplay($i)) {
+				// if ($paging->checkDisplay($i)) {
 					$row = htmlentities_array($row);
 					$row['date'] = date("d.m.y H:i:s", $row['date']);
 
@@ -105,7 +105,7 @@ if ($page == 'log'
 					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
 					$count++;
 					$_action = $action;
-				}
+				// }
 				$i++;
 			}
 			$i++;

admin_settings.php

@@ -290,3 +290,70 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	}
 	eval("echo \"" . getTemplate("settings/integritycheck") . "\";");
 }
+elseif ($page == 'testmail')
+{
+		if (isset($_POST['send']) && $_POST['send'] == 'send')
+		{
+			$test_addr = isset($_POST['test_addr']) ? $_POST['test_addr'] : null;
+
+			/**
+			 * Initialize the mailingsystem
+			 */
+			$testmail = new PHPMailer(true);
+			$testmail->CharSet = "UTF-8";
+
+			if (Settings::Get('system.mail_use_smtp')) {
+				$testmail->isSMTP();
+				$testmail->Host = Settings::Get('system.mail_smtp_host');
+				$testmail->SMTPAuth = Settings::Get('system.mail_smtp_auth') == '1' ? true : false;
+				$testmail->Username = Settings::Get('system.mail_smtp_user');
+				$testmail->Password = Settings::Get('system.mail_smtp_passwd');
+				if (Settings::Get('system.mail_smtp_usetls')) {
+					$testmail->SMTPSecure = 'tls';
+				} else {
+					$testmail->SMTPAutoTLS = false;
+				}
+				$testmail->Port = Settings::Get('system.mail_smtp_port');
+			}
+
+			$_mailerror = false;
+			if (PHPMailer::ValidateAddress(Settings::Get('panel.adminmail')) !== false) {
+				// set return-to address and custom sender-name, see #76
+				$testmail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
+				if (Settings::Get('panel.adminmail_return') != '') {
+					$testmail->AddReplyTo(Settings::Get('panel.adminmail_return'), Settings::Get('panel.adminmail_defname'));
+				}
+
+				try {
+					$testmail->Subject = "Froxlor Test-Mail";
+					$mail_body = "Yay, this worked :)";
+					$testmail->AltBody = $mail_body;
+					$testmail->MsgHTML(str_replace("\n", "<br />", $mail_body));
+					$testmail->AddAddress($test_addr);
+					$testmail->Send();
+				} catch(phpmailerException $e) {
+					$mailerr_msg = $e->errorMessage();
+					$_mailerror = true;
+				} catch (Exception $e) {
+					$mailerr_msg = $e->getMessage();
+					$_mailerror = true;
+				}
+
+				if (!$_mailerror) {
+					// success
+					$mail->ClearAddresses();
+					standard_success('testmailsent', '', array('filename' => 'admin_settings.php', 'page' => 'testmail'));
+				}
+			} else {
+				// invalid sender e-mail
+				$mailerr_msg = "Invalid sender e-mail address: ".Settings::Get('panel.adminmail');
+				$_mailerror = true;
+			}
+		}
+
+		$mail_smtp_user = Settings::Get('system.mail_smtp_user');
+		$mail_smtp_host = Settings::Get('system.mail_smtp_host');
+		$mail_smtp_port = Settings::Get('system.mail_smtp_port');
+
+		eval("echo \"" . getTemplate("settings/testmail") . "\";");
+}

admin_templates.php

@@ -99,7 +99,7 @@ if ($action == '') {
 	}
 
 	$add = false;
-	while (list($language_file, $language_name) = each($languages)) {
+	foreach ($languages as $language_file => $language_name) {
 
 		$templates_done = array();
 		$result_stmt = Database::prepare("
@@ -328,7 +328,7 @@ if ($action == '') {
 		$language_options = '';
 		$template_options = '';
 
-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$templates = array();
 			$result_stmt = Database::prepare("
 				SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`

customer_domains.php

@@ -260,7 +260,7 @@ if ($page == 'overview') {
 		if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 
-				if (strpos($_POST['subdomain'], '--') !== false) {
+				if (substr($_POST['subdomain'], 0, 4) == 'xn--') {
 					standard_error('domain_nopunycode');
 				}
 
@@ -327,6 +327,9 @@ if ($page == 'overview') {
 				}
 
 				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
+					if (strstr($path, ":") !== FALSE) {
+						standard_error('pathmaynotcontaincolon');
+					}
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -334,9 +337,6 @@ if ($page == 'overview') {
 					} else {
 						$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 					}
-					if (strstr($path, ":") !== FALSE) {
-						standard_error('pathmaynotcontaincolon');
-					}
 				} else {
 					$_doredirect = true;
 				}
@@ -415,6 +415,7 @@ if ($page == 'overview') {
 						`wwwserveralias` = :wwwserveralias,
 						`isemaildomain` = :isemaildomain,
 						`iswildcarddomain` = :iswildcarddomain,
+						`phpenabled` = :phpenabled,
 						`openbasedir` = :openbasedir,
 						`openbasedir_path` = :openbasedir_path,
 						`speciallogfile` = :speciallogfile,
@@ -437,6 +438,7 @@ if ($page == 'overview') {
 						"isemaildomain" => $domain_check['subcanemaildomain'] == '3' ? '1' : '0',
 						"openbasedir" => $domain_check['openbasedir'],
 						"openbasedir_path" => $openbasedir_path,
+						"phpenabled" => $domain_check['phpenabled'],
 						"speciallogfile" => $domain_check['speciallogfile'],
 						"specialsettings" => $domain_check['specialsettings'],
 						"ssl_redirect" => $ssl_redirect,
@@ -517,7 +519,12 @@ if ($page == 'overview') {
 
 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE pip.`ssl`='1'
+				");
 				Database::pexecute($ssl_ip_stmt);
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
@@ -564,6 +571,9 @@ if ($page == 'overview') {
 				}
 
 				if (!preg_match('/^https?\:\/\//', $path) || !validateUrl($path)) {
+					if (strstr($path, ":") !== FALSE) {
+						standard_error('pathmaynotcontaincolon');
+					}
 					// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 					// set default path to subdomain or domain name
 					if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
@@ -571,9 +581,6 @@ if ($page == 'overview') {
 					} else {
 						$path = makeCorrectDir($userinfo['documentroot'] . '/' . $path);
 					}
-					if (strstr($path, ":") !== FALSE) {
-						standard_error('pathmaynotcontaincolon');
-					}
 				} else {
 					$_doredirect = true;
 				}
@@ -797,8 +804,13 @@ if ($page == 'overview') {
 
 				// check if we at least have one ssl-ip/port, #1179
 				$ssl_ipsandports = '';
-				$ssl_ip_stmt = Database::prepare("SELECT COUNT(*) as countSSL FROM `panel_ipsandports` WHERE `ssl`='1'");
-				Database::pexecute($ssl_ip_stmt);
+				$ssl_ip_stmt = Database::prepare("
+					SELECT COUNT(*) as countSSL
+					FROM `".TABLE_PANEL_IPSANDPORTS."` pip
+					LEFT JOIN `".TABLE_DOMAINTOIP."` dti ON dti.id_ipandports = pip.id
+					WHERE `dti`.`id_domain` = :id_domain AND pip.`ssl`='1'
+				");
+				Database::pexecute($ssl_ip_stmt, array("id_domain" => $result['id']));
 				$resultX = $ssl_ip_stmt->fetch(PDO::FETCH_ASSOC);
 				if (isset($resultX['countSSL']) && (int)$resultX['countSSL'] > 0) {
 					$ssl_ipsandports = 'notempty';

customer_email.php

@@ -96,7 +96,8 @@ if ($page == 'overview') {
 					$row['destination'] = explode(' ', $row['destination']);
 					uasort($row['destination'], 'strcasecmp');
 
-					while (list($dest_id, $destination) = each($row['destination'])) {
+					$dest_list = $row['destination'];
+					foreach ($dest_list as $dest_id => $destination) {
 						$row['destination'][$dest_id] = $idna_convert->decode($row['destination'][$dest_id]);
 
 						if ($row['destination'][$dest_id] == $row['email_full']) {
@@ -164,7 +165,7 @@ if ($page == 'overview') {
 						Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $result['popaccountid']));
 						$update_users_query_addon .= " , `email_accounts_used` = `email_accounts_used` - 1 ";
 						$number_forwarders-= 1;
-						$log->logAction(USR_ACTION, LOG_NOTICE, "deleted forwarder for email address '" . $result['email'] . "'");
+						$log->logAction(USR_ACTION, LOG_INFO, "deleted forwarder for email address '" . $result['email'] . "'");
 					}
 				} else {
 					$number_forwarders = 0;
@@ -323,7 +324,7 @@ if ($page == 'overview') {
 			$forwarders = '';
 			$forwarders_count = 0;
 
-			while (list($dest_id, $destination) = each($result['destination'])) {
+			foreach ($result['destination'] as $dest_id => $destination) {
 				$destination = $idna_convert->decode($destination);
 
 				if ($destination != $result['email_full'] && $destination != '') {
@@ -652,7 +653,7 @@ if ($page == 'overview') {
 
 				$password = validatePassword($password);
 
-				$log->logAction(USR_ACTION, LOG_NOTICE, "changed email password for '" . $result['email_full'] . "'");
+				$log->logAction(USR_ACTION, LOG_INFO, "changed email password for '" . $result['email_full'] . "'");
 				$cryptPassword = makeCryptPassword($password);
 				$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "`
 					SET " . (Settings::Get('system.mailpwcleartext') == '1' ? "`password` = :password, " : '') . "
@@ -699,7 +700,7 @@ if ($page == 'overview') {
 				if ($userinfo['email_quota'] != '-1' && ($quota == 0 || ($quota + $userinfo['email_quota_used'] - $result['quota']) > $userinfo['email_quota'])) {
 					standard_error('allocatetoomuchquota', $quota);
 				} else {
-					$log->logAction(USR_ACTION, LOG_NOTICE, "updated quota for email address '" . $result['email'] . "' to " . $quota . " MB");
+					$log->logAction(USR_ACTION, LOG_INFO, "updated quota for email address '" . $result['email'] . "' to " . $quota . " MB");
 					$stmt = Database::prepare("UPDATE `" . TABLE_MAIL_USERS . "`
 						SET `quota` = :quota
 						WHERE `id` = :id
@@ -834,7 +835,7 @@ if ($page == 'overview') {
 						);
 						Database::pexecute($stmt, array("cid" => $userinfo['customerid']));
 
-						$log->logAction(USR_ACTION, LOG_NOTICE, "added email forwarder for '" . $result['email_full'] . "'");
+						$log->logAction(USR_ACTION, LOG_INFO, "added email forwarder for '" . $result['email_full'] . "'");
 						redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 					}
 				} else {
@@ -895,7 +896,7 @@ if ($page == 'overview') {
 					);
 					Database::pexecute($stmt, array("cid" => $userinfo['customerid']));
 
-					$log->logAction(USR_ACTION, LOG_NOTICE, "deleted email forwarder for '" . $result['email_full'] . "'");
+					$log->logAction(USR_ACTION, LOG_INFO, "deleted email forwarder for '" . $result['email_full'] . "'");
 					redirectTo($filename, array('page' => 'emails', 'action' => 'edit', 'id' => $id, 's' => $s));
 				} else {
 					ask_yesno('email_reallydelete_forwarder', $filename, array('id' => $id, 'forwarderid' => $forwarderid, 'page' => $page, 'action' => $action), $idna_convert->decode($result['email_full']) . ' -> ' . $idna_convert->decode($forwarder));

customer_ftp.php

@@ -134,6 +134,12 @@ if ($page == 'overview') {
 				// refs #293
 				if (isset($_POST['delete_userfiles']) && (int)$_POST['delete_userfiles'] == 1) {
 					inserttask('8', $userinfo['loginname'], $result['homedir']);
+				} else {
+					if (Settings::Get('system.nssextrausers') == 1)
+					{
+						// this is used so that the libnss-extrausers cron is fired
+						inserttask(5);
+					}
 				}
 
 				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "`
@@ -431,6 +437,7 @@ if ($page == 'overview') {
 				}
 
 				$log->logAction(USR_ACTION, LOG_INFO, "edited ftp-account '" . $result['username'] . "'");
+				inserttask(5);
 				$description = validate($_POST['ftp_description'], 'description');
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
 					SET `description` = :desc, `shell` = :shell

customer_index.php

@@ -204,7 +204,7 @@ if ($page == 'overview') {
 		}
 
 		$language_options = '';
-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options .= makeoption($language_name, $language_file, $default_lang, true);
 		}
 

customer_logger.php

@@ -16,17 +16,15 @@
  * @package    Panel
  *
  */
-
 define('AREA', 'customer');
 require './lib/init.php';
 
 // redirect if this customer page is hidden via settings
-if (Settings::IsInList('panel.customer_hide_options','extras.logger')) {
+if (Settings::IsInList('panel.customer_hide_options', 'extras.logger')) {
 	redirectTo('customer_index.php');
 }
 
-if ($page == 'log'
-) {
+if ($page == 'log') {
 	if ($action == '') {
 		$fields = array(
 			'date' => $lng['logger']['date'],
@@ -34,37 +32,39 @@ if ($page == 'log'
 			'user' => $lng['logger']['user'],
 			'text' => $lng['logger']['action']
 		);
-		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc');
-		$result_stmt = Database::prepare('
-			SELECT * FROM `' . TABLE_PANEL_LOG . '` WHERE `user` = :loginname ' . $paging->getSqlWhere(true) . ' ' . $paging->getSqlOrderBy() . ' ' . $paging->getSqlLimit()
-		);
-		Database::pexecute($result_stmt, array("loginname" => $userinfo['loginname']));
-		$logs_count = Database::num_rows();
+		$paging = new paging($userinfo, TABLE_PANEL_LOG, $fields, null, null, 0, 'desc', 30);
+		$query = 'SELECT * FROM `' . TABLE_PANEL_LOG . '` WHERE `user` = :loginname ' . $paging->getSqlWhere(true) . ' ' . $paging->getSqlOrderBy();
+		$result_stmt = Database::prepare($query . ' ' . $paging->getSqlLimit());
+		Database::pexecute($result_stmt, array(
+			"loginname" => $userinfo['loginname']
+		));
+		$result_cnt_stmt = Database::prepare($query);
+		Database::pexecute($result_cnt_stmt, array(
+			"loginname" => $userinfo['loginname']
+		));
+		$res_cnt = $result_cnt_stmt->fetch(PDO::FETCH_ASSOC);
+		$logs_count = $result_cnt_stmt->rowCount();
 		$paging->setEntries($logs_count);
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
 		$searchcode = $paging->getHtmlSearchCode($lng);
 		$pagingcode = $paging->getHtmlPagingCode($filename . '?page=' . $page . '&s=' . $s);
 		$clog = array();
-
+		
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-
-			if (!isset($clog[$row['action']])
-				|| !is_array($clog[$row['action']])
-			) {
+			
+			if (! isset($clog[$row['action']]) || ! is_array($clog[$row['action']])) {
 				$clog[$row['action']] = array();
 			}
 			$clog[$row['action']][$row['logid']] = $row;
 		}
-
-		if ($paging->sortfield == 'date'
-			&& $paging->sortorder == 'desc'
-		) {
+		
+		if ($paging->sortfield == 'date' && $paging->sortorder == 'desc') {
 			krsort($clog);
 		} else {
 			ksort($clog);
 		}
-
+		
 		$i = 0;
 		$count = 0;
 		$log_count = 0;
@@ -72,51 +72,50 @@ if ($page == 'log'
 		foreach ($clog as $action => $logrows) {
 			$_action = 0;
 			foreach ($logrows as $row) {
-				if ($paging->checkDisplay($i)) {
-					$row = htmlentities_array($row);
-					$row['date'] = date("d.m.y H:i:s", $row['date']);
-
-					if ($_action != $action) {
-						switch ($action) {
-							case USR_ACTION:
-								$_action = $lng['admin']['customer'];
-								break;
-							case RES_ACTION:
-								$_action = $lng['logger']['reseller'];
-								break;
-							case ADM_ACTION:
-								$_action = $lng['logger']['admin'];
-								break;
-							case CRON_ACTION:
-								$_action = $lng['logger']['cron'];
-								break;
-							case LOGIN_ACTION:
-								$_action = $lng['logger']['login'];
-								break;
-							case LOG_ERROR:
-								$_action = $lng['logger']['intern'];
-								break;
-							default:
-								$_action = $lng['logger']['unknown'];
-								break;
-						}
-
-						$row['action'] = $_action;
-						eval("\$log.=\"" . getTemplate('logger/logger_action') . "\";");
+				// if ($paging->checkDisplay($i)) {
+				$row = htmlentities_array($row);
+				$row['date'] = date("d.m.y H:i:s", $row['date']);
+				
+				if ($_action != $action) {
+					switch ($action) {
+						case USR_ACTION:
+							$_action = $lng['admin']['customer'];
+							break;
+						case RES_ACTION:
+							$_action = $lng['logger']['reseller'];
+							break;
+						case ADM_ACTION:
+							$_action = $lng['logger']['admin'];
+							break;
+						case CRON_ACTION:
+							$_action = $lng['logger']['cron'];
+							break;
+						case LOGIN_ACTION:
+							$_action = $lng['logger']['login'];
+							break;
+						case LOG_ERROR:
+							$_action = $lng['logger']['intern'];
+							break;
+						default:
+							$_action = $lng['logger']['unknown'];
+							break;
 					}
-
-					$log_count++;
-					$row['type'] = getLogLevelDesc($row['type']);
-					eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
-					$count++;
-					$_action = $action;
+					
+					$row['action'] = $_action;
+					eval("\$log.=\"" . getTemplate('logger/logger_action') . "\";");
 				}
-				$i++;
+				
+				$log_count ++;
+				$row['type'] = getLogLevelDesc($row['type']);
+				eval("\$log.=\"" . getTemplate('logger/logger_log') . "\";");
+				$count ++;
+				$_action = $action;
+				// }
+				$i ++;
 			}
-			$i++;
+			$i ++;
 		}
-
+		
 		eval("echo \"" . getTemplate('logger/logger') . "\";");
-
 	}
 }

dns_editor.php

@@ -56,13 +56,29 @@ if ($action == 'add_record' && ! empty($_POST)) {
 		if (strpos($record, '--') !== false) {
 			$errors[] = $lng['error']['domain_nopunycode'];
 		} else {
+			// check for wildcard-record
+			$add_wildcard_again = false;
+			if (substr($record, 0, 2) == '*.') {
+				$record = substr($record, 2);
+				$add_wildcard_again = true;
+			}
+			// convert entry
 			$record = $idna_convert->encode($record);
+
+			if ($add_wildcard_again) {
+				$record = '*.'.$record;
+			}
+
+			/*
+			 * see https://redmine.froxlor.org/issues/1697
+			 *
 			if ($type != 'SRV' && $type != 'TXT') {
 				$check_dom = $record . '.example.com';
 				if (! validateDomain($check_dom)) {
 					$errors[] = sprintf($lng['error']['subdomainiswrong'], $idna_convert->decode($record));
 				}
 			}
+			*/
 			if (strlen($record) > 63) {
 				$errors[] = $lng['error']['dns_record_toolong'];
 			}
@@ -112,6 +128,9 @@ if ($action == 'add_record' && ! empty($_POST)) {
 		if (substr($content, - 1) == '.') {
 			// remove it for checks
 			$content = substr($content, 0, - 1);
+		} else {
+			// add domain name
+			$content .= '.' . $domain;
 		}
 		if (! validateDomain($content)) {
 			$errors[] = $lng['error']['dns_cname_invaliddom'];
@@ -171,8 +190,8 @@ if ($action == 'add_record' && ! empty($_POST)) {
 				}
 			}
 		}
-		// append trailing dot (again)
-		if ($target != '.') {
+		// append trailing dot if there's none
+		if (substr($content, - 1) != '.') {
 			$content .= '.';
 		}
 	}

index.php

@@ -250,7 +250,7 @@ if ($action == 'login') {
 		$language_options = '';
 		$language_options .= makeoption($lng['login']['profile_lng'], 'profile', 'profile', true, true);
 
-		while (list($language_file, $language_name) = each($languages)) {
+		foreach ($languages as $language_file => $language_name) {
 			$language_options .= makeoption($language_name, $language_file, 'profile', true);
 		}
 

install/froxlor.sql

@@ -195,8 +195,9 @@ CREATE TABLE `panel_customers` (
   `theme` varchar(255) NOT NULL default 'Sparkle',
   `custom_notes` text,
   `custom_notes_show` tinyint(1) NOT NULL default '0',
-  `lepublickey` mediumtext DEFAULT NULL,
-  `leprivatekey` mediumtext DEFAULT NULL,
+  `lepublickey` mediumtext default NULL,
+  `leprivatekey` mediumtext default NULL,
+  `leregistered` tinyint(1) NOT NULL default '0',
    PRIMARY KEY  (`customerid`),
    UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -237,6 +238,7 @@ CREATE TABLE `panel_domains` (
   `dkim_pubkey` text,
   `wwwserveralias` tinyint(1) NOT NULL default '1',
   `parentdomainid` int(11) NOT NULL default '0',
+  `phpenabled` tinyint(1) NOT NULL default '0',
   `openbasedir` tinyint(1) NOT NULL default '0',
   `openbasedir_path` tinyint(1) NOT NULL default '0',
   `speciallogfile` tinyint(1) NOT NULL default '0',
@@ -255,6 +257,8 @@ CREATE TABLE `panel_domains` (
   `hsts` varchar(10) NOT NULL default '0',
   `hsts_sub` tinyint(1) NOT NULL default '0',
   `hsts_preload` tinyint(1) NOT NULL default '0',
+  `ocsp_stapling` tinyint(1) DEFAULT '0',
+  `http2` tinyint(1) DEFAULT '0',
   PRIMARY KEY  (`id`),
   KEY `customerid` (`customerid`),
   KEY `parentdomain` (`parentdomainid`),
@@ -280,7 +284,8 @@ CREATE TABLE `panel_ipsandports` (
   `default_vhostconf_domain` text,
   `ssl_cert_chainfile` varchar(255) NOT NULL,
   `docroot` varchar(255) NOT NULL default '',
-  PRIMARY KEY  (`id`)
+  PRIMARY KEY  (`id`),
+  UNIQUE KEY `ip_port` (`ip`,`port`)
 ) ENGINE=MyISAM CHARSET=utf8 COLLATE=utf8_general_ci;
 
 
@@ -496,10 +501,11 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'ssl_cert_chainfile', ''),
 	('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
 	('system', 'nginx_php_backend', '127.0.0.1:8888'),
-	('system', 'nginx_http2_support', '0'),
+	('system', 'http2_support', '0'),
 	('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
 	('system', 'phpreload_command', ''),
 	('system', 'apache24', '0'),
+	('system', 'apache24_ocsp_cache_path', 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)'),
 	('system', 'documentroot_use_default_value', '0'),
 	('system', 'passwordcryptfunc', '3'),
 	('system', 'axfrservers', ''),
@@ -544,8 +550,11 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('system', 'mail_smtp_user', ''),
 	('system', 'mail_smtp_passwd', ''),
 	('system', 'hsts_maxage', '0'),
-	('system', 'hsts_sub', '0'),
+	('system', 'hsts_incsub', '0'),
 	('system', 'hsts_preload', '0'),
+	('system', 'leregistered', '0'),
+	('system', 'nssextrausers', '0'),
+	('system', 'disable_le_selfcheck', '0'),
 	('panel', 'decimal_places', '4'),
 	('panel', 'adminmail', 'admin@SERVERNAME'),
 	('panel', 'phpmyadmin_url', ''),
@@ -577,8 +586,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
 	('panel', 'customer_hide_options', ''),
-	('panel', 'version', '0.9.38.2'),
-	('panel', 'db_version', '201611180');
+	('panel', 'version', '0.9.38.8'),
+	('panel', 'db_version', '201712310');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -764,7 +773,7 @@ CREATE TABLE `panel_phpconfigs` (
 
 INSERT INTO `panel_phpconfigs` (`id`, `description`, `binary`, `file_extensions`, `mod_fcgid_starter`, `mod_fcgid_maxrequests`, `phpsettings`) VALUES
 (1, 'Default Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = Off\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_exec,curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 30\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\n{OPEN_BASEDIR_C}open_basedir = "{OPEN_BASEDIR}"\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = "{DOCUMENT_ROOT}"\r\n'),
-(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\nnoutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');
+(2, 'Froxlor Vhost Config', '/usr/bin/php-cgi', 'php', '-1', '-1', 'allow_call_time_pass_reference = Off\r\nallow_url_fopen = On\r\nasp_tags = Off\r\ndisable_classes =\r\ndisable_functions = curl_multi_exec,exec,parse_ini_file,passthru,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,system\r\ndisplay_errors = Off\r\ndisplay_startup_errors = Off\r\nenable_dl = Off\r\nerror_reporting = E_ALL & ~E_NOTICE\r\nexpose_php = Off\r\nfile_uploads = On\r\ncgi.force_redirect = 1\r\ngpc_order = "GPC"\r\nhtml_errors = Off\r\nignore_repeated_errors = Off\r\nignore_repeated_source = Off\r\ninclude_path = ".:{PEAR_DIR}"\r\nlog_errors = On\r\nlog_errors_max_len = 1024\r\nmagic_quotes_gpc = Off\r\nmagic_quotes_runtime = Off\r\nmagic_quotes_sybase = Off\r\nmax_execution_time = 60\r\nmax_input_time = 60\r\nmemory_limit = 128M\r\noutput_buffering = 4096\r\npost_max_size = 16M\r\nprecision = 14\r\nregister_argc_argv = Off\r\nregister_globals = Off\r\nreport_memleaks = On\r\nsendmail_path = "/usr/sbin/sendmail -t -i -f {CUSTOMER_EMAIL}"\r\nsession.auto_start = 0\r\nsession.bug_compat_42 = 0\r\nsession.bug_compat_warn = 1\r\nsession.cache_expire = 180\r\nsession.cache_limiter = nocache\r\nsession.cookie_domain =\r\nsession.cookie_lifetime = 0\r\nsession.cookie_path = /\r\nsession.entropy_file = /dev/urandom\r\nsession.entropy_length = 16\r\nsession.gc_divisor = 1000\r\nsession.gc_maxlifetime = 1440\r\nsession.gc_probability = 1\r\nsession.name = PHPSESSID\r\nsession.referer_check =\r\nsession.save_handler = files\r\nsession.save_path = "{TMP_DIR}"\r\nsession.serialize_handler = php\r\nsession.use_cookies = 1\r\nsession.use_trans_sid = 0\r\nshort_open_tag = On\r\nsuhosin.mail.protect = 1\r\nsuhosin.simulation = Off\r\ntrack_errors = Off\r\nupload_max_filesize = 32M\r\nupload_tmp_dir = "{TMP_DIR}"\r\nvariables_order = "GPCS"\r\n;mail.add_x_header = On\r\n;mail.log = "/var/log/phpmail.log"\r\nopcache.restrict_api = ""\r\n');
 
 
 DROP TABLE IF EXISTS `cronjobs_run`;

install/lib/class.FroxlorInstall.php

@@ -177,10 +177,14 @@ class FroxlorInstall
 		}
 
 		// check system-hostname to be a FQDN
-		if ($this->_validate_ip($this->_data['servername'], true) !== false) {
+		if ($this->_validate_ip($this->_data['servername']) !== false) {
 			$this->_data['servername'] = '';
 		}
 
+		if (empty($this->_data['serverip']) || $this->_validate_ip($this->_data['serverip']) == false) {
+			return false;
+		}
+
 		if (isset($_POST['installstep']) && $_POST['installstep'] == '1' && $this->_data['admin_pass1'] == $this->_data['admin_pass2'] && $this->_data['admin_pass1'] != '' && $this->_data['admin_pass2'] != '' && $this->_data['mysql_unpriv_pass'] != '' && $this->_data['mysql_root_pass'] != '' && $this->_data['servername'] != '' && $this->_data['serverip'] != '' && $this->_data['httpuser'] != '' && $this->_data['httpgroup'] != '' && $this->_data['mysql_unpriv_user'] != $this->_data['mysql_root_user']) {
 			return true;
 		}
@@ -200,7 +204,7 @@ class FroxlorInstall
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_mysql']);
 
 		$options = array(
-			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
 		);
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";";
 		$fatal_fail = false;
@@ -236,7 +240,7 @@ class FroxlorInstall
 			$content .= $this->_importDatabaseData();
 			// create DB object for new database
 			$options = array(
-				'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+				'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
 			);
 			$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 			$another_fail = false;
@@ -507,7 +511,7 @@ class FroxlorInstall
 		$content = "";
 		$content .= $this->_status_message('begin', $this->_lng['install']['testing_new_db']);
 		$options = array(
-			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'set names utf8'
+			'PDO::MYSQL_ATTR_INIT_COMMAND' => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"'
 		);
 		$dsn = "mysql:host=" . $this->_data['mysql_host'] . ";dbname=" . $this->_data['mysql_database'] . ";";
 		$fatal_fail = false;
@@ -698,7 +702,7 @@ class FroxlorInstall
 		}
 		// language selection
 		$language_options = '';
-		while (list ($language_file, $language_name) = each($this->_languages)) {
+		foreach ($this->_languages as $language_name => $language_file) {
 			$language_options .= makeoption($language_name, $language_file, $this->_activelng, true, true);
 		}
 		// get language-form-template
@@ -781,7 +785,7 @@ class FroxlorInstall
 		}
 		$formdata .= $this->_getSectionItemString('servername', true, $style);
 		// serverip
-		if (! empty($_POST['installstep']) && $this->_data['serverip'] == '') {
+		if (! empty($_POST['installstep']) && ($this->_data['serverip'] == '' || $this->_validate_ip($this->_data['serverip']) == false)) {
 			$style = 'color:red;';
 		} else {
 			$style = '';

install/templates/dataitemchk.tpl

@@ -1,4 +1,4 @@
 <p>
 	<label for="{$fieldname}" class="install-block {$style}">{$this->_lng['install']['webserver']} {$fieldlabel}:</label>
-	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}<span>
+	<input type="radio" name="webserver" id="{$fieldname}" value="{$fieldname}" {$checked} /><span>{$fieldlabel}</span>
 </p>

install/updates/froxlor/0.9/update_0.9.inc.php

@@ -14,9 +14,11 @@
  * @package    Install
  *
  */
-if (! defined('AREA') || (defined('AREA') && AREA != 'admin') || ! isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
-	header('Location: ../../../../index.php');
-	exit();
+if (!defined('_CRON_UPDATE')) {
+	if (! defined('AREA') || (defined('AREA') && AREA != 'admin') || ! isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
+		header('Location: ../../../../index.php');
+		exit();
+	}
 }
 
 if (isFroxlorVersion('0.9-r0')) {
@@ -3535,8 +3537,112 @@ if (isFroxlorVersion('0.9.38')) {
 	updateToVersion('0.9.38.1');
 }
 
-if (isFroxlorVersion('0.9.38')) {
+if (isFroxlorVersion('0.9.38.1')) {
 
 	showUpdateStep("Updating from 0.9.38.1 to 0.9.38.2", false);
 	updateToVersion('0.9.38.2');
 }
+
+if (isFroxlorVersion('0.9.38.2')) {
+
+	showUpdateStep("Updating from 0.9.38.2 to 0.9.38.3", false);
+	updateToVersion('0.9.38.3');
+}
+
+if (isFroxlorVersion('0.9.38.3')) {
+
+	showUpdateStep("Updating from 0.9.38.3 to 0.9.38.4", false);
+	updateToVersion('0.9.38.4');
+}
+
+if (isDatabaseVersion('201611180')) {
+
+	showUpdateStep("Updating database table definition for panel_domains");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `phpenabled` tinyint(1) NOT NULL default '1' AFTER `parentdomainid`;");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding field for let's-encrypt registration status");
+	Database::query("ALTER TABLE `".TABLE_PANEL_CUSTOMERS."` add `leregistered` TINYINT(1) NOT NULL DEFAULT 0;");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding system setting for let's-encrypt registration status");
+	Settings::AddNew('system.leregistered', '0');
+	lastStepStatus(0);
+
+  showUpdateStep("Adding unique key to ipsandports table");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_IPSANDPORTS . "` ADD UNIQUE KEY `ip_port` (`ip`,`port`)");
+	lastStepStatus(0);
+
+	updateToDbVersion('201612110');
+}
+
+if (isFroxlorVersion('0.9.38.4')) {
+
+	showUpdateStep("Updating from 0.9.38.4 to 0.9.38.5", false);
+	updateToVersion('0.9.38.5');
+}
+
+if (isFroxlorVersion('0.9.38.5')) {
+
+	showUpdateStep("Updating from 0.9.38.5 to 0.9.38.6", false);
+	updateToVersion('0.9.38.6');
+}
+
+if (isFroxlorVersion('0.9.38.6')) {
+
+	showUpdateStep("Updating from 0.9.38.6 to 0.9.38.7", false);
+	updateToVersion('0.9.38.7');
+}
+
+if (isDatabaseVersion('201612110')) {
+
+	showUpdateStep("Adding field for OCSP stapling");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS .
+		"` ADD `ocsp_stapling` TINYINT(1) NOT NULL DEFAULT '0';");
+	lastStepStatus(0);
+
+	showUpdateStep("Adding default setting for Apache 2.4 OCSP cache path");
+	Settings::AddNew('system.apache24_ocsp_cache_path', 'shmcb:/var/run/apache2/ocsp-stapling.cache(131072)');
+	lastStepStatus(0);
+
+	updateToDbVersion('201704100');
+}
+
+if (isDatabaseVersion('201704100')) {
+
+	showUpdateStep("Adding new setting for libnss-extrausers");
+	$system_nssextrausers= isset($_POST['system_nssextrausers']) ? (int) $_POST['system_nssextrausers'] : 0;
+	Settings::AddNew('system.nssextrausers', $system_nssextrausers);
+	lastStepStatus(0);
+
+	updateToDbVersion('201705050');
+}
+
+if (isDatabaseVersion('201705050')) {
+
+	showUpdateStep("Updating HTTP2 setting");
+	if (Settings::Get('system.nginx_http2_support') != null) {
+		Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `varname` = 'http2_support' WHERE `varname` = 'nginx_http2_support';");
+	} else {
+		Settings::AddNew('system.http2_support', 0);
+	}
+	lastStepStatus(0);
+	showUpdateStep("Adding domain field for HTTP2 stapling");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ADD `http2` TINYINT(1) NOT NULL DEFAULT '0';");
+	lastStepStatus(0);
+
+	updateToDbVersion('201708240');
+}
+
+if (isDatabaseVersion('201708240')) {
+	
+	showUpdateStep("Adding new 'disable LE self-check' setting");
+	$system_disable_le_selfcheck = isset($_POST['system_disable_le_selfcheck']) ? (int) $_POST['system_disable_le_selfcheck'] : 0;
+	Settings::AddNew('system.disable_le_selfcheck', $system_disable_le_selfcheck);
+	lastStepStatus(0);
+
+	updateToDbVersion('201712310');
+
+	showUpdateStep("Updating from 0.9.38.7 to 0.9.38.8", false);
+	updateToVersion('0.9.38.8');
+}

install/updates/preconfig/0.9/preconfig_0.9.inc.php

@@ -709,4 +709,22 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version, $c
 		$question .= '<input type="password" class="text" name="smtp_passwd" value="" /><br />';
 		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
 	}
+
+	if (versionInUpdate($current_db_version, '201705050')) {
+		$has_preconfig = true;
+		$description = 'DEBIAN/UBUNTU ONLY: Enable usage of libnss-extrausers as alternative to libnss-mysql (NOTE: if enabled, go through the configuration steps right after the update!!!)<br /><br />';
+		$question = '<strong>Enable usage of libnss-extrausers?</strong><br />';
+		$question .= makeyesno('system_nssextrausers', '1', '0', '0') . '<br />';
+		eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+	}
+
+	if (versionInUpdate($current_db_version, '201712310')) {
+		if (Settings::Get('system.leenabled') == 1) {
+			$has_preconfig = true;
+			$description = 'Chose whether you want to disable the Let\'s Encrypt selfcheck as it causes false positives for some onfigurations.<br /><br />';
+			$question = '<strong>Disable Let\'s Encrypt self-check?</strong><br />';
+			$question .= makeyesno('system_disable_le_selfcheck', '1', '0', '0') . '<br />';
+			eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";");
+		}
+	}
 }

install/updatesql.php

@@ -17,13 +17,15 @@
  *
  */
 
-if (!defined('AREA')
-	|| (defined('AREA') && AREA != 'admin')
-	|| !isset($userinfo['loginname'])
-	|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
-) {
-	header('Location: ../index.php');
-	exit;
+if (!defined('_CRON_UPDATE')) {
+	if (!defined('AREA')
+		|| (defined('AREA') && AREA != 'admin')
+		|| !isset($userinfo['loginname'])
+		|| (isset($userinfo['loginname']) && $userinfo['loginname'] == '')
+	) {
+		header('Location: ../index.php');
+		exit;
+	}
 }
 
 $updatelog = FroxlorLogger::getInstanceOf(array('loginname' => 'updater'));

lib/classes/bulk/class.DomainBulkAction.php

@@ -93,6 +93,13 @@ class DomainBulkAction
 /* 16 */    'use_ssl',
 /* 17 */	'registration_date',
 /* 18 */	'ips',
+/* 19 */	'letsencrypt',
+/* 20 */	'hsts',
+/* 21 */	'hsts_sub',
+/* 22 */	'hsts_preload',
+/* 23 */	'ocsp_stapling',
+/* 24 */	'phpenabled',
+/* 25 */	'http2',
 	    /* automatically added */
 		'adminid',
         'customerid',
@@ -180,13 +187,14 @@ class DomainBulkAction
         }
         
         // preapre insert statement as it is used a few times
+        // leave out aliasdomain for now, cause empty = NULL value which cannot be
+        // added this easily using prepared statements
         $this->_ins_stmt = Database::prepare("
 			INSERT INTO `" . TABLE_PANEL_DOMAINS . "` SET
 				`domain` = :domain,
 				`adminid` = :adminid,
 				`customerid` = :customerid,
 				`documentroot` = :documentroot,
-                `aliasdomain` = :aliasdomain,
 				`isbinddomain` = :isbinddomain,
 				`isemaildomain` = :isemaildomain,
 				`email_only` = :email_only,
@@ -200,7 +208,14 @@ class DomainBulkAction
 				`specialsettings` = :specialsettings,
 				`ssl_redirect` = :ssl_redirect,
 				`registration_date` = :registration_date,
-				`add_date` = :add_date
+				`add_date` = :add_date,
+				`letsencrypt` = :letsencrypt,
+				`hsts` = :hsts,
+				`hsts_sub` = :hsts_sub,
+				`hsts_preload` = :hsts_preload,
+				`ocsp_stapling` = :ocsp_stapling,
+				`phpenabled` = :phpenabled,
+				`http2` = :http2
 		");
         
         // prepare insert statement for ip/port <> domain
@@ -293,6 +308,7 @@ class DomainBulkAction
         }
         
         // check for alias-domain
+        $hasAlias = false;
         if (! empty($domain_data['aliasdomain'])) {
             // format
             $domain_data['aliasdomain'] = $idna_convert->encode(preg_replace(array(
@@ -311,6 +327,7 @@ class DomainBulkAction
                 // - we'd better skip
                 return false;
             }
+            $hasAlias = $domain_data['aliasdomain'];
         }
         
         // check for use_ssl and ssl_redirect
@@ -335,6 +352,38 @@ class DomainBulkAction
             $domain_data['ssl_redirect'] = 0;
         }
         
+        // only check for letsencrypt, hsts and oscp-stapling if ssl is enabled
+        if ($domain_data['use_ssl'] == 1) {
+			//lets encrypt
+			if ($domain_data['letsencrypt'] != 1 || $domain_data['iswildcarddomain'] == 1) {
+				$domain_data['letsencrypt'] = 0;
+			}
+		} else {
+			$domain_data['letsencrypt'] = 0;
+		}
+
+		// hsts
+		if ($domain_data['hsts'] != 1) {
+			$domain_data['hsts'] = 0;
+		}
+		if ($domain_data['hsts_sub'] != 1) {
+			$domain_data['hsts_sub'] = 0;
+		}
+		if ($domain_data['hsts_preload'] != 1) {
+			$domain_data['hsts_preload'] = 0;
+		}
+		if ($domain_data['ocsp_stapling'] != 1) {
+			$domain_data['ocsp_stapling'] = 0;
+		}
+
+		if ($domain_data['phpenabled'] != 1) {
+			$domain_data['phpenabled'] = 0;
+		}
+
+		if ($domain_data['http2'] != 1) {
+			$domain_data['http2'] = 0;
+		}
+
         // add to known domains
         $this->_knownDomains[] = $domain_data['domain'];
         
@@ -416,13 +465,21 @@ class DomainBulkAction
         $use_ssl = (bool)$domain_data['use_ssl'];
         // don't need that for the domain-insert-statement
         unset($domain_data['use_ssl']);
-        
+        // don't need alias
+        unset($domain_data['aliasdomain']);
+
         // finally ADD the domain to panel_domains
         Database::pexecute($this->_ins_stmt, $domain_data);
         
         // get the newly inserted domain-id
         $domain_id = Database::lastInsertId();
         
+        // add alias if any
+        if ($hasAlias != false) {
+			$alias_stmt = Database::prepare("UPDATE `".TABLE_PANEL_DOMAINS."` SET `aliasdomain` = :aliasdomain WHERE `id` = :did");
+			Database::pexecute($alias_stmt, array('aliasdomain' => $hasAlias, 'did' => $domain_id));
+        }
+
         // insert domain <-> ip/port reference
         if (empty($iplist)) {
             $iplist = Settings::Get('system.ipaddress');

lib/classes/database/class.Database.php

@@ -262,7 +262,7 @@ class Database {
 		// build up connection string
 		$driver = 'mysql';
 		$dsn = $driver.":";
-		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'set names utf8');
+		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"');
 		$attributes = array('ATTR_ERRMODE' => 'ERRMODE_EXCEPTION');
 
 		$dbconf["dsn"] = array(

lib/classes/dns/class.DnsEntry.php

@@ -41,7 +41,31 @@ class DnsEntry
 
 	public function __toString()
 	{
-		$result = $this->record . "\t" . $this->ttl . "\t" . $this->class . "\t" . $this->type . "\t" . (($this->priority >= 0 && ($this->type == 'MX' || $this->type == 'SRV')) ? $this->priority . "\t" : "") . $this->content . PHP_EOL;
+		$_content = $this->content;
+		// check content length for txt records for bind9 (multiline)
+		if (Settings::Get('system.dns_server') != 'pdns' && $this->type == 'TXT' && strlen($_content) >= 64) {
+			// split string
+			$_contentlines = str_split($_content, 63);
+			// first line
+			$_l = array_shift($_contentlines);
+			// check for starting quote
+			if (substr($_l, 0, 1) == '"') {
+				$_l = substr($_l, 1);
+			}
+			$_content = '( "' . $_l . '"' . PHP_EOL;
+			$_l = array_pop($_contentlines);
+			// check for ending quote
+			if (substr($_l, -1) == '"') {
+				$_l = substr($_l, 0, -1);
+			}
+			foreach ($_contentlines as $_cl) {
+				// lines in between
+				$_content .= "\t\t\t\t" . '"' . $_cl . '"' . PHP_EOL;
+			}
+			// last line
+			$_content .= "\t\t\t\t" . '"'.$_l.'" )';
+		}
+		$result = $this->record . "\t" . $this->ttl . "\t" . $this->class . "\t" . $this->type . "\t" . (($this->priority >= 0 && ($this->type == 'MX' || $this->type == 'SRV')) ? $this->priority . "\t" : "") . $_content . PHP_EOL;
 		return $result;
 	}
 }

lib/classes/integrity/class.IntegrityCheck.php

@@ -85,11 +85,10 @@ class IntegrityCheck {
 				// fix database
 				Database::query('ALTER DATABASE `' . Database::getDbName() . '` CHARACTER SET utf8 COLLATE utf8_general_ci');
 				// fix all tables
-				$handle = Database::query('SHOW TABLES');
-				while ($row = $handle->fetch(PDO::FETCH_ASSOC)) {
-					foreach ($row as $table) {
-						Database::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');
-					}
+				$handle = Database::query('SHOW FULL TABLES WHERE Table_type != "VIEW"');
+				while ($row = $handle->fetch(PDO::FETCH_BOTH)) {
+					$table = $row[0];
+					Database::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');
 				}
 				$this->_log->logAction(ADM_ACTION, LOG_WARNING, "database charset was different from UTF-8, integrity-check fixed that");
 			} else {

lib/classes/output/class.paging.php

@@ -88,6 +88,8 @@ class paging {
 	 * @var bool
 	 */
 	private $natSorting = false;
+	
+	private $_limit = 0;
 
 	/**
 	 * Class constructor. Loads settings from request or from userdata and saves them to session.
@@ -101,7 +103,7 @@ class paging {
 	 * @param string $default_order default sorting order 'asc' or 'desc'
 	 *
 	 */
-	public function __construct($userinfo, $table, $fields, $entriesperpage = 0, $natSorting = false, $default_field = 0, $default_order = 'asc') {
+	public function __construct($userinfo, $table, $fields, $entriesperpage = 0, $natSorting = false, $default_field = 0, $default_order = 'asc', $limit = 0) {
 
 		// entries per page and natsorting-flag are not
 		// passed as parameter anymore, because these are
@@ -230,6 +232,8 @@ class paging {
 			'adminsession' => $userinfo['adminsession']
 		);
 		Database::pexecute($upd_stmt, $upd_data);
+		
+		$this->_limit = $limit;
 	}
 
 	/**
@@ -378,6 +382,11 @@ class paging {
 	 * @return string always empty
 	 */
 	public function getSqlLimit() {
+
+		if ($this->_limit > 0) {
+			$_offset = ($this->pageno - 1) * $this->_limit;
+			return ' LIMIT '.$_offset.','.$this->_limit;
+		}
 		/**
 		 * currently not in use
 		 */

lib/classes/phpmailer/PHPMailerAutoload.php

@@ -1,49 +1,49 @@
 <?php
 /**
  * PHPMailer SPL autoloader.
- * PHP Version 5
- * @package PHPMailer
- * @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
- * @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
- * @author Jim Jagielski (jimjag) <jimjag@gmail.com>
- * @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
- * @author Brent R. Matzelle (original founder)
- * @copyright 2012 - 2014 Marcus Bointon
- * @copyright 2010 - 2012 Jim Jagielski
- * @copyright 2004 - 2009 Andy Prevost
- * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
- * @note This program is distributed in the hope that it will be useful - WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.
- */
+* PHP Version 5
+* @package PHPMailer
+* @link https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
+* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
+* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
+* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
+* @author Brent R. Matzelle (original founder)
+* @copyright 2012 - 2014 Marcus Bointon
+* @copyright 2010 - 2012 Jim Jagielski
+* @copyright 2004 - 2009 Andy Prevost
+* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
+* @note This program is distributed in the hope that it will be useful - WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.
+*/
 
 /**
  * PHPMailer SPL autoloader.
- * @param string $classname The name of the class to load
- */
+* @param string $classname The name of the class to load
+*/
 function PHPMailerAutoload($classname)
 {
-    //Can't use __DIR__ as it's only in PHP 5.3+
-    $filename = dirname(__FILE__).DIRECTORY_SEPARATOR.'class.'.strtolower($classname).'.php';
-    if (is_readable($filename)) {
-        require $filename;
-    }
+	//Can't use __DIR__ as it's only in PHP 5.3+
+	$filename = dirname(__FILE__).DIRECTORY_SEPARATOR.'class.'.strtolower($classname).'.php';
+	if (is_readable($filename)) {
+		require $filename;
+	}
 }
 
 if (version_compare(PHP_VERSION, '5.1.2', '>=')) {
-    //SPL autoloading was introduced in PHP 5.1.2
-    if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
-        spl_autoload_register('PHPMailerAutoload', true, true);
-    } else {
-        spl_autoload_register('PHPMailerAutoload');
-    }
+	//SPL autoloading was introduced in PHP 5.1.2
+	if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
+		spl_autoload_register('PHPMailerAutoload', true, true);
+	} else {
+		spl_autoload_register('PHPMailerAutoload');
+	}
 } else {
-    /**
-     * Fall back to traditional autoload for old PHP versions
-     * @param string $classname The name of the class to load
-     */
-    function __autoload($classname)
-    {
-        PHPMailerAutoload($classname);
-    }
+	/**
+	 * Fall back to traditional autoload for old PHP versions
+	 * @param string $classname The name of the class to load
+	 */
+	function __autoload($classname)
+	{
+		PHPMailerAutoload($classname);
+	}
 }

lib/classes/settings/class.Settings.php

@@ -86,6 +86,7 @@ class Settings {
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			self::$_data[$row['settinggroup']][$row['varname']] = $row['value'];
 		}
+		return true;
 	}
 
 	/**
@@ -161,10 +162,16 @@ class Settings {
 			if ($instant_save) {
 				$this->_storeSetting($sstr[0], $sstr[1], $value);
 			} else {
-				if (!is_array(self::$_data[$sstr[0]])) {
+				// set temporary data for usage
+				if (!isset(self::$_data[$sstr[0]]) || !is_array(self::$_data[$sstr[0]])) {
 					self::$_data[$sstr[0]] = array();
 				}
 				self::$_data[$sstr[0]][$sstr[1]] = $value;
+				// set update-data when invoking Flush()
+				if (!isset(self::$_updatedata[$sstr[0]]) || !is_array(self::$_updatedata[$sstr[0]])) {
+					self::$_updatedata[$sstr[0]] = array();
+				}
+				self::$_updatedata[$sstr[0]][$sstr[1]] = $value;
 			}
 			return true;
 		}
@@ -223,8 +230,9 @@ class Settings {
 			// now empty the array
 			self::$_updatedata = array();
 			// re-read in all settings
-			$this->_readSettings();
+			return $this->_readSettings();
 		}
+		return false;
 	}
 
 	/**

lib/classes/ssl/class.lescript.php

@@ -38,6 +38,12 @@ class lescript
 
 	private $accountKey;
 
+	private $customerid;
+
+	private $isFroxlorVhost;
+
+	private $isLeProduction;
+
 	private $version;
 
 	public function __construct($logger, $version = '1')
@@ -57,44 +63,71 @@ class lescript
 	{
 		// Let's see if we have the private accountkey
 		$this->accountKey = $certrow['leprivatekey'];
-		if (! $this->accountKey || $this->accountKey == 'unset' || Settings::Get('system.letsencryptca') != 'production') {
+		$this->customerId = (!$isFroxlorVhost ? $certrow['customerid'] : null);
+		$this->isFroxlorVhost = $isFroxlorVhost;
+		$this->isLeProduction = (Settings::Get('system.letsencryptca') == 'production');
+
+		$leregistered=$certrow['leregistered'];
+
+		if (! $this->accountKey || $this->accountKey == 'unset' || !$this->isLeProduction) {
 
 			// generate and save new private key for account
 			// ---------------------------------------------
 
-			$this->log('Starting new account registration');
+			$this->log('Creating new account key');
 			$keys = $this->generateKey();
 			// Only store the accountkey in production, in staging always generate a new key
-			if (Settings::Get('system.letsencryptca') == 'production') {
+			if ($this->isLeProduction) {
 				if ($isFroxlorVhost) {
 					Settings::Set('system.lepublickey', $keys['public']);
 					Settings::Set('system.leprivatekey', $keys['private']);
+					Settings::Set('system.leregistered', 0); // key is not registered
 				} else {
-					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private " . "WHERE `customerid` = :customerid;");
+					$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `lepublickey` = :public, `leprivatekey` = :private, `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
 					Database::pexecute($upd_stmt, array(
 						'public' => $keys['public'],
 						'private' => $keys['private'],
-						'customerid' => $certrow['customerid']
+						'registered' => 0,
+						'customerid' => $this->customerId
 					));
 				}
 			}
+			$leregistered=0;
 			$this->accountKey = $keys['private'];
+		} else {
+			$this->log('Using existing account key');
+		}
 
+		if ($leregistered==0) { // Account not registered
+
+			$this->log('Starting new account registration');
 			$response = $this->postNewReg();
-			if ($this->client->getLastCode() != 201) {
+			if ($this->client->getLastCode() == 409) {
+				$this->log('The key was already registered. Using existing account.');
+			} else if ($this->client->getLastCode() == 201) {
+				$this->log('New account registered.');
+			} else {
 				throw new \RuntimeException("Account not initialized, probably due to rate limiting. Whole response: " . json_encode($response));
 			}
+			$accountUrl=$this->client->getLastLocation();
+
+			$this->log('Accepting lets encrypt Terms of Service');
+
 			$this->license = $this->client->getAgreementURL();
 
-			// Terms of Servce are optional according to ACME specs; if no ToS are presented, no need to update registration
+			// Terms of Service are optional according to ACME specs; if no ToS are presented, no need to update registration
 			if (!empty($this->license)) {
-				$this->postRegAgreement(parse_url($this->client->getLastLocation(), PHP_URL_PATH));
+				$response = $this->postRegAgreement(parse_url($accountUrl, PHP_URL_PATH));
+				if ($this->client->getLastCode() != 202) {
+					throw new \RuntimeException("Terms of Service not accepted. Whole response: " . json_encode($response));
+				}
 			}
-			$this->log('New account certificate registered');
-		} else {
 
-			$this->log('Account already registered. Continuing.');
+			$leregistered=1;
+			$this->setLeRegisteredState($leregistered); // Account registered
+			$this->log('Lets encrypt Terms of Service accepted');
 		}
+
 	}
 
 	/**
@@ -136,11 +169,17 @@ class lescript
 				)
 			));
 
+			if ($this->client->getLastCode() == 403) {
+				$this->log("Got status 403 - setting LE status to unregistered.");
+				$this->setLeRegisteredState(0);
+				throw new RuntimeException("Got 'unauthorized' response - we need to re-register at next run.  Whole response: " . json_encode($response));
+			}
+
 			// if response is not an array but a string, it's most likely a server-error, e.g.
 			// <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY>An error occurred while processing your request.
 			// <p>Reference&#32;&#35;179&#46;d8be1402&#46;1458059103&#46;3613c4db</BODY></HTML>
 			if (! is_array($response)) {
-				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . $response);
+				throw new RuntimeException("Invalid response from LE for domain $domain. Whole response: " . json_encode($response));
 			}
 
 			if (! array_key_exists('challenges', $response)) {
@@ -188,17 +227,19 @@ class lescript
 			$this->log("Token for $domain saved at $tokenPath and should be available at $uri");
 
 			// simple self check
-			$selfcheckContextOptions = array('http' => array('header' => "User Agent: Froxlor/".$this->version));
-			$selfcheckContext = stream_context_create($selfcheckContextOptions);
-			if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
-				$errmsg = json_encode(error_get_last());
-				if ($errmsg != "null") {
-					$errmsg = "; PHP error: " . $errmsg;
-				} else {
-					$errmsg = "";
+			if (Settings::Get('system.disable_le_selfcheck') == '0')
+			{
+				$selfcheckContextOptions = array('http' => array('header' => "User-Agent: Froxlor/".$this->version));
+				$selfcheckContext = stream_context_create($selfcheckContextOptions);
+				if ($payload !== trim(@file_get_contents($uri, false, $selfcheckContext))) {
+					$errmsg = json_encode(error_get_last());
+					if ($errmsg != "null") {
+						$errmsg = "; PHP error: " . $errmsg;
+					} else {
+						$errmsg = "";
+					}
+					$this->logger->logAction(CRON_ACTION, LOG_WARNING, "[Lets Encrypt self-check] Please check $uri - token seems to be not available. This is just a simple self-check, it might be wrong but consider using this information when Let's Encrypt fails to issue a certificate" . $errmsg);
 				}
-				@unlink($tokenPath);
-				$this->logger->logAction(CRON_ACTION, LOG_ERR, "letsencrypt Please check $uri - token not available" . $errmsg);
 			}
 
 			$this->log("Sending request to challenge");
@@ -309,6 +350,21 @@ class lescript
 		);
 	}
 
+	private function setLeRegisteredState($state)
+	{
+		if ($this->isLeProduction) {
+			if ($this->isFroxlorVhost) {
+				Settings::Set('system.leregistered', $state);
+			} else {
+				$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `leregistered` = :registered " . "WHERE `customerid` = :customerid;");
+				Database::pexecute($upd_stmt, array(
+					'registered' => $state,
+					'customerid' => $this->customerId
+				));
+			}
+		}
+	}
+
 	private function parsePemFromBody($body)
 	{
 		$pem = chunk_split(base64_encode($body), 64, "\n");
@@ -537,10 +593,46 @@ class Client
 		return $matches[1];
 	}
 
+	public function getAgreementURLFromLastResponse()
+	{
+		if (preg_match_all('~Link: <(.+)>;rel="terms-of-service"~', $this->lastHeader, $matches)) {
+			return $matches[1][0];
+		}
+		return "";
+	}
+	public function getAgreementURLFromDirectory()
+	{
+		// FIXME: Current license should be found in /directory but LE does not implement this yet
+		// $this->curl('GET', '/directory');
+		return "";
+	}
+	public function getAgreementURLFromTermsUrl()
+	{
+		$this->curl('GET', '/terms');
+		if (preg_match_all('~Location: (.+)~', $this->lastHeader, $matches)) {
+			return trim($matches[1][0]);
+		}
+		return "";
+	}
+
 	public function getAgreementURL()
 	{
-		preg_match_all('~Link: <(.+)>;rel="terms-of-service"~', $this->lastHeader, $matches);
-		return $matches[1][0];
+		// 1. check the header of the last response
+		$license=$this->getAgreementURLFromLastResponse();
+		if (!empty($license)) return $license;
+
+		// 2. query directory for license
+		$license=$this->getAgreementURLFromDirectory();
+		if (!empty($license)) return $license;
+
+		// 3. query /terms endpoint (not ACME standard but implemented by let's enrypt)
+		$license=$this->getAgreementURLFromTermsUrl();
+		if (!empty($license)) return $license;
+
+		// Fallback: use latest known license. This is only valid for let's encrypt and should be removed as soon as there is an official
+		// ACME-endpoint to get the current ToS
+		return "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf";
+		// return "";
 	}
 
 }

lib/classes/webserver/class.WebserverBase.php

@@ -31,8 +31,10 @@ class WebserverBase {
 		$query = "SELECT `d`.*, `pd`.`domain` AS `parentdomain`, `c`.`loginname`,
 				`d`.`phpsettingid`, `c`.`adminid`, `c`.`guid`, `c`.`email`,
 				`c`.`documentroot` AS `customerroot`, `c`.`deactivated`,
-				`c`.`phpenabled` AS `phpenabled`, `d`.`mod_fcgid_starter`,
-				`d`.`mod_fcgid_maxrequests`
+				`c`.`phpenabled` AS `phpenabled_customer`,
+				`d`.`phpenabled` AS `phpenabled_vhost`,
+				`d`.`mod_fcgid_starter`,`d`.`mod_fcgid_maxrequests`,
+				`d`.`ocsp_stapling`
 				FROM `".TABLE_PANEL_DOMAINS."` `d`
 
 				LEFT JOIN `".TABLE_PANEL_CUSTOMERS."` `c` USING(`customerid`)

lib/configfiles/gentoo.xml

@@ -396,7 +396,8 @@ mail	IN		A	<SERVERIP>
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -938,7 +939,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.

lib/configfiles/jessie.xml

@@ -380,7 +380,8 @@ exit "$RETVAL"
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -921,7 +922,8 @@ gmysql-password=
 #################################
 # allow-axfr-ips	Allow zonetransfers only to these subnets
 #
-# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+# allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
@@ -4467,9 +4469,9 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 				<!-- libnss-mysql -->
 				<daemon name="libnss" title="libnss-mysql (required for FCGID/php-fpm/mpm-itk)">
 					<install><![CDATA[apt-get install nscd
-wget http://ftp.us.debian.org/debian/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
-dpkg -i libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
-rm libnss-mysql-bg_1.5-4_`dpkg --print-architecture`.deb
+wget http://debian.froxlor.org/pool/main/libn/libnss-mysql-bg/libnss-mysql-bg_1.5-3+frx1_amd64.deb
+dpkg -i libnss-mysql-bg_1.5-3+frx1_amd64.deb
+rm libnss-mysql-bg_1.5-3+frx1_amd64.deb
 ]]></install>
 					<file name="/etc/libnss-mysql.cfg" chown="root:root" chmod="0600"
 						backup="true">
@@ -4632,6 +4634,42 @@ aliases:     files
 						</content>
 					</file>
 				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/{passwd,group,shadow}]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
+# You should place mysql at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">
 					<install><![CDATA[apt-get install logrotate]]></install>

lib/configfiles/precise.xml

@@ -346,7 +346,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -407,7 +408,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180
@@ -1622,6 +1624,42 @@ netmasks:    files
 netgroup:    files
 bootparams:  files
 
+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/{passwd,group,shadow}]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
+# You should place mysql at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
 automount:   files
 aliases:     files
 ]]>

lib/configfiles/rhel_centos.xml

@@ -2089,7 +2089,7 @@ LoadModule mod_ctrls_admin.c
 # (http://www.castaglia.org/proftpd/modules/mod_vroot.html)
 # Using this module rather than the kernel's chroot() system call works
 # around issues with PAM and chroot (http://bugzilla.redhat.com/506735)
-LoadModule mod_vroot.c
+# LoadModule mod_vroot.c
 #
 # Provide a flexible way of specifying that certain configuration directives
 # only apply to certain sessions, based on credentials such as connection

lib/configfiles/trusty.xml

@@ -379,7 +379,8 @@ exit "$RETVAL"
 					<install><![CDATA[apt-get install pdns-server pdns-backend-mysql]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true" chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -417,7 +418,8 @@ gmysql-password=
 					<install><![CDATA[apt-get install pdns-server]]></install>
 					<file name="/etc/powerdns/pdns.conf" backup="true">
 						<content><![CDATA[
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 allow-recursion=127.0.0.1
 config-dir=/etc/powerdns
 daemon=yes
@@ -441,7 +443,8 @@ include-dir=/etc/powerdns/froxlor/
 					<file name="/etc/powerdns/froxlor/pdns_froxlor.conf" chown="root:root"
 						chmod="600">
 						<content><![CDATA[
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 #local-ipv6=YOUR_IPv6_(if_any)
 bind-config=<BIND_CONFIG_PATH>named.conf
 bind-check-interval=180
@@ -1639,6 +1642,42 @@ aliases:     files
 					<!-- clear group chache -->
 					<command><![CDATA[nscd --invalidate=group]]></command>
 				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/{passwd,group,shadow}]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
+# You should place mysql at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
 				<!-- Logrotate -->
 				<daemon name="logrotate" title="Logrotate">
 					<install><![CDATA[apt-get install logrotate]]></install>

lib/configfiles/wheezy.xml

@@ -424,7 +424,8 @@ exit "$RETVAL"
 # allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
 #                   IP addresses
 #
-allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-recursion	List of netmasks that are allowed to recurse
@@ -763,7 +764,8 @@ gmysql-password=
 # allow-axfr-ips    If enabled, restrict zonetransfers to originate from these
 #                   IP addresses
 #
-allow-axfr-ips=<NAMESERVERS>
+allow-axfr-ips=127.0.0.0/8,::1,<NAMESERVERS_IP>
+# add these entries to the list if any speficied: <AXFRSERVERS>
 
 #################################
 # allow-recursion	List of netmasks that are allowed to recurse
@@ -5431,6 +5433,42 @@ netmasks:    files
 netgroup:    files
 bootparams:  files
 
+automount:   files
+aliases:     files
+]]>
+						</content>
+					</file>
+					<command><![CDATA[/etc/init.d/nscd restart]]></command>
+					<!-- clear group chache -->
+					<command><![CDATA[nscd --invalidate=group]]></command>
+				</daemon>
+				<!-- libnss-extrausers -->
+				<daemon name="libnssextrausers" title="libnss-extrausers (alternative to libnss-mysql, required for FCGID/php-fpm/mpm-itk)">
+					<install><![CDATA[apt-get install nscd libnss-extrausers]]></install>
+					<commands index="1">
+						<command><![CDATA[mkdir -p /var/lib/extrausers]]></command>
+						<command><![CDATA[touch /var/lib/extrausers/{passwd,group,shadow}]]></command>
+					</commands>
+					<file name="/etc/nsswitch.conf" backup="true">
+						<content><![CDATA[
+# Make sure that `passwd`, `group` and `shadow` have mysql in their lines
+# You should place mysql at the end, so that it is queried after the other mechanisams
+#
+passwd:         compat extrausers
+group:          compat extrausers
+shadow:         compat extrausers
+
+hosts:       files dns
+networks:    files dns
+
+services:    db files
+protocols:   db files
+rpc:         db files
+ethers:      db files
+netmasks:    files
+netgroup:    files
+bootparams:  files
+
 automount:   files
 aliases:     files
 ]]>

lib/cron_init.php

@@ -205,6 +205,7 @@ if (hasUpdates($version) || hasDbUpdates($dbversion)
 		fwrite($debugHandler, '*** WARNING *** - all new settings etc. will be stored with the default value, that might not always be right for your system!' . "\n");
 		fwrite($debugHandler, "*** WARNING *** - If you don't want this to happen in the future consider removing the --allow-autoupdate flag from the cronjob\n");
 		// including update procedures
+		define('_CRON_UPDATE', 1);
 		include_once FROXLOR_INSTALL_DIR.'/install/updatesql.php';
 		// pew - everything went better than expected
 		$cronlog->logAction(CRON_ACTION, LOG_WARNING, 'Automatic update done - you should check your settings to be sure everything is fine');

lib/formfields/admin/domains/formfield.domains_add.php

@@ -14,7 +14,6 @@
  * @package    Formfields
  *
  */
-
 return array(
 	'domain_add' => array(
 		'title' => $lng['admin']['domain_add'],
@@ -27,20 +26,20 @@ return array(
 					'domain' => array(
 						'label' => 'Domain',
 						'type' => 'text',
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'customerid' => array(
 						'label' => $lng['admin']['customer'],
 						'type' => 'select',
 						'select_var' => $customers,
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'adminid' => array(
 						'visible' => ($userinfo['customers_see_all'] == '1' ? true : false),
 						'label' => $lng['admin']['admin'],
 						'type' => 'select',
 						'select_var' => $admins,
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'alias' => array(
 						'label' => $lng['domains']['aliasdomain'],
@@ -58,9 +57,14 @@ return array(
 						'desc' => $lng['admin']['domain_editable']['desc'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'add_date' => array(
 						'label' => $lng['domains']['add_date'],
@@ -112,7 +116,10 @@ return array(
 						'desc' => $lng['admin']['speciallogfile']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -146,7 +153,10 @@ return array(
 						'desc' => $lng['domains']['ssl_redirect']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -156,7 +166,23 @@ return array(
 						'desc' => $lng['admin']['letsencrypt']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+					'http2' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_http2']['title'],
+						'desc' => $lng['admin']['domain_http2']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -181,7 +207,10 @@ return array(
 						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -191,11 +220,31 @@ return array(
 						'desc' => $lng['admin']['domain_hsts_preload']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
-				),
+					'ocsp_stapling' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) &&
+								Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_ocsp_stapling']['title'],
+						'desc' => $lng['admin']['domain_ocsp_stapling']['description'] .
+								(Settings::Get('system.webserver') == 'nginx' ?
+								$lng['admin']['domain_ocsp_stapling']['nginx_version_warning'] :
+								""),
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array()
+					),
+				)
 			),
 			'section_c' => array(
 				'title' => $lng['admin']['phpserversettings'],
@@ -206,23 +255,41 @@ return array(
 						'label' => 'OpenBasedir',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
+					),
+					'phpenabled' => array(
+						'label' => $lng['admin']['phpenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							'1'
+						)
 					),
 					'phpsettingid' => array(
-						'visible' => (((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
 						'label' => $lng['admin']['phpsettings']['title'],
 						'type' => 'select',
 						'select_var' => $phpconfigs
 					),
 					'mod_fcgid_starter' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_starter']['title'],
 						'type' => 'text'
 					),
 					'mod_fcgid_maxrequests' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_maxrequests']['title'],
 						'type' => 'text'
 					)
@@ -237,9 +304,14 @@ return array(
 						'label' => 'Nameserver',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
@@ -256,15 +328,23 @@ return array(
 						'label' => $lng['admin']['emaildomain'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					),
 					'email_only' => array(
 						'label' => $lng['admin']['email_only'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
 						'value' => array()
 					),
@@ -278,9 +358,14 @@ return array(
 						'label' => 'DomainKeys',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					)
 				)
 			)

lib/formfields/admin/domains/formfield.domains_edit.php

@@ -14,7 +14,6 @@
  * @package    Formfields
  *
  */
-
 return array(
 	'domain_edit' => array(
 		'title' => $lng['admin']['domain_edit'],
@@ -28,14 +27,14 @@ return array(
 						'label' => 'Domain',
 						'type' => 'label',
 						'value' => $result['domain'],
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'customerid' => array(
 						'label' => $lng['admin']['customer'],
 						'type' => (Settings::Get('panel.allow_domain_change_customer') == '1' ? 'select' : 'label'),
 						'select_var' => (isset($customers) ? $customers : null),
 						'value' => (isset($result['customername']) ? $result['customername'] : null),
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'adminid' => array(
 						'visible' => ($userinfo['customers_see_all'] == '1' ? true : false),
@@ -43,7 +42,7 @@ return array(
 						'type' => (Settings::Get('panel.allow_domain_change_admin') == '1' ? 'select' : 'label'),
 						'select_var' => (isset($admins) ? $admins : null),
 						'value' => (isset($result['adminname']) ? $result['adminname'] : null),
-						'mandatory' => true,
+						'mandatory' => true
 					),
 					'alias' => array(
 						'visible' => ($alias_check == '0' ? true : false),
@@ -60,16 +59,21 @@ return array(
 					'associated_info' => array(
 						'label' => $lng['domains']['associated_with_domain'],
 						'type' => 'label',
-						'value' => $subdomains.' '.$lng['customer']['subdomains'].', '.$alias_check.' '.$lng['domains']['aliasdomains'].', '.$emails.' '.$lng['customer']['emails'].', '.$email_accounts.' '.$lng['customer']['accounts'].', '.$email_forwarders.' '.$lng['customer']['forwarders']
+						'value' => $subdomains . ' ' . $lng['customer']['subdomains'] . ', ' . $alias_check . ' ' . $lng['domains']['aliasdomains'] . ', ' . $emails . ' ' . $lng['customer']['emails'] . ', ' . $email_accounts . ' ' . $lng['customer']['accounts'] . ', ' . $email_forwarders . ' ' . $lng['customer']['forwarders']
 					),
 					'caneditdomain' => array(
 						'label' => $lng['admin']['domain_editable']['title'],
 						'desc' => $lng['admin']['domain_editable']['desc'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['caneditdomain'])
+						'value' => array(
+							$result['caneditdomain']
+						)
 					),
 					'add_date' => array(
 						'label' => $lng['domains']['add_date'],
@@ -124,9 +128,14 @@ return array(
 						'desc' => $lng['admin']['speciallogfile']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['speciallogfile'])
+						'value' => array(
+							$result['speciallogfile']
+						)
 					),
 					'specialsettings' => array(
 						'visible' => ($userinfo['change_serversettings'] == '1' ? true : false),
@@ -144,9 +153,14 @@ return array(
 						'desc' => $lng['serversettings']['specialsettingsforsubdomains']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array('1')
+						'value' => array(
+							'1'
+						)
 					)
 				)
 			),
@@ -169,9 +183,14 @@ return array(
 						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['ssl_redirect'])
+						'value' => array(
+							$result['ssl_redirect']
+						)
 					),
 					'letsencrypt' => array(
 						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
@@ -179,9 +198,29 @@ return array(
 						'desc' => $lng['admin']['letsencrypt']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['letsencrypt'])
+						'value' => array(
+							$result['letsencrypt']
+						)
+					),
+					'http2' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) && Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_http2']['title'],
+						'desc' => $lng['admin']['domain_http2']['description'],
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['http2']
+						)
 					),
 					'no_ssl_available_info' => array(
 						'visible' => ($ssl_ipsandports == '' ? true : false),
@@ -204,9 +243,14 @@ return array(
 						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['hsts_sub'])
+						'value' => array(
+							$result['hsts_sub']
+						)
 					),
 					'hsts_preload' => array(
 						'visible' => ($ssl_ipsandports != '' ? true : false),
@@ -214,9 +258,33 @@ return array(
 						'desc' => $lng['admin']['domain_hsts_preload']['description'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['hsts_preload'])
+						'value' => array(
+							$result['hsts_preload']
+						)
+					),
+					'ocsp_stapling' => array(
+						'visible' => ($ssl_ipsandports != '' ? true : false) &&
+								Settings::Get('system.webserver') != 'lighttpd',
+						'label' => $lng['admin']['domain_ocsp_stapling']['title'],
+						'desc' => $lng['admin']['domain_ocsp_stapling']['description'] .
+								(Settings::Get('system.webserver') == 'nginx' ?
+								$lng['admin']['domain_ocsp_stapling']['nginx_version_warning'] :
+								""),
+						'type' => 'checkbox',
+						'values' => array(
+							array (
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['ocsp_stapling']
+						)
 					),
 				)
 			),
@@ -229,27 +297,45 @@ return array(
 						'label' => 'OpenBasedir',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['openbasedir'])
+						'value' => array(
+							$result['openbasedir']
+						)
+					),
+					'phpenabled' => array(
+						'label' => $lng['admin']['phpenabled'],
+						'type' => 'checkbox',
+						'values' => array(
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
+						),
+						'value' => array(
+							$result['phpenabled']
+						)
 					),
 					'phpsettingid' => array(
-						'visible' => (((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) ? true : false),
+						'visible' => (((int) Settings::Get('system.mod_fcgid') == 1 || (int) Settings::Get('phpfpm.enabled') == 1) ? true : false),
 						'label' => $lng['admin']['phpsettings']['title'],
 						'type' => 'select',
 						'select_var' => $phpconfigs
 					),
 					'mod_fcgid_starter' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_starter']['title'],
 						'type' => 'text',
-						'value' => ((int)$result['mod_fcgid_starter'] != - 1 ? $result['mod_fcgid_starter'] : '')
+						'value' => ((int) $result['mod_fcgid_starter'] != - 1 ? $result['mod_fcgid_starter'] : '')
 					),
 					'mod_fcgid_maxrequests' => array(
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 ? true : false),
+						'visible' => ((int) Settings::Get('system.mod_fcgid') == 1 ? true : false),
 						'label' => $lng['admin']['mod_fcgid_maxrequests']['title'],
 						'type' => 'text',
-						'value' => ((int)$result['mod_fcgid_maxrequests'] != - 1 ? $result['mod_fcgid_maxrequests'] : '')
+						'value' => ((int) $result['mod_fcgid_maxrequests'] != - 1 ? $result['mod_fcgid_maxrequests'] : '')
 					)
 				)
 			),
@@ -262,9 +348,14 @@ return array(
 						'label' => 'Nameserver',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['isbinddomain'])
+						'value' => array(
+							$result['isbinddomain']
+						)
 					),
 					'zonefile' => array(
 						'label' => 'Zonefile',
@@ -282,17 +373,27 @@ return array(
 						'label' => $lng['admin']['emaildomain'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['isemaildomain'])
+						'value' => array(
+							$result['isemaildomain']
+						)
 					),
 					'email_only' => array(
 						'label' => $lng['admin']['email_only'],
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['email_only'])
+						'value' => array(
+							$result['email_only']
+						)
 					),
 					'subcanemaildomain' => array(
 						'label' => $lng['admin']['subdomainforemail'],
@@ -304,9 +405,14 @@ return array(
 						'label' => 'DomainKeys',
 						'type' => 'checkbox',
 						'values' => array(
-							array ('label' => $lng['panel']['yes'], 'value' => '1')
+							array(
+								'label' => $lng['panel']['yes'],
+								'value' => '1'
+							)
 						),
-						'value' => array($result['dkim'])
+						'value' => array(
+							$result['dkim']
+						)
 					)
 				)
 			)

lib/formfields/customer/domains/formfield.domains_add.php

@@ -76,10 +76,9 @@ return array(
 			'section_bssl' => array(
 				'title' => $lng['admin']['webserversettings_ssl'],
 				'image' => 'icons/domain_add.png',
-				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? true : false) : false,
 				'fields' => array(
 					'ssl_redirect' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['domains']['ssl_redirect']['title'],
 						'desc' => $lng['domains']['ssl_redirect']['description'],
 						'type' => 'checkbox',
@@ -89,7 +88,7 @@ return array(
 						'value' => array()
 					),
 					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? true : false) : false),
+						'visible' => (Settings::Get('system.leenabled') == '1' ? true : false),
 						'label' => $lng['customer']['letsencrypt']['title'],
 						'desc' => $lng['customer']['letsencrypt']['description'],
 						'type' => 'checkbox',
@@ -99,7 +98,6 @@ return array(
 						'value' => array()
 					),
 					'hsts_maxage' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_maxage']['title'],
 						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
 						'type' => 'int',
@@ -108,7 +106,6 @@ return array(
 						'value' => 0
 					),
 					'hsts_sub' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_incsub']['title'],
 						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
 						'type' => 'checkbox',
@@ -118,7 +115,6 @@ return array(
 						'value' => array()
 					),
 					'hsts_preload' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_preload']['title'],
 						'desc' => $lng['admin']['domain_hsts_preload']['description'],
 						'type' => 'checkbox',

lib/formfields/customer/domains/formfield.domains_edit.php

@@ -87,10 +87,9 @@ return array(
 			'section_bssl' => array(
 				'title' => $lng['admin']['webserversettings_ssl'],
 				'image' => 'icons/domain_edit.png',
-				'visible' => Settings::Get('system.use_ssl') == '1' ? true : false,
+				'visible' => Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false,
 				'fields' => array(
 					'ssl_redirect' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false),
 						'label' => $lng['domains']['ssl_redirect']['title'],
 						'desc' => $lng['domains']['ssl_redirect']['description'] . ($result['temporary_ssl_redirect'] > 1 ? $lng['domains']['ssl_redirect_temporarilydisabled'] : ''),
 						'type' => 'checkbox',
@@ -100,7 +99,7 @@ return array(
 						'value' => array($result['ssl_redirect'])
 					),
 					'letsencrypt' => array(
-						'visible' => (Settings::Get('system.use_ssl') == '1' ? (Settings::Get('system.leenabled') == '1' ? ($ssl_ipsandports != '' ? (domainHasSslIpPort($result['id']) ? true : false) : false) : false) : false),
+						'visible' => Settings::Get('system.leenabled') == '1' ? true : false,
 						'label' => $lng['customer']['letsencrypt']['title'],
 						'desc' => $lng['customer']['letsencrypt']['description'],
 						'type' => 'checkbox',
@@ -110,7 +109,6 @@ return array(
 						'value' => array($result['letsencrypt'])
 					),
 					'hsts_maxage' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_maxage']['title'],
 						'desc' => $lng['admin']['domain_hsts_maxage']['description'],
 						'type' => 'int',
@@ -119,7 +117,6 @@ return array(
 						'value' => $result['hsts']
 					),
 					'hsts_sub' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_incsub']['title'],
 						'desc' => $lng['admin']['domain_hsts_incsub']['description'],
 						'type' => 'checkbox',
@@ -129,7 +126,6 @@ return array(
 						'value' => array($result['hsts_sub'])
 					),
 					'hsts_preload' => array(
-						'visible' => ($ssl_ipsandports != '' ? true : false),
 						'label' => $lng['admin']['domain_hsts_preload']['title'],
 						'desc' => $lng['admin']['domain_hsts_preload']['description'],
 						'type' => 'checkbox',

lib/functions/dns/function.createDomainZone.php

@@ -279,7 +279,7 @@ function createDomainZone($domain_id, $froxlorhostname = false, $isMainButSubTo
 		$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " ";
 		$soa_content .= $domain['bindserial'] . " ";
 		// TODO for now, dummy time-periods
-		$soa_content .= "1800 900 604800 1200";
+		$soa_content .= "3600 900 604800 1200";
 
 		$soa_record = new DnsEntry('@', 'SOA', $soa_content);
 		array_unshift($zonerecords, $soa_record);

lib/functions/filedir/function.makeCorrectDir.php

@@ -26,7 +26,11 @@
  */
 function makeCorrectDir($dir) {
 
-	assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
+	if (version_compare("5.4.6", PHP_VERSION, ">")) {
+		assert('is_string($dir) && strlen($dir) > 0 /* $dir does not look like an actual folder name */');
+	} else {
+		assert('is_string($dir) && strlen($dir) > 0', 'Value "' . $dir .'" does not look like an actual folder name');
+	}
 
 	$dir = trim($dir);
 

lib/functions/froxlor/function.phpErrHandler.php

@@ -25,6 +25,8 @@ function phpErrHandler($errno, $errstr, $errfile, $errline, $errcontext) {
 		if (empty($theme)) {
 			$theme = "Sparkle";
 		}
+		// prevent possible file-path-disclosure
+		$errfile = str_replace(FROXLOR_INSTALL_DIR, "", $errfile);
 		// if we're not on the shell, output a nicer error-message
 		$err_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$theme.'/misc/phperrornice.tpl');
 		// replace values

lib/functions/output/function.RedirectCode.php

@@ -16,11 +16,11 @@
 
 /**
  * return an array of all enabled redirect-codes
- * 
+ *
  * @return array array of enabled redirect-codes
  */
 function getRedirectCodesArray() {
-	
+
 	$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
 	$result_stmt = Database::query($sql);
 
@@ -35,13 +35,13 @@ function getRedirectCodesArray() {
 /**
  * return an array of all enabled redirect-codes
  * for the settings form
- * 
+ *
  * @return array array of enabled redirect-codes
  */
 function getRedirectCodes() {
 
 	global $lng;
-	
+
 	$sql = "SELECT * FROM `".TABLE_PANEL_REDIRECTCODES."` WHERE `enabled` = '1' ORDER BY `id` ASC";
 	$result_stmt = Database::query($sql);
 
@@ -54,16 +54,17 @@ function getRedirectCodes() {
 }
 
 /**
- * returns the redirect-code for a given 
+ * returns the redirect-code for a given
  * domain-id
- * 
+ *
  * @param integer $domainid id of the domain
- * 
+ * @param string $default
+ *
  * @return string redirect-code
  */
-function getDomainRedirectCode($domainid = 0) {
+function getDomainRedirectCode($domainid = 0, $default = '') {
 
-	$code = '';
+	$code = $default;
 	if ($domainid > 0) {
 
 		$result_stmt = Database::prepare("
@@ -76,18 +77,18 @@ function getDomainRedirectCode($domainid = 0) {
 		if (is_array($result)
 			&& isset($result['redirect'])
 		) {
-			$code = ($result['redirect'] == '---') ? '' : $result['redirect'];
+			$code = ($result['redirect'] == '---') ? $default : $result['redirect'];
 		}
 	}
 	return $code;
 }
 
 /**
- * returns the redirect-id for a given 
+ * returns the redirect-id for a given
  * domain-id
- * 
+ *
  * @param integer $domainid id of the domain
- * 
+ *
  * @return integer redirect-code-id
  */
 function getDomainRedirectId($domainid = 0) {
@@ -112,10 +113,10 @@ function getDomainRedirectId($domainid = 0) {
 
 /**
  * adds a redirectcode for a domain
- * 
+ *
  * @param integer $domainid id of the domain to add the code for
- * @param integer $redirect selected redirect-id 
- * 
+ * @param integer $redirect selected redirect-id
+ *
  * @return null
  */
 function addRedirectToDomain($domainid = 0, $redirect = 1) {
@@ -130,10 +131,10 @@ function addRedirectToDomain($domainid = 0, $redirect = 1) {
 /**
  * updates the redirectcode of a domain
  * if redirect-code is false, nothing happens
- * 
+ *
  * @param integer $domainid id of the domain to update
  * @param integer $redirect selected redirect-id or false
- * 
+ *
  * @return null
  */
 function updateRedirectOfDomain($domainid = 0, $redirect = false) {

lib/functions/output/function.dieWithMail.php

@@ -42,6 +42,8 @@ function dieWithMail($message, $subject = "[froxlor] Cronjob error") {
 			$_mail->Password = Settings::Get('system.mail_smtp_passwd');
 			if (Settings::Get('system.mail_smtp_usetls')) {
 				$_mail->SMTPSecure = 'tls';
+			} else {
+				$mail->SMTPAutoTLS = false;
 			}
 			$_mail->Port = Settings::Get('system.mail_smtp_port');
 		}

lib/functions/phphelpers/function.array_trim.php

@@ -20,27 +20,22 @@
 /**
  * Returns Array, whose elements have been checked whether thay are empty or not
  *
- * @param array The array to trim
+ * @param array $source
+ *        	The array to trim
  * @return array The trim'med array
  * @author Florian Lippert <flo@syscp.org>
  */
-
 function array_trim($source)
 {
 	$returnval = array();
-
-	if(is_array($source))
-	{
-		while(list($var, $val) = each($source))
-		{
-			if($val != ' '
-			   && $val != '')$returnval[$var] = $val;
+	if (is_array($source)) {
+		foreach ($source as $var => $val) {
+			if ($val != ' ' && $val != '') {
+				$returnval[$var] = $val;
+			}
 		}
-	}
-	else
-	{
+	} else {
 		$returnval = $source;
 	}
-
 	return $returnval;
 }

lib/functions/validate/function.validateUrl.php

@@ -37,7 +37,11 @@ function validateUrl($url) {
 	}
 
 	// needs converting
-	$url = $idna_convert->encode($url);
+	try {
+		$url = $idna_convert->encode($url);
+	} catch (Exception $e) {
+		return false;
+	}
 
 	$pattern = "/^https?:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,4}(\:[0-9]+)?\/?(.+)?$/i";
 	if (preg_match($pattern, $url)) {

lib/init.php

@@ -156,7 +156,8 @@ if (version_compare(PHP_VERSION, "5.4.0", "<")) {
 	if (get_magic_quotes_gpc()) {
 		$in = array(&$_GET, &$_POST, &$_COOKIE);
 
-		while (list($k, $v) = each($in)) {
+		$_in = $in;
+		foreach ($in as $k => $v) {
 			foreach ($v as $key => $val) {
 				if (!is_array($val)) {
 					$in[$k][$key] = stripslashes($val);
@@ -563,6 +564,8 @@ if (Settings::Get('system.mail_use_smtp')) {
 	$mail->Password = Settings::Get('system.mail_smtp_passwd');
 	if (Settings::Get('system.mail_smtp_usetls')) {
 		$mail->SMTPSecure = 'tls';
+	} else {
+		$mail->SMTPAutoTLS = false;
 	}
 	$mail->Port = Settings::Get('system.mail_smtp_port');
 }

lib/navigation/00.froxlor.main.php

@@ -313,6 +313,10 @@ return array(
 				array(
 					'url' => 'admin_message.php?page=message',
 					'label' => $lng['admin']['message']
+				),
+				array(
+					'url' => 'admin_settings.php?page=testmail',
+					'label' => $lng['admin']['testmail']
 				)
 			)
 		)

lib/version.inc.php

@@ -16,10 +16,10 @@
  */
 
 // Main version variable
-$version = '0.9.38.2';
+$version = '0.9.38.8';
 
 // Database version (YYYYMMDDC where C is a daily counter)
-$dbversion = '201611180';
+$dbversion = '201712310';
 
 // Distribution branding-tag (used for Debian etc.)
 $branding = '';

lng/dutch.lng.php

@@ -1031,7 +1031,7 @@ $lng['dkim']['dkim_notes']['description'] = 'Notities die van belang kunnen zijn
 $lng['dkim']['dkim_add_adsp']['title'] = 'DKIM ADSP toevoegen';
 $lng['dkim']['dkim_add_adsp']['description'] = 'Indien u niet weet wat dit is, laat het op "actief" staan.';
 $lng['dkim']['dkim_add_adsppolicy']['title'] = 'ADSP beleid';
-$lng['dkim']['dkim_add_adsppolicy']['description'] = 'Voor meer informatie inzake deze instelling zie <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/En-dkim-adsp-policies">DKIM ADSP policies</a>';
+$lng['dkim']['dkim_add_adsppolicy']['description'] = 'Voor meer informatie inzake deze instelling zie <a target="blank" href="https://en.wikipedia.org/wiki/Author_Domain_Signing_Practices">DKIM ADSP policies</a>';
 
 $lng['admin']['cron']['cronsettings'] = 'Instellingen cron-taken';
 $lng['cron']['cronname'] = 'naam cron-taak';
@@ -1146,7 +1146,7 @@ $lng['serversettings']['perl_path']['description'] = 'Alleen relevant voor light
 // ADDED IN FROXLOR 0.9.12-svn1
 $lng['admin']['fcgid_settings'] = 'FCGID';
 $lng['serversettings']['mod_fcgid_ownvhost']['title'] = 'FCGID inschakelen voor de VHost voor Froxlor';
-$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Indien ingeschakeld wordt Froxlor ook uitgevoerd onder een lokale gebruiker<br /><strong>Let op:</strong>Dit vereist handmatige configuratie, zie <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookApache2_fcgid">FCGID - handbook</a>';
+$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Indien ingeschakeld wordt Froxlor ook uitgevoerd onder een lokale gebruiker<br /><strong>Let op:</strong>Dit vereist handmatige configuratie, zie <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/apache2-with-fcgid">FCGID - handbook</a>';
 $lng['admin']['mod_fcgid_user'] = 'Lokale gebruiker voor FCGID (Froxlor vhost)';
 $lng['admin']['mod_fcgid_group'] = 'Lokale groep voor FCGID (Froxlor vhost)';
 

lng/english.lng.php

@@ -534,7 +534,7 @@ $lng['panel']['back'] = 'Back';
 // ADDED IN 1.2.16-svn12
 
 $lng['serversettings']['mod_fcgid']['title'] = 'Enable FCGID';
-$lng['serversettings']['mod_fcgid']['description'] = 'Use this to run PHP with the corresponding useraccount.<br /><br /><b>This needs a special webserver configuration for Apache, see <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookApache2_fcgid">FCGID - handbook</a></b>';
+$lng['serversettings']['mod_fcgid']['description'] = 'Use this to run PHP with the corresponding useraccount.<br /><br /><b>This needs a special webserver configuration for Apache, see <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/apache2-with-fcgid">FCGID - handbook</a></b>';
 $lng['serversettings']['sendalternativemail']['title'] = 'Use alternative email-address';
 $lng['serversettings']['sendalternativemail']['description'] = 'Send the password-email to a different address during email-account-creation';
 $lng['emails']['alternative_emailaddress'] = 'Alternative e-mail-address';
@@ -1102,7 +1102,7 @@ $lng['dkim']['dkim_notes']['description'] = 'Notes that might be of interest to
 $lng['dkim']['dkim_add_adsp']['title'] = 'Add DKIM ADSP entry';
 $lng['dkim']['dkim_add_adsp']['description'] = 'If you don\'t know what this is, leave it "enabled"';
 $lng['dkim']['dkim_add_adsppolicy']['title'] = 'ADSP policy';
-$lng['dkim']['dkim_add_adsppolicy']['description'] = 'For more information about this setting see <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/En-dkim-adsp-policies">DKIM ADSP policies</a>';
+$lng['dkim']['dkim_add_adsppolicy']['description'] = 'For more information about this setting see <a target="blank" href="https://en.wikipedia.org/wiki/Author_Domain_Signing_Practices">DKIM ADSP policies</a>';
 
 $lng['admin']['cron']['cronsettings'] = 'Cronjob settings';
 $lng['cron']['cronname'] = 'cronjob-name';
@@ -1293,7 +1293,7 @@ $lng['error']['intvaluetoolow'] = 'The given number is too low (field %s)';
 $lng['error']['intvaluetoohigh'] = 'The given number is too high (field %s)';
 $lng['admin']['phpfpm_settings'] = 'PHP-FPM';
 $lng['serversettings']['phpfpm']['title'] = 'Enable php-fpm';
-$lng['serversettings']['phpfpm']['description'] = '<b>This needs a special webserver configuration see FPM-handbook for <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookApache2_phpfpm">Apache2</a> or <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookNginx_phpfpm">nginx</a></b>';
+$lng['serversettings']['phpfpm']['description'] = '<b>This needs a special webserver configuration see FPM-handbook for <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/apache2-with-php-fpm">Apache2</a> or <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/nginx-with-php-fpm">nginx</a></b>';
 $lng['serversettings']['phpfpm_settings']['configdir'] = 'Configuration directory of php-fpm';
 $lng['serversettings']['phpfpm_settings']['aliasconfigdir'] = 'Configuration Alias-directory of php-fpm';
 $lng['serversettings']['phpfpm_settings']['reload'] = 'php-fpm restart command';
@@ -1840,7 +1840,7 @@ $lng['domains']['import_file'] = 'CSV-File';
 $lng['success']['domain_import_successfully'] = 'Successfully imported %s domains.';
 $lng['error']['domain_import_error'] = 'Following error occurred while importing domains: %s';
 $lng['admin']['note'] = 'Note';
-$lng['domains']['import_description'] = 'Detailed information about the structure of the import-file and how to import successfully, please visit <a href="http://redmine.froxlor.org/projects/froxlor/wiki/DomainBulkActionDoc" target="_blank">http://redmine.froxlor.org/projects/froxlor/wiki/DomainBulkActionDoc</a>';
+$lng['domains']['import_description'] = 'Detailed information about the structure of the import-file and how to import successfully, please visit <a href="https://github.com/Froxlor/Froxlor/wiki/Domain-import-documenation" target="_blank">https://github.com/Froxlor/Froxlor/wiki/Domain-import-documenation</a>';
 $lng['usersettings']['custom_notes']['title'] = 'Custom notes';
 $lng['usersettings']['custom_notes']['description'] = 'Feel free to put any notes you want/need in here. They will show up in the admin/customer overview for the corresponding user.';
 $lng['usersettings']['custom_notes']['show'] = 'Show your notes on the dashboard of the user';
@@ -1849,7 +1849,7 @@ $lng['error']['fcgidandphpfpmnogoodtogether'] = 'FCGID and PHP-FPM cannot be act
 // Added in Froxlor 0.9.34
 $lng['admin']['configfiles']['legend'] = 'You are about to configure a service/daemon. The following legend explains the nomenclature.';
 $lng['admin']['configfiles']['commands'] = '<span class="red">Commands:</span> These commands are to be executed line by line as root-user in a shell. It is safe to copy the whole block and paste it into the shell.';
-$lng['admin']['configfiles']['files'] = '<span class="red">Configfiles:</span> This is an example of the contents of a configuration file. The commands before these textfields should open an editor with the target file. Just copy and paste the contents into the editor and save the file.<br><br><span class="red">Please note:</span> The MySQL-password has not been replaced for security reasons. Please replace "MYSQL_PASSWORD" on your own. If you forgot your MySQL-password you\'ll find it in "lib/userdata.inc.php"';
+$lng['admin']['configfiles']['files'] = '<span class="red">Configfiles:</span> This is an example of the contents of a configuration file. The commands before these textfields should open an editor with the target file. Just copy and paste the contents into the editor and save the file.<br><br><span class="red">Please note:</span> The MySQL-password has not been replaced for security reasons. Please replace "FROXLOR_MYSQL_PASSWORD" on your own. If you forgot your MySQL-password you\'ll find it in "lib/userdata.inc.php"';
 $lng['serversettings']['apache_itksupport']['title'] = 'Use modifications for Apache ITK-MPM';
 $lng['serversettings']['apache_itksupport']['description'] = '<strong class="red">ATTENTION:</strong> use only if you acutally have apache itk-mpm enabled<br />otherwise your webserver will not be able to start';
 $lng['integrity_check']['DatabaseCharset'] = 'Characterset of database (should be UTF-8)';
@@ -1972,7 +1972,7 @@ $lng['error']['autoupdate_9'] = 'The downloaded file did not pass the integrity
 
 $lng['admin']['server_php'] = 'PHP';
 $lng['domains']['termination_date'] = 'Date of termination';
-$lng['domains']['termination_date_overview'] = 'canceled until ';
+$lng['domains']['termination_date_overview'] = 'terminated as of ';
 $lng['panel']['set'] = 'Apply';
 $lng['customer']['selectserveralias_addinfo'] = 'This option can be set when editing the domain. Its initial value is inherited from the parent-domain.';
 $lng['error']['mailaccistobedeleted'] = "Another account with the same name (%s) is currently being deleted and can therefore not be added at this moment.";
@@ -2038,8 +2038,8 @@ $lng['serversettings']['le_froxlor_enabled']['description'] = "If activated, the
 $lng['serversettings']['le_froxlor_redirect']['title'] = "Enable SSL-redirect for the froxlor vhost";
 $lng['serversettings']['le_froxlor_redirect']['description'] = "If activated, all http requests to your froxlor will be redirected to the corresponding SSL site.";
 $lng['admin']['froxlorvhost'] = 'Froxlor VirtualHost settings';
-$lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Availble only for: %s</em>';
-$lng['serversettings']['option_unavailable'] = '<br><em class="red">Option not availble due to other settings.</em>';
+$lng['serversettings']['option_unavailable_websrv'] = '<br><em class="red">Available only for: %s</em>';
+$lng['serversettings']['option_unavailable'] = '<br><em class="red">Option not available due to other settings.</em>';
 $lng['serversettings']['letsencryptacmeconf']['title'] = "Path to the acme.conf snippet";
 $lng['serversettings']['letsencryptacmeconf']['description'] = "File name of the config snippet which allows the web server to serve the acme challenge.";
 $lng['admin']['hostname'] = 'Hostname';
@@ -2061,7 +2061,24 @@ $lng['admin']['domain_hsts_maxage']['description'] = 'Specify the max-age value
 $lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
 $lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
 $lng['admin']['domain_hsts_preload']['title'] = 'Include domain in <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload list</a>';
-$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.<br>Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.<br>Please read the details at <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> before sending the header with "preload".';
+$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.<br>Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.<br>Please read the details at <a href="https://hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> before sending the header with "preload".';
 
-$lng['serversettings']['nginx_http2_support']['title'] = 'Nginx HTTP2 Support';
-$lng['serversettings']['nginx_http2_support']['description'] = 'enable http2 support for ssl. ENABLE ONLY IF YOUR Nginx SUPPORT THIS FEATURE. (version 1.9.5+)';
+$lng['serversettings']['http2_support']['title'] = 'HTTP2 Support';
+$lng['serversettings']['http2_support']['description'] = 'enable HTTP2 support for ssl.<br><em class="red">ENABLE ONLY IF YOUR WEBSERVER SUPPORTS THIS FEATURE (nginx version 1.9.5+, apache2 version 2.4.17+)</em>';
+
+$lng['error']['noipportgiven'] = 'No IP/port given';
+
+// Added in froxlor 0.9.38.8
+$lng['admin']['domain_ocsp_stapling']['title'] = 'OCSP stapling';
+$lng['admin']['domain_ocsp_stapling']['description'] = 'See <a target="_blank" href="https://en.wikipedia.org/wiki/OCSP_stapling">Wikipedia</a> for a detailed explanation of OCSP stapling';
+$lng['admin']['domain_ocsp_stapling']['nginx_version_warning'] = '<br /><strong class="red">WARNING:</strong> Nginx version 1.3.7 or above is required for OCSP stapling. If your version is older, the webserver will NOT start correctly while OCSP stapling is enabled!';
+$lng['serversettings']['ssl']['apache24_ocsp_cache_path']['title'] = 'Apache 2.4: path to the OCSP stapling cache';
+$lng['serversettings']['ssl']['apache24_ocsp_cache_path']['description'] = 'Configures the cache used to store OCSP responses which get included in TLS handshakes.';
+$lng['serversettings']['nssextrausers']['title'] = 'Use libnss-extrausers instead of libnss-mysql';
+$lng['serversettings']['nssextrausers']['description'] = 'Do not read users from the database but from files. Please only activate if you have already gone through the required configuration steps (system -> libnss-extrausers).<br><strong class="red">For Debian/Ubuntu only (or if you have compiled libnss-extrausers yourself!)</strong>';
+$lng['admin']['domain_http2']['title'] = 'HTTP2 support';
+$lng['admin']['domain_http2']['description'] = 'See <a target="_blank" href="https://en.wikipedia.org/wiki/HTTP/2">Wikipedia</a> for a detailed explanation of HTTP2';
+$lng['admin']['testmail'] = 'SMTP test';
+$lng['success']['testmailsent'] = 'Test mail sent successfully';
+$lng['serversettings']['disable_le_selfcheck']['title'] = "Disable Let's Encrypt local self-check";
+$lng['serversettings']['disable_le_selfcheck']['description'] = "If activated, froxlor will <strong>not</strong> perform its self-check for token accessability. Needed for NATed IP's or similar.";

lng/french.lng.php

@@ -569,18 +569,18 @@ $lng['serversettings']['webalizer_quiet']['description'] = 'Verbosité du progra
 
 $lng['ticket']['admin_email'] = 'root@localhost';
 $lng['ticket']['noreply_email'] = 'billets@froxlor';
-$lng['admin']['ticketsystem'] = 'Système de billets';
-$lng['menue']['ticket']['ticket'] = 'Billets de support';
+$lng['admin']['ticketsystem'] = 'Système de tickets';
+$lng['menue']['ticket']['ticket'] = 'Tickets support';
 $lng['menue']['ticket']['categories'] = 'Catégories de support';
-$lng['menue']['ticket']['archive'] = 'Archives de billets';
+$lng['menue']['ticket']['archive'] = 'Archives de tickets';
 $lng['ticket']['description'] = 'Entrez une description !';
-$lng['ticket']['ticket_new'] = 'Ouvrir un nouveau billet';
-$lng['ticket']['ticket_reply'] = 'Réponse au billet';
-$lng['ticket']['ticket_reopen'] = 'Réouvrir le billet';
+$lng['ticket']['ticket_new'] = 'Ouvrir un nouveau ticket';
+$lng['ticket']['ticket_reply'] = 'Réponse au ticket';
+$lng['ticket']['ticket_reopen'] = 'Réouvrir le ticket';
 $lng['ticket']['ticket_newcateory'] = 'Créer une nouvelle catégorie';
 $lng['ticket']['ticket_editcateory'] = 'Editer la catégorie';
-$lng['ticket']['ticket_view'] = 'Voir l\'historique du billet';
-$lng['ticket']['ticketcount'] = 'Billets';
+$lng['ticket']['ticket_view'] = 'Voir l\'historique du ticket';
+$lng['ticket']['ticketcount'] = 'Tickets';
 $lng['ticket']['ticket_answers'] = 'Réponses';
 // $lng['ticket']['lastchange'] = 'Dernière action';
 $lng['ticket']['lastchange'] = 'Dernier changement';
@@ -601,8 +601,8 @@ $lng['ticket']['answer'] = 'Répondre';
 $lng['ticket']['close'] = 'Fermer';
 $lng['ticket']['reopen'] = 'Réouvrir';
 $lng['ticket']['archive'] = 'Archive';
-$lng['ticket']['ticket_delete'] = 'Effacer le billet';
-$lng['ticket']['lastarchived'] = 'Billets récemment archivés';
+$lng['ticket']['ticket_delete'] = 'Effacer le ticket';
+$lng['ticket']['lastarchived'] = 'Tickets récemment archivés';
 $lng['ticket']['archivedtime'] = 'Archivé';
 $lng['ticket']['open'] = 'Ouvert';
 $lng['ticket']['wait_reply'] = 'Attente d\'une réponse';
@@ -610,43 +610,43 @@ $lng['ticket']['replied'] = 'Répondu';
 $lng['ticket']['closed'] = 'Fermé';
 $lng['ticket']['staff'] = 'L\'équipe';
 $lng['ticket']['customer'] = 'Client';
-$lng['ticket']['old_tickets'] = 'Messages du billet';
+$lng['ticket']['old_tickets'] = 'Messages du ticket';
 $lng['ticket']['search'] = 'Rechercher dans les archives';
 $lng['ticket']['nocustomer'] = 'Aucun choix';
 $lng['ticket']['archivesearch'] = 'Résultat de la recherche dans les archives';
-$lng['ticket']['noresults'] = 'Aucun billet trouvé';
-$lng['ticket']['notmorethanxopentickets'] = 'Pour éviter les abus, vous ne pouvez avoir plus de %s billets ouverts';
+$lng['ticket']['noresults'] = 'Aucun ticket trouvé';
+$lng['ticket']['notmorethanxopentickets'] = 'Pour éviter les abus, vous ne pouvez avoir plus de %s tickets ouverts';
 $lng['ticket']['supportstatus'] = 'Etat du support';
 $lng['ticket']['supportavailable'] = '<span class="ticket_low">Nos équipes de support sont disponibles et prètes à vous assister.</span>';
 $lng['ticket']['supportnotavailable'] = '<span class="ticket_high">Nos équipes de support ne sont actuellement pas disponibles.</span>';
-$lng['admin']['templates']['ticket'] = 'E-mail de notification pour les billets de support';
-$lng['admin']['templates']['SUBJECT'] = 'Sera remplacé par le sujet du billet de support.';
-$lng['admin']['templates']['new_ticket_for_customer'] = 'Informe le client que le billet a été envoyé';
-$lng['admin']['templates']['new_ticket_by_customer'] = 'Notifie l\'administrateur qu\'un nouveau billet a été ouvert par un client';
-$lng['admin']['templates']['new_reply_ticket_by_customer'] = 'Notifie l\'administrateur d\'une réponse du client au billet';
-$lng['admin']['templates']['new_ticket_by_staff'] = 'Informe le client qu\'un billet a été ouvert par l\'équipe de support';
-$lng['admin']['templates']['new_reply_ticket_by_staff'] = 'Informe le client d\'une réponse de l\'équipe de support au billet';
-$lng['mails']['new_ticket_for_customer']['mailbody'] = 'Bonjour {FIRSTNAME} {NAME},\n\nVotre demande de billet de support ayant comme sujet "{SUBJECT}" a été envoyé.\n\nVous receverez une notification lorsque votre billet aura une réponse.\n\nMerci,\nL\'équipe Froxlor.';
-$lng['mails']['new_ticket_for_customer']['subject'] = 'Votre billet de support a été envoyé';
-$lng['mails']['new_ticket_by_customer']['mailbody'] = 'Bonjour administrateur,\n\nUn nouveau billet de support ayant comme sujet "{SUBJECT}" a été ouvert.\n\nVeuillez vous connecter pour consulter le billet.\n\nMerci,\nl\'équipe Froxlor.';
-$lng['mails']['new_ticket_by_customer']['subject'] = 'Nouveau billet de support soumis';
-$lng['mails']['new_reply_ticket_by_customer']['mailbody'] = 'Bonjour administrateur,\n\nLe billet de support "{SUBJECT}" a reçu une réponse de la part du client.\n\nVeuillez vous connecter pour consulter le billet.\n\nMerci,\nL\'équipe Froxlor.';
-$lng['mails']['new_reply_ticket_by_customer']['subject'] = 'Nouvelle réponse au billet de support';
-$lng['mails']['new_ticket_by_staff']['mailbody'] = 'Bonjour {FIRSTNAME} {NAME},\n\nUn billet de support ayant comme sujet "{SUBJECT}" a été ouvert pour vous par notre équipe.\n\nVeuillez vous connecter pour consulter le billet.\n\nMerci,\nL\'équipe Froxlor.';
+$lng['admin']['templates']['ticket'] = 'E-mail de notification pour les tickets de support';
+$lng['admin']['templates']['SUBJECT'] = 'Sera remplacé par le sujet du ticket de support.';
+$lng['admin']['templates']['new_ticket_for_customer'] = 'Informe le client que le ticket a été envoyé';
+$lng['admin']['templates']['new_ticket_by_customer'] = 'Notifie l\'administrateur qu\'un nouveau ticket a été ouvert par un client';
+$lng['admin']['templates']['new_reply_ticket_by_customer'] = 'Notifie l\'administrateur d\'une réponse du client au ticket';
+$lng['admin']['templates']['new_ticket_by_staff'] = 'Informe le client qu\'un ticket a été ouvert par l\'équipe de support';
+$lng['admin']['templates']['new_reply_ticket_by_staff'] = 'Informe le client d\'une réponse de l\'équipe de support au ticket';
+$lng['mails']['new_ticket_for_customer']['mailbody'] = 'Bonjour {FIRSTNAME} {NAME},\n\nVotre demande de ticket de support ayant comme sujet "{SUBJECT}" a été envoyé.\n\nVous receverez une notification lorsque votre billet aura une réponse.\n\nMerci,\nL\'équipe Froxlor.';
+$lng['mails']['new_ticket_for_customer']['subject'] = 'Votre ticket de support a été envoyé';
+$lng['mails']['new_ticket_by_customer']['mailbody'] = 'Bonjour administrateur,\n\nUn nouveau ticket de support ayant comme sujet "{SUBJECT}" a été ouvert.\n\nVeuillez vous connecter pour consulter le billet.\n\nMerci,\nl\'équipe Froxlor.';
+$lng['mails']['new_ticket_by_customer']['subject'] = 'Nouveau ticket de support soumis';
+$lng['mails']['new_reply_ticket_by_customer']['mailbody'] = 'Bonjour administrateur,\n\nLe ticket de support "{SUBJECT}" a reçu une réponse de la part du client.\n\nVeuillez vous connecter pour consulter le billet.\n\nMerci,\nL\'équipe Froxlor.';
+$lng['mails']['new_reply_ticket_by_customer']['subject'] = 'Nouvelle réponse au ticket de support';
+$lng['mails']['new_ticket_by_staff']['mailbody'] = 'Bonjour {FIRSTNAME} {NAME},\n\nUn ticket de support ayant comme sujet "{SUBJECT}" a été ouvert pour vous par notre équipe.\n\nVeuillez vous connecter pour consulter le billet.\n\nMerci,\nL\'équipe Froxlor.';
 $lng['mails']['new_ticket_by_staff']['subject'] = 'Nouvelle demande de support soumise';
-$lng['mails']['new_reply_ticket_by_staff']['mailbody'] = 'Bonjour {FIRSTNAME} {NAME},\n\nLe billet de support ayant comme sujet "{SUBJECT}" a reçu une réponse par notre équipe.\n\nVeuillez vous connecter pour consulter le billet.\n\nMerci,\nL\équipe Froxlor.';
-$lng['mails']['new_reply_ticket_by_staff']['subject'] = 'Nouvelle réponse au billet de support';
-$lng['question']['ticket_reallyclose'] = 'Etes-vous sûr de vouloir clôturer le billet "%s" ?';
-$lng['question']['ticket_reallydelete'] = 'Etes-vous sûr de vouloir supprimer le billet "%s" ?';
+$lng['mails']['new_reply_ticket_by_staff']['mailbody'] = 'Bonjour {FIRSTNAME} {NAME},\n\nLe ticket de support ayant comme sujet "{SUBJECT}" a reçu une réponse par notre équipe.\n\nVeuillez vous connecter pour consulter le billet.\n\nMerci,\nL\équipe Froxlor.';
+$lng['mails']['new_reply_ticket_by_staff']['subject'] = 'Nouvelle réponse au ticket de support';
+$lng['question']['ticket_reallyclose'] = 'Etes-vous sûr de vouloir clôturer le ticket "%s" ?';
+$lng['question']['ticket_reallydelete'] = 'Etes-vous sûr de vouloir supprimer le ticket "%s" ?';
 $lng['question']['ticket_reallydeletecat'] = 'Etes-vous sûr de vouloir supprimer la catégorie "%s" ?';
-$lng['question']['ticket_reallyarchive'] = 'Etes-vous sûr de vouloir archiver le billet "%s" ?';
-$lng['error']['nomoreticketsavailable'] = 'Vous n\'avez plus de billets de disponibles. Veuillez contacter votre administrateur.';
-$lng['error']['nocustomerforticket'] = 'Ne peut créer de billet sans client';
-$lng['error']['categoryhastickets'] = 'La catégorie possède des billets.<br />Veuillez d\'abord supprimer tous les billets de cette catégorie.';
-$lng['admin']['ticketsettings'] = 'Paramètres des billets de support';
-$lng['admin']['archivelastrun'] = 'Derniers billets archivés';
+$lng['question']['ticket_reallyarchive'] = 'Etes-vous sûr de vouloir archiver le ticket "%s" ?';
+$lng['error']['nomoreticketsavailable'] = 'Vous n\'avez plus de tickets de disponibles. Veuillez contacter votre administrateur.';
+$lng['error']['nocustomerforticket'] = 'Impossible de créer un ticket sans clients dans la base';
+$lng['error']['categoryhastickets'] = 'La catégorie possède des tickets.<br />Veuillez d\'abord supprimer tous les tickets de cette catégorie.';
+$lng['admin']['ticketsettings'] = 'Paramètres des tickets de support';
+$lng['admin']['archivelastrun'] = 'Derniers tickets archivés';
 $lng['serversettings']['ticket']['noreply_email']['title'] = 'Adresse e-mail de non réponse';
-$lng['serversettings']['ticket']['noreply_email']['description'] = 'L\'adresse e-mail de l\'expéditeur de notification pour les billets de support, quelque chose du type no-reply@domaine.com';
+$lng['serversettings']['ticket']['noreply_email']['description'] = 'L\'adresse e-mail de l\'expéditeur de notification pour les tickets de support, quelque chose du type no-reply@domaine.com';
 $lng['serversettings']['ticket']['worktime_begin']['title'] = 'Début du support (hh:mm)';
 $lng['serversettings']['ticket']['worktime_begin']['description'] = 'Horaire de début du support';
 $lng['serversettings']['ticket']['worktime_end']['title'] = 'Fin du support (hh:mm)';
@@ -655,21 +655,21 @@ $lng['serversettings']['ticket']['worktime_sat'] = 'Support disponible le samedi
 $lng['serversettings']['ticket']['worktime_sun'] = 'Support disponible le dimanche ?';
 $lng['serversettings']['ticket']['worktime_all']['title'] = 'Aucune limite horaire pour le support';
 $lng['serversettings']['ticket']['worktime_all']['description'] = 'Si "Oui", les options pour le début et la fin du support seront écrasés.';
-$lng['serversettings']['ticket']['archiving_days'] = 'Après combien de jours un billet fermé sera automatiquement archivé ?';
-$lng['customer']['tickets'] = 'Billet de support';
+$lng['serversettings']['ticket']['archiving_days'] = 'Après combien de jours un ticket fermé sera automatiquement archivé ?';
+$lng['customer']['tickets'] = 'Ticket de support';
 
 // ADDED IN 1.2.18-svn4
 
 $lng['admin']['domain_nocustomeraddingavailable'] = 'Il n\'est acutellement pas possible d\'ajouter de domaines. Vous devez d\'abord ajouter un client.';
-$lng['serversettings']['ticket']['enable'] = 'Activer le système de billets';
-$lng['serversettings']['ticket']['concurrentlyopen'] = 'Combien  de billets peuvent être ouverts au même moment ?';
+$lng['serversettings']['ticket']['enable'] = 'Activer le système de tickets';
+$lng['serversettings']['ticket']['concurrentlyopen'] = 'Combien  de tickets peuvent être ouverts au même moment ?';
 $lng['error']['norepymailiswrong'] = 'L\'adresse de "non réponse" n\'est pas bonne. Une adresse e-mail valide doit être entrée.';
-$lng['error']['tadminmailiswrong'] = 'L\'adresse de "l\'administrateur de billets" n\'est pas bonne. Une adresse e-mail valide doit être entrée.';
-$lng['ticket']['awaitingticketreply'] = 'Vous avez %s billet(s) de support non répondu(s).';
+$lng['error']['tadminmailiswrong'] = 'L\'adresse de "l\'administrateur de tickets" n\'est pas bonne. Une adresse e-mail valide doit être entrée.';
+$lng['ticket']['awaitingticketreply'] = 'Vous avez %s ticket(s) de support non répondu(s).';
 
 // ADDED IN 1.2.18-svn5
 
-$lng['serversettings']['ticket']['noreply_name'] = 'Nom de l\'expéditeur e-mail des billets';
+$lng['serversettings']['ticket']['noreply_name'] = 'Nom de l\'expéditeur e-mail des tickets';
 
 // ADDED IN 1.2.19-svn1
 
@@ -679,8 +679,8 @@ $lng['serversettings']['mod_fcgid']['tmpdir']['title'] = 'Dossier temporaire pou
 
 // ADDED IN 1.2.19-svn3
 
-$lng['serversettings']['ticket']['reset_cycle']['title'] = 'Intervalle de réinitialisation des billets utilisés';
-$lng['serversettings']['ticket']['reset_cycle']['description'] = 'Remettre le compteur de billets à 0 dans le temps imparti';
+$lng['serversettings']['ticket']['reset_cycle']['title'] = 'Intervalle de réinitialisation des tickets utilisés';
+$lng['serversettings']['ticket']['reset_cycle']['description'] = 'Remettre le compteur de tickets à 0 dans le temps imparti';
 $lng['admin']['tickets']['daily'] = 'Journalière';
 $lng['admin']['tickets']['weekly'] = 'Hebdomadaire';
 $lng['admin']['tickets']['monthly'] = 'Mensuelle';

lng/german.lng.php

@@ -529,7 +529,7 @@ $lng['panel']['back'] = 'Zurück';
 // ADDED IN 1.2.16-svn12
 
 $lng['serversettings']['mod_fcgid']['title'] = 'PHP über mod_fcgid/suexec einbinden';
-$lng['serversettings']['mod_fcgid']['description'] = 'PHP wird unter dem Benutzer des Kunden ausgeführt.<br /><br /><b>Dies benötigt eine spezielle Webserver-Konfiguration für Apache, siehe <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookApache2_fcgid">FCGID-Handbuch</a>.</b>';
+$lng['serversettings']['mod_fcgid']['description'] = 'PHP wird unter dem Benutzer des Kunden ausgeführt.<br /><br /><b>Dies benötigt eine spezielle Webserver-Konfiguration für Apache, siehe <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/apache2-with-fcgid">FCGID-Handbuch</a>.</b>';
 $lng['serversettings']['sendalternativemail']['title'] = 'Alternative E-Mail-Adresse benutzen';
 $lng['serversettings']['sendalternativemail']['description'] = 'Während des Erstellens eines Accounts das Passwort an eine andere E-Mail-Adresse senden';
 $lng['emails']['alternative_emailaddress'] = 'Alternative E-Mail-Adresse';
@@ -1075,7 +1075,7 @@ $lng['dkim']['dkim_notes']['description'] = 'Eine Notiz, welche für Menschen in
 $lng['dkim']['dkim_add_adsp']['title'] = 'DKIM-ADSP Eintrag hinzufügen';
 $lng['dkim']['dkim_add_adsp']['description'] = 'Wenn unsicher oder unbekannt, belassen sie es auf "aktiviert"';
 $lng['dkim']['dkim_add_adsppolicy']['title'] = 'ADSP-Richtlinie';
-$lng['dkim']['dkim_add_adsppolicy']['description'] = 'Mehr Informationen zu dieser Einstellung (englisch) <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/En-dkim-adsp-policies">DKIM-ADSP-Policies</a>';
+$lng['dkim']['dkim_add_adsppolicy']['description'] = 'Mehr Informationen zu dieser Einstellung (englisch) <a target="blank" href="https://en.wikipedia.org/wiki/Author_Domain_Signing_Practices">DKIM-ADSP-Policies</a>';
 
 $lng['admin']['cron']['cronsettings'] = 'Cronjob-Einstellungen';
 $lng['cron']['cronname'] = 'Cronjob-Name';
@@ -1271,7 +1271,7 @@ $lng['error']['intvaluetoolow'] = 'Die angegebene Zahl ist zu klein (Feld "%s")'
 $lng['error']['intvaluetoohigh'] = 'Die angegebene Zahl ist zu groß (Feld "%s")';
 $lng['admin']['phpfpm_settings'] = 'PHP-FPM';
 $lng['serversettings']['phpfpm']['title'] = 'Aktiviere PHP-FPM';
-$lng['serversettings']['phpfpm']['description'] = '<b>Dies benötigt eine spezielle Webserver-Konfiguration, siehe FPM-Handbuch für <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookApache2_phpfpm">Apache2</a> oder <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookNginx_phpfpm">nginx</a></b>';
+$lng['serversettings']['phpfpm']['description'] = '<b>Dies benötigt eine spezielle Webserver-Konfiguration, siehe FPM-Handbuch für <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/apache2-with-php-fpm">Apache2</a> oder <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/nginx-with-php-fpm">nginx</a></b>';
 $lng['serversettings']['phpfpm_settings']['configdir'] = 'Pfad zu php-fpm-Konfigurationen';
 $lng['serversettings']['phpfpm_settings']['aliasconfigdir'] = 'Alias-Ordner der php-fpm Konfiguration';
 $lng['serversettings']['phpfpm_settings']['reload'] = 'Kommando zum Neustarten von php-fpm';
@@ -1565,7 +1565,7 @@ $lng['domains']['import_file'] = 'CSV-Datei';
 $lng['success']['domain_import_successfully'] = 'Erfolgreich %s Domains importiert.';
 $lng['error']['domain_import_error'] = 'Der folgende Fehler trat beim Importieren der Domains auf: %s';
 $lng['admin']['note'] = 'Hinweis';
-$lng['domains']['import_description'] = 'Detaillierte Informationen über den Aufbau der Importdatei und einen erfolgreichen Import gibt es hier: <a href="http://redmine.froxlor.org/projects/froxlor/wiki/DomainBulkActionDoc" target="_blank">http://redmine.froxlor.org/projects/froxlor/wiki/DomainBulkActionDoc</a> (englisch)';
+$lng['domains']['import_description'] = 'Detaillierte Informationen über den Aufbau der Importdatei und einen erfolgreichen Import gibt es hier: <a href="https://github.com/Froxlor/Froxlor/wiki/Domain-import-documenation" target="_blank">https://github.com/Froxlor/Froxlor/wiki/Domain-import-documenation</a> (englisch)';
 $lng['usersettings']['custom_notes']['title'] = 'Eigene Notizen';
 $lng['usersettings']['custom_notes']['description'] = 'Hier können Notizen je nach Lust und Laune eingetragen werden. Diese werden in der Administrator/Kunden-Übersicht bei dem jeweiligen Benutzer angezeigt.';
 $lng['usersettings']['custom_notes']['show'] = 'Zeige die Notizen auf dem Dashboard des Benutzers';
@@ -1574,7 +1574,7 @@ $lng['error']['fcgidandphpfpmnogoodtogether'] = 'FCGID und PHP-FPM können nicht
 // Added in Froxlor 0.9.34
 $lng['admin']['configfiles']['legend'] = 'Du konfigurierst nun einen Service/Daemon. Die folgende Legende zeigt unsere Nomenklatur.';
 $lng['admin']['configfiles']['commands'] = '<span class="red">Kommandos:</span> Die angezeigten Befehle müssen als Benutzer root in einer Shell ausgeführt werden. Es kann auch problemlos der ganze Block kopiert und in die Shell eingefügt werden.';
-$lng['admin']['configfiles']['files'] = '<span class="red">Konfigurationsdateien:</span> Dies ist der Inhalt einer Konfigurationsdatei. Der Befehl direkt vor dem Textfeld sollte einen Editor mit der Zieldatei öffnen. Der Inhalt kann nun einfach kopiert und in den Editor eingefügt und die Datei gespeichert werden.<br><br><span class="red">Beachten Sie:</span> Das MySQL-Passwort wurde aus Sicherheitsgründen nicht ersetzt. Bitte ersetzen Sie "MYSQL_PASSWORD" manuell durch das entsprechende Passwort. Falls Sie es vergessen haben sollten, finden Sie es in der Datei "lib/userdata.inc.php".';
+$lng['admin']['configfiles']['files'] = '<span class="red">Konfigurationsdateien:</span> Dies ist der Inhalt einer Konfigurationsdatei. Der Befehl direkt vor dem Textfeld sollte einen Editor mit der Zieldatei öffnen. Der Inhalt kann nun einfach kopiert und in den Editor eingefügt und die Datei gespeichert werden.<br><br><span class="red">Beachten Sie:</span> Das MySQL-Passwort wurde aus Sicherheitsgründen nicht ersetzt. Bitte ersetzen Sie "FROXLOR_MYSQL_PASSWORD" manuell durch das entsprechende Passwort. Falls Sie es vergessen haben sollten, finden Sie es in der Datei "lib/userdata.inc.php".';
 $lng['serversettings']['apache_itksupport']['title'] = 'Anpassungen für Apache ITK-MPM verwenden';
 $lng['serversettings']['apache_itksupport']['description'] = '<div class="red">Achtung: Bitte nur verwenden, wenn wirklich Apache itk-mpm verwendet wird, ansonsten wird der Webserver nicht starten.</div>';
 $lng['integrity_check']['DatabaseCharset'] = 'Characterset der Datenbank (sollte UTF-8 sein)';
@@ -1710,6 +1710,26 @@ $lng['admin']['webserversettings_ssl'] = 'Webserver SSL-Einstellungen';
 $lng['admin']['domain_hsts_maxage']['title'] = 'HTTP Strict Transport Security (HSTS)';
 $lng['admin']['domain_hsts_maxage']['description'] = '"max-age" Wert für den Strict-Transport-Security Header<br>Der Wert <i>0</i> deaktiviert HSTS für diese Domain. Meist wird der Wert <i>31536000</i> gerne genutzt (ein Jahr).';
 $lng['admin']['domain_hsts_incsub']['title'] = 'Inkludiere HSTS für jede Subdomain';
-$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS that the HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
+$lng['admin']['domain_hsts_incsub']['description'] = 'Die optionale "includeSubDomains" Direktive, wenn vorhanden, signalisiert dem UA, dass die HSTS Regel für diese Domain und auch jede Subdomain dieser gilt.';
 $lng['admin']['domain_hsts_preload']['title'] = 'Füge Domain in die <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload Liste</a> hinzu';
-$lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.<br>Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.<br>Beachte Details unter <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> bevor ein Header mit "preload" gesendet wird.';
+$lng['admin']['domain_hsts_preload']['description'] = 'Wenn die Domain in die HSTS preload Liste, verwaltet von Chrome (und genutzt von Firefox und Safari), hinzugefügt werden soll, dann aktiviere diese Einstellung.<br>Die preload-Direktive zu senden kann PERMANTENTE KONSEQUENZEN haben und dazu führen, dass Benutzer auf diese Domain und auch Subdomains nicht zugreifen können.<br>Beachte Details unter <a href="https://hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> bevor ein Header mit "preload" gesendet wird.';
+
+$lng['serversettings']['http2_support']['title'] = 'HTTP2 Unterstützung';
+$lng['serversettings']['http2_support']['description'] = 'Aktiviere HTTP2 Unterstützung für SSL.<br><em class="red">NUR AKTIVIEREN, WENN DER WEBSERVER DIESE FUNKTION UNTERSTÜTZT (nginx version 1.9.5+, apache2 version 2.4.17+)</em>';
+
+$lng['error']['noipportgiven'] = 'Keine IP/Port angegeben';
+
+// Added in froxlor 0.9.38.8
+$lng['admin']['domain_ocsp_stapling']['title'] = 'OCSP stapling';
+$lng['admin']['domain_ocsp_stapling']['description'] = 'Siehe <a target="_blank" href="https://de.wikipedia.org/wiki/Online_Certificate_Status_Protocol_stapling">Wikipedia</a> für eine ausführliche Beschreibung von OCSP-Stapling';
+$lng['admin']['domain_ocsp_stapling']['nginx_version_warning'] = '<br /><strong class="red">WARNUNG:</strong> Nginx unterstützt OCSP-Stapling erst ab Version 1.3.7. Wenn Ihre Version älter ist, wird der Webserver bei aktiviertem OCSP-Stapling NICHT korrekt starten.';
+$lng['serversettings']['ssl']['apache24_ocsp_cache_path']['title'] = 'Apache 2.4: Pfad zum OCSP-Stapling-Cache';
+$lng['serversettings']['ssl']['apache24_ocsp_cache_path']['description'] = 'Konfiguriert den Cache-Pfad zum Zwischenspeichern der OCSP-Antworten,<br />die an TLS-Handshakes angehängt werden.';
+$lng['serversettings']['nssextrausers']['title'] = 'Verwende libnss-extrausers anstatt libnss-mysql';
+$lng['serversettings']['nssextrausers']['description'] = 'Lese Benutzer nicht direkt aus der Datenbank sondern über Dateien, bitte nur aktivieren, wenn die entsprechende Konfiguration vorgenommen wurde (System -> libnss-extrausers).<br><strong class="red">Nur für Debian/Ubuntu (oder wenn libnss-extrausers manuell kompiliert wurde!)</strong>';
+$lng['admin']['domain_http2']['title'] = 'HTTP2 Unterstützung';
+$lng['admin']['domain_http2']['description'] = 'Siehe <a target="_blank" href="https://de.wikipedia.org/wiki/Hypertext_Transfer_Protocol#HTTP.2F2">Wikipedia</a> für eine ausführliche Beschreibung von HTTP2';
+$lng['admin']['testmail'] = 'SMTP Test';
+$lng['success']['testmailsent'] = 'Test E-Mail erfolgreich gesendet';
+$lng['serversettings']['disable_le_selfcheck']['title'] = "Deaktiviere Let's Encrypt lokale Selbstprüfung";
+$lng['serversettings']['disable_le_selfcheck']['description'] = "Wenn aktiviert wird Froxlor <strong>keine</strong> Erreichbarkeitsprüfung des Tokens vornehmen. Nötig bei ge-NAT-eten IP's oder Ähnlichem";

lng/italian.lng.php

@@ -435,7 +435,7 @@ $lng['panel']['translator'] = 'Traduttore';
 $lng['error']['stringformaterror'] = 'Il valore per il campo "%s" non è nel formato atteso.';
 
 // ADDED IN 1.2.15-rc1
-// Translated by marone42@googlemail.com on 03/15/2007 (see https://trac.froxlor.org/ticket/126#comment:21)
+// Translated by marone42@googlemail.com on 03/15/2007
 
 $lng['admin']['phpversion'] = 'Versione PHP';
 $lng['admin']['mysqlserverversion'] = 'Versione MySQL Server';
@@ -1050,7 +1050,7 @@ $lng['dkim']['dkim_notes']['description'] = 'Nota potrebbe essere di interesse,
 $lng['dkim']['dkim_add_adsp']['title'] = 'Aggiungi un valore DKIM ADSP';
 $lng['dkim']['dkim_add_adsp']['description'] = 'Se non si sa di cosa si tratta, lasciare "enabled"';
 $lng['dkim']['dkim_add_adsppolicy']['title'] = 'Regola ADSP';
-$lng['dkim']['dkim_add_adsppolicy']['description'] = 'Per ulteriori informazioni su questa impostazione leggere <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/En-dkim-adsp-policies">DKIM ADSP policies</a>';
+$lng['dkim']['dkim_add_adsppolicy']['description'] = 'Per ulteriori informazioni su questa impostazione leggere <a target="blank" href="https://en.wikipedia.org/wiki/Author_Domain_Signing_Practices">DKIM ADSP policies</a>';
 
 $lng['admin']['cron']['cronsettings'] = 'Impostazioni Cronjob';
 $lng['cron']['cronname'] = 'Nome cronjob';
@@ -1171,7 +1171,7 @@ $lng['serversettings']['perl_path']['description'] = 'Rilevante solo se si utili
 // ADDED IN FROXLOR 0.9.12-svn1
 $lng['admin']['fcgid_settings'] = 'FCGID';
 $lng['serversettings']['mod_fcgid_ownvhost']['title'] = 'Abilita FCGID per i vhost Froxlor';
-$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Se attivato, Froxlor verrà eseguito con un utente locale<br /><strong>ATTENZIONE:</strong>Questo richiede una configurazione manuale, vedi <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookApache2_fcgid">FCGID - handbook</a>';
+$lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Se attivato, Froxlor verrà eseguito con un utente locale<br /><strong>ATTENZIONE:</strong>Questo richiede una configurazione manuale, vedi <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/apache2-with-fcgid">FCGID - handbook</a>';
 $lng['admin']['mod_fcgid_user'] = 'Utente locale per FCGID (Froxlor vhost)';
 $lng['admin']['mod_fcgid_group'] = 'Gruppo locale per FCGID (Froxlor vhost)';
 
@@ -1361,7 +1361,7 @@ $lng['admin']['store_defaultindex'] = 'Archivio del file indice predefinito al p
 $lng['admin']['ipsandports']['ssl_cert_chainfile']['title'] = 'Percorso al file catena dei certificati SSL';
 $lng['admin']['ipsandports']['ssl_cert_chainfile']['description'] = 'Principalmente Bundle CA, o similare, presubilmente vuoi impostare questo se hai acquistato un certificato SSL.';
 $lng['serversettings']['phpfpm']['title'] = 'Abilita php-fpm';
-$lng['serversettings']['phpfpm']['description'] = '<b>Questa impostazione richiede una configurazione speciale del server web. Vedi il manuale FPM per <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookApache2_phpfpm">Apache2</a> o <a target="blank" href="http://redmine.froxlor.org/projects/froxlor/wiki/HandbookNginx_phpfpm">nginx</a></b>';
+$lng['serversettings']['phpfpm']['description'] = '<b>Questa impostazione richiede una configurazione speciale del server web. Vedi il manuale FPM per <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/apache2-with-php-fpm">Apache2</a> o <a target="blank" href="https://github.com/Froxlor/Froxlor/wiki/nginx-with-php-fpm">nginx</a></b>';
 $lng['serversettings']['phpfpm_settings']['aliasconfigdir'] = 'Configurazione cartella Alias per php-fpm';
 $lng['gender']['title'] = 'Titolo';
 $lng['gender']['male'] = 'Sig.';
@@ -1795,7 +1795,7 @@ $lng['domains']['import_file'] = 'File CSV';
 $lng['success']['domain_import_successfully'] = 'Importato %s dominii con successo.';
 $lng['error']['domain_import_error'] = 'Il seguente errore è occorsonell \'importazione di dominii: %s';
 $lng['admin']['note'] = 'Nota';
-$lng['domains']['import_description'] = 'Per ottenere informazioni dettagliate sulla struttura del file di importazione e  su come importare con successo, visita <a href="http://redmine.froxlor.org/projects/froxlor/wiki/DomainBulkActionDoc" target="_blank">http://redmine.froxlor.org/projects/froxlor/wiki/DomainBulkActionDoc</a>';
+$lng['domains']['import_description'] = 'Per ottenere informazioni dettagliate sulla struttura del file di importazione e  su come importare con successo, visita <a href="https://github.com/Froxlor/Froxlor/wiki/Domain-import-documenation" target="_blank">https://github.com/Froxlor/Froxlor/wiki/Domain-import-documenation</a>';
 $lng['usersettings']['custom_notes']['title'] = 'Note personali';
 $lng['usersettings']['custom_notes']['description'] = 'Sentiti libero di inserire qualsi nota vuoi o necessiti qui. Apparirano nel riepilogo dell\'amministratore/cliente perl \'utente corrispondente.';
 $lng['usersettings']['custom_notes']['show'] = 'Mostra le tue note nel cruscotto dell\'utente';

scripts/classes/class.Extrausers.php

@@ -0,0 +1,83 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2017 the Froxlor Team (see authors).
+ *
+ * For the full copyright and license information, please view the COPYING
+ * file that was distributed with this source code. You can also view the
+ * COPYING file online at http://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  (c) the authors
+ * @author     Froxlor team <team@froxlor.org> (2017-)
+ * @license    GPLv2 http://files.froxlor.org/misc/COPYING.txt
+ * @package    Cron
+ *
+ */
+class Extrausers
+{
+
+	public static function generateFiles(&$cronlog)
+	{
+		// passwd
+		$passwd = '/var/lib/extrausers/passwd';
+		$sql = "SELECT username,'x' as password,uid,gid,'Froxlor User' as comment,homedir,shell, login_enabled FROM ftp_users ORDER BY uid ASC";
+		self::_generateFile($passwd, $sql, $cronlog);
+
+		// group
+		$group = '/var/lib/extrausers/group';
+		$sql = "SELECT groupname,'x' as password,gid,members FROM ftp_groups ORDER BY gid ASC";
+		self::_generateFile($group, $sql, $cronlog);
+
+		// shadow
+		$shadow = '/var/lib/extrausers/shadow';
+		$sql = "SELECT username,password FROM ftp_users ORDER BY gid ASC";
+		self::_generateFile($shadow, $sql, $cronlog);
+
+		// set correct permissions
+		@chmod('/var/lib/extrausers/', 0755);
+		@chmod('/var/lib/extrausers/passwd', 0644);
+		@chmod('/var/lib/extrausers/group', 0644);
+		@chmod('/var/lib/extrausers/shadow', 0640);
+	}
+
+	private static function _generateFile($file, $query, &$cronlog)
+	{
+		$type = basename($file);
+		$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Creating ' . $type . ' file');
+
+		if (! file_exists($file)) {
+			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, $type . ' file does not yet exist');
+			@mkdir(dirname($file), 0750, true);
+			touch($file);
+		}
+
+		$data_sel_stmt = Database::query($query);
+		$data_content = "";
+		$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Writing ' . $data_sel_stmt->rowCount() . ' entries to ' . $type . ' file');
+		while ($u = $data_sel_stmt->fetch(PDO::FETCH_ASSOC)) {
+			switch ($type) {
+				case 'passwd':
+					if ($u['login_enabled'] != 'Y') {
+						$u['password'] = '*';
+						$u['shell'] = '/bin/false';
+						$u['comment'] = 'Locked Froxlor User';
+					}
+					$line = $u['username'] . ':' . $u['password'] . ':' . $u['uid'] . ':' . $u['gid'] . ':' . $u['comment'] . ':' . $u['homedir'] . ':' . $u['shell'] . PHP_EOL;
+					break;
+				case 'group':
+					$line = $u['groupname'] . ':' . $u['password'] . ':' . $u['gid'] . ':' . $u['members'] . PHP_EOL;
+					break;
+				case 'shadow':
+					$line = $u['username'] . ':' . $u['password'] . ':' . floor(time() / 86400 - 1) . ':0:99999:7:::' . PHP_EOL;
+					break;
+			}
+			$data_content .= $line;
+		}
+		if (file_put_contents($file, $data_content) !== false) {
+			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Succesfully wrote ' . $type . ' file');
+		} else {
+			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Error when writing ' . $type . ' file entries');
+		}
+	}
+}

scripts/froxlor_master_cronjob.php

@@ -68,6 +68,9 @@ for ($x = 1; $x < count($argv); $x++) {
 
 $cronlog->setCronDebugFlag(defined('CRON_DEBUG_FLAG'));
 
+$tasks_cnt_stmt = Database::query("SELECT COUNT(*) as jobcnt FROM `panel_tasks`");
+$tasks_cnt = $tasks_cnt_stmt->fetch(PDO::FETCH_ASSOC);
+
 // do we have anything to include?
 if (count($jobs_to_run) > 0) {
 	// include all jobs we want to execute
@@ -76,6 +79,21 @@ if (count($jobs_to_run) > 0) {
 		$cronfile = getCronFile($cron);
 		require_once $cronfile;
 	}
+
+	if ($tasks_cnt['jobcnt'] > 0)
+	{
+		if (Settings::Get('system.nssextrausers') == 1)
+		{
+			include_once makeCorrectFile(FROXLOR_INSTALL_DIR.'/scripts/classes/class.Extrausers.php');
+			Extrausers::generateFiles($cronlog);
+		}
+
+		// clear NSCD cache if using fcgid or fpm, #1570
+		if (Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
+			$false_val = false;
+			safe_exec('nscd -i group 1> /dev/null', $false_val, array('>'));
+		}
+	}
 }
 
 fwrite($debugHandler, 'Cronfiles have been included' . "\n");

scripts/jobs/cron_letsencrypt.php

@@ -43,6 +43,7 @@ $certificates_stmt = Database::query("
 			dom.`ssl_redirect`,
 			cust.`leprivatekey`,
 			cust.`lepublickey`,
+			cust.`leregistered`,
 			cust.`customerid`,
 			cust.`loginname`
 		FROM
@@ -103,6 +104,7 @@ if (Settings::Get('system.le_froxlor_enabled') == '1') {
 		'documentroot' => FROXLOR_INSTALL_DIR,
 		'leprivatekey' => Settings::Get('system.leprivatekey'),
 		'lepublickey' => Settings::Get('system.lepublickey'),
+		'leregistered' => Settings::Get('system.leregistered'),
 		'ssl_redirect' => Settings::Get('system.le_froxlor_redirect'),
 		'expirationdate' => null,
 		'ssl_cert_file' => null,

scripts/jobs/cron_tasks.inc.dns.20.pdns.php

@@ -227,7 +227,7 @@ class pdns extends DnsBase
 		// build up connection string
 		$driver = 'mysql';
 		$dsn = $driver.":";
-		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'set names utf8');
+		$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET names utf8,sql_mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"');
 		$attributes = array('ATTR_ERRMODE' => 'ERRMODE_EXCEPTION');
 		$dbconf = array();
 

scripts/jobs/cron_tasks.inc.http.10.apache.php

@@ -78,34 +78,37 @@ class apache extends HttpConfigBase
 		}
 		$vhosts_filename = makeCorrectFile($vhosts_folder . '/05_froxlor_dirfix_nofcgid.conf');
 
-		if (Settings::Get('system.mod_fcgid') == '1' || Settings::Get('phpfpm.enabled') == '1') {
-			// if we use fcgid or php-fpm we don't need this file
-			if (file_exists($vhosts_filename)) {
-				$this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::_createStandardDirectoryEntry: unlinking ' . basename($vhosts_filename));
-				unlink(makeCorrectFile($vhosts_filename));
-			}
+		if (! isset($this->virtualhosts_data[$vhosts_filename])) {
+			$this->virtualhosts_data[$vhosts_filename] = '';
+		}
+
+		$this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . makeCorrectDir(Settings::Get('system.documentroot_prefix')) . '">' . "\n";
+
+		// check for custom values, see #1638
+		$custom_opts = Settings::Get('system.apacheglobaldiropt');
+		if (! empty($custom_opts)) {
+			$this->virtualhosts_data[$vhosts_filename] .= $custom_opts . "\n";
 		} else {
-			if (! isset($this->virtualhosts_data[$vhosts_filename])) {
-				$this->virtualhosts_data[$vhosts_filename] = '';
-			}
-
-			$this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . makeCorrectDir(Settings::Get('system.documentroot_prefix')) . '">' . "\n";
-
-			// check for custom values, see #1638
-			$custom_opts = Settings::Get('system.apacheglobaldiropt');
-			if (! empty($custom_opts)) {
-				$this->virtualhosts_data[$vhosts_filename] .= $custom_opts . "\n";
+			// >=apache-2.4 enabled?
+			if (Settings::Get('system.apache24') == '1') {
+				$this->virtualhosts_data[$vhosts_filename] .= '    Require all granted' . "\n";
+				$this->virtualhosts_data[$vhosts_filename] .= '    AllowOverride All' . "\n";
 			} else {
-				// >=apache-2.4 enabled?
-				if (Settings::Get('system.apache24') == '1') {
-					$this->virtualhosts_data[$vhosts_filename] .= '    Require all granted' . "\n";
-					$this->virtualhosts_data[$vhosts_filename] .= '    AllowOverride All' . "\n";
-				} else {
-					$this->virtualhosts_data[$vhosts_filename] .= '    Order allow,deny' . "\n";
-					$this->virtualhosts_data[$vhosts_filename] .= '    allow from all' . "\n";
-				}
+				$this->virtualhosts_data[$vhosts_filename] .= '    Order allow,deny' . "\n";
+				$this->virtualhosts_data[$vhosts_filename] .= '    allow from all' . "\n";
+			}
+		}
+		$this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
+
+		$ocsp_cache_filename = makeCorrectFile($vhosts_folder . '/03_froxlor_ocsp_cache.conf');
+		if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.apache24') == 1) {
+			$this->virtualhosts_data[$ocsp_cache_filename] = 'SSLStaplingCache ' .
+					Settings::Get('system.apache24_ocsp_cache_path') . "\n";
+		} else {
+			if (file_exists($ocsp_cache_filename)) {
+				$this->logger->logAction(CRON_ACTION, LOG_NOTICE, 'apache::_createStandardDirectoryEntry: unlinking ' . basename($ocsp_cache_filename));
+				unlink(makeCorrectFile($ocsp_cache_filename));
 			}
-			$this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
 		}
 	}
 
@@ -242,7 +245,7 @@ class apache extends HttpConfigBase
 								'adminid' => 1, /* first admin-user (superadmin) */
 								'mod_fcgid_starter' => - 1,
 								'mod_fcgid_maxrequests' => - 1,
-								'guid' => Settings::Get('phpfpm.vhost_httpuser'),
+								'guid' => Settings::Get('system.mod_fcgid_httpuser'),
 								'openbasedir' => 0,
 								'email' => Settings::Get('panel.adminmail'),
 								'loginname' => 'froxlor.panel',
@@ -344,6 +347,15 @@ class apache extends HttpConfigBase
 						);
 					}
 				} // end of ssl-redirect check
+				else
+				{
+					// fallback of froxlor domain-data for processSpecialConfigTemplate()
+					$domain = array(
+						'domain' => Settings::Get('system.hostname'),
+						'loginname' => 'froxlor.panel',
+						'documentroot' => $mypath
+					);
+				}
 
 				/**
 				 * dirprotection, see #72
@@ -413,6 +425,12 @@ class apache extends HttpConfigBase
 
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLEngine On' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLProtocol -ALL +TLSv1 +TLSv1.2' . "\n";
+							if (Settings::Get('system.apache24') == '1') {
+								if (Settings::Get('system.http2_support') == '1') {
+									$this->virtualhosts_data[$vhosts_filename] .= ' Protocols h2 http/1.1' . "\n";
+								}
+								$this->virtualhosts_data[$vhosts_filename] .= ' SSLCompression Off' . "\n";
+							}
 							// this makes it more secure, thx to Marcel (08/2013)
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLHonorCipherOrder On' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= ' SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
@@ -488,8 +506,10 @@ class apache extends HttpConfigBase
 	{
 		$php_options_text = '';
 
-		if ($domain['phpenabled'] == '1') {
+		if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
 			// This vHost has PHP enabled and we are using the regular mod_php
+			$cmail = getCustomerDetail($domain['customerid'], 'email');
+			$php_options_text .= '  php_admin_value sendmail_path "/usr/sbin/sendmail -t -f '.$cmail.'"' . PHP_EOL;
 
 			if ($domain['openbasedir'] == '1') {
 				if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false) {
@@ -583,6 +603,16 @@ class apache extends HttpConfigBase
 		if ($domain['deactivated'] == '1' && Settings::Get('system.deactivateddocroot') != '') {
 			$webroot_text .= '  # Using docroot for deactivated users...' . "\n";
 			$webroot_text .= '  DocumentRoot "' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . "\"\n";
+			$webroot_text .= '  <Directory "' . makeCorrectDir(Settings::Get('system.deactivateddocroot')) . '">' . "\n";
+			// >=apache-2.4 enabled?
+			if (Settings::Get('system.apache24') == '1') {
+				$webroot_text .= '    Require all granted' . "\n";
+				$webroot_text .= '    AllowOverride All' . "\n";
+			} else {
+				$webroot_text .= '    Order allow,deny' . "\n";
+				$webroot_text .= '    allow from all' . "\n";
+			}
+			$webroot_text .= '  </Directory>' . "\n";
 			$this->_deactivated = true;
 		} else {
 			$webroot_text .= '  DocumentRoot "' . $domain['documentroot'] . "\"\n";
@@ -786,6 +816,7 @@ class apache extends HttpConfigBase
 		$vhost_content .= '<VirtualHost ' . trim($ipportlist) . '>' . "\n";
 		$vhost_content .= $this->getServerNames($domain);
 
+		$domain['documentroot_norewrite'] = $domain['documentroot'];
 		if (($ssl_vhost == false && $domain['ssl'] == '1' && $domain['ssl_redirect'] == '1')) {
 			// We must not check if our port differs from port 443,
 			// but if there is a destination-port != 443
@@ -808,7 +839,8 @@ class apache extends HttpConfigBase
 				$_sslport = ":" . $ssldestport['port'];
 			}
 
-			$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
+			$domain['documentroot'] = 'https://%{HTTP_HOST}' . $_sslport . '/';
+			$domain['documentroot_norewrite'] = 'https://' . $domain['domain'] . $_sslport . '/';
 		}
 
 		if ($ssl_vhost === true && $domain['ssl'] == '1' && Settings::Get('system.use_ssl') == '1') {
@@ -831,6 +863,12 @@ class apache extends HttpConfigBase
 			if ($domain['ssl_cert_file'] != '') {
 				$vhost_content .= '  SSLEngine On' . "\n";
 				$vhost_content .= '  SSLProtocol -ALL +TLSv1 +TLSv1.2' . "\n";
+				if (Settings::Get('system.apache24') == '1') {
+					if (isset($domain['http2']) && $domain['http2'] == '1') {
+						$vhost_content .= ' Protocols h2 http/1.1' . "\n";
+					}
+					$vhost_content .= '  SSLCompression Off' . "\n";
+				}
 				// this makes it more secure, thx to Marcel (08/2013)
 				$vhost_content .= '  SSLHonorCipherOrder On' . "\n";
 				$vhost_content .= '  SSLCipherSuite ' . Settings::Get('system.ssl_cipher_list') . "\n";
@@ -849,6 +887,12 @@ class apache extends HttpConfigBase
 					$vhost_content .= '  SSLCertificateChainFile ' . makeCorrectFile($domain['ssl_cert_chainfile']) . "\n";
 				}
 
+				if (Settings::Get('system.apache24') == '1' && isset($domain['ocsp_stapling']) &&
+						$domain['ocsp_stapling'] == '1')
+				{
+					$vhost_content .= '  SSLUseStapling on' . PHP_EOL;
+				}
+
 				if ($domain['hsts'] >= 0) {
 					$vhost_content .= '  <IfModule mod_headers.c>' . "\n";
 					$vhost_content .= '    Header always set Strict-Transport-Security "max-age=' . $domain['hsts'];
@@ -875,10 +919,8 @@ class apache extends HttpConfigBase
 		if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
 			$corrected_docroot = $domain['documentroot'];
 
-			// prevent empty return-cde
-			$code = "301";
 			// Get domain's redirect code
-			$code = getDomainRedirectCode($domain['id']);
+			$code = getDomainRedirectCode($domain['id'], '301');
 			$modrew_red = '';
 			if ($code != '') {
 				$modrew_red = ' [R=' . $code . ';L,NE]';
@@ -896,7 +938,7 @@ class apache extends HttpConfigBase
 			$vhost_content .= '    RewriteRule ^/(.*) ' . $corrected_docroot . '$1' . $modrew_red . "\n";
 			$vhost_content .= '  </IfModule>' . "\n";
 			$vhost_content .= '  <IfModule !mod_rewrite.c>' . "\n";
-			$vhost_content .= '    Redirect ' . $code . ' / ' . $corrected_docroot . "\n";
+			$vhost_content .= '    Redirect ' . $code . ' / ' . $domain['documentroot_norewrite'] . "\n";
 			$vhost_content .= '  </IfModule>' . "\n";
 		} else {
 

scripts/jobs/cron_tasks.inc.http.15.apache_fcgid.php

@@ -23,7 +23,7 @@ class apache_fcgid extends apache
 	{
 		$php_options_text = '';
 
-		if($domain['phpenabled'] == '1')
+		if($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1')
 		{
 			$php = new phpinterface($domain);
 			$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);

scripts/jobs/cron_tasks.inc.http.20.lighttpd.php

@@ -162,7 +162,25 @@ class lighttpd extends HttpConfigBase
 						$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
 						$this->lighttpd_data[$vhost_filename] .= "\t" . ')' . "\n";
 						$this->lighttpd_data[$vhost_filename] .= '  )' . "\n";
+					} else {
+						$domain = array(
+							'id' => 'none',
+							'domain' => Settings::Get('system.hostname'),
+							'adminid' => 1, /* first admin-user (superadmin) */
+							'guid' => Settings::Get('system.httpuser'),
+							'openbasedir' => 0,
+							'email' => Settings::Get('panel.adminmail'),
+							'loginname' => 'froxlor.panel',
+							'documentroot' => $mypath
+						);
 					}
+				} else {
+					// fallback of froxlor domain-data for processSpecialConfigTemplate()
+					$domain = array(
+						'domain' => Settings::Get('system.hostname'),
+						'loginname' => 'froxlor.panel',
+						'documentroot' => $mypath
+					);
 				}
 
 				if ($row_ipsandports['specialsettings'] != '') {
@@ -424,7 +442,7 @@ class lighttpd extends HttpConfigBase
 				$_sslport = ":" . $ssldestport['port'];
 			}
 
-			$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
+			$domain['documentroot'] = 'https://%1' . $_sslport . '/';
 		}
 
 		// avoid using any whitespaces
@@ -432,10 +450,9 @@ class lighttpd extends HttpConfigBase
 
 		if (preg_match('/^https?\:\/\//', $domain['documentroot'])) {
 			$uri = $domain['documentroot'];
-			// prevent empty return-cde
-			$code = "301";
+
 			// Get domain's redirect code
-			$code = getDomainRedirectCode($domain['id']);
+			$code = getDomainRedirectCode($domain['id'], '301');
 
 			$vhost_content .= '  url.redirect-code = ' . $code. "\n";
 			$vhost_content .= '  url.redirect = (' . "\n";
@@ -518,7 +535,8 @@ class lighttpd extends HttpConfigBase
 
 			if ($domain['ssl_cert_file'] != '') {
 
-				$ssl_settings .= 'ssl.engine = "enable"' . "\n";
+				// ssl.engine only necessary once in the ip/port vhost (SERVER['socket'] condition)
+				//$ssl_settings .= 'ssl.engine = "enable"' . "\n";
 				$ssl_settings .= 'ssl.use-compression = "disable"' . "\n";
 				$ssl_settings .= 'ssl.use-sslv2 = "disable"' . "\n";
 				$ssl_settings .= 'ssl.use-sslv3 = "disable"' . "\n";
@@ -532,14 +550,14 @@ class lighttpd extends HttpConfigBase
 
 				if ($domain['hsts'] >= 0) {
 
-					$vhost_content .= '$HTTP["scheme"] == "https" { setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
+					$ssl_settings .= '$HTTP["scheme"] == "https" { setenv.add-response-header  = ( "Strict-Transport-Security" => "max-age=' . $domain['hsts'];
 					if ($domain['hsts_sub'] == 1) {
-						$vhost_content .= '; includeSubDomains';
+						$ssl_settings .= '; includeSubDomains';
 					}
 					if ($domain['hsts_preload'] == 1) {
-						$vhost_content .= '; preload';
+						$ssl_settings .= '; preload';
 					}
-					$vhost_content .= '") }' . "\n";
+					$ssl_settings .= '") }' . "\n";
 				}
 			}
 		}

scripts/jobs/cron_tasks.inc.http.25.lighttpd_fcgid.php

@@ -21,7 +21,7 @@ class lighttpd_fcgid extends lighttpd
 	{
 		$php_options_text = '';
 
-		if($domain['phpenabled'] == '1')
+		if($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1')
 		{
 			$php = new phpinterface($domain);
 			$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);

scripts/jobs/cron_tasks.inc.http.30.nginx.php

@@ -196,17 +196,22 @@ class nginx extends HttpConfigBase
 					}
 				}
 
-                $http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
-                
+				$http2 = $ssl_vhost == true && Settings::Get('system.http2_support') == '1';
+
 				/**
 				 * this HAS to be set for the default host in nginx or else no vhost will work
 				 */
-                $this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
+				$this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
 
 				$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
 				$this->nginx_data[$vhost_filename] .= "\t" . 'server_name    ' . Settings::Get('system.hostname') . ';' . "\n";
 				$this->nginx_data[$vhost_filename] .= "\t" . 'access_log      /var/log/nginx/access.log;' . "\n";
 
+				if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.leenabled') == '1' && Settings::Get('system.le_froxlor_enabled') == '1') {
+					$acmeConfFilename = Settings::Get('system.letsencryptacmeconf');
+					$this->nginx_data[$vhost_filename] .= "\t" . 'include ' . $acmeConfFilename . ';' . "\n";
+				}
+
 				$is_redirect = false;
 				// check for SSL redirect
 				if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
@@ -219,7 +224,7 @@ class nginx extends HttpConfigBase
 					} else {
 						$_sslport = $this->checkAlternativeSslPort();
 						$mypath = 'https://' . Settings::Get('system.hostname') . $_sslport . '/';
-						$this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
+						$this->nginx_data[$vhost_filename] .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n";
 						$this->nginx_data[$vhost_filename] .= "\t\t" . 'return 301 ' . $mypath . '$request_uri;' . "\n";
 						$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
 					}
@@ -413,7 +418,7 @@ class nginx extends HttpConfigBase
 				$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 			}
 
-            $http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
+			$http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1');
 
             $vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
 		}
@@ -442,7 +447,7 @@ class nginx extends HttpConfigBase
 				$_sslport = ":" . $ssldestport['port'];
 			}
 
-			$domain['documentroot'] = 'https://' . $domain['domain'] . $_sslport . '/';
+			$domain['documentroot'] = 'https://$host' . $_sslport . '/';
 		}
 
 		// avoid using any whitespaces
@@ -464,12 +469,11 @@ class nginx extends HttpConfigBase
 			if (substr($uri, - 1) == '/') {
 				$uri = substr($uri, 0, - 1);
 			}
-			// prevent empty return-cde
-			$code = "301";
-			// Get domain's redirect code
-			$code = getDomainRedirectCode($domain['id']);
 
-			$vhost_content .= "\t" . 'if ($request_uri !~ "^/\.well-known/acme-challenge/\w+$") {' . "\n";
+			// Get domain's redirect code
+			$code = getDomainRedirectCode($domain['id'], '301');
+
+			$vhost_content .= "\t" . 'if ($request_uri !~ ^/.well-known/acme-challenge/\w+$) {' . "\n";
 			$vhost_content .= "\t\t" . 'return ' . $code .' ' . $uri . '$request_uri;' . "\n";
 			$vhost_content .= "\t" . '}' . "\n";
 		} else {
@@ -630,6 +634,14 @@ class nginx extends HttpConfigBase
 					}
 					$sslsettings .= '";' . "\n";
 				}
+
+				if ((isset($domain_or_ip['ocsp_stapling']) && $domain_or_ip['ocsp_stapling'] == "1") ||
+						(isset($domain_or_ip['letsencrypt']) && $domain_or_ip['letsencrypt'] == "1") ) {
+					$sslsettings .= "\t" . 'ssl_stapling on;' . "\n";
+					$sslsettings .= "\t" . 'ssl_stapling_verify on;' . "\n";
+					$sslsettings .= "\t" . 'ssl_trusted_certificate ' .
+							makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
+				}
 			}
 		}
 
@@ -707,6 +719,11 @@ class nginx extends HttpConfigBase
 								if ($single['path'] == '/') {
 									$path_options .= "\t\t" . 'auth_basic            "' . $single['authname'] . '";' . "\n";
 									$path_options .= "\t\t" . 'auth_basic_user_file  ' . makeCorrectFile($single['usrf']) . ';' . "\n";
+									if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
+										$path_options .= "\t\t" . 'index    index.php index.html index.htm;' . "\n";
+									} else {
+										$path_options .= "\t\t" . 'index    index.html index.htm;' . "\n";
+									}
 									$path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
 									$path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
 									$path_options .= "\t\t" . '}' . "\n";
@@ -764,6 +781,11 @@ class nginx extends HttpConfigBase
 						$path_options .= "\t" . 'location ' . makeCorrectDir($single['path']) . ' {' . "\n";
 						$path_options .= "\t\t" . 'auth_basic            "' . $single['authname'] . '";' . "\n";
 						$path_options .= "\t\t" . 'auth_basic_user_file  ' . makeCorrectFile($single['usrf']) . ';' . "\n";
+						if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
+							$path_options .= "\t\t" . 'index    index.php index.html index.htm;' . "\n";
+						} else {
+							$path_options .= "\t\t" . 'index    index.html index.htm;' . "\n";
+						}
 						$path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
 						$path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
 						$path_options .= "\t\t" . '}' . "\n";
@@ -842,7 +864,7 @@ class nginx extends HttpConfigBase
 	protected function composePhpOptions($domain, $ssl_vhost = false)
 	{
 		$phpopts = '';
-		if ($domain['phpenabled'] == '1') {
+		if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
 			$phpopts = "\tlocation ~ \.php {\n";
 			$phpopts .= "\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
 			$phpopts .= "\t" . '}' . "\n\n";
@@ -878,7 +900,7 @@ class nginx extends HttpConfigBase
 
 		$webroot_text .= "\n\t" . 'location / {' . "\n";
 
-		if ($domain['phpenabled'] == '1') {
+		if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
 			$webroot_text .= "\t" . 'index    index.php index.html index.htm;' . "\n";
 			$webroot_text .= "\t\t" . 'try_files $uri $uri/ @rewrites;' . "\n";
 		} else {
@@ -891,7 +913,7 @@ class nginx extends HttpConfigBase
 		}
 
 		$webroot_text .= "\t" . '}' . "\n\n";
-		if ($domain['phpenabled'] == '1') {
+		if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
 			$webroot_text .= "\tlocation @rewrites {\n";
 			$webroot_text .= "\t\trewrite ^ /index.php last;\n";
 			$webroot_text .= "\t}\n\n";

scripts/jobs/cron_tasks.inc.http.35.nginx_phpfpm.php

@@ -20,7 +20,7 @@ class nginx_phpfpm extends nginx
 	protected function composePhpOptions($domain, $ssl_vhost = false) {
 		$php_options_text = '';
 
-		if ($domain['phpenabled'] == '1') {
+		if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
 			$php = new phpinterface($domain);
 			$phpconfig = $php->getPhpConfig((int)$domain['phpsettingid']);
 			

scripts/jobs/cron_tasks.php

@@ -168,6 +168,13 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));
 			safe_exec('chown -R ' . (int)Settings::Get('system.vmail_uid') . ':' . (int)Settings::Get('system.vmail_gid') . ' ' . escapeshellarg($usermaildir));
 
+			if (Settings::Get('system.nssextrausers') == 1)
+			{
+				// explicitly create files after user has been created to avoid unknown user issues for apache/php-fpm when task#1 runs after this
+				include_once makeCorrectFile(FROXLOR_INSTALL_DIR.'/scripts/classes/class.Extrausers.php');
+				Extrausers::generateFiles($cronlog);
+			}
+
 			// clear NSCD cache if using fcgid or fpm, #1570
 			if (Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
 				$false_val = false;

scripts/jobs/cron_traffic.php

@@ -115,7 +115,7 @@ while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {
 		Database::needRoot(true, $row_database['dbserver']);
 		$last_dbserver = $row_database['dbserver'];
 
-		$database_list = array();
+		$databases_list = array();
 		$databases_list_result_stmt = Database::query("SHOW DATABASES");
 		while ($databases_list_row = $databases_list_result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$databases_list[] = strtolower($databases_list_row['Database']);
@@ -501,9 +501,7 @@ while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 		Database::pexecute($result_quota_stmt, array('customerid' => $row['customerid']));
 
 		// get correct user
-		if (Settings::Get('system.mod_fcgid') == 1
-			&& $row['deactivated'] == '0'
-		) {
+		if ((Settings::Get('system.mod_fcgid') == 1 || Settings::Get('phpfpm.enabled') == 1) && $row['deactivated'] == '0') {
 			$user = $row['loginname'];
 			$group = $row['loginname'];
 		} else {

scripts/jobs/cron_usage_report.php

@@ -34,6 +34,8 @@ if (Settings::Get('system.mail_use_smtp')) {
 	$mail->Password = Settings::Get('system.mail_smtp_passwd');
 	if (Settings::Get('system.mail_smtp_usetls')) {
 		$mail->SMTPSecure = 'tls';
+	} else {
+		$mail->SMTPAutoTLS = false;
 	}
 	$mail->Port = Settings::Get('system.mail_smtp_port');
 }

ssl_certificates.php

@@ -23,14 +23,38 @@ if (! defined('AREA'))
 $del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE id = :id");
 $success_message = "";
 
-// do the delete and then just showa success-message and the certificates list again
+// do the delete and then just show a success-message and the certificates list again
 if ($action == 'delete') {
 	$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
 	if ($id > 0) {
-		Database::pexecute($del_stmt, array(
-			'id' => $id
-		));
-		$success_message = sprintf($lng['domains']['ssl_certificate_removed'], $id);
+		$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
+		if (AREA == 'customer') {
+			$chk_stmt = Database::prepare("
+				SELECT d.domain FROM `" . TABLE_PANEL_DOMAINS . "` d
+				LEFT JOIN `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s ON s.domainid = d.id
+				WHERE s.`id` = :id AND d.`customerid` = :cid
+			");
+			$chk = Database::pexecute_first($chk_stmt, array(
+				'id' => $id,
+				'cid' => $userinfo['customerid']
+			));
+		} elseif (AREA == 'admin' && $userinfo['customers_see_all'] == '0') {
+			$chk_stmt = Database::prepare("
+				SELECT d.domain FROM `" . TABLE_PANEL_DOMAINS . "` d
+				LEFT JOIN `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s ON s.domainid = d.id
+				WHERE s.`id` = :id AND d.`adminid` = :aid
+			");
+			$chk = Database::pexecute_first($chk_stmt, array(
+				'id' => $id,
+				'aid' => $userinfo['adminid']
+			));
+		}
+		if ($chk !== false) {
+			Database::pexecute($del_stmt, array(
+				'id' => $id
+			));
+			$success_message = sprintf($lng['domains']['ssl_certificate_removed'], $id);
+		}
 	}
 }
 
@@ -72,7 +96,9 @@ $certificates = "";
 if (count($all_certs) == 0) {
 	$message = $lng['domains']['no_ssl_certificates'];
 	$sortcode = "";
-	$arrowcode = array('d.domain' => '');
+	$arrowcode = array(
+		'd.domain' => ''
+	);
 	$searchcode = "";
 	$pagingcode = "";
 	eval("\$certificates.=\"" . getTemplate("ssl_certificates/certs_error", true) . "\";");
@@ -127,13 +153,13 @@ if (count($all_certs) == 0) {
 				}
 
 				$san_list = "";
-				if (isset($cert_data['extensions']['subjectAltName']) && !empty($cert_data['extensions']['subjectAltName'])) {
+				if (isset($cert_data['extensions']['subjectAltName']) && ! empty($cert_data['extensions']['subjectAltName'])) {
 					$SANs = explode(",", $cert_data['extensions']['subjectAltName']);
 					$SANs = array_map('trim', $SANs);
 					foreach ($SANs as $san) {
 						$san = str_replace("DNS:", "", $san);
 						if ($san != $cert_data['subject']['CN'] && strpos($san, "othername:") === false) {
-							$san_list .= $san."<br>";
+							$san_list .= $san . "<br>";
 						}
 					}
 				}

templates/Sparkle/admin/configfiles/configfiles.tpl

@@ -27,7 +27,7 @@ eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren,
 no sea takimata sanctus est Lorem ipsum dolor sit amet.</textarea>
 				</p>
 				<form id="configfiles_setmysqlpw" action="#">
-					MYSQL_PASSWORD: <input type="text" class="text" id="configfiles_mysqlpw" name="configfiles_mysqlpw" value="" />
+					FROXLOR_MYSQL_PASSWORD: <input type="text" class="text" id="configfiles_mysqlpw" name="configfiles_mysqlpw" value="" />
 					<input type="submit" value="{$lng['panel']['set']}" />
 				</form>
 			</div>

templates/Sparkle/admin/ipsandports/ipsandports.tpl

@@ -27,7 +27,7 @@ $header
 							<th>{$lng['admin']['ipsandports']['ip']}&nbsp;{$arrowcode['ip']}</th>
 							<th>{$lng['admin']['ipsandports']['port']}&nbsp;{$arrowcode['port']}</th>
 							<if !$is_nginx><th>Listen</th></if>
-							<if $is_apache><th>NameVirtualHost</th></if>
+							<if $is_apache && !$is_apache24><th>NameVirtualHost</th></if>
 							<th>vHost-Container</th>
 							<th>Specialsettings</th>
 							<if $is_apache><th>ServerName</th></if>

templates/Sparkle/admin/ipsandports/ipsandports_ipandport.tpl

@@ -2,7 +2,7 @@
 	<td>{$row['ip']}</td>
 	<td>{$row['port']}</td>
 	<if !$is_nginx><td><if $row['listen_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
-	<if $is_apache><td><if $row['namevirtualhost_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
+	<if $is_apache && !$is_apache24><td><if $row['namevirtualhost_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>
 	<td><if $row['vhostcontainer']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td>
 	<td><if $row['specialsettings']!=''>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td>
 	<if $is_apache><td><if $row['vhostcontainer_servername_statement']=='1'>{$lng['panel']['yes']}<else>{$lng['panel']['no']}</if></td></if>

templates/Sparkle/admin/settings/testmail.tpl

@@ -0,0 +1,48 @@
+$header
+<article>
+		<header>
+			<h2>
+				<img src="templates/{$theme}/assets/img/icons/email_edit_big.png" alt="" />&nbsp;
+				{$lng['admin']['testmail']}
+			</h2>
+		</header>
+		
+		<if !empty($_mailerror)>
+		<div class="messagewrapperfull">
+			<div class="warningcontainer bradius">
+				<div class="warningtitle">{$lng['admin']['warning']}</div>
+				<div class="warning">{$mailerr_msg}</div>
+			</div>
+		</div>
+		</if>
+
+		<section>
+						<table class="full">
+							<tr>
+								<th>{$lng['serversettings']['mail_smtp_user']}</th>
+								<th>Host</th>
+								<th>Port</th>
+								<th>SMTP Auth</th>
+								<th>TLS</th>
+							</tr>
+							<tr>
+								<td>{$mail_smtp_user}</td>
+								<td>{$mail_smtp_host}</td>
+								<td>{$mail_smtp_port}</td>
+								<td><img src="templates/{$theme}/assets/img/icons/<if Settings::Get('system.mail_use_smtp') == '1'>button_ok<else>cancel</if>.png" alt="" /></td>
+								<td><img src="templates/{$theme}/assets/img/icons/<if Settings::Get('system.mail_smtp_usetls') == '1'>button_ok<else>cancel</if>.png" alt="" /></td>
+							</tr>
+						</table>
+			<br>
+			<form action="{$linker->getLink(array('section' => 'settings'))}" method="post" enctype="application/x-www-form-urlencoded">
+				<input type="hidden" name="s" value="$s" />
+				<input type="hidden" name="page" value="$page" />
+				<input type="hidden" name="action" value="$action" />
+				<input type="hidden" name="send" value="send" />
+
+				<input type="text" name="test_addr" id="test_addr" placeholder="test address" />
+				<input type="submit" value="Test">
+			</form>
+		</section>
+</article>
+$footer

templates/Sparkle/assets/js/main.js

@@ -205,12 +205,12 @@ $(document).ready(function() {
 
 	// Config files
 	var configfileTextareas = $("textarea.filecontent, textarea.shell");
-	var lastPw = "MYSQL_PASSWORD";
+	var lastPw = "FROXLOR_MYSQL_PASSWORD";
 	$("#configfiles_setmysqlpw").submit(function(event) {
 		event.preventDefault();
 		var inputVal = $("#configfiles_mysqlpw").val();
 		if (!inputVal.trim()) {
-			inputVal = "MYSQL_PASSWORD";
+			inputVal = "FROXLOR_MYSQL_PASSWORD";
 		}
 		configfileTextareas.each(function() {
 			this.value = this.value.replace(lastPw, inputVal);

templates/misc/standardcustomer/index.html

@@ -57,7 +57,7 @@
 		<footer>
 			<span>
 				<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAAAQCAYAAAC1MDndAAAACXBIWXMAAAsTAAALEwEAmpwYAAAKT2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AUkSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXXPues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgABeNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAtAGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dXLh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzABhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/phCJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhMWE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQAkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+IoUspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdpr+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZD5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61MbU2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllirSKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79up+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6VhlWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lOk06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7RyFDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3IveRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+BZ7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5pDoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5qPNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIsOpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQrAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1dT1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aXDm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3SPVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKaRptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfVP1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADqYAAAOpgAABdvkl/FRgAAAy1JREFUeNrs1muIVlUUBuBnvqZkoswudKErZFOG0kWt6WpN0wWCDMOsgX4UmVS/KovKhIKYLhRBJvV1o/5VlJCmYEmUFYijaBYhSRQVBVE0ZnRBJ/vzfnA4nDN+wTh/pgWHc/baa6+z97v3et/d0Ww24SQ8ij5MNL7tN6zBvdjWiZOxDpP8b3JA5qAXPQ0MtAnOm9jZBvqbsQHbsGsMFrQLv+KPUc47CQONlFXZPsNfJd/buBrDFfHDWIDDcAZmohsPjwFAD+EQnL8Xcl/WqOGc+/FJyXcxVuHJivjX8Hx2cwGeweO4fIxOkL10Wg9o1HSsxUcl30V5P1JxnFuxp+M53I67cQ5mYwZexj2YlnarJBdl3BE4FfPxdfofSOwNhX+uwgXxf1Uz/024DpNxFHrwRIEiPs74XnyIq3A8Xion6qxIvj0TX1vyb8x7CJ/jrELfjrx/zgmS0p2bCWzHzejAQTgmO35J+OpInIcv8GLKeROuzcI24lAsRH/yzcGJFfMfDIB/B/ipeD8bNojX8W1hPR+gCxPwTzsAdaGRgTeGrAZLJXd4zc59l1Jr2dzC91S8g+PSXhFwGgGxO4s6Bd9gaQRkAHdhSQHso/FCzRweS56ezLmB1bgCb+DBCg67rwaLSud+uDAAvVLRfw1OqCO18JEKbusvgNMqA/F153sCpgegT+O7Iwt8NwrZwKsh5irbUuDMFoXMquhv2eKRSKiOg54OUFXSt3SEfPvi4Dz77IEAW/8uH+vdpf6dkXGF+F9GyNtRkXe4or8tqwNoWrigbDeFTEfDZhbKckuBy9blu0XkC1Pi++PK+Objy5q80/NeXSDl9wrgnDkaAIlyzCj5zh1FCb00JL07Jd2LKfgBx+LWXE6XJP6pcMiUiMg8/FmRd3GEYHNiZ+H6wgZP/i+T7MzPJo5wkjYU2t01cWfjp6hH2WZn0adVbM7KALAS3weYftwZIVgTIHtxS8YtD6kOYX2Uqi8iIKCsD6CDhXnNi+iI+vXhwD3g83tHs9l8K5JZZbfh2UL7x0jyeLFljVzUhtoc0DWOwBnCoga25s6wrHDhG8+2I1j0YOu/AwBUU7aBHvM/ZwAAAABJRU5ErkJggg==" style="height: 13px; margin: 0 2px 3px 0; vertical-align:middle;"/>
- &copy; 2009-2016 by <a href="http://www.froxlor.org">the Froxlor Team</a>
+ &copy; 2009-2017 by <a href="http://www.froxlor.org">the Froxlor Team</a>
 			</span>
 		</footer>
 	</body>