set version to 2.1.8 for bugfix release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
fix domains speciallogfile ajax-check/note; improve ajax ip check in admin_ipsandports
2024-03-29 11:27:32 +01:00 · 2024-03-27 11:08:45 +01:00 · 2024-03-27 10:17:48 +01:00 · 2024-03-27 10:17:37 +01:00 · 2024-03-25 08:22:00 +01:00 · 2024-03-17 08:30:38 +01:00
301 changed files with 9881 additions and 29918 deletions
--- a/.github/workflows/build-docs.yml
+++ b/.github/workflows/build-docs.yml
@@ -2,7 +2,8 @@ name: build-documentation
 on:
  release:
-    types: [published]
+    # only run for stable releases
    types: [released]
 jobs:
  build_docs:
@@ -11,4 +12,4 @@ jobs:
      - env:
          GITHUB_TOKEN: ${{ secrets.ORG_GITHUB_TOKEN }}
        run: |
-          gh workflow run --repo Froxlor/Documentation build-and-deploy -f type=tags ref=${{github.ref_name}}
+          gh workflow run --repo Froxlor/Documentation build-and-deploy.yml -f type=tags -f ref=${{github.ref_name}}
--- a/.github/workflows/build-mariadb.yml
+++ b/.github/workflows/build-mariadb.yml
@@ -1,5 +1,5 @@
 name: Froxlor-CI-MariaDB
-on: ['push', 'pull_request', 'create']
+on: [ 'push', 'pull_request', 'create' ]
 jobs:
  froxlor:
@@ -8,8 +8,8 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: ['7.4', '8.1']
+        php-versions: [ '7.4', '8.2' ]
-        mariadb-version: [10.5, 10.4]
+        mariadb-version: [ 10.11, 10.5 ]
    steps:
      - name: Checkout
        uses: actions/checkout@v3
@@ -19,7 +19,7 @@ jobs:
        with:
          php-version: ${{ matrix.php-versions }}
          tools: composer:v2
-          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp
+          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp, gnupg
      - name: Install tools
        run: sudo apt-get install -y ant
@@ -49,33 +49,81 @@ jobs:
      - name: Run testing
        run: ant quick-build
-#      - name: irc push
+  nightly:
-#        uses: rectalogic/notify-irc@v1
+    name: Create nightly/testing tarball
-#        if: github.event_name == 'push'
+    runs-on: ubuntu-latest
-#        with:
+    needs: froxlor
-#          channel: "#froxlor"
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
 #          server: "irc.libera.chat"
 #          nickname: froxlor-ci
 #          message: |
 #            ${{ github.actor }} pushed ${{ github.event.ref }} ${{ github.event.compare }}
 #            ${{ join(github.event.commits.*.message) }}
-#      - name: irc pull request
+    steps:
-#        uses: rectalogic/notify-irc@v1
+      - name: Checkout
-#        if: github.event_name == 'pull_request'
+        uses: actions/checkout@v3
 #        with:
 #          channel: "#froxlor"
 #          server: "irc.libera.chat"
 #          nickname: froxlor-ci
 #          message: |
 #            ${{ github.actor }} opened PR ${{ github.event.pull_request.html_url }}
-#      - name: irc tag created
+      - name: Setup PHP with PECL extension
-#        uses: rectalogic/notify-irc@v1
+        uses: shivammathur/setup-php@v2
-#        if: github.event_name == 'create' && github.event.ref_type == 'tag'
+        with:
-#        with:
+          php-version: '7.4'
-#          channel: "#froxlor"
+          tools: composer:v2
-#          server: "irc.libera.chat"
+          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp, gnupg
-#          nickname: froxlor-ci
+
-#          message: |
+      - name: Install composer dependencies
-#            ${{ github.actor }} tagged ${{ github.repository }} ${{ github.event.ref }}
+        run: composer install --no-dev
      - name: Install Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '20.x'
      - name: Install npm dependencies
        run: npm install
      - name: Build assets
        run: npm run build
        working-directory: .
      - name: Setting file/directory permissions
        run: |
          find -exec chmod ugo+r,u+w,go-w {} \;
          find -type f -exec chmod ugo-x {} \;
          find -type d -exec chmod ugo+x {} \;
          chmod 0755 bin/froxlor-cli
      - name: Remove vcs and unneeded files
        run: |
          rm .gitignore
          rm .editorconfig
          rm -rf node_modules
          rm composer.json
          rm composer.lock
          rm package.json
          rm package-lock.json
          rm *.xml
          rm vite.config.js
      - name: Create empty index.html in built assets directory
        run: |
          touch templates/Froxlor/build/index.html
          touch templates/Froxlor/build/assets/index.html
      - name: Set outputs
        id: vars
        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
      - name: Set nightly branding
        run: |
          sed -i "s/const BRANDING = '';/const BRANDING = '+nightly.${{steps.vars.outputs.sha_short}}';/" lib/Froxlor/Froxlor.php
          zip -r froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip . -x "*.git*"
          sha256sum froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip > froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip.sha256
          mkdir dist
          mv froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip dist/
          mv froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip.sha256 dist/
      - name: Deploy nightly to server
        uses: easingthemes/ssh-deploy@v3.4.3
        env:
          ARGS: "-rltDzvO --chown=${{ secrets.WEB_USER }}:${{ secrets.WEB_USER }}"
          SOURCE: "dist/"
          SSH_PRIVATE_KEY: ${{ secrets.SERVER_SSH_KEY }}
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          REMOTE_USER: ${{ secrets.REMOTE_USER }}
          TARGET: "${{ secrets.REMOTE_TARGET }}"
--- a/.github/workflows/build-mysql.yml
+++ b/.github/workflows/build-mysql.yml
@@ -8,7 +8,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: ['7.4', '8.1']
+        php-versions: ['7.4', '8.2']
        mysql-version: [8.0, 5.7]
    steps:
      - name: Checkout
@@ -19,7 +19,7 @@ jobs:
        with:
          php-version: ${{ matrix.php-versions }}
          tools: composer:v2
-          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp
+          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp, gnupg
      - name: Install tools
        run: sudo apt-get install -y ant
--- a/.gitignore
+++ b/.gitignore
@@ -13,6 +13,7 @@ logs/*
 *~
 .well-known
 .idea
 .DS_Store
 *.iml
 img/
 vendor/
@@ -21,8 +22,5 @@ fonts/
 templates/*
 !templates/index.html
 !templates/Froxlor/
-templates/Froxlor/assets/mix-manifest.json
+templates/Froxlor/build/
 templates/Froxlor/assets/css/
 templates/Froxlor/assets/js/
 templates/Froxlor/assets/webfonts/
 !templates/misc/
--- a/README.md
+++ b/README.md
@@ -34,19 +34,13 @@ You may find help in the following places:
 The froxlor community discord server can be found here: https://discord.froxlor.org
 ### IRC
 froxlor may be found on libera.chat, channel #froxlor:
 irc://irc.libera.chat/froxlor
 ### Forum
 The community is located on https://forum.froxlor.org/
-### Wiki
+### Documentation
-More documentation may be found in the froxlor - documentation:
+The documentation may be found at https://docs.froxlor.org/
 https://docs.froxlor.org/
 ## License
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -10,9 +10,11 @@ With that, good luck hacking us ;)
 ## Supported versions
- ️✅ **2.x**  (`main` git-branch)
+- ️✅ **2.2.x**  (`main` git-branch)
- ❌ 0.10.x (`0.10.x` git-branch)
+- ️✅ **2.1.x**  (`v2.1` git-branch)
- ❌ 0.9.x (`0.9.x`git-branch)
+- ❌ 2.0.x (`2.0.x`-tags)
 - ❌ 0.10.x (`0.10.x`-tags)
 - ❌ other git-branches
 ## Qualifying Vulnerabilities
@@ -26,7 +28,7 @@ With that, good luck hacking us ;)
 ### Vulnerabilities we accept
-Only reproducable issues on a default/clean setup from the latest stable release of a supported version will be accepted.
+Only reproducible issues on a default/clean setup from the latest stable release of a supported version will be accepted.
 ## Non-Qualifying Vulnerabilities
@@ -34,6 +36,8 @@ Only reproducable issues on a default/clean setup from the latest stable release
 - Theoretical attacks without proof of exploitability
 - Attacks that are the result of a third party library should be reported to the library maintainers
 - Social engineering
 - Attacks that require disabling security features or reducing the security level of the environment
 - Exploits by an admin user itself (privileged user and implicitly trusted)
 - Reflected file download
 - Physical attacks
 - Weak SSL/TLS/SSH algorithms or protocols
@@ -44,4 +48,4 @@ Only reproducable issues on a default/clean setup from the latest stable release
 ## Reporting a Vulnerability
-If you think you have found a vulnerability in froxlor, please head over to [https://huntr.dev/repos/froxlor/froxlor](https://huntr.dev/repos/froxlor/froxlor) and use the reporting possibilities there as we are funding the prize-pot for froxlor on this platform. Also, please give us appropriate time to fix the issue and build update-packages before publishing anything into the wild. Alternatively you can send us an email to [team@froxlor.org](team@froxlor.org).
+If you think you have found a vulnerability in froxlor, please head over to [https://github.com/Froxlor/Froxlor/security/advisories](https://github.com/Froxlor/Froxlor/security/advisories/new) and use the reporting possibilities there. Also, please give us appropriate time to fix the issue and build update-packages before publishing anything into the wild. Alternatively you can email us to [team@froxlor.org](team@froxlor.org).
--- a/actions/admin/settings/100.panel.php
+++ b/actions/admin/settings/100.panel.php
@@ -265,7 +265,7 @@ return [
 						'extras.directoryprotection' => lng('menue.extras.extras') . " / " . lng('menue.extras.directoryprotection'),
 						'extras.pathoptions' => lng('menue.extras.extras') . " / " . lng('menue.extras.pathoptions'),
 						'extras.logger' => lng('menue.extras.extras') . " / " . lng('menue.logger.logger'),
-						'extras.backup' => lng('menue.extras.extras') . " / " . lng('menue.extras.backup'),
+						'extras.export' => lng('menue.extras.extras') . " / " . lng('menue.extras.export'),
 						'traffic' => lng('menue.traffic.traffic'),
 						'traffic.http' => lng('menue.traffic.traffic') . " / HTTP",
 						'traffic.ftp' => lng('menue.traffic.traffic') . " / FTP",
@@ -337,7 +337,15 @@ return [
 					'image_name' => 'logo_login',
 					'default' => '',
 					'save_method' => 'storeSettingImage'
-				]
+				],
 				'panel_menu_collapsed' => [
 					'label' => lng('serversettings.panel_menu_collapsed'),
 					'settinggroup' => 'panel',
 					'varname' => 'menu_collapsed',
 					'type' => 'checkbox',
 					'default' => true,
 					'save_method' => 'storeSettingField',
 				],
 			]
 		]
 	]
--- a/actions/admin/settings/110.accounts.php
+++ b/actions/admin/settings/110.accounts.php
@@ -35,6 +35,7 @@ return [
 					'varname' => 'sessiontimeout',
 					'type' => 'number',
 					'min' => 60,
 					'max' => 31536000,
 					'default' => 600,
 					'save_method' => 'storeSettingField'
 				],
@@ -138,6 +139,26 @@ return [
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
 				],
 				'system_req_limit_per_interval' => [
 					'label' => lng('serversettings.req_limit_per_interval'),
 					'settinggroup' => 'system',
 					'varname' => 'req_limit_per_interval',
 					'type' => 'number',
 					'min' => 30,
 					'default' => 60,
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
 				],
 				'system_req_limit_interval' => [
 					'label' => lng('serversettings.req_limit_interval'),
 					'settinggroup' => 'system',
 					'varname' => 'req_limit_interval',
 					'type' => 'number',
 					'min' => 5,
 					'default' => 60,
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
 				],
 				'customer_accountprefix' => [
 					'label' => lng('serversettings.accountprefix'),
 					'settinggroup' => 'customer',
@@ -210,13 +231,13 @@ return [
 						'onlyif' => 1
 					]
 				],
-				'system_backupenabled' => [
+				'system_exportenabled' => [
-					'label' => lng('serversettings.backupenabled'),
+					'label' => lng('serversettings.exportenabled'),
 					'settinggroup' => 'system',
-					'varname' => 'backupenabled',
+					'varname' => 'exportenabled',
 					'type' => 'checkbox',
 					'default' => false,
-					'cronmodule' => 'froxlor/backup',
+					'cronmodule' => 'froxlor/export',
 					'save_method' => 'storeSettingField'
 				],
 				'system_createstdsubdom_default' => [
--- a/actions/admin/settings/120.system.php
+++ b/actions/admin/settings/120.system.php
@@ -107,7 +107,8 @@ return [
 					'varname' => 'enabled',
 					'type' => 'checkbox',
 					'default' => false,
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'api_customer_default' => [
 					'label' => lng('serversettings.api_customer_default'),
@@ -129,7 +130,8 @@ return [
 					'default' => 'stable',
 					'select_var' => [
 						'stable' => lng('serversettings.uc_stable'),
-						'testing' => lng('serversettings.uc_testing')
+						'testing' => lng('serversettings.uc_testing'),
 						'nightly' => lng('serversettings.uc_nightly')
 					],
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
@@ -170,16 +172,6 @@ return [
 					'default' => false,
 					'save_method' => 'storeSettingField'
 				],
 				'system_index_file_extension' => [
 					'label' => lng('serversettings.index_file_extension'),
 					'settinggroup' => 'system',
 					'varname' => 'index_file_extension',
 					'type' => 'text',
 					'string_regexp' => '/^[a-zA-Z0-9]{1,6}$/',
 					'default' => 'html',
 					'save_method' => 'storeSettingField',
 					'advanced_mode' => true
 				],
 				'system_store_index_file_subs' => [
 					'label' => lng('serversettings.system_store_index_file_subs'),
 					'settinggroup' => 'system',
--- a/actions/admin/settings/125.cronjob.php
+++ b/actions/admin/settings/125.cronjob.php
@@ -46,7 +46,8 @@ return [
 					'type' => 'text',
 					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/usr/bin/nice -n 5 /usr/bin/php -q',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_crondreload' => [
 					'label' => lng('serversettings.system_crondreload'),
@@ -55,7 +56,8 @@ return [
 					'type' => 'text',
 					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/cron reload',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_cron_allowautoupdate' => [
 					'label' => lng('serversettings.system_cron_allowautoupdate'),
@@ -63,7 +65,8 @@ return [
 					'varname' => 'cron_allowautoupdate',
 					'type' => 'checkbox',
 					'default' => false,
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				]
 			]
 		]
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -181,7 +181,8 @@ return [
 					'label' => lng('serversettings.logfiles_format'),
 					'settinggroup' => 'system',
 					'varname' => 'logfiles_format',
-					'type' => 'text',
+					'type' => (strpos(Settings::Get('system.logfiles_format'), '"') !== false ? 'textarea' : 'text'),
 					'string_regexp' => '/^[^\0\r\n<>]*$/i',
 					'default' => '',
 					'string_emptyallowed' => true,
 					'save_method' => 'storeSettingField',
@@ -307,7 +308,8 @@ return [
 					'type' => 'text',
 					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/apache2 reload',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_phpreload_command' => [
 					'label' => lng('serversettings.phpreload_command'),
@@ -319,7 +321,8 @@ return [
 					'save_method' => 'storeSettingField',
 					'websrv_avail' => [
 						'nginx'
-					]
+					],
 					'required_otp' => true
 				],
 				'system_nginx_php_backend' => [
 					'label' => lng('serversettings.nginx_php_backend'),
--- a/actions/admin/settings/131.ssl.php
+++ b/actions/admin/settings/131.ssl.php
@@ -157,7 +157,8 @@ return [
 					'string_type' => 'file',
 					'default' => '/root/.acme.sh/acme.sh',
 					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				],
 				'system_letsencryptacmeconf' => [
 					'label' => lng('serversettings.letsencryptacmeconf'),
@@ -247,7 +248,7 @@ return [
 					'settinggroup' => 'system',
 					'varname' => 'le_domain_dnscheck_resolver',
 					'type' => 'text',
-					'string_regexp' => '/^(([0-9]+ [a-z0-9\-\._]+, ?)*[0-9]+ [a-z0-9\-\._]+)?$/i',
+					'string_type' => 'validate_ip',
 					'string_emptyallowed' => true,
 					'default' => '',
 					'save_method' => 'storeSettingField'
--- a/actions/admin/settings/136.phpfpm.php
+++ b/actions/admin/settings/136.phpfpm.php
@@ -126,7 +126,8 @@ return [
 					'type' => 'textarea',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				],
 				'phpfpm_ini_values' => [
 					'label' => lng('phpfpm.ini_values'),
@@ -135,7 +136,8 @@ return [
 					'type' => 'textarea',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				],
 				'phpfpm_ini_admin_flags' => [
 					'label' => lng('phpfpm.ini_admin_flags'),
@@ -144,7 +146,8 @@ return [
 					'type' => 'textarea',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				],
 				'phpfpm_ini_admin_values' => [
 					'label' => lng('phpfpm.ini_admin_values'),
@@ -153,7 +156,8 @@ return [
 					'type' => 'textarea',
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				]
 			]
 		]
--- a/actions/admin/settings/160.nameserver.php
+++ b/actions/admin/settings/160.nameserver.php
@@ -80,7 +80,8 @@ return [
 					'type' => 'text',
 					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/bind9 reload',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_nameservers' => [
 					'label' => lng('serversettings.nameservers'),
@@ -111,7 +112,8 @@ return [
 					'string_delimiter' => ',',
 					'string_emptyallowed' => true,
 					'default' => '',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_powerdns_mode' => [
 					'label' => lng('serversettings.powerdns_mode'),
--- a/actions/admin/settings/180.dkim.php
+++ b/actions/admin/settings/180.dkim.php
@@ -137,7 +137,8 @@ return [
 					'type' => 'text',
 					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/dkim-filter restart',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				]
 			]
 		]
--- a/actions/admin/settings/185.spf.php
+++ b/actions/admin/settings/185.spf.php
@@ -43,7 +43,8 @@ return [
 					'settinggroup' => 'spf',
 					'varname' => 'spf_entry',
 					'type' => 'text',
-					'default' => '"v=spf1 a mx -all"',
+					'string_regexp' => '/^v=spf[a-z0-9:~?\s.-]+$/i',
 					'default' => 'v=spf1 a mx -all',
 					'save_method' => 'storeSettingField'
 				]
 			]
--- a/actions/admin/settings/210.security.php
+++ b/actions/admin/settings/210.security.php
@@ -37,7 +37,8 @@ return [
 					'varname' => 'unix_names',
 					'type' => 'checkbox',
 					'default' => true,
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_mailpwcleartext' => [
 					'label' => lng('serversettings.mailpwcleartext'),
@@ -46,7 +47,8 @@ return [
 					'type' => 'checkbox',
 					'default' => false,
 					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				],
 				'system_passwordcryptfunc' => [
 					'label' => lng('serversettings.passwordcryptfunc'),
@@ -59,7 +61,8 @@ return [
 						'getAvailablePasswordHashes'
 					],
 					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				],
 				'system_allow_error_report_admin' => [
 					'label' => lng('serversettings.allow_error_report_admin'),
@@ -67,7 +70,8 @@ return [
 					'varname' => 'allow_error_report_admin',
 					'type' => 'checkbox',
 					'default' => false,
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_allow_error_report_customer' => [
 					'label' => lng('serversettings.allow_error_report_customer'),
@@ -75,7 +79,8 @@ return [
 					'varname' => 'allow_error_report_customer',
 					'type' => 'checkbox',
 					'default' => false,
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_allow_customer_shell' => [
 					'label' => lng('serversettings.allow_allow_customer_shell'),
@@ -84,7 +89,8 @@ return [
 					'type' => 'checkbox',
 					'default' => false,
 					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				],
 				'system_available_shells' => [
 					'label' => lng('serversettings.available_shells'),
@@ -94,7 +100,8 @@ return [
 					'string_emptyallowed' => true,
 					'default' => '',
 					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				],
 				'system_froxlorusergroup' => [
 					'label' => lng('serversettings.froxlorusergroup'),
@@ -108,7 +115,8 @@ return [
 						'checkLocalGroup'
 					],
 					'visible' => Settings::Get('system.nssextrausers'),
-					'advanced_mode' => true
+					'advanced_mode' => true,
 					'required_otp' => true
 				],
 			]
 		]
--- a/actions/admin/settings/220.quota.php
+++ b/actions/admin/settings/220.quota.php
@@ -44,24 +44,30 @@ return [
 					'settinggroup' => 'system',
 					'varname' => 'diskquota_repquota_path',
 					'type' => 'text',
 					'string_type' => 'file',
 					'default' => '/usr/sbin/repquota',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_diskquota_quotatool_path' => [
 					'label' => lng('serversettings.diskquota_quotatool_path.description'),
 					'settinggroup' => 'system',
 					'varname' => 'diskquota_quotatool_path',
 					'type' => 'text',
 					'string_type' => 'file',
 					'default' => '/usr/bin/quotatool',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				],
 				'system_diskquota_customer_partition' => [
 					'label' => lng('serversettings.diskquota_customer_partition.description'),
 					'settinggroup' => 'system',
 					'varname' => 'diskquota_customer_partition',
 					'type' => 'text',
 					'string_type' => 'file',
 					'default' => '/dev/root',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
 					'required_otp' => true
 				]
 			]
 		]
--- a/admin_admins.php
+++ b/admin_admins.php
@@ -77,6 +77,7 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
 			$result['switched_user'] = CurrentUser::getData();
 			$result['adminsession'] = 1;
 			$result['userid'] = $result['adminid'];
 			session_regenerate_id(true);
 			CurrentUser::setData($result);
 			$log->logAction(
--- a/admin_apcuinfo.php
+++ b/admin_apcuinfo.php
@@ -62,7 +62,7 @@ if ($action == 'delete' && function_exists('apcu_clear_cache') && $userinfo['cha
 }
 if (!function_exists('apcu_cache_info') || !function_exists('apcu_sma_info')) {
-	Response::standardError(lng('error.no_apcuinfo'));
+	Response::standardError('no_apcuinfo');
 }
 if ($page == 'showinfo' && $userinfo['change_serversettings'] == '1') {
--- a/admin_autoupdate.php
+++ b/admin_autoupdate.php
@@ -28,7 +28,7 @@ require __DIR__ . '/lib/init.php';
 use Froxlor\Froxlor;
 use Froxlor\FroxlorLogger;
-use Froxlor\Http\HttpClient;
+use Froxlor\FileDir;
 use Froxlor\Install\AutoUpdate;
 use Froxlor\Settings;
 use Froxlor\UI\Panel\UI;
@@ -132,7 +132,7 @@ elseif ($page == 'getdownload') {
 elseif ($page == 'extract') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$toExtract = isset($_POST['archive']) ? $_POST['archive'] : null;
-		$localArchive = Froxlor::getInstallDir() . '/updates/' . $toExtract;
+		$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . Froxlor::getInstallDir());
 		$result = AutoUpdate::extractZip($localArchive);
 		if ($result > 0) {
@@ -146,7 +146,7 @@ elseif ($page == 'extract') {
 		Response::redirectTo('admin_updates.php');
 	} else {
 		$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
-		$localArchive = Froxlor::getInstallDir() . '/updates/' . $toExtract;
+		$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
 	}
 	if (!file_exists($localArchive)) {
--- a/admin_configfiles.php
+++ b/admin_configfiles.php
@@ -33,6 +33,7 @@ use Froxlor\Settings;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\Validate\Validate;
 if ($userinfo['change_serversettings'] == '1') {
 	if ($action == 'setconfigured') {
@@ -59,7 +60,9 @@ if ($userinfo['change_serversettings'] == '1') {
 	if (!empty($distribution)) {
 		if (!file_exists($config_dir . '/' . $distribution . ".xml")) {
-			Response::dynamicError("Unknown distribution");
+			// unknown distribution -> redirect to select a valid distribution for config-templates
 			Settings::Set('system.distribution', '');
 			Response::redirectTo('admin_configfiles.php', ['reselect' => 1]);
 		}
 		// update setting if different
@@ -91,6 +94,7 @@ if ($userinfo['change_serversettings'] == '1') {
 	}
 	if ($distribution != "" && isset($_POST['finish'])) {
 		$valid_keys = ['http', 'dns', 'smtp', 'mail', 'ftp', 'system', 'distro'];
 		unset($_POST['finish']);
 		unset($_POST['csrf_token']);
 		$params = $_POST;
@@ -99,6 +103,20 @@ if ($userinfo['change_serversettings'] == '1') {
 		foreach ($_POST['system'] as $sysdaemon) {
 			$params['system'][] = $sysdaemon;
 		}
 		// validate params
 		foreach ($params as $key => $value) {
 			if (!in_array($key, $valid_keys)) {
 				unset($params[$key]);
 				continue;
 			}
 			if (!is_array($value)) {
 				$params[$key] = Validate::validate($value, $key);
 			} else {
 				foreach ($value as $subkey => $subvalue) {
 					$params[$key][$subkey] = Validate::validate($subvalue, $key.'.'.$subkey);
 				}
 			}
 		}
 		$params_content = json_encode($params);
 		$params_filename = FileDir::makeCorrectFile(Froxlor::getInstallDir() . 'install/' . Froxlor::genSessionId() . '.json');
 		file_put_contents($params_filename, $params_content);
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -93,6 +93,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
 			$result['switched_user'] = CurrentUser::getData();
 			$result['adminsession'] = 0;
 			$result['userid'] = $result['customerid'];
 			session_regenerate_id(true);
 			CurrentUser::setData($result);
 			$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'");
--- a/admin_domains.php
+++ b/admin_domains.php
@@ -30,9 +30,9 @@ use Froxlor\Api\Commands\Customers as Customers;
 use Froxlor\Api\Commands\Domains as Domains;
 use Froxlor\Bulk\DomainBulkAction;
 use Froxlor\Cron\TaskId;
 use Froxlor\CurrentUser;
 use Froxlor\Customer\Customer;
 use Froxlor\Database\Database;
 use Froxlor\Domain\Domain;
 use Froxlor\FileDir;
 use Froxlor\FroxlorLogger;
 use Froxlor\Settings;
@@ -45,7 +45,6 @@ use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\User;
 use Froxlor\Validate\Validate;
 use Froxlor\CurrentUser;
 $id = (int)Request::any('id');
@@ -114,15 +113,11 @@ if ($page == 'domains' || $page == 'overview') {
 			} elseif ($alias_check['count'] > 0) {
 				Response::standardError('domains_cantdeletedomainwithaliases');
 			} else {
-				$showcheck = false;
+				HTML::askYesNo('admin_domain_reallydelete', $filename, [
 				if (Domain::domainHasMainSubDomains($id)) {
 					$showcheck = true;
 				}
 				HTML::askYesNoWithCheckbox('admin_domain_reallydelete', 'remove_subbutmain_domains', $filename, [
 					'id' => $id,
 					'page' => $page,
 					'action' => $action
-				], $idna_convert->decode($result['domain']), $showcheck);
+				], $idna_convert->decode($result['domain']));
 			}
 		}
 	} elseif ($action == 'add') {
@@ -252,21 +247,6 @@ if ($page == 'domains' || $page == 'overview') {
 				$domains[$row_domain['id']] = $idna_convert->decode($row_domain['domain']) . ' (' . $row_domain['loginname'] . ')';
 			}
 			$subtodomains = [
 				0 => lng('domains.nosubtomaindomain')
 			];
 			$result_domains_stmt = Database::prepare("
 					SELECT `d`.`id`, `d`.`domain`, `c`.`loginname` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c`
 					WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid` = 0 AND `d`.`ismainbutsubto` = 0 " . $standardsubdomains . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid") . "
 					AND `d`.`customerid`=`c`.`customerid` ORDER BY `loginname`, `domain` ASC
 				");
 			// params from above still valid
 			Database::pexecute($result_domains_stmt, $params);
 			while ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$subtodomains[$row_domain['id']] = $idna_convert->decode($row_domain['domain']) . ' (' . $row_domain['loginname'] . ')';
 			}
 			$phpconfigs = [];
 			$configs = Database::query("
 					SELECT c.*, fc.description as interpreter
@@ -282,6 +262,12 @@ if ($page == 'domains' || $page == 'overview') {
 				}
 			}
 			$openbasedir = [
 				0 => lng('domain.docroot'),
 				1 => lng('domain.homedir'),
 				2 => lng('domain.docparent')
 			];
 			// create serveralias options
 			$serveraliasoptions = [
 				0 => lng('domains.serveraliasoption_wildcard'),
@@ -463,27 +449,6 @@ if ($page == 'domains' || $page == 'overview') {
 					$domains[$row_domain['id']] = $idna_convert->decode($row_domain['domain']);
 				}
 				$subtodomains = [
 					0 => lng('domains.nosubtomaindomain')
 				];
 				$result_domains_stmt = Database::prepare("
 					SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c`
 					WHERE `d`.`aliasdomain` IS NULL AND `d`.`parentdomainid` = '0' AND `d`.`id` <> :id
 					AND `c`.`standardsubdomain`<>`d`.`id` AND `c`.`customerid`=`d`.`customerid`" . ($userinfo['customers_see_all'] ? '' : " AND `d`.`adminid` = :adminid") . "
 					ORDER BY `d`.`domain` ASC
 				");
 				$params = [
 					'id' => $result['id']
 				];
 				if ($userinfo['customers_see_all'] == '0') {
 					$params['adminid'] = $userinfo['adminid'];
 				}
 				Database::pexecute($result_domains_stmt, $params);
 				while ($row_domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
 					$subtodomains[$row_domain['id']] = $idna_convert->decode($row_domain['domain']);
 				}
 				if ($userinfo['ip'] == "-1") {
 					$result_ipsandports_stmt = Database::query("
 						SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl`='0' ORDER BY `ip`, `port` ASC
@@ -545,6 +510,12 @@ if ($page == 'domains' || $page == 'overview') {
 				$result['temporary_ssl_redirect'] = $result['ssl_redirect'];
 				$result['ssl_redirect'] = ($result['ssl_redirect'] == 0 ? 0 : 1);
 				$openbasedir = [
 					0 => lng('domain.docroot'),
 					1 => lng('domain.homedir'),
 					2 => lng('domain.docparent')
 				];
 				$serveraliasoptions = [
 					0 => lng('domains.serveraliasoption_wildcard'),
 					1 => lng('domains.serveraliasoption_www'),
@@ -664,6 +635,23 @@ if ($page == 'domains' || $page == 'overview') {
 				'alert_msg' => lng('domains.import_description')
 			]);
 		}
 	} elseif ($action == 'duplicate') {
 		if (isset($_POST['send']) && $_POST['send'] == 'send') {
 			try {
 				Domains::getLocal($userinfo, $_POST)->duplicate();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
 			Response::redirectTo($filename, [
 				'page' => $page,
 				'searchfield' => 'd.domain_ace',
 				'searchtext' => Request::post('domain', "")
 			]);
 		} else {
 			Response::redirectTo($filename, [
 				'page' => 'overview'
 			]);
 		}
 	}
 } elseif ($page == 'domainssleditor') {
 	require_once __DIR__ . '/ssl_editor.php';
--- a/admin_index.php
+++ b/admin_index.php
@@ -31,6 +31,7 @@ use Froxlor\Api\Commands\Froxlor as Froxlor;
 use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
 use Froxlor\FroxlorLogger;
 use Froxlor\Language;
 use Froxlor\Settings;
 use Froxlor\System\Cronjob;
 use Froxlor\System\Crypt;
@@ -38,7 +39,6 @@ use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\Validate\Validate;
 use Froxlor\Language;
 $id = (int)Request::any('id');
@@ -53,6 +53,7 @@ if ($action == 'logout') {
 	if (is_array(CurrentUser::getField('switched_user'))) {
 		$result = CurrentUser::getData();
 		$result = $result['switched_user'];
 		session_regenerate_id(true);
 		CurrentUser::setData($result);
 		$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
 		$redirect = "admin_" . $target . ".php";
@@ -196,107 +197,104 @@ if ($page == 'overview') {
 		'outstanding_tasks' => $outstanding_tasks,
 		'cron_last_runs' => $cron_last_runs
 	]);
-} elseif ($page == 'change_password') {
+} elseif ($page == 'profile') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	$languages = Language::getLanguages();
 		$old_password = Validate::validate($_POST['old_password'], 'old password');
-		if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
+	if (!empty($_POST)) {
-			Response::standardError('oldpasswordnotcorrect');
+		if ($_POST['send'] == 'changepassword') {
-		}
+			$old_password = Validate::validate($_POST['old_password'], 'old password');
-		try {
+			if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
-			$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
+				Response::standardError('oldpasswordnotcorrect');
-			$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
+			}
 		} catch (Exception $e) {
 			Response::dynamicError($e->getMessage());
 		}
 		if ($old_password == '') {
 			Response::standardError([
 				'stringisempty',
 				'changepassword.old_password'
 			]);
 		} elseif ($new_password == '') {
 			Response::standardError([
 				'stringisempty',
 				'changepassword.new_password'
 			]);
 		} elseif ($new_password_confirm == '') {
 			Response::standardError([
 				'stringisempty',
 				'changepassword.new_password_confirm'
 			]);
 		} elseif ($new_password != $new_password_confirm) {
 			Response::standardError('newpasswordconfirmerror');
 		} else {
 			try {
-				Admins::getLocal($userinfo, [
+				$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
-					'id' => $userinfo['adminid'],
+				$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
 					'admin_password' => $new_password
 				])->update();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
-			$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'changed password');
+
 			if ($old_password == '') {
 				Response::standardError([
 					'stringisempty',
 					'changepassword.old_password'
 				]);
 			} elseif ($new_password == '') {
 				Response::standardError([
 					'stringisempty',
 					'changepassword.new_password'
 				]);
 			} elseif ($new_password_confirm == '') {
 				Response::standardError([
 					'stringisempty',
 					'changepassword.new_password_confirm'
 				]);
 			} elseif ($new_password != $new_password_confirm) {
 				Response::standardError('newpasswordconfirmerror');
 			} else {
 				try {
 					Admins::getLocal($userinfo, [
 						'id' => $userinfo['adminid'],
 						'admin_password' => $new_password
 					])->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
 				$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'changed password');
 				Response::redirectTo($filename);
 			}
 		} elseif ($_POST['send'] == 'changetheme') {
 			if (Settings::Get('panel.allow_theme_change_admin') == 1) {
 				$theme = Validate::validate($_POST['theme'], 'theme');
 				try {
 					Admins::getLocal($userinfo, [
 						'id' => $userinfo['adminid'],
 						'theme' => $theme
 					])->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
 				$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her theme to '" . $theme . "'");
 			}
 			Response::redirectTo($filename);
 		} elseif ($_POST['send'] == 'changelanguage') {
 			$def_language = Validate::validate($_POST['def_language'], 'default language');
 			if (isset($languages[$def_language])) {
 				try {
 					Admins::getLocal($userinfo, [
 						'id' => $userinfo['adminid'],
 						'def_language' => $def_language
 					])->update();
 					CurrentUser::setField('language', $def_language);
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
 			}
 			$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her default language to '" . $def_language . "'");
 			Response::redirectTo($filename);
 		}
 	} else {
-		UI::view('user/change_password.html.twig');
+		// change theme
-	}
+		$default_theme = Settings::Get('panel.default_theme');
-} elseif ($page == 'change_language') {
+		if ($userinfo['theme'] != '') {
-	$languages = Language::getLanguages();
+			$default_theme = $userinfo['theme'];
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$def_language = Validate::validate($_POST['def_language'], 'default language');
 		if (isset($languages[$def_language])) {
 			try {
 				Admins::getLocal($userinfo, [
 					'id' => $userinfo['adminid'],
 					'def_language' => $def_language
 				])->update();
 				CurrentUser::setField('language', $def_language);
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
 		}
-		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her default language to '" . $def_language . "'");
+		$themes_avail = UI::getThemes();
-		Response::redirectTo($filename);
+
-	} else {
+		// change language
 		$default_lang = Settings::Get('panel.standardlanguage');
 		if ($userinfo['def_language'] != '') {
 			$default_lang = $userinfo['def_language'];
 		}
-		UI::view('user/change_language.html.twig', [
+		UI::view('user/profile.html.twig', [
 			'languages' => $languages,
 			'default_lang' => $default_lang
 		]);
 	}
 } elseif ($page == 'change_theme') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$theme = Validate::validate($_POST['theme'], 'theme');
 		try {
 			Admins::getLocal($userinfo, [
 				'id' => $userinfo['adminid'],
 				'theme' => $theme
 			])->update();
 		} catch (Exception $e) {
 			Response::dynamicError($e->getMessage());
 		}
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her theme to '" . $theme . "'");
 		Response::redirectTo($filename);
 	} else {
 		$default_theme = Settings::Get('panel.default_theme');
 		if ($userinfo['theme'] != '') {
 			$default_theme = $userinfo['theme'];
 		}
 		$themes_avail = UI::getThemes();
 		UI::view('user/change_theme.html.twig', [
 			'themes' => $themes_avail,
-			'default_theme' => $default_theme
+			'default_theme' => $default_theme,
 			'languages' => $languages,
 			'default_lang' => $default_lang,
 		]);
 	}
 } elseif ($page == 'send_error_report' && Settings::Get('system.allow_error_report_admin') == '1') {
--- a/admin_ipsandports.php
+++ b/admin_ipsandports.php
@@ -142,8 +142,10 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
 		}
 	} elseif ($action == 'jqCheckIP') {
 		$ip = $_POST['ip'] ?? "";
-		if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE) == false) {
+		if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {
-			// returns notice if private network detected so we can display it
+			echo json_encode('<div id="ipnote" class="invalid-feedback">'.lng('error.invalidip', [$ip]).'</div>');
 		} elseif (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
 			// returns notice if private network detected, so we can display it
 			echo json_encode(lng('admin.ipsandports.ipnote'));
 		} else {
 			echo 0;
--- a/admin_opcacheinfo.php
+++ b/admin_opcacheinfo.php
@@ -33,9 +33,9 @@ const AREA = 'admin';
 require __DIR__ . '/lib/init.php';
 use Froxlor\FroxlorLogger;
 use Froxlor\UI\HTML;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Response;
 use Froxlor\UI\HTML;
 if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {
 	if ($_POST['send'] == 'send') {
@@ -57,252 +57,30 @@ if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_
 	}
 }
-if (!function_exists('opcache_get_configuration')) {
+if (!extension_loaded('Zend OPcache')) {
-	Response::standardError(lng('error.no_opcacheinfo'));
+	Response::standardError('no_opcacheinfo');
 }
 $ocEnabled = ini_get('opcache.enable');
 if (empty($ocEnabled)) {
 	Response::standardError('inactive_opcacheinfo');
 }
 if ($page == 'showinfo' && $userinfo['change_serversettings'] == '1') {
 	$time = time();
 	$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "viewed OPcache info");
-	$optimizationLevels = [
+	$opcache = (new \Amnuts\Opcache\Service())->getData();
 		1 << 0 => 'CSE, STRING construction',
 		1 << 1 => 'Constant conversion and jumps',
 		1 << 2 => '++, +=, series of jumps',
 		1 << 3 => 'INIT_FCALL_BY_NAME -> DO_FCALL',
 		1 << 4 => 'CFG based optimization',
 		1 << 5 => 'DFA based optimization',
 		1 << 6 => 'CALL GRAPH optimization',
 		1 << 7 => 'SCCP (constant propagation)',
 		1 << 8 => 'TMP VAR usage',
 		1 << 9 => 'NOP removal',
 		1 << 10 => 'Merge equal constants',
 		1 << 11 => 'Adjust used stack',
 		1 << 12 => 'Remove unused variables',
 		1 << 13 => 'DCE (dead code elimination)',
 		1 << 14 => '(unsafe) Collect constants',
 		1 << 15 => 'Inline functions'
 	];
 	$jitModes = [
 		[
 			'flag' => 'CPU-specific optimization',
 			'value' => [
 				'Disable CPU-specific optimization',
 				'Enable use of AVX, if the CPU supports it'
 			]
 		],
 		[
 			'flag' => 'Register allocation',
 			'value' => [
 				'Do not perform register allocation',
 				'Perform block-local register allocation',
 				'Perform global register allocation'
 			]
 		],
 		[
 			'flag' => 'Trigger',
 			'value' => [
 				'Compile all functions on script load',
 				'Compile functions on first execution',
 				'Profile functions on first request and compile the hottest functions afterwards',
 				'Profile on the fly and compile hot functions',
 				'Currently unused',
 				'Use tracing JIT. Profile on the fly and compile traces for hot code segments'
 			]
 		],
 		[
 			'flag' => 'Optimization level',
 			'value' => [
 				'No JIT',
 				'Minimal JIT (call standard VM handlers)',
 				'Inline VM handlers',
 				'Use type inference',
 				'Use call graph',
 				'Optimize whole script'
 			]
 		]
 	];
 	$jitModeMapping = [
 		'tracing' => 1254,
 		'on' => 1254,
 		'function' => 1205
 	];
 	$status = opcache_get_status(false);
 	$config = opcache_get_configuration();
 	$missingConfig = array_diff_key(ini_get_all('zend opcache', false), $config['directives']);
 	if (!empty($missingConfig)) {
 		$config['directives'] = array_merge($config['directives'], $missingConfig);
 	}
 	$files = [];
 	if (!empty($status['scripts'])) {
 		uasort($status['scripts'], static function ($a, $b) {
 			return $a['hits'] <=> $b['hits'];
 		});
 		foreach ($status['scripts'] as &$file) {
 			$file['full_path'] = str_replace('\\', '/', $file['full_path']);
 			$file['readable'] = [
 				'hits' => number_format($file['hits']),
 				'memory_consumption' => bsize($file['memory_consumption'])
 			];
 		}
 		$files = array_values($status['scripts']);
 	}
 	if ($config['directives']['opcache.file_cache_only'] || !empty($status['file_cache_only'])) {
 		$overview = false;
 	} else {
 		$status['opcache_statistics']['start_time'] = $status['opcache_statistics']['start_time'] ?? time();
 		$status['opcache_statistics']['last_restart_time'] = $status['opcache_statistics']['last_restart_time'] ?? time();
 		$overview = array_merge(
 			$status['memory_usage'],
 			$status['opcache_statistics'],
 			[
 				'total_memory' => $config['directives']['opcache.memory_consumption'],
 				'used_memory_percentage' => round(100 * (
 						($status['memory_usage']['used_memory'] + $status['memory_usage']['wasted_memory'])
 						/ $config['directives']['opcache.memory_consumption']
 					)),
 				'hit_rate_percentage' => round($status['opcache_statistics']['opcache_hit_rate']),
 				'used_key_percentage' => round(100 * ($status['opcache_statistics']['num_cached_keys']
 						/ $status['opcache_statistics']['max_cached_keys']
 					)),
 				'wasted_percentage' => round($status['memory_usage']['current_wasted_percentage'], 2),
 				'readable' => [
 					'total_memory' => bsize($config['directives']['opcache.memory_consumption']),
 					'used_memory' => bsize($status['memory_usage']['used_memory']),
 					'free_memory' => bsize($status['memory_usage']['free_memory']),
 					'wasted_memory' => bsize($status['memory_usage']['wasted_memory']),
 					'num_cached_scripts' => number_format($status['opcache_statistics']['num_cached_scripts']),
 					'hits' => number_format($status['opcache_statistics']['hits']),
 					'misses' => number_format($status['opcache_statistics']['misses']),
 					'blacklist_miss' => number_format($status['opcache_statistics']['blacklist_misses']),
 					'num_cached_keys' => number_format($status['opcache_statistics']['num_cached_keys']),
 					'max_cached_keys' => number_format($status['opcache_statistics']['max_cached_keys']),
 					'interned' => null,
 					'start_time' => (new DateTimeImmutable("@{$status['opcache_statistics']['start_time']}"))
 						->setTimezone(new DateTimeZone(date_default_timezone_get()))
 						->format('Y-m-d H:i:s'),
 					'last_restart_time' => ($status['opcache_statistics']['last_restart_time'] == 0
 						? 'never'
 						: (new DateTimeImmutable("@{$status['opcache_statistics']['last_restart_time']}"))
 							->setTimezone(new DateTimeZone(date_default_timezone_get()))
 							->format('Y-m-d H:i:s')
 					)
 				]
 			]
 		);
 	}
 	$preload = [];
 	if (!empty($status['preload_statistics']['scripts'])) {
 		$preload = $status['preload_statistics']['scripts'];
 		sort($preload, SORT_STRING);
 		if ($overview) {
 			$overview['preload_memory'] = $status['preload_statistics']['memory_consumption'];
 			$overview['readable']['preload_memory'] = bsize($status['preload_statistics']['memory_consumption']);
 		}
 	}
 	if (!empty($status['interned_strings_usage'])) {
 		$overview['readable']['interned'] = [
 			'buffer_size' => bsize($status['interned_strings_usage']['buffer_size']),
 			'strings_used_memory' => bsize($status['interned_strings_usage']['used_memory']),
 			'strings_free_memory' => bsize($status['interned_strings_usage']['free_memory']),
 			'number_of_strings' => number_format($status['interned_strings_usage']['number_of_strings'])
 		];
 	}
 	if ($overview && !empty($status['jit'])) {
 		$overview['jit_buffer_used_percentage'] = ($status['jit']['buffer_size']
 			? round(100 * (($status['jit']['buffer_size'] - $status['jit']['buffer_free']) / $status['jit']['buffer_size']))
 			: 0
 		);
 		$overview['readable'] = array_merge($overview['readable'], [
 			'jit_buffer_size' => bsize($status['jit']['buffer_size']),
 			'jit_buffer_free' => bsize($status['jit']['buffer_free'])
 		]);
 	}
 	$directives = [];
 	ksort($config['directives']);
 	foreach ($config['directives'] as $k => $v) {
 		if (in_array($k, ['opcache.max_file_size', 'opcache.memory_consumption', 'opcache.jit_buffer_size']) && $v) {
 			$v = bsize($v) . " ({$v})";
 		} elseif ($k === 'opcache.optimization_level') {
 			$levels = [];
 			foreach ($optimizationLevels as $level => $info) {
 				if ($level & $v) {
 					$levels[] = "{$info} [{$level}]";
 				}
 			}
 			$v = $levels ?: 'none';
 		} elseif ($k === 'opcache.jit') {
 			if ($v === '1') {
 				$v = 'on';
 			}
 			if (isset($jitModeMapping[$v]) || is_numeric($v)) {
 				$levels = [];
 				foreach (str_split((string)($jitModeMapping[$v] ?? $v)) as $type => $level) {
 					$levels[] = "{$level}: {$jitModes[$type]['value'][$level]} ({$jitModes[$type]['flag']})";
 				}
 				$v = [$v, $levels];
 			} elseif (empty($v) || strtolower($v) === 'off') {
 				$v = 'Off';
 			}
 		}
 		$directives[] = [
 			'k' => $k,
 			'v' => $v
 		];
 	}
 	$version = array_merge(
 		$config['version'],
 		[
 			'php' => phpversion(),
 			'server' => $_SERVER['SERVER_SOFTWARE'] ?: '',
 			'host' => (function_exists('gethostname')
 				? gethostname()
 				: (php_uname('n')
 					?: (empty($_SERVER['SERVER_NAME'])
 						? $_SERVER['HOST_NAME']
 						: $_SERVER['SERVER_NAME']
 					)
 				)
 			)
 		]
 	);
 	UI::view('settings/opcacheinfo.html.twig', [
 		'opcacheinfo' => [
-			'version' => $version,
+			'version' => $opcache['version'],
-			'overview' => $overview,
+			'overview' => $opcache['overview'],
-			'files' => $files,
+			'files' => $opcache['files'],
-			'preload' => $preload,
+			'preload' => $opcache['preload'],
-			'directives' => $directives,
+			'directives' => $opcache['directives'],
-			'blacklist' => $config['blacklist'],
+			'blacklist' => $opcache['blacklist'],
-			'functions' => get_extension_funcs('Zend OPcache')
+			'functions' => $opcache['functions'],
 		]
 	]);
 }
 function bsize($size)
 {
 	$i = 0;
 	$val = ['b', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
 	while (($size / 1024) > 1) {
 		$size /= 1024;
 		++$i;
 	}
 	return sprintf(
 		'%.2f%s%s',
 		$size,
 		'',
 		$val[$i]
 	);
 }
--- a/admin_settings.php
+++ b/admin_settings.php
@@ -70,14 +70,15 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		// check if the session timeout is too low #815
 		if (isset($_POST['session_sessiontimeout']) && $_POST['session_sessiontimeout'] < 60) {
-			Response::standardError(lng('error.session_timeout'), lng('error.session_timeout_desc'));
+			Response::standardError(['session_timeout', 'session_timeout_desc']);
 		}
 		try {
 			if (Form::processForm($settings_data, $_POST, [
 				'filename' => $filename,
 				'action' => $action,
-				'page' => $page
+				'page' => $page,
 				'part' => $_part,
 			], $_part, $settings_all, $settings_part, $only_enabledisable)) {
 				$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "rebuild configfiles due to changed setting");
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
@@ -132,7 +133,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 			}
 		}
 	} else {
-		Response::standardError(lng('error.no_phpinfo'));
+		Response::standardError('error.no_phpinfo');
 	}
 	UI::view('settings/phpinfo.html.twig', [
 		'phpversion' => PHP_VERSION,
--- a/admin_templates.php
+++ b/admin_templates.php
@@ -60,7 +60,8 @@ if (Settings::Get('panel.sendalternativemail') == 1) {
 }
 $file_templates = [
-	'index_html'
+	'index_html',
 	'unconfigured_html'
 ];
 $languages = Language::getLanguages();
--- a/bin/froxlor-cli
+++ b/bin/froxlor-cli
@@ -24,19 +24,8 @@
 * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
 */
 declare(strict_types=1);
 use Symfony\Component\Console\Application;
 use Froxlor\Cli\RunApiCommand;
 use Froxlor\Cli\ConfigServices;
 use Froxlor\Cli\PhpSessionclean;
 use Froxlor\Cli\SwitchServerIp;
 use Froxlor\Cli\UpdateCommand;
 use Froxlor\Cli\InstallCommand;
 use Froxlor\Cli\MasterCron;
 use Froxlor\Cli\UserCommand;
 use Froxlor\Cli\ValidateAcmeWebroot;
 use Froxlor\Froxlor;
 use Symfony\Component\Console\Application;
 // validate correct php version
 if (version_compare("7.4.0", PHP_VERSION, ">=")) {
@@ -52,13 +41,31 @@ require dirname(__DIR__) . '/vendor/autoload.php';
 require dirname(__DIR__) . '/lib/tables.inc.php';
 $application = new Application('froxlor-cli', Froxlor::getFullVersion());
-$application->add(new RunApiCommand());
+
-$application->add(new ConfigServices());
+// files that are no commands
-$application->add(new PhpSessionclean());
+$fileIgnoreList = [
-$application->add(new SwitchServerIp());
+	// Current non-command files
-$application->add(new UpdateCommand());
+	'CliCommand.php',
-$application->add(new InstallCommand());
+	'index.html',
-$application->add(new MasterCron());
+	'install.functions.php',
-$application->add(new UserCommand());
+];
-$application->add(new ValidateAcmeWebroot());
+// directory of commands to include
 $cmd_files = glob(Froxlor::getInstallDir() . '/lib/Froxlor/Cli/*.php');
 // include and add commands
 foreach ($cmd_files as $cmdFile) {
 	// check ignore-list
 	if (!in_array(basename($cmdFile), $fileIgnoreList)) {
 		// include class-file
 		require $cmdFile;
 		// create class-name including namespace
 		$cmdClass = "\\Froxlor\\Cli\\" . substr(basename($cmdFile), 0, -4);
 		// check whether it exists
 		if (class_exists($cmdClass) && is_subclass_of($cmdClass, '\Symfony\Component\Console\Command\Command')) {
 			// add to cli application
 			$application->add(new $cmdClass());
 		}
 	}
 }
 $application->run();
--- a/composer.json
+++ b/composer.json
@@ -46,16 +46,18 @@
 		"ext-fileinfo": "*",
 		"ext-gmp": "*",
 		"ext-gd": "*",
 		"ext-gnupg": "*",
 		"phpmailer/phpmailer": "~6.0",
 		"monolog/monolog": "^1.24",
 		"robthree/twofactorauth": "^1.6",
 		"froxlor/idna-convert-legacy": "^2.1",
 		"voku/anti-xss": "^4.1",
 		"twig/twig": "^3.3",
 		"erusev/parsedown": "^1.7",
 		"symfony/console": "^5.4",
-		"pear/net_dns2": "^1.5"
+		"pear/net_dns2": "^1.5",
-    },
+		"amnuts/opcache-gui": "^3.4",
 		"league/commonmark": "^2.4"
 	},
 	"require-dev": {
 		"phpunit/phpunit": "^9",
 		"ext-pcntl": "*",
--- a/composer.lock
+++ b/composer.lock
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -27,6 +27,7 @@ const AREA = 'customer';
 require __DIR__ . '/lib/init.php';
 use Froxlor\Api\Commands\SubDomains as SubDomains;
 use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
 use Froxlor\Domain\Domain;
 use Froxlor\FileDir;
@@ -40,7 +41,6 @@ use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\Validate\Validate;
 use Froxlor\CurrentUser;
 // redirect if this customer page is hidden via settings
 if (Settings::IsInList('panel.customer_hide_options', 'domains')) {
@@ -51,7 +51,7 @@ $id = (int)Request::any('id');
 if ($page == 'overview' || $page == 'domains') {
 	if ($action == '') {
-		$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_domains::domains");
+		$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "viewed customer_domains::domains");
 		$parentdomain_id = (int)Request::any('pid', '0');
@@ -63,20 +63,32 @@ if ($page == 'overview' || $page == 'domains') {
 			Response::dynamicError($e->getMessage());
 		}
-		$actions_links = false;
+		$actions_links = [];
 		if (CurrentUser::canAddResource('subdomains')) {
-			$actions_links = [
+			$actions_links[] = [
-				[
+				'href' => $linker->getLink(['section' => 'domains', 'page' => 'domains', 'action' => 'add']),
-					'href' => $linker->getLink(['section' => 'domains', 'page' => 'domains', 'action' => 'add']),
+				'label' => lng('domains.subdomain_add')
 					'label' => lng('domains.subdomain_add')
 				]
 			];
 		}
-		UI::view('user/table.html.twig', [
+		$actions_links[] = [
 			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/domains/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
 		];
 		$table_tpl = 'table.html.twig';
 		if ($collection->count() == 0) {
 			$table_tpl = 'table-note.html.twig';
 		}
 		UI::view('user/' . $table_tpl, [
 			'listing' => Listing::format($collection, $domain_list_data, 'domain_list'),
 			'actions_links' => $actions_links,
-			'entity_info' => lng('domains.description')
+			'entity_info' => lng('domains.description'),
 			// alert-box
 			'type' => 'warning',
 			'alert_msg' => lng('domains.nodomainsassignedbyadmin')
 		]);
 	} elseif ($action == 'delete' && $id != 0) {
 		try {
@@ -130,6 +142,7 @@ if ($page == 'overview' || $page == 'domains') {
 					AND `parentdomainid` = '0'
 					AND `email_only` = '0'
 					AND `caneditdomain` = '1'
 					AND `deactivated` = '0'
 					ORDER BY `domain` ASC");
 				Database::pexecute($stmt, [
 					"customerid" => $userinfo['customerid']
@@ -139,6 +152,14 @@ if ($page == 'overview' || $page == 'domains') {
 					$domains[$row['domain']] = $idna_convert->decode($row['domain']);
 				}
 				// check of there are any domains to be used
 				if (count($domains) <= 0) {
 					// no, possible direct URL access, redirect to overview
 					Response::redirectTo($filename, [
 						'page' => $page
 					]);
 				}
 				$aliasdomains[0] = lng('domains.noaliasdomain');
 				$domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d`, `" . TABLE_PANEL_CUSTOMERS . "` `c`
 					WHERE `d`.`aliasdomain` IS NULL
@@ -223,7 +244,7 @@ if ($page == 'overview' || $page == 'domains') {
 		if (isset($result['customerid']) && $result['customerid'] == $userinfo['customerid']) {
-			if ((int) $result['caneditdomain'] == 0) {
+			if ((int)$result['caneditdomain'] == 0) {
 				Response::standardError('domaincannotbeedited', $result['domain']);
 			}
@@ -373,6 +394,23 @@ if ($page == 'overview' || $page == 'domains') {
 		} else {
 			Response::standardError('domains_canteditdomain');
 		}
 	} elseif ($action == 'jqSpeciallogfileNote') {
 		$domainid = intval($_POST['id']);
 		$newval = intval($_POST['newval']);
 		try {
 			$json_result = SubDomains::getLocal($userinfo, [
 				'id' => $domainid
 			])->get();
 		} catch (Exception $e) {
 			Response::dynamicError($e->getMessage());
 		}
 		$result = json_decode($json_result, true)['data'];
 		if ($newval != $result['speciallogfile']) {
 			echo json_encode(['changed' => true, 'info' => lng('admin.speciallogwarning')]);
 			exit();
 		}
 		echo 0;
 		exit();
 	}
 } elseif ($page == 'domainssleditor') {
 	require_once __DIR__ . '/ssl_editor.php';
--- a/customer_email.php
+++ b/customer_email.php
@@ -27,9 +27,10 @@ const AREA = 'customer';
 require __DIR__ . '/lib/init.php';
 use Froxlor\Api\Commands\EmailAccounts;
 use Froxlor\Api\Commands\EmailDomains;
 use Froxlor\Api\Commands\EmailForwarders;
 use Froxlor\Api\Commands\Emails;
-use Froxlor\Api\Commands\EmailDomains;
+use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
 use Froxlor\FroxlorLogger;
 use Froxlor\PhpHelper;
@@ -41,7 +42,6 @@ use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\Validate\Check;
 use Froxlor\CurrentUser;
 // redirect if this customer page is hidden via settings
 if (Settings::IsInList('panel.customer_hide_options', 'email') || $userinfo['emails'] == 0) {
@@ -67,14 +67,24 @@ if ($page == 'overview' || $page == 'emails') {
 			Response::dynamicError($e->getMessage());
 		}
 		$actions_links = [];
 		if (CurrentUser::canAddResource('emails')) {
 			$actions_links[] = [
 				'href' => $linker->getLink(['section' => 'email', 'page' => 'email_domain', 'action' => 'add']),
 				'label' => lng('emails.emails_add')
 			];
 		}
 		$actions_links[] = [
 			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/emails/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
 		];
 		UI::view('user/table.html.twig', [
 			'listing' => Listing::format($collection, $emaildomain_list_data, 'emaildomain_list'),
-			'actions_links' => CurrentUser::canAddResource('emails') ? [
+			'actions_links' => $actions_links,
 				[
 					'href' => $linker->getLink(['section' => 'email', 'page' => 'email_domain', 'action' => 'add']),
 					'label' => lng('emails.emails_add')
 				]
 			] : null,
 		]);
 	} else {
 		// only emails for one domain -> show email address listing directly
@@ -84,7 +94,7 @@ if ($page == 'overview' || $page == 'emails') {
 if ($page == 'email_domain') {
 	$email_domainid = Request::any('domainid', 0);
 	if ($action == '') {
-		$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_email::emails");
+		$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "viewed customer_email::emails");
 		$sql_search = [];
 		if ($email_domainid > 0) {
@@ -127,6 +137,12 @@ if ($page == 'email_domain') {
 				'label' => lng('emails.emails_add')
 			];
 		}
 		$actions_links[] = [
 			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/emails/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
 		];
 		UI::view('user/table.html.twig', [
 			'listing' => Listing::format($collection, $email_list_data, 'email_list'),
--- a/customer_extras.php
+++ b/customer_extras.php
@@ -26,7 +26,7 @@
 const AREA = 'customer';
 require __DIR__ . '/lib/init.php';
-use Froxlor\Api\Commands\CustomerBackups as CustomerBackups;
+use Froxlor\Api\Commands\DataDump as DataDump;
 use Froxlor\Api\Commands\DirOptions as DirOptions;
 use Froxlor\Api\Commands\DirProtections as DirProtections;
 use Froxlor\Customer\Customer;
@@ -68,14 +68,22 @@ if ($page == 'overview' || $page == 'htpasswds') {
 			Response::dynamicError($e->getMessage());
 		}
 		$actions_links = [];
 		$actions_links[] = [
 			'href' => $linker->getLink(['section' => 'extras', 'page' => 'htpasswds', 'action' => 'add']),
 			'label' => lng('extras.directoryprotection_add')
 		];
 		$actions_links[] = [
 			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/extras/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
 		];
 		UI::view('user/table.html.twig', [
 			'listing' => Listing::format($collection, $htpasswd_list_data, 'htpasswd_list'),
-			'actions_links' => [
+			'actions_links' => $actions_links,
 				[
 					'href' => $linker->getLink(['section' => 'extras', 'page' => 'htpasswds', 'action' => 'add']),
 					'label' => lng('extras.directoryprotection_add')
 				]
 			],
 			'entity_info' => lng('extras.description')
 		]);
 	} elseif ($action == 'delete' && $id != 0) {
@@ -185,14 +193,22 @@ if ($page == 'overview' || $page == 'htpasswds') {
 			Response::dynamicError($e->getMessage());
 		}
 		$actions_links = [];
 		$actions_links[] = [
 			'href' => $linker->getLink(['section' => 'extras', 'page' => 'htaccess', 'action' => 'add']),
 			'label' => lng('extras.pathoptions_add')
 		];
 		$actions_links[] = [
 			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/extras/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
 		];
 		UI::view('user/table.html.twig', [
 			'listing' => Listing::format($collection, $htaccess_list_data, 'htaccess_list'),
-			'actions_links' => [
+			'actions_links' => $actions_links,
 				[
 					'href' => $linker->getLink(['section' => 'extras', 'page' => 'htaccess', 'action' => 'add']),
 					'label' => lng('extras.pathoptions_add')
 				]
 			],
 			'entity_info' => lng('extras.description')
 		]);
 	} elseif ($action == 'delete' && $id != 0) {
@@ -282,18 +298,18 @@ if ($page == 'overview' || $page == 'htpasswds') {
 			}
 		}
 	}
-} elseif ($page == 'backup') {
+} elseif ($page == 'export') {
 	// redirect if this customer sub-page is hidden via settings
-	if (Settings::IsInList('panel.customer_hide_options', 'extras.backup')) {
+	if (Settings::IsInList('panel.customer_hide_options', 'extras.export')) {
 		Response::redirectTo('customer_index.php');
 	}
-	if (Settings::Get('system.backupenabled') == 1) {
+	if (Settings::Get('system.exportenabled') == 1) {
 		if ($action == 'abort') {
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
-				$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "customer_extras::backup - aborted scheduled backupjob");
+				$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "customer_extras::export - aborted scheduled data export job");
 				try {
-					CustomerBackups::getLocal($userinfo, $_POST)->delete();
+					DataDump::getLocal($userinfo, $_POST)->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -302,43 +318,53 @@ if ($page == 'overview' || $page == 'htpasswds') {
 					'action' => ''
 				]);
 			} else {
-				HTML::askYesNo('extras_reallydelete_backup', $filename, [
+				HTML::askYesNo('extras_reallydelete_export', $filename, [
-					'backup_job_entry' => $id,
+					'job_entry' => $id,
 					'section' => 'extras',
 					'page' => $page,
 					'action' => $action
 				]);
 			}
 		} elseif ($action == '') {
-			$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_extras::backup");
+			$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "viewed customer_extras::export");
 			// check whether there is a backup-job for this customer
 			try {
-				$backup_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.backups.php';
+				$export_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.export.php';
-				$collection = (new Collection(CustomerBackups::class, $userinfo));
+				$collection = (new Collection(DataDump::class, $userinfo));
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
 			if (isset($_POST['send']) && $_POST['send'] == 'send') {
 				try {
-					CustomerBackups::getLocal($userinfo, $_POST)->add();
+					DataDump::getLocal($userinfo, $_POST)->add();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
-				Response::standardSuccess('backupscheduled');
+				Response::standardSuccess('exportscheduled');
 			} else {
 				$pathSelect = FileDir::makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']);
-				$backup_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.backup.php';
+				$export_data = include_once dirname(__FILE__) . '/lib/formfields/customer/extras/formfield.export.php';
 				$actions_links = [
 					[
 						'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/extras/',
 						'target' => '_blank',
 						'icon' => 'fa-solid fa-circle-info',
 						'class' => 'btn-outline-secondary'
 					]
 				];
 				UI::view('user/form-datatable.html.twig', [
 					'formaction' => $linker->getLink(['section' => 'extras']),
-					'formdata' => $backup_data['backup'],
+					'formdata' => $export_data['export'],
-					'tabledata' => Listing::format($collection, $backup_list_data, 'backup_list'),
+					'actions_links' => $actions_links,
 					'tabledata' => Listing::format($collection, $export_list_data, 'export_list'),
 				]);
 			}
 		}
 	} else {
-		Response::standardError('backupfunctionnotenabled');
+		Response::standardError('exportfunctionnotenabled');
 	}
 }
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -27,6 +27,7 @@ const AREA = 'customer';
 require __DIR__ . '/lib/init.php';
 use Froxlor\Api\Commands\Ftps as Ftps;
 use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
 use Froxlor\FileDir;
 use Froxlor\FroxlorLogger;
@@ -37,7 +38,6 @@ use Froxlor\UI\Listing;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\CurrentUser;
 // redirect if this customer page is hidden via settings
 if (Settings::IsInList('panel.customer_hide_options', 'ftp')) {
@@ -57,15 +57,19 @@ if ($page == 'overview' || $page == 'accounts') {
 			Response::dynamicError($e->getMessage());
 		}
-		$actions_links = false;
+		$actions_links = [];
 		if (CurrentUser::canAddResource('ftps')) {
-			$actions_links = [
+			$actions_links[] = [
-				[
+				'href' => $linker->getLink(['section' => 'ftp', 'page' => 'accounts', 'action' => 'add']),
-					'href' => $linker->getLink(['section' => 'ftp', 'page' => 'accounts', 'action' => 'add']),
+				'label' => lng('ftp.account_add')
 					'label' => lng('ftp.account_add')
 				]
 			];
 		}
 		$actions_links[] = [
 			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/ftp-accounts/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
 		];
 		UI::view('user/table.html.twig', [
 			'listing' => Listing::format($collection, $ftp_list_data, 'ftp_list'),
--- a/customer_index.php
+++ b/customer_index.php
@@ -27,21 +27,21 @@ const AREA = 'customer';
 require __DIR__ . '/lib/init.php';
 use Froxlor\Api\Commands\Customers as Customers;
 use Froxlor\Cron\TaskId;
 use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
 use Froxlor\Froxlor;
 use Froxlor\FroxlorLogger;
 use Froxlor\Language;
 use Froxlor\Settings;
 use Froxlor\System\Cronjob;
 use Froxlor\System\Crypt;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Response;
 use Froxlor\Validate\Validate;
 use Froxlor\Language;
 use Froxlor\System\Cronjob;
 use Froxlor\Cron\TaskId;
 if ($action == 'logout') {
-	$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'logged out');
+	$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, 'logged out');
 	unset($_SESSION['userinfo']);
 	CurrentUser::setData();
@@ -52,6 +52,7 @@ if ($action == 'logout') {
 	if (is_array(CurrentUser::getField('switched_user'))) {
 		$result = CurrentUser::getData();
 		$result = $result['switched_user'];
 		session_regenerate_id(true);
 		CurrentUser::setData($result);
 		$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
 		$redirect = "admin_" . $target . ".php";
@@ -65,7 +66,7 @@ if ($action == 'logout') {
 }
 if ($page == 'overview') {
-	$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "viewed customer_index");
+	$log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "viewed customer_index");
 	$domain_stmt = Database::prepare("SELECT `domain` FROM `" . TABLE_PANEL_DOMAINS . "`
 		WHERE `customerid` = :customerid
@@ -113,15 +114,20 @@ if ($page == 'overview') {
 	$userinfo['traffic_bytes'] = ($userinfo['traffic'] > -1) ? $userinfo['traffic'] * 1024 : -1;
 	$userinfo['traffic_bytes_used'] = $userinfo['traffic_used'] * 1024;
 	if (Settings::Get('system.mail_quota_enabled')) {
 		$userinfo['email_quota_bytes'] = ($userinfo['email_quota'] > -1) ? $userinfo['email_quota'] * 1024 * 1024 : -1;
 		$userinfo['email_quota_bytes_used'] = $userinfo['email_quota_used'] * 1024 * 1024;
 	}
 	if ($usages) {
 		$userinfo['diskspace_bytes_used'] = $usages['webspace'] * 1024;
-		$userinfo['mailspace_used']  = $usages['mail'] * 1024;
+		$userinfo['mailspace_used'] = $usages['mail'] * 1024;
 		$userinfo['dbspace_used'] = $usages['mysql'] * 1024;
 		$userinfo['total_bytes_used'] = ($usages['webspace'] + $usages['mail'] + $usages['mysql']) * 1024;
 	} else {
 		$userinfo['diskspace_bytes_used'] = 0;
 		$userinfo['total_bytes_used'] = 0;
-		$userinfo['mailspace_used']  = 0;
+		$userinfo['mailspace_used'] = 0;
 		$userinfo['dbspace_used'] = 0;
 	}
@@ -130,141 +136,138 @@ if ($page == 'overview') {
 		'domains' => $domainArray,
 		'stdsubdomain' => $stdsubdomain
 	]);
-} elseif ($page == 'change_password') {
+} elseif ($page == 'profile') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	$languages = Language::getLanguages();
 		$old_password = Validate::validate($_POST['old_password'], 'old password');
-		if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {
+	if (!empty($_POST)) {
-			Response::standardError('oldpasswordnotcorrect');
+		if ($_POST['send'] == 'changepassword') {
-		}
+			$old_password = Validate::validate($_POST['old_password'], 'old password');
-		try {
+			if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {
-			$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
+				Response::standardError('oldpasswordnotcorrect');
-			$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
+			}
 		} catch (Exception $e) {
 			Response::dynamicError($e->getMessage());
 		}
 		if ($old_password == '') {
 			Response::standardError([
 				'stringisempty',
 				'changepassword.old_password'
 			]);
 		} elseif ($new_password == '') {
 			Response::standardError([
 				'stringisempty',
 				'changepassword.new_password'
 			]);
 		} elseif ($new_password_confirm == '') {
 			Response::standardError([
 				'stringisempty',
 				'changepassword.new_password_confirm'
 			]);
 		} elseif ($new_password != $new_password_confirm) {
 			Response::standardError('newpasswordconfirmerror');
 		} else {
 			// Update user password
 			try {
-				Customers::getLocal($userinfo, [
+				$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
-					'id' => $userinfo['customerid'],
+				$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
 					'new_customer_password' => $new_password
 				])->update();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
 			$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed password');
-			// Update ftp password
+			if ($old_password == '') {
-			if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
+				Response::standardError([
-				$cryptPassword = Crypt::makeCryptPassword($new_password);
+					'stringisempty',
-				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
+					'changepassword.old_password'
 				]);
 			} elseif ($new_password == '') {
 				Response::standardError([
 					'stringisempty',
 					'changepassword.new_password'
 				]);
 			} elseif ($new_password_confirm == '') {
 				Response::standardError([
 					'stringisempty',
 					'changepassword.new_password_confirm'
 				]);
 			} elseif ($new_password != $new_password_confirm) {
 				Response::standardError('newpasswordconfirmerror');
 			} else {
 				// Update user password
 				try {
 					Customers::getLocal($userinfo, [
 						'id' => $userinfo['customerid'],
 						'new_customer_password' => $new_password
 					])->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
 				$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed password');
 				// Update ftp password
 				if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
 					$cryptPassword = Crypt::makeCryptPassword($new_password);
 					$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
 					SET `password` = :password
 					WHERE `customerid` = :customerid
 					AND `username` = :username");
-				$params = [
+					$params = [
-					"password" => $cryptPassword,
+						"password" => $cryptPassword,
-					"customerid" => $userinfo['customerid'],
+						"customerid" => $userinfo['customerid'],
-					"username" => $userinfo['loginname']
+						"username" => $userinfo['loginname']
-				];
+					];
-				Database::pexecute($stmt, $params);
+					Database::pexecute($stmt, $params);
-				$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed main ftp password');
+					$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed main ftp password');
-			}
+				}
-			// Update statistics password
+				// Update statistics password
-			if (isset($_POST['change_stats']) && $_POST['change_stats'] == 'true') {
+				if (isset($_POST['change_stats']) && $_POST['change_stats'] == 'true') {
-				$new_stats_password = Crypt::makeCryptPassword($new_password, true);
+					$new_stats_password = Crypt::makeCryptPassword($new_password, true);
-				$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
+					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
 					SET `password` = :password
 					WHERE `customerid` = :customerid
 					AND `username` = :username");
-				$params = [
+					$params = [
-					"password" => $new_stats_password,
+						"password" => $new_stats_password,
-					"customerid" => $userinfo['customerid'],
+						"customerid" => $userinfo['customerid'],
-					"username" => $userinfo['loginname']
+						"username" => $userinfo['loginname']
-				];
+					];
-				Database::pexecute($stmt, $params);
+					Database::pexecute($stmt, $params);
-				Cronjob::inserttask(TaskId::REBUILD_VHOST);
+					Cronjob::inserttask(TaskId::REBUILD_VHOST);
-			}
+				}
 				Response::redirectTo($filename);
 			}
 		} elseif ($_POST['send'] == 'changetheme') {
 			if (Settings::Get('panel.allow_theme_change_customer') == 1) {
 				$theme = Validate::validate($_POST['theme'], 'theme');
 				try {
 					Customers::getLocal($userinfo, [
 						'id' => $userinfo['customerid'],
 						'theme' => $theme
 					])->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
 				$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
 			}
 			Response::redirectTo($filename);
 		} elseif ($_POST['send'] == 'changelanguage') {
 			$def_language = Validate::validate($_POST['def_language'], 'default language');
 			if (isset($languages[$def_language])) {
 				try {
 					Customers::getLocal($userinfo, [
 						'id' => $userinfo['customerid'],
 						'def_language' => $def_language
 					])->update();
 					CurrentUser::setField('language', $def_language);
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
 			}
 			$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'");
 			Response::redirectTo($filename);
 		}
 	} else {
-		UI::view('user/change_password.html.twig');
+		// change theme
-	}
+		$default_theme = Settings::Get('panel.default_theme');
-} elseif ($page == 'change_language') {
+		if ($userinfo['theme'] != '') {
-	$languages = Language::getLanguages();
+			$default_theme = $userinfo['theme'];
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$def_language = Validate::validate($_POST['def_language'], 'default language');
 		if (isset($languages[$def_language])) {
 			try {
 				Customers::getLocal($userinfo, [
 					'id' => $userinfo['customerid'],
 					'def_language' => $def_language
 				])->update();
 				CurrentUser::setField('language', $def_language);
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
 		}
-		$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default language to '" . $def_language . "'");
+		$themes_avail = UI::getThemes();
-		Response::redirectTo($filename);
+
-	} else {
+		// change language
 		$default_lang = Settings::Get('panel.standardlanguage');
 		if ($userinfo['def_language'] != '') {
 			$default_lang = $userinfo['def_language'];
 		}
-		UI::view('user/change_language.html.twig', [
+		UI::view('user/profile.html.twig', [
 			'languages' => $languages,
 			'default_lang' => $default_lang
 		]);
 	}
 } elseif ($page == 'change_theme') {
 	if (isset($_POST['send']) && $_POST['send'] == 'send') {
 		$theme = Validate::validate($_POST['theme'], 'theme');
 		try {
 			Customers::getLocal($userinfo, [
 				'id' => $userinfo['customerid'],
 				'theme' => $theme
 			])->update();
 		} catch (Exception $e) {
 			Response::dynamicError($e->getMessage());
 		}
 		$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
 		Response::redirectTo($filename);
 	} else {
 		$default_theme = Settings::Get('panel.default_theme');
 		if ($userinfo['theme'] != '') {
 			$default_theme = $userinfo['theme'];
 		}
 		$themes_avail = UI::getThemes();
 		UI::view('user/change_theme.html.twig', [
 			'themes' => $themes_avail,
-			'default_theme' => $default_theme
+			'default_theme' => $default_theme,
 			'languages' => $languages,
 			'default_lang' => $default_lang,
 		]);
 	}
 } elseif ($page == 'send_error_report' && Settings::Get('system.allow_error_report_customer') == '1') {
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -28,6 +28,7 @@ require __DIR__ . '/lib/init.php';
 use Froxlor\Api\Commands\Mysqls;
 use Froxlor\Api\Commands\MysqlServer;
 use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
 use Froxlor\FroxlorLogger;
 use Froxlor\Settings;
@@ -37,7 +38,6 @@ use Froxlor\UI\Listing;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\CurrentUser;
 // redirect if this customer page is hidden via settings or no resources given
 if (Settings::IsInList('panel.customer_hide_options', 'mysql') || $userinfo['mysqls'] == 0) {
@@ -66,16 +66,21 @@ if ($page == 'overview' || $page == 'mysqls') {
 			Response::dynamicError($e->getMessage());
 		}
-		$actions_links = false;
+		$actions_links = [];
 		if (CurrentUser::canAddResource('mysqls')) {
-			$actions_links = [
+			$actions_links[] = [
-				[
+				'href' => $linker->getLink(['section' => 'mysql', 'page' => 'mysqls', 'action' => 'add']),
-					'href' => $linker->getLink(['section' => 'mysql', 'page' => 'mysqls', 'action' => 'add']),
+				'label' => lng('mysql.database_create')
 					'label' => lng('mysql.database_create')
 				]
 			];
 		}
 		$actions_links[] = [
 			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/databases/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
 		];
 		UI::view('user/table.html.twig', [
 			'listing' => Listing::format($collection, $mysql_list_data, 'mysql_list'),
 			'actions_links' => $actions_links,
@@ -179,7 +184,7 @@ if ($page == 'overview' || $page == 'mysqls') {
 					$result_json = MysqlServer::getLocal($userinfo)->listing();
 					$result_decoded = json_decode($result_json, true)['data']['list'];
 					foreach ($result_decoded as $dbserver => $dbdata) {
-						$mysql_servers[$dbserver] = $dbdata['caption'] . ' (' . $dbdata['host'] . (isset($dbdata['port']) && !empty($dbdata['port']) ? ':' . $dbdata['port'] : '').')';
+						$mysql_servers[$dbserver] = $dbdata['caption'] . ' (' . $dbdata['host'] . (isset($dbdata['port']) && !empty($dbdata['port']) ? ':' . $dbdata['port'] : '') . ')';
 					}
 				} catch (Exception $e) {
 					/* just none */
--- a/index.php
+++ b/index.php
@@ -26,6 +26,7 @@
 const AREA = 'login';
 require __DIR__ . '/lib/init.php';
 use Froxlor\Api\FroxlorRPC;
 use Froxlor\CurrentUser;
 use Froxlor\Customer\Customer;
 use Froxlor\Database\Database;
@@ -37,10 +38,10 @@ use Froxlor\PhpHelper;
 use Froxlor\Settings;
 use Froxlor\System\Crypt;
 use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\User;
 use Froxlor\Validate\Validate;
 use Froxlor\Language;
 if ($action == '') {
 	$action = 'login';
@@ -53,9 +54,15 @@ if ($action == '2fa_entercode') {
 		Response::redirectTo('index.php');
 		exit();
 	}
 	$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0;
 	$message = "";
 	if ($smessage > 0) {
 		$message = lng('error.2fa_wrongcode');
 	}
 	// show template to enter code
 	UI::view('login/enter2fa.html.twig', [
-		'pagetitle' => lng('login.2fa')
+		'pagetitle' => lng('login.2fa'),
 		'message' => $message
 	]);
 } elseif ($action == '2fa_verify') {
 	// verify code from 2fa code-enter form
@@ -67,27 +74,26 @@ if ($action == '2fa_entercode') {
 	$code = isset($_POST['2fa_code']) ? $_POST['2fa_code'] : null;
 	// verify entered code
 	$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
-	$result = ($_SESSION['secret_2fa'] == 'email' ? true : $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3));
+	// get user-data
 	$table = $_SESSION['uidtable_2fa'];
 	$field = $_SESSION['uidfield_2fa'];
 	$uid = $_SESSION['uid_2fa'];
 	$isadmin = $_SESSION['unfo_2fa'];
 	if ($_SESSION['secret_2fa'] == 'email') {
 		// verify code set to user's data_2fa field
 		$sel_stmt = Database::prepare("SELECT `data_2fa` FROM " . $table . " WHERE `" . $field . "` = :uid");
 		$userinfo_code = Database::pexecute_first($sel_stmt, ['uid' => $uid]);
 		$result = $tfa->verifyCode($userinfo_code['data_2fa'], $code);
 	} else {
 		$result = $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3);
 	}
 	// either the code is valid when using authenticator-app, or we will select userdata by id and entered code
 	// which is temporarily stored for the customer when using email-2fa
 	if ($result) {
 		// get user-data
 		$table = $_SESSION['uidtable_2fa'];
 		$field = $_SESSION['uidfield_2fa'];
 		$uid = $_SESSION['uid_2fa'];
 		$isadmin = $_SESSION['unfo_2fa'];
 		$sel_param = [
 			'uid' => $uid
 		];
-		if ($_SESSION['secret_2fa'] == 'email') {
+		$sel_stmt = Database::prepare("SELECT * FROM " . $table . " WHERE `" . $field . "` = :uid");
 			// verify code by selecting user by id and the temp. stored code,
 			// so only if it's the correct code, we get the user-data
 			$sel_stmt = Database::prepare("SELECT * FROM $table WHERE `" . $field . "` = :uid AND `data_2fa` = :code");
 			$sel_param['code'] = $code;
 		} else {
 			// Authenticator-verification has already happened at this point, so just get the user-data
 			$sel_stmt = Database::prepare("SELECT * FROM $table WHERE `" . $field . "` = :uid");
 		}
 		$userinfo = Database::pexecute_first($sel_stmt, $sel_param);
 		// whoops, no (valid) user? Start again
 		if (empty($userinfo)) {
@@ -108,19 +114,54 @@ if ($action == '2fa_entercode') {
 		// when using email-2fa, remove the one-time-code
 		if ($userinfo['type_2fa'] == '1') {
-			$del_stmt = Database::prepare("UPDATE $table SET `data_2fa` = '' WHERE `" . $field . "` = :uid");
+			$del_stmt = Database::prepare("UPDATE " . $table . " SET `data_2fa` = '' WHERE `" . $field . "` = :uid");
 			$userinfo = Database::pexecute_first($del_stmt, [
 				'uid' => $uid
 			]);
 		}
 		exit();
 	}
 	// wrong 2fa code - treat like "wrong password"
 	$stmt = Database::prepare("
 		UPDATE " . $table . "
 		SET `lastlogin_fail`= :lastlogin_fail, `loginfail_count`=`loginfail_count`+1
 		WHERE `" . $field . "`= :uid
 	");
 	Database::pexecute($stmt, [
 		"lastlogin_fail" => time(),
 		"uid" => $uid
 	]);
 	// get data for processing further
 	$stmt = Database::prepare("
 		SELECT `loginname`, `loginfail_count`, `lastlogin_fail` FROM " . $table . "
 		WHERE `" . $field . "`= :uid
 	");
 	$fail_user = Database::pexecute_first($stmt, [
 		"uid" => $uid
 	]);
 	if ($fail_user['loginfail_count'] >= Settings::Get('login.maxloginattempts') && $fail_user['lastlogin_fail'] > (time() - Settings::Get('login.deactivatetime'))) {
 		// Log failed login
 		$rstlog = FroxlorLogger::getInstanceOf([
 			'loginname' => $_SERVER['REMOTE_ADDR']
 		]);
 		$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, "User '" . $fail_user['loginname'] . "' entered wrong 2fa code too often.");
 		unset($fail_user);
 		Response::redirectTo('index.php', [
 			'showmessage' => '3'
 		]);
 		exit();
 	}
 	unset($fail_user);
 	// back to form
 	Response::redirectTo('index.php', [
-		'showmessage' => '2'
+		'action' => '2fa_entercode',
 		'showmessage' => '1'
 	]);
 	exit();
 } elseif ($action == 'login') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	if (!empty($_POST)) {
 		$loginname = Validate::validate($_POST['loginname'], 'loginname');
 		$password = Validate::validate($_POST['password'], 'password');
@@ -285,11 +326,12 @@ if ($action == '2fa_entercode') {
 			if ($userinfo['type_2fa'] == 1) {
 				// generate code
 				$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
-				$code = $tfa->getCode($tfa->createSecret());
+				$secret = $tfa->createSecret();
 				$code = $tfa->getCode($secret);
 				// set code for user
 				$stmt = Database::prepare("UPDATE $table SET `data_2fa` = :d2fa WHERE `$uid` = :uid");
 				Database::pexecute($stmt, [
-					"d2fa" => $code,
+					"d2fa" => $secret,
 					"uid" => $userinfo[$uid]
 				]);
 				// build up & send email
@@ -390,13 +432,18 @@ if ($action == '2fa_entercode') {
 		}
 		$lastqrystr = "";
 		if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") {
-			$lastqrystr = htmlspecialchars($_REQUEST['qrystr'], ENT_QUOTES);
+			$lastqrystr = urlencode($_REQUEST['qrystr']);
 		}
 		if (!empty($lastscript)) {
 			$_SESSION['lastscript'] = $lastscript;
 		}
 		if (!empty($lastqrystr)) {
 			$_SESSION['lastqrystr'] = $lastqrystr;
 		}
 		UI::view('login/login.html.twig', [
 			'pagetitle' => 'Login',
 			'lastscript' => $lastscript,
 			'lastqrystr' => $lastqrystr,
 			'upd_in_progress' => $update_in_progress,
 			'message' => $message,
 			'successmsg' => $successmessage
@@ -408,7 +455,7 @@ if ($action == 'forgotpwd') {
 	$adminchecked = false;
 	$message = '';
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	if (!empty($_POST)) {
 		$loginname = Validate::validate($_POST['loginname'], 'loginname');
 		$email = Validate::validateEmail($_POST['loginemail']);
 		$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
@@ -592,7 +639,7 @@ if ($action == 'forgotpwd') {
 	UI::view('login/fpwd.html.twig', [
 		'pagetitle' => lng('login.presend'),
-		'action' => $action,
+		'formaction' => 'index.php?action=' . $action,
 		'message' => $message,
 	]);
 }
@@ -615,7 +662,7 @@ if ($action == 'resetpwd') {
 		$check = substr($activationcode, 40, 10);
 		if (substr(md5($third . $timestamp), 0, 10) == $check && $timestamp >= time() - 86400) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (!empty($_POST)) {
 				$stmt = Database::prepare("SELECT `userid`, `admin` FROM `" . TABLE_PANEL_ACTIVATION . "`
 					WHERE `activationcode` = :activationcode");
 				$result = Database::pexecute_first($stmt, [
@@ -689,9 +736,62 @@ if ($action == 'resetpwd') {
 	}
 }
 // one-time link login
 if ($action == 'll') {
 	if (!Froxlor::hasUpdates() && !Froxlor::hasDbUpdates()) {
 		$loginname = Request::get('ln');
 		$hash = Request::get('h');
 		if ($loginname && $hash) {
 			$sel_stmt = Database::prepare("
 				SELECT * FROM `" . TABLE_PANEL_LOGINLINKS . "`
 				WHERE `loginname` = :loginname AND `hash` = :hash
 			");
 			try {
 				$entry = Database::pexecute_first($sel_stmt, ['loginname' => $loginname, 'hash' => $hash]);
 			} catch (Exception $e) {
 				$entry = false;
 			}
 			if ($entry) {
 				// delete entry
 				$del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_LOGINLINKS . "` WHERE `loginname` = :loginname AND `hash` = :hash");
 				Database::pexecute($del_stmt, ['loginname' => $loginname, 'hash' => $hash]);
 				if (time() <= $entry['valid_until']) {
 					$valid = true;
 					// validate source ip if specified
 					if (!empty($entry['allowed_from'])) {
 						$valid = false;
 						$ip_list = explode(",", $entry['allowed_from']);
 						if (FroxlorRPC::validateAllowedFrom($ip_list, $_SERVER['REMOTE_ADDR'])) {
 							$valid = true;
 						}
 					}
 					if ($valid) {
 						// login user / select only non-deactivated (in case the user got deactivated after generating the link)
 						$userinfo_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `loginname`= :loginname AND `deactivated` = 0");
 						try {
 							$userinfo = Database::pexecute_first($userinfo_stmt, [
 								"loginname" => $loginname
 							]);
 						} catch (Exception $e) {
 							$userinfo = false;
 						}
 						if ($userinfo) {
 							$userinfo['userid'] = $userinfo['customerid'];
 							$userinfo['adminsession'] = 0;
 							finishLogin($userinfo);
 						}
 					}
 				}
 			}
 		}
 	}
 	Response::redirectTo('index.php');
 }
 function finishLogin($userinfo)
 {
 	if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
 		session_regenerate_id(true);
 		CurrentUser::setData($userinfo);
 		$language = $userinfo['def_language'] ?? Settings::Get('panel.standardlanguage');
@@ -705,29 +805,34 @@ function finishLogin($userinfo)
 		}
 		$qryparams = [];
-		if (isset($_POST['qrystr']) && $_POST['qrystr'] != "") {
+		if (!empty($_SESSION['lastqrystr'])) {
-			parse_str(urldecode($_POST['qrystr']), $qryparams);
+			parse_str(urldecode($_SESSION['lastqrystr']), $qryparams);
 			unset($_SESSION['lastqrystr']);
 		}
 		if ($userinfo['adminsession'] == '1') {
 			if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
 				Response::redirectTo('admin_updates.php?page=overview');
 			} else {
-				if (isset($_POST['script']) && $_POST['script'] != "") {
+				if (!empty($_SESSION['lastscript'])) {
-					if (preg_match("/customer\_/", $_POST['script']) === 1) {
+					$lastscript = $_SESSION['lastscript'];
 					unset($_SESSION['lastscript']);
 					if (preg_match("/customer\_/", $lastscript) === 1) {
 						Response::redirectTo('admin_customers.php', [
 							"page" => "customers"
 						]);
 					} else {
-						Response::redirectTo($_POST['script'], $qryparams);
+						Response::redirectTo($lastscript, $qryparams);
 					}
 				} else {
 					Response::redirectTo('admin_index.php', $qryparams);
 				}
 			}
 		} else {
-			if (isset($_POST['script']) && $_POST['script'] != "") {
+			if (!empty($_SESSION['lastscript'])) {
-				Response::redirectTo($_POST['script'], $qryparams);
+				$lastscript = $_SESSION['lastscript'];
 				unset($_SESSION['lastscript']);
 				Response::redirectTo($lastscript, $qryparams);
 			} else {
 				Response::redirectTo('customer_index.php', $qryparams);
 			}
--- a/install/froxlor.sql.php
+++ b/install/froxlor.sql.php
@@ -157,7 +157,7 @@ CREATE TABLE `panel_admins` (
  `api_allowed` tinyint(1) NOT NULL default '1',
   PRIMARY KEY  (`adminid`),
   UNIQUE KEY `loginname` (`loginname`)
-) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
+) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;
 DROP TABLE IF EXISTS `panel_customers`;
@@ -278,7 +278,6 @@ CREATE TABLE `panel_domains` (
  `phpsettingid` INT( 11 ) UNSIGNED NOT NULL DEFAULT '1',
  `mod_fcgid_starter` int(4) default '-1',
  `mod_fcgid_maxrequests` int(4) default '-1',
  `ismainbutsubto` int(11) unsigned NOT NULL default '0',
  `letsencrypt` tinyint(1) NOT NULL default '0',
  `hsts` varchar(10) NOT NULL default '0',
  `hsts_sub` tinyint(1) NOT NULL default '0',
@@ -300,7 +299,7 @@ CREATE TABLE `panel_domains` (
  KEY `customerid` (`customerid`),
  KEY `parentdomain` (`parentdomainid`),
  KEY `domain` (`domain`)
-) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
+) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;
 DROP TABLE IF EXISTS `panel_ipsandports`;
@@ -357,23 +356,6 @@ CREATE TABLE `panel_htpasswds` (
 ) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
 DROP TABLE IF EXISTS `panel_sessions`;
 CREATE TABLE `panel_sessions` (
  `hash` varchar(32) NOT NULL default '',
  `userid` int(11) unsigned NOT NULL default '0',
  `ipaddress` varchar(255) NOT NULL default '',
  `useragent` varchar(255) NOT NULL default '',
  `lastactivity` int(11) unsigned NOT NULL default '0',
  `lastpaging` varchar(255) NOT NULL default '',
  `formtoken` char(32) NOT NULL default '',
  `language` varchar(64) NOT NULL default '',
  `adminsession` tinyint(1) unsigned NOT NULL default '0',
  `theme` varchar(255) NOT NULL default '',
  PRIMARY KEY  (`hash`),
  KEY `userid` (`userid`)
 ) ENGINE=HEAP;
 DROP TABLE IF EXISTS `panel_settings`;
 CREATE TABLE `panel_settings` (
  `settingid` int(11) unsigned NOT NULL auto_increment,
@@ -409,7 +391,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('admin', 'show_version_footer', '0'),
 	('caa', 'caa_entry', ''),
 	('spf', 'use_spf', '0'),
-	('spf', 'spf_entry', '"v=spf1 a mx -all"'),
+	('spf', 'spf_entry', 'v=spf1 a mx -all'),
 	('dkim', 'dkim_algorithm', 'all'),
 	('dkim', 'dkim_keylength', '1024'),
 	('dkim', 'dkim_servicetype', '0'),
@@ -555,7 +537,7 @@ opcache.validate_timestamps'),
 	('system', 'defaultip', '1'),
 	('system', 'defaultsslip', ''),
 	('system', 'phpappendopenbasedir', '/tmp/'),
-	('system', 'deactivateddocroot', ''),
+	('system', 'deactivateddocroot', '/var/www/html/froxlor/templates/misc/deactivated/'),
 	('system', 'mailpwcleartext', '0'),
 	('system', 'last_tasks_run', '000000'),
 	('system', 'nameservers', ''),
@@ -563,7 +545,7 @@ opcache.validate_timestamps'),
 	('system', 'mod_fcgid', '0'),
 	('system', 'apacheconf_vhost', '/etc/apache2/sites-enabled/'),
 	('system', 'apacheconf_diroptions', '/etc/apache2/sites-enabled/'),
-	('system', 'apacheconf_htpasswddir', '/etc/apache2/htpasswd/'),
+	('system', 'apacheconf_htpasswddir', '/etc/apache2/froxlor-htpasswd/'),
 	('system', 'webalizer_quiet', '2'),
 	('system', 'last_archive_run', '000000'),
 	('system', 'mod_fcgid_configdir', '/var/www/php-fcgi-scripts'),
@@ -580,7 +562,6 @@ opcache.validate_timestamps'),
 	('system', 'mod_fcgid_wrapper', '1'),
 	('system', 'mod_fcgid_starter', '0'),
 	('system', 'mod_fcgid_peardir', '/usr/share/php/:/usr/share/php5/'),
 	('system', 'index_file_extension', 'html'),
 	('system', 'mod_fcgid_maxrequests', '250'),
 	('system', 'ssl_key_file','/etc/ssl/froxlor_selfsigned.key'),
 	('system', 'ssl_ca_file', ''),
@@ -647,7 +628,7 @@ opcache.validate_timestamps'),
 	('system', 'letsencryptreuseold', 0),
 	('system', 'leenabled', '0'),
 	('system', 'leapiversion', '2'),
-	('system', 'backupenabled', '0'),
+	('system', 'exportenabled', '0'),
 	('system', 'dnsenabled', '0'),
 	('system', 'dns_server', 'Bind'),
 	('system', 'apacheglobaldiropt', ''),
@@ -697,13 +678,15 @@ opcache.validate_timestamps'),
 	('system', 'distribution', ''),
 	('system', 'update_channel', 'stable'),
 	('system', 'updatecheck_data', ''),
-	('system', 'update_notify_last', '2.0.15'),
+	('system', 'update_notify_last', ''),
 	('system', 'traffictool', 'goaccess'),
 	('system', 'req_limit_per_interval', 60),
 	('system', 'req_limit_interval', 60),
 	('api', 'enabled', '0'),
 	('api', 'customer_default', '1'),
 	('2fa', 'enabled', '1'),
 	('panel', 'decimal_places', '4'),
-	('panel', 'adminmail', 'admin@SERVERNAME'),
+	('panel', 'adminmail', 'ADMIN_MAIL'),
 	('panel', 'phpmyadmin_url', ''),
 	('panel', 'webmail_url', ''),
 	('panel', 'webftp_url', ''),
@@ -742,8 +725,9 @@ opcache.validate_timestamps'),
 	('panel', 'logo_overridetheme', '0'),
 	('panel', 'logo_overridecustom', '0'),
 	('panel', 'settings_mode', '0'),
-	('panel', 'version', '2.0.15'),
+	('panel', 'menu_collapsed', '1'),
-	('panel', 'db_version', '202303150');
+	('panel', 'version', '2.1.8'),
 	('panel', 'db_version', '202312120');
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -766,6 +750,7 @@ CREATE TABLE `panel_templates` (
  `templategroup` varchar(255) NOT NULL default '',
  `varname` varchar(255) NOT NULL default '',
  `value` longtext NOT NULL,
  `file_extension` varchar(50) NOT NULL default 'html',
  PRIMARY KEY  (id),
  KEY adminid (adminid)
 ) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -912,7 +897,7 @@ INSERT INTO `cronjobs_run` (`id`, `module`, `cronfile`, `cronclass`, `interval`,
 	(3, 'froxlor/reports', 'usage_report', '\\Froxlor\\Cron\\Traffic\\ReportsCron', '1 DAY', '1', 'cron_usage_report'),
 	(4, 'froxlor/core', 'mailboxsize', '\\Froxlor\\Cron\\System\\MailboxsizeCron', '6 HOUR', '1', 'cron_mailboxsize'),
 	(5, 'froxlor/letsencrypt', 'letsencrypt', '\\Froxlor\\Cron\\Http\\LetsEncrypt\\AcmeSh', '5 MINUTE', '0', 'cron_letsencrypt'),
-	(6, 'froxlor/backup', 'backup', '\\Froxlor\\Cron\\System\\BackupCron', '1 DAY', '0', 'cron_backup');
+	(6, 'froxlor/export', 'export', '\\Froxlor\\Cron\\System\\ExportCron', '1 HOUR', '0', 'cron_export');
 DROP TABLE IF EXISTS `ftp_quotalimits`;
@@ -1050,4 +1035,14 @@ CREATE TABLE `panel_usercolumns` (
  KEY adminid (adminid),
  KEY customerid (customerid)
 ) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
 DROP TABLE IF EXISTS `panel_loginlinks`;
 CREATE TABLE `panel_loginlinks` (
  `hash` varchar(500) NOT NULL,
  `loginname` varchar(50) NOT NULL,
  `valid_until` int(15) NOT NULL,
  `allowed_from` text NOT NULL,
  UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
 FROXLORSQL;
--- a/install/install.php
+++ b/install/install.php
@@ -23,6 +23,7 @@
 * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
 */
 use Froxlor\Http\RateLimiter;
 use Froxlor\UI\Panel\UI;
 use Froxlor\Install\Install;
@@ -62,6 +63,7 @@ require dirname(__DIR__) . '/lib/tables.inc.php';
 // init twig
 UI::initTwig(true);
 UI::sendHeaders();
 RateLimiter::run(true);
 $installer = new Install();
 $installer->handle();
--- a/install/updates/froxlor/update_0.10.inc.php
+++ b/install/updates/froxlor/update_0.10.inc.php
@@ -23,11 +23,11 @@
 * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
 */
 use Froxlor\Froxlor;
 use Froxlor\FileDir;
 use Froxlor\Database\Database;
-use Froxlor\Settings;
+use Froxlor\FileDir;
 use Froxlor\Froxlor;
 use Froxlor\Install\Update;
 use Froxlor\Settings;
 use Froxlor\System\Cronjob;
 use Froxlor\System\IPTools;
--- a/install/updates/froxlor/update_2.0.inc.php
+++ b/install/updates/froxlor/update_2.0.inc.php
@@ -82,7 +82,7 @@ if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 	Database::query("ALTER TABLE `" . TABLE_PANEL_ADMINS . "` DROP COLUMN `domains_see_all`;");
 	Update::lastStepStatus(0);
-	Update::showUpdateStep("Checking for multiple mysql-servers to allow acccess to customers for existing databases");
+	Update::showUpdateStep("Checking for multiple mysql-servers to allow access to customers for existing databases");
 	$dbservers_stmt = Database::query("
 		SELECT `customerid`,
 		GROUP_CONCAT(DISTINCT `dbserver` SEPARATOR ',') as allowed_mysqlserver
@@ -149,7 +149,7 @@ if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 	Update::showUpdateStep("Adding new settings");
 	$panel_settings_mode = isset($_POST['panel_settings_mode']) ? (int)$_POST['panel_settings_mode'] : 0;
 	Settings::AddNew("panel.settings_mode", $panel_settings_mode);
-	$system_distribution = isset($_POST['system_distribution']) ? $_POST['system_distribution'] : '';
+	$system_distribution = isset($_POST['system_distribution']) ? $_POST['system_distribution'] : 'bullseye';
 	Settings::AddNew("system.distribution", $system_distribution);
 	Settings::AddNew("system.update_channel", 'stable');
 	Settings::AddNew("system.updatecheck_data", '');
@@ -463,3 +463,57 @@ if (Froxlor::isFroxlorVersion('2.0.14')) {
 	Update::showUpdateStep("Updating from 2.0.14 to 2.0.15", false);
 	Froxlor::updateToVersion('2.0.15');
 }
 if (Froxlor::isDatabaseVersion('202303150')) {
 	Update::showUpdateStep("Adding new request rate limit settings");
 	Settings::AddNew("system.req_limit_per_interval", "60");
 	Settings::AddNew("system.req_limit_interval", "60");
 	Update::lastStepStatus(0);
 	Froxlor::updateToDbVersion('202304260');
 }
 if (Froxlor::isFroxlorVersion('2.0.15')) {
 	Update::showUpdateStep("Updating from 2.0.15 to 2.0.16", false);
 	Froxlor::updateToVersion('2.0.16');
 }
 if (Froxlor::isFroxlorVersion('2.0.16')) {
 	Update::showUpdateStep("Updating from 2.0.16 to 2.0.17", false);
 	Froxlor::updateToVersion('2.0.17');
 }
 if (Froxlor::isFroxlorVersion('2.0.17')) {
 	Update::showUpdateStep("Updating from 2.0.17 to 2.0.18", false);
 	Froxlor::updateToVersion('2.0.18');
 }
 if (Froxlor::isFroxlorVersion('2.0.18')) {
 	Update::showUpdateStep("Updating from 2.0.18 to 2.0.19", false);
 	Froxlor::updateToVersion('2.0.19');
 }
 if (Froxlor::isFroxlorVersion('2.0.19')) {
 	Update::showUpdateStep("Updating from 2.0.19 to 2.0.20", false);
 	Froxlor::updateToVersion('2.0.20');
 }
 if (Froxlor::isFroxlorVersion('2.0.20')) {
 	Update::showUpdateStep("Updating from 2.0.20 to 2.0.21", false);
 	Froxlor::updateToVersion('2.0.21');
 }
 if (Froxlor::isFroxlorVersion('2.0.21')) {
 	Update::showUpdateStep("Updating from 2.0.21 to 2.0.22", false);
 	Froxlor::updateToVersion('2.0.22');
 }
 if (Froxlor::isFroxlorVersion('2.0.22')) {
 	Update::showUpdateStep("Updating from 2.0.22 to 2.0.23", false);
 	Froxlor::updateToVersion('2.0.23');
 }
 if (Froxlor::isFroxlorVersion('2.0.23')) {
 	Update::showUpdateStep("Updating from 2.0.23 to 2.0.24", false);
 	Froxlor::updateToVersion('2.0.24');
 }
--- a/install/updates/froxlor/update_2.1.inc.php
+++ b/install/updates/froxlor/update_2.1.inc.php
@@ -0,0 +1,301 @@
 <?php
 /**
 * This file is part of the Froxlor project.
 * Copyright (c) 2010 the Froxlor Team (see authors).
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, you can also view it online at
 * https://files.froxlor.org/misc/COPYING.txt
 *
 * @copyright  the authors
 * @author     Froxlor team <team@froxlor.org>
 * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
 */
 use Froxlor\Database\Database;
 use Froxlor\FileDir;
 use Froxlor\Froxlor;
 use Froxlor\Install\Update;
 use Froxlor\Settings;
 if (!defined('_CRON_UPDATE')) {
 	if (!defined('AREA') || (defined('AREA') && AREA != 'admin') || !isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
 		header('Location: ../../../../index.php');
 		exit();
 	}
 }
 if (Froxlor::isFroxlorVersion('2.0.24')) {
 	Update::showUpdateStep("Cleaning domains table");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ROW_FORMAT=DYNAMIC;");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` DROP COLUMN `ismainbutsubto`;");
 	Update::lastStepStatus(0);
 	Update::showUpdateStep("Creating new tables and fields");
 	Database::query("DROP TABLE IF EXISTS `panel_loginlinks`;");
 	$sql = "CREATE TABLE `panel_loginlinks` (
 	  `hash` varchar(500) NOT NULL,
 	  `loginname` varchar(50) NOT NULL,
 	  `valid_until` int(15) NOT NULL,
 	  `allowed_from` text NOT NULL,
 	  UNIQUE KEY `loginname` (`loginname`)
 	) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;";
 	Database::query($sql);
 	Update::lastStepStatus(0);
 	Update::showUpdateStep("Adding new settings");
 	Settings::AddNew('panel.menu_collapsed', 1);
 	Update::lastStepStatus(0);
 	Update::showUpdateStep("Adjusting setting for deactivated webroot");
 	$current_deactivated_webroot = Settings::Get('system.deactivateddocroot');
 	if (empty($current_deactivated_webroot)) {
 		Settings::Set('system.deactivateddocroot', FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/templates/misc/deactivated/'));
 		Update::lastStepStatus(0);
 	} else {
 		Update::lastStepStatus(1, 'Customized setting, not changing');
 	}
 	Update::showUpdateStep("Adjusting cronjobs");
 	$cfupd_stmt = Database::prepare("
        UPDATE `" . TABLE_PANEL_CRONRUNS . "` SET
        `module`= 'froxlor/export',
        `cronfile` = 'export',
        `cronclass` = :cc,
        `interval` = '1 HOUR',
        `desc_lng_key` = 'cron_export'
        WHERE `module` = 'froxlor/backup'
    ");
 	Database::pexecute($cfupd_stmt, [
 		'cc' => '\\Froxlor\\Cron\\System\\ExportCron'
 	]);
 	Update::lastStepStatus(0);
 	Update::showUpdateStep("Adjusting system for data-export function");
 	Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "`SET `varname` = 'exportenabled' WHERE `settinggroup`= 'system' AND `varname`= 'backupenabled'");
 	Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "`SET `value` = REPLACE(`value`, 'extras.backup', 'extras.export') WHERE `settinggroup` = 'panel' AND `varname` = 'customer_hide_options'");
 	Database::query("DELETE FROM `" . TABLE_PANEL_USERCOLUMNS . "` WHERE `section` = 'backup_list'");
 	Database::query("DELETE FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` = '20'");
 	Update::lastStepStatus(0);
 	Froxlor::updateToDbVersion('202305240');
 	Froxlor::updateToVersion('2.1.0-dev1');
 }
 if (Froxlor::isFroxlorVersion('2.1.0-dev1')) {
 	Update::showUpdateStep("Updating from 2.1.0-dev1 to 2.1.0-beta1", false);
 	Froxlor::updateToVersion('2.1.0-beta1');
 }
 if (Froxlor::isFroxlorVersion('2.1.0-beta1')) {
 	Update::showUpdateStep("Updating from 2.1.0-beta1 to 2.1.0-beta2", false);
 	Update::showUpdateStep("Removing unused table");
 	Database::query("DROP TABLE IF EXISTS `panel_sessions`;");
 	Update::lastStepStatus(0);
 	Froxlor::updateToVersion('2.1.0-beta2');
 }
 if (Froxlor::isFroxlorVersion('2.1.0-beta2')) {
 	Update::showUpdateStep("Updating from 2.1.0-beta2 to 2.1.0-rc1", false);
 	Froxlor::updateToVersion('2.1.0-rc1');
 }
 if (Froxlor::isFroxlorVersion('2.1.0-rc1')) {
 	Update::showUpdateStep("Updating from 2.1.0-rc1 to 2.1.0-rc2", false);
 	Update::showUpdateStep("Adjusting setting spf_entry");
 	$spf_entry = Settings::Get('spf.spf_entry');
 	if (!preg_match('/^v=spf[a-z0-9:~?\s.-]+$/i', $spf_entry)) {
 		Settings::Set('spf.spf_entry', 'v=spf1 a mx -all');
 		Update::lastStepStatus(1, 'corrected');
 	} else {
 		Update::lastStepStatus(0);
 	}
 	Froxlor::updateToVersion('2.1.0-rc2');
 }
 if (Froxlor::isDatabaseVersion('202305240')) {
 	Update::showUpdateStep("Adjusting file-template file extension setttings");
 	$current_fileextension = Settings::Get('system.index_file_extension');
 	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup`= 'system' AND `varname`= 'index_file_extension'");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_TEMPLATES . "` ADD `file_extension` varchar(50) NOT NULL default 'html';");
 	if (!empty(trim($current_fileextension)) && strtolower(trim($current_fileextension)) != 'html') {
 		$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `file_extension` = :ext WHERE `templategroup` = 'files'");
 		Database::pexecute($stmt, ['ext' => strtolower(trim($current_fileextension))]);
 	}
 	Update::lastStepStatus(0);
 	Froxlor::updateToDbVersion('202311260');
 }
 if (Froxlor::isFroxlorVersion('2.1.0-rc2')) {
 	Update::showUpdateStep("Updating from 2.1.0-rc2 to 2.1.0-rc3", false);
 	Froxlor::updateToVersion('2.1.0-rc3');
 }
 if (Froxlor::isDatabaseVersion('202311260')) {
 	Update::showUpdateStep("Cleaning up old files");
 	$to_clean = array(
 		"install/updates/froxlor/update_2.x.inc.php",
 		"install/updates/preconfig/preconfig_2.x.inc.php",
 		"lib/Froxlor/Api/Commands/CustomerBackups.php",
 		"lib/Froxlor/Cli/Action",
 		"lib/Froxlor/Cli/Action.php",
 		"lib/Froxlor/Cli/CmdLineHandler.php",
 		"lib/Froxlor/Cli/ConfigServicesCmd.php",
 		"lib/Froxlor/Cli/PhpSessioncleanCmd.php",
 		"lib/Froxlor/Cli/SwitchServerIpCmd.php",
 		"lib/Froxlor/Cli/UpdateCliCmd.php",
 		"lib/Froxlor/Cron/System/BackupCron.php",
 		"lib/formfields/customer/extras/formfield.backup.php",
 		"lib/tablelisting/customer/tablelisting.backups.php",
 		"templates/Froxlor/assets/mix-manifest.json",
 		"templates/Froxlor/assets/css",
 		"templates/Froxlor/assets/webfonts",
 		"templates/Froxlor/assets/js/main.js",
 		"templates/Froxlor/assets/js/main.js.LICENSE.txt",
 		"templates/Froxlor/src",
 		"templates/Froxlor/user/change_language.html.twig",
 		"templates/Froxlor/user/change_password.html.twig",
 		"templates/Froxlor/user/change_theme.html.twig",
 		"tests/Backup/CustomerBackupsTest.php"
 	);
 	$disabled = explode(',', ini_get('disable_functions'));
 	$exec_allowed = !in_array('exec', $disabled);
 	$del_list = "";
 	foreach ($to_clean as $filedir) {
 		$complete_filedir = Froxlor::getInstallDir() . $filedir;
 		if (file_exists($complete_filedir)) {
 			if ($exec_allowed) {
 				FileDir::safe_exec("rm -rf " . escapeshellarg($complete_filedir));
 			} else {
 				$del_list .= "rm -rf " . escapeshellarg($complete_filedir) . PHP_EOL;
 			}
 		}
 	}
 	if ($exec_allowed) {
 		Update::lastStepStatus(0);
 	} else {
 		if (empty($del_list)) {
 			// none of the files existed
 			Update::lastStepStatus(0);
 		} else {
 			Update::lastStepStatus(
                1,
                'manual commands needed',
                'Please run the following commands manually:<br><pre>' . $del_list . '</pre>'
            );
 		}
 	}
 	Froxlor::updateToDbVersion('202312050');
 }
 if (Froxlor::isFroxlorVersion('2.1.0-rc3')) {
 	Update::showUpdateStep("Updating from 2.1.0-rc3 to 2.1.0 stable", false);
 	Froxlor::updateToVersion('2.1.0');
 }
 if (Froxlor::isFroxlorVersion('2.1.0')) {
 	Update::showUpdateStep("Updating from 2.1.0 to 2.1.1", false);
 	Froxlor::updateToVersion('2.1.1');
 }
 if (Froxlor::isDatabaseVersion('202312050')) {
 	Update::showUpdateStep("Cleaning up old files");
 	$to_clean = array(
 		"lib/configfiles/centos7.xml",
 		"lib/configfiles/centos8.xml",
 		"lib/configfiles/stretch.xml",
 		"lib/configfiles/xenial.xml",
 		"lib/configfiles/buster.xml",
 		"lib/configfiles/bionic.xml",
 	);
 	$disabled = explode(',', ini_get('disable_functions'));
 	$exec_allowed = !in_array('exec', $disabled);
 	$del_list = "";
 	foreach ($to_clean as $filedir) {
 		$complete_filedir = Froxlor::getInstallDir() . $filedir;
 		if (file_exists($complete_filedir)) {
 			if ($exec_allowed) {
 				FileDir::safe_exec("rm -rf " . escapeshellarg($complete_filedir));
 			} else {
 				$del_list .= "rm -rf " . escapeshellarg($complete_filedir) . PHP_EOL;
 			}
 		}
 	}
 	if ($exec_allowed) {
 		Update::lastStepStatus(0);
 	} else {
 		if (empty($del_list)) {
 			// none of the files existed
 			Update::lastStepStatus(0);
 		} else {
 			Update::lastStepStatus(
 				1,
 				'manual commands needed',
 				'Please run the following commands manually:<br><pre>' . $del_list . '</pre>'
 			);
 		}
 	}
 	Froxlor::updateToDbVersion('202312100');
 }
 if (Froxlor::isDatabaseVersion('202312100')) {
 	Update::showUpdateStep("Adjusting table row format of larger tables");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_ADMINS . "` ROW_FORMAT=DYNAMIC;");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ROW_FORMAT=DYNAMIC;");
 	Update::lastStepStatus(0);
 	Froxlor::updateToDbVersion('202312120');
 }
 if (Froxlor::isFroxlorVersion('2.1.1')) {
 	Update::showUpdateStep("Updating from 2.1.1 to 2.1.2", false);
 	Froxlor::updateToVersion('2.1.2');
 }
 if (Froxlor::isFroxlorVersion('2.1.2')) {
 	Update::showUpdateStep("Updating from 2.1.2 to 2.1.3", false);
 	Froxlor::updateToVersion('2.1.3');
 }
 if (Froxlor::isFroxlorVersion('2.1.3')) {
 	Update::showUpdateStep("Updating from 2.1.3 to 2.1.4", false);
 	Froxlor::updateToVersion('2.1.4');
 }
 if (Froxlor::isFroxlorVersion('2.1.4')) {
 	Update::showUpdateStep("Updating from 2.1.4 to 2.1.5", false);
 	Froxlor::updateToVersion('2.1.5');
 }
 if (Froxlor::isFroxlorVersion('2.1.5')) {
 	Update::showUpdateStep("Updating from 2.1.5 to 2.1.6", false);
 	Froxlor::updateToVersion('2.1.6');
 }
 if (Froxlor::isFroxlorVersion('2.1.6')) {
 	Update::showUpdateStep("Updating from 2.1.6 to 2.1.7", false);
 	Froxlor::updateToVersion('2.1.7');
 }
 if (Froxlor::isFroxlorVersion('2.1.7')) {
 	Update::showUpdateStep("Updating from 2.1.7 to 2.1.8", false);
 	Froxlor::updateToVersion('2.1.8');
 }
--- a/install/updates/preconfig/preconfig_2.0.inc.php
+++ b/install/updates/preconfig/preconfig_2.0.inc.php
@@ -30,7 +30,7 @@ use Froxlor\Install\Update;
 use Froxlor\Settings;
 $preconfig = [
-	'title' => '2.x updates',
+	'title' => '2.0.x updates',
 	'fields' => []
 ];
 $return = [];
@@ -54,7 +54,7 @@ if (Update::versionInUpdate($current_version, '2.0.0-beta1')) {
 	$config_dir = FileDir::makeCorrectDir(Froxlor::getInstallDir() . '/lib/configfiles/');
 	// show list of available distro's
 	$distros = glob($config_dir . '*.xml');
-	$distributions_select[''] = '-';
+	// selection is required $distributions_select[''] = '-';
 	// read in all the distros
 	foreach ($distros as $_distribution) {
 		// get configparser object
--- a/install/updates/preconfig/preconfig_2.1.inc.php
+++ b/install/updates/preconfig/preconfig_2.1.inc.php
@@ -0,0 +1,43 @@
 <?php
 /**
 * This file is part of the Froxlor project.
 * Copyright (c) 2010 the Froxlor Team (see authors).
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, you can also view it online at
 * https://files.froxlor.org/misc/COPYING.txt
 *
 * @copyright  the authors
 * @author     Froxlor team <team@froxlor.org>
 * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
 */
 use Froxlor\Froxlor;
 use Froxlor\FileDir;
 use Froxlor\Config\ConfigParser;
 use Froxlor\Install\Update;
 use Froxlor\Settings;
 $preconfig = [
 	'title' => '2.1.x updates',
 	'fields' => []
 ];
 $return = [];
 if (Update::versionInUpdate($current_version, '2.1.0-dev1')) {
 }
 $preconfig['fields'] = $return;
 return $preconfig;
--- a/install/updatesql.php
+++ b/install/updatesql.php
@@ -53,7 +53,8 @@ try {
 if (Froxlor::isFroxlor()) {
 	include_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_0.10.inc.php'));
-	include_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.x.inc.php'));
+	include_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.0.inc.php'));
 	include_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.1.inc.php'));
 	// Check Froxlor - database integrity (only happens after all updates are done, so we know the db-layout is okay)
 	Update::showUpdateStep("Checking database integrity");
--- a/lib/Froxlor/Api/Api.php
+++ b/lib/Froxlor/Api/Api.php
@@ -26,6 +26,7 @@
 namespace Froxlor\Api;
 use Exception;
 use Froxlor\Http\RateLimiter;
 use Froxlor\Settings;
 use voku\helper\AntiXSS;
@@ -52,6 +53,8 @@ class Api
 		if (Settings::Get('api.enabled') != 1) {
 			throw new Exception('API is not enabled. Please contact the administrator if you think this is wrong.', 400);
 		}
 		RateLimiter::run();
 	}
 	/**
--- a/lib/Froxlor/Api/ApiCommand.php
+++ b/lib/Froxlor/Api/ApiCommand.php
@@ -272,7 +272,8 @@ abstract class ApiCommand extends ApiParameter
 			$ops = [
 				'<',
 				'>',
-				'='
+				'=',
 				'<>'
 			];
 			$first = true;
 			foreach ($search as $field => $valoper) {
@@ -396,6 +397,7 @@ abstract class ApiCommand extends ApiParameter
 			$nat_fields = [
 				'`c`.`loginname`',
 				'`c`.`name`',
 				'`a`.`loginname`',
 				'`adminname`',
 				'`databasename`',
--- a/lib/Froxlor/Api/ApiParameter.php
+++ b/lib/Froxlor/Api/ApiParameter.php
@@ -39,12 +39,12 @@ abstract class ApiParameter
 	/**
 	 *
-	 * @param array $params
+	 * @param array|null $params
 	 *            optional, array of parameters (var=>value) for the command
 	 *
 	 * @throws Exception
 	 */
-	public function __construct($params = null)
+	public function __construct(array $params = null)
 	{
 		if (!is_null($params)) {
 			$params = $this->trimArray($params);
@@ -57,7 +57,7 @@ abstract class ApiParameter
 	 *
 	 * @param array $input
 	 *
-	 * @return array
+	 * @return string|array
 	 */
 	private function trimArray($input)
 	{
@@ -79,9 +79,9 @@ abstract class ApiParameter
 	/**
 	 * get specific parameter which also has and unlimited-field
 	 *
-	 * @param string $param
+	 * @param string|null $param
 	 *            parameter to get out of the request-parameter list
-	 * @param string $ul_field
+	 * @param string|null $ul_field
 	 *            parameter to get out of the request-parameter list
 	 * @param bool $optional
 	 *            default: false
@@ -91,7 +91,7 @@ abstract class ApiParameter
 	 * @return mixed
 	 * @throws Exception
 	 */
-	protected function getUlParam($param = null, $ul_field = null, $optional = false, $default = 0)
+	protected function getUlParam(string $param = null, string $ul_field = null, bool $optional = false, $default = 0)
 	{
 		$param_value = (int)$this->getParam($param, $optional, $default);
 		$ul_field_value = $this->getBoolParam($ul_field, true, 0);
@@ -102,11 +102,11 @@ abstract class ApiParameter
 	}
 	/**
-	 * get specific parameter from the parameterlist;
+	 * get specific parameter from the parameter list;
 	 * check for existence and != empty if needed.
 	 * Maybe more in the future
 	 *
-	 * @param string $param
+	 * @param string|null $param
 	 *            parameter to get out of the request-parameter list
 	 * @param bool $optional
 	 *            default: false
@@ -116,7 +116,7 @@ abstract class ApiParameter
 	 * @return mixed
 	 * @throws Exception
 	 */
-	protected function getParam($param = null, $optional = false, $default = '')
+	protected function getParam(string $param = null, bool $optional = false, $default = '')
 	{
 		// does it exist?
 		if (!isset($this->cmd_params[$param])) {
@@ -128,7 +128,7 @@ abstract class ApiParameter
 			return $default;
 		}
 		// is it empty? - test really on string, as value 0 is being seen as empty by php
-		if ($this->cmd_params[$param] === "") {
+		if (!is_array($this->cmd_params[$param]) && trim($this->cmd_params[$param]) === "") {
 			if ($optional === false) {
 				// get module + function for better error-messages
 				$inmod = $this->getModFunctionString();
@@ -142,7 +142,7 @@ abstract class ApiParameter
 	/**
 	 * returns "module::function()" for better error-messages (missing parameter etc.)
-	 * makes debugging a whole lot more comfortable
+	 * makes debugging a lot more comfortable
 	 *
 	 * @param int $level
 	 *            depth of backtrace, default 2
@@ -152,7 +152,7 @@ abstract class ApiParameter
 	 *
 	 * @return string
 	 */
-	private function getModFunctionString($level = 1, $max_level = 5, $trace = null)
+	private function getModFunctionString(int $level = 1, int $max_level = 5, $trace = null)
 	{
 		// which class called us
 		$_class = get_called_class();
@@ -174,7 +174,7 @@ abstract class ApiParameter
 	/**
 	 * getParam wrapper for boolean parameter
 	 *
-	 * @param string $param
+	 * @param string|null $param
 	 *            parameter to get out of the request-parameter list
 	 * @param bool $optional
 	 *            default: false
@@ -183,7 +183,7 @@ abstract class ApiParameter
 	 *
 	 * @return string
 	 */
-	protected function getBoolParam($param = null, $optional = false, $default = false)
+	protected function getBoolParam(string $param = null, bool $optional = false, $default = false)
 	{
 		$_default = '0';
 		if ($default) {
--- a/lib/Froxlor/Api/Commands/Admins.php
+++ b/lib/Froxlor/Api/Commands/Admins.php
@@ -95,7 +95,7 @@ class Admins extends ApiCommand implements ResourceEntity
 	public function listing()
 	{
 		if ($this->isAdmin() && $this->getUserDetail('change_serversettings') == 1) {
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] list admins");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] list admins");
 			$query_fields = [];
 			$result_stmt = Database::prepare("
 				SELECT *
@@ -407,7 +407,7 @@ class Admins extends ApiCommand implements ResourceEntity
 			];
 			$result = Database::pexecute_first($result_stmt, $params, true, true);
 			if ($result) {
-				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] get admin '" . $result['loginname'] . "'");
+				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] get admin '" . $result['loginname'] . "'");
 				return $this->response($result);
 			}
 			$key = ($id > 0 ? "id #" . $id : "loginname '" . $loginname . "'");
@@ -584,6 +584,18 @@ class Admins extends ApiCommand implements ResourceEntity
 					$theme = Settings::Get('panel.default_theme');
 				}
 				if (empty(trim($name))) {
 					Response::standardError([
 						'stringisempty',
 						'admin.name'
 					], '', true);
 				}
 				if (empty(trim($email))) {
 					Response::standardError([
 						'stringisempty',
 						'admin.email'
 					], '', true);
 				}
 				if (!Validate::validateEmail($email)) {
 					Response::standardError('emailiswrong', $email, true);
 				} else {
@@ -705,7 +717,7 @@ class Admins extends ApiCommand implements ResourceEntity
 						WHERE `adminid` = :adminid
 					");
 					Database::pexecute($upd_stmt, $upd_data, true, true);
-					$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] edited admin '" . $result['loginname'] . "'");
+					$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] edited admin '" . $result['loginname'] . "'");
 					// get all admin-data for return-array
 					$result = $this->apiCall('Admins.get', [
--- a/lib/Froxlor/Api/Commands/Certificates.php
+++ b/lib/Froxlor/Api/Commands/Certificates.php
@@ -97,7 +97,7 @@ class Certificates extends ApiCommand implements ResourceEntity
 		}
 		if (!$has_cert) {
 			$this->addOrUpdateCertificate($domain['id'], $ssl_cert_file, $ssl_key_file, $ssl_ca_file, $ssl_cert_chainfile, true);
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] added ssl-certificate for '" . $domain['domain'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added ssl-certificate for '" . $domain['domain'] . "'");
 			$result = $this->apiCall('Certificates.get', [
 				'id' => $domain['id']
 			]);
@@ -248,7 +248,7 @@ class Certificates extends ApiCommand implements ResourceEntity
 		$ssl_ca_file = $this->getParam('ssl_ca_file', true, '');
 		$ssl_cert_chainfile = $this->getParam('ssl_cert_chainfile', true, '');
 		$this->addOrUpdateCertificate($domain['id'], $ssl_cert_file, $ssl_key_file, $ssl_ca_file, $ssl_cert_chainfile, false);
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] updated ssl-certificate for '" . $domain['domain'] . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] updated ssl-certificate for '" . $domain['domain'] . "'");
 		$result = $this->apiCall('Certificates.get', [
 			'id' => $domain['id']
 		]);
@@ -470,7 +470,7 @@ class Certificates extends ApiCommand implements ResourceEntity
 			if ($chk['letsencrypt'] == '1') {
 				Cronjob::inserttask(TaskId::DELETE_DOMAIN_SSL, $chk['domain']);
 			}
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] removed ssl-certificate for '" . $chk['domain'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] removed ssl-certificate for '" . $chk['domain'] . "'");
 			return $this->response($result);
 		}
 		throw new Exception("Unable to determine SSL certificate. Maybe no access?", 406);
--- a/lib/Froxlor/Api/Commands/Cronjobs.php
+++ b/lib/Froxlor/Api/Commands/Cronjobs.php
@@ -147,7 +147,7 @@ class Cronjobs extends ApiCommand implements ResourceEntity
 			// insert task to re-generate the cron.d-file
 			Cronjob::inserttask(TaskId::REBUILD_CRON);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] cronjob with description '" . $result['module'] . '/' . $result['cronfile'] . "' has been updated by '" . $this->getUserDetail('loginname') . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] cronjob with description '" . $result['module'] . '/' . $result['cronfile'] . "' has been updated by '" . $this->getUserDetail('loginname') . "'");
 			$result = $this->apiCall('Cronjobs.get', [
 				'id' => $id
 			]);
@@ -177,7 +177,7 @@ class Cronjobs extends ApiCommand implements ResourceEntity
 	public function listing()
 	{
 		if ($this->isAdmin()) {
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] list cronjobs");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] list cronjobs");
 			$query_fields = [];
 			$result_stmt = Database::prepare("
 				SELECT `c`.* FROM `" . TABLE_PANEL_CRONRUNS . "` `c` " . $this->getSearchWhere($query_fields) . $this->getOrderBy() . $this->getLimit());
--- a/lib/Froxlor/Api/Commands/Customers.php
+++ b/lib/Froxlor/Api/Commands/Customers.php
@@ -100,7 +100,7 @@ class Customers extends ApiCommand implements ResourceEntity
 					AND `id`<> :stdd
 				");
 				$usages_stmt = Database::prepare("
-					SELECT * FROM `" . TABLE_PANEL_DISKSPACE . "`
+					SELECT webspace, mail, mysql FROM `" . TABLE_PANEL_DISKSPACE . "`
 					WHERE `customerid` = :cid
 					ORDER BY `stamp` DESC LIMIT 1
 				");
@@ -109,11 +109,10 @@ class Customers extends ApiCommand implements ResourceEntity
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				if ($show_usages) {
 					// get number of domains
-					Database::pexecute($domains_stmt, [
+					$domains = Database::pexecute_first($domains_stmt, [
 						'cid' => $row['customerid'],
 						'stdd' => $row['standardsubdomain']
 					]);
 					$domains = $domains_stmt->fetch(PDO::FETCH_ASSOC);
 					$row['domains'] = intval($domains['domains']);
 					// get disk-space usages for web, mysql and mail
 					$usages = Database::pexecute_first($usages_stmt, [
@@ -400,6 +399,13 @@ class Customers extends ApiCommand implements ResourceEntity
 				}
 				$allowed_phpconfigs = array_map('intval', $allowed_phpconfigs);
 				if (empty($allowed_phpconfigs) && $phpenabled == 1) {
 					// only required if not using mod_php
 					if ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
 						Response::standardError('customerphpenabledbutnoconfig', '', true);
 					}
 				}
 				$allowed_mysqlserver = array();
 				if (! empty($p_allowed_mysqlserver) && is_array($p_allowed_mysqlserver)) {
 					foreach ($p_allowed_mysqlserver as $allowed_ms) {
@@ -895,7 +901,7 @@ class Customers extends ApiCommand implements ResourceEntity
 					$result['dbspace_used'] = 0;
 				}
 			}
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] get customer '" . $result['loginname'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get customer '" . $result['loginname'] . "'");
 			return $this->response($result);
 		}
 		$key = ($id > 0 ? "id #" . $id : "loginname '" . $loginname . "'");
@@ -1050,7 +1056,7 @@ class Customers extends ApiCommand implements ResourceEntity
 			$email = $this->getParam('email', true, $idna_convert->decode($result['email']));
 			$name = $this->getParam('name', true, $result['name']);
 			$firstname = $this->getParam('firstname', true, $result['firstname']);
-			$company_required = empty($result['company']) && ((!empty($name) && empty($firstname)) || (empty($name) && !empty($firstname)) || (empty($name) && empty($firstname)));
+			$company_required = (!empty($name) && empty($firstname)) || (empty($name) && !empty($firstname)) || (empty($name) && empty($firstname));
 			$company = $this->getParam('company', !$company_required, $result['company']);
 			$street = $this->getParam('street', true, $result['street']);
 			$zipcode = $this->getParam('zipcode', true, $result['zipcode']);
@@ -1110,6 +1116,12 @@ class Customers extends ApiCommand implements ResourceEntity
 			if (!empty($allowed_phpconfigs)) {
 				$allowed_phpconfigs = array_map('intval', $allowed_phpconfigs);
 			}
 			if (empty($allowed_phpconfigs) && $phpenabled == 1) {
 				// only required if not using mod_php
 				if ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
 					Response::standardError('customerphpenabledbutnoconfig', '', true);
 				}
 			}
 			// add permission for allowed mysql usage if customer was not allowed to use mysql prior
 			if ($result['mysqls'] == 0 && ($mysqls == -1 || $mysqls > 0)) {
@@ -1118,6 +1130,7 @@ class Customers extends ApiCommand implements ResourceEntity
 			if (! empty($allowed_mysqlserver)) {
 				$allowed_mysqlserver = array_map('intval', $allowed_mysqlserver);
 			}
 		}
 		$def_language = Validate::validate($def_language, 'default language', '', '', [], true);
 		$theme = Validate::validate($theme, 'theme', '', '', [], true);
@@ -1327,7 +1340,7 @@ class Customers extends ApiCommand implements ResourceEntity
 					'vu' => $valid_until
 				], true, true);
-				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] " . ($deactivated ? 'deactivated' : 'reactivated') . " user '" . $result['loginname'] . "'");
+				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] " . ($deactivated ? 'deactivated' : 'reactivated') . " user '" . $result['loginname'] . "'");
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
@@ -1538,7 +1551,7 @@ class Customers extends ApiCommand implements ResourceEntity
 			Database::query($admin_update_query);
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] edited user '" . $result['loginname'] . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] edited user '" . $result['loginname'] . "'");
 		/*
 		 * move customer to another admin/reseller; #1166
@@ -1911,7 +1924,7 @@ class Customers extends ApiCommand implements ResourceEntity
 			// now, recalculate the resource-usage for the old and the new admin
 			User::updateCounters(false);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] moved user '" . $c_result['loginname'] . "' from admin/reseller '" . $c_result['adminname'] . " to admin/reseller '" . $a_result['loginname'] . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] moved user '" . $c_result['loginname'] . "' from admin/reseller '" . $c_result['adminname'] . " to admin/reseller '" . $a_result['loginname'] . "'");
 			$result = $this->apiCall('Customers.get', [
 				'id' => $c_result['customerid']
--- a/lib/Froxlor/Api/Commands/CustomerBackups.php
+++ b/lib/Froxlor/Api/Commands/CustomerBackups.php
@@ -41,20 +41,22 @@ use PDO;
 /**
 * @since 0.10.0
 */
-class CustomerBackups extends ApiCommand implements ResourceEntity
+class DataDump extends ApiCommand implements ResourceEntity
 {
 	/**
-	 * add a new customer backup job
+	 * add a new data dump job
 	 *
 	 * @param string $path
-	 *            path to store the backup to
+	 *            path to store the dumped data to
-	 * @param bool $backup_dbs
+	 * @param string $pgp_public_key
-	 *            optional whether to backup databases, default is 0 (false)
+	 *            optional pgp public key to encrypt the archive, default is empty
-	 * @param bool $backup_mail
+	 * @param bool $dump_dbs
-	 *            optional whether to backup mail-data, default is 0 (false)
+	 *            optional whether to include databases, default is 0 (false)
-	 * @param bool $backup_web
+	 * @param bool $dump_mail
-	 *            optional whether to backup web-data, default is 0 (false)
+	 *            optional whether to include mail-data, default is 0 (false)
 	 * @param bool $dump_web
 	 *            optional whether to incoude web-data, default is 0 (false)
 	 * @param int $customerid
 	 *            optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
@@ -72,9 +74,10 @@ class CustomerBackups extends ApiCommand implements ResourceEntity
 		$path = $this->getParam('path');
 		// parameter
-		$backup_dbs = $this->getBoolParam('backup_dbs', true, 0);
+		$pgp_public_key = $this->getParam('pgp_public_key', true, '');
-		$backup_mail = $this->getBoolParam('backup_mail', true, 0);
+		$dump_dbs = $this->getBoolParam('dump_dbs', true, 0);
-		$backup_web = $this->getBoolParam('backup_web', true, 0);
+		$dump_mail = $this->getBoolParam('dump_mail', true, 0);
 		$dump_web = $this->getBoolParam('dump_web', true, 0);
 		// get customer data
 		$customer = $this->getCustomerData();
@@ -86,19 +89,32 @@ class CustomerBackups extends ApiCommand implements ResourceEntity
 		// path cannot be the customers docroot
 		if ($path == FileDir::makeCorrectDir($customer['documentroot'])) {
-			Response::standardError('backupfoldercannotbedocroot', '', true);
+			Response::standardError('dumpfoldercannotbedocroot', '', true);
 		}
-		if ($backup_dbs != '1') {
+		// pgp public key validation
-			$backup_dbs = '0';
+		if (!empty($pgp_public_key)) {
 			// check if gnupg extension is loaded
 			if (!extension_loaded('gnupg')) {
 				Response::standardError('gnupgextensionnotavailable', '', true);
 			}
 			// check if the pgp public key is a valid key
 			putenv('GNUPGHOME='.sys_get_temp_dir());
 			if (gnupg_import(gnupg_init(), $pgp_public_key) === false) {
 				Response::standardError('invalidpgppublickey', '', true);
 			}
 		}
-		if ($backup_mail != '1') {
+		if ($dump_dbs != '1') {
-			$backup_mail = '0';
+			$dump_dbs = '0';
 		}
-		if ($backup_web != '1') {
+		if ($dump_mail != '1') {
-			$backup_web = '0';
+			$dump_mail = '0';
 		}
 		if ($dump_web != '1') {
 			$dump_web = '0';
 		}
 		$task_data = [
@@ -107,61 +123,63 @@ class CustomerBackups extends ApiCommand implements ResourceEntity
 			'gid' => $customer['guid'],
 			'loginname' => $customer['loginname'],
 			'destdir' => $path,
-			'backup_dbs' => $backup_dbs,
+			'pgp_public_key' => $pgp_public_key,
-			'backup_mail' => $backup_mail,
+			'dump_dbs' => $dump_dbs,
-			'backup_web' => $backup_web
+			'dump_mail' => $dump_mail,
 			'dump_web' => $dump_web
 		];
 		// schedule backup job
 		Cronjob::inserttask(TaskId::CREATE_CUSTOMER_BACKUP, $task_data);
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added customer-backup job for '" . $customer['loginname'] . "'. Target directory: " . $userpath);
+		// schedule export job
 		Cronjob::inserttask(TaskId::CREATE_CUSTOMER_DATADUMP, $task_data);
 		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added customer data export job for '" . $customer['loginname'] . "'. Target directory: " . $userpath);
 		return $this->response($task_data);
 	}
 	/**
-	 * check whether backup is enabled systemwide and if accessible for customer (hide_options)
+	 * check whether data dump is enabled systemwide and if accessible for customer (hide_options)
 	 *
 	 * @throws Exception
 	 */
 	private function validateAccess()
 	{
-		if (Settings::Get('system.backupenabled') != 1) {
+		if (Settings::Get('system.exportenabled') != 1) {
 			throw new Exception("You cannot access this resource", 405);
 		}
 		if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras')) {
 			throw new Exception("You cannot access this resource", 405);
 		}
-		if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.backup')) {
+		if ($this->isAdmin() == false && Settings::IsInList('panel.customer_hide_options', 'extras.export')) {
 			throw new Exception("You cannot access this resource", 405);
 		}
 	}
 	/**
-	 * You cannot get a planned backup.
+	 * You cannot get a planned data export.
-	 * Try CustomerBackups.listing()
+	 * Try DataDump.listing()
 	 */
 	public function get()
 	{
-		throw new Exception('You cannot get a planned backup. Try CustomerBackups.listing()', 303);
+		throw new Exception('You cannot get a planned data export. Try DataDump.listing()', 303);
 	}
 	/**
-	 * You cannot update a planned backup.
+	 * You cannot update a planned data export.
 	 * You need to delete it and re-add it.
 	 */
 	public function update()
 	{
-		throw new Exception('You cannot update a planned backup. You need to delete it and re-add it.', 303);
+		throw new Exception('You cannot update a planned data export. You need to delete it and re-add it.', 303);
 	}
 	/**
-	 * list all planned backup-jobs, if called from an admin, list all planned backup-jobs of all customers you are
+	 * list all planned data export jobs, if called from an admin, list all planned data export jobs of all customers you are
 	 * allowed to view, or specify id or loginname for one specific customer
 	 *
 	 * @param int $customerid
-	 *            optional, admin-only, select backup-jobs of a specific customer by id
+	 *            optional, admin-only, select data export jobs of a specific customer by id
 	 * @param string $loginname
-	 *            optional, admin-only, select backup-jobs of a specific customer by loginname
+	 *            optional, admin-only, select data export jobs of a specific customer by loginname
 	 * @param array $sql_search
 	 *            optional array with index = fieldname, and value = array with 'op' => operator (one of <, > or =),
 	 *            LIKE is used if left empty and 'value' => searchvalue
@@ -181,9 +199,9 @@ class CustomerBackups extends ApiCommand implements ResourceEntity
 	{
 		$this->validateAccess();
-		$customer_ids = $this->getAllowedCustomerIds('extras.backup');
+		$customer_ids = $this->getAllowedCustomerIds('extras.export');
-		// check whether there is a backup-job for this customer
+		// check whether there is a data export job for this customer
 		$query_fields = [];
 		$sel_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` = '20'" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());
 		Database::pexecute($sel_stmt, $query_fields, true, true);
@@ -194,7 +212,7 @@ class CustomerBackups extends ApiCommand implements ResourceEntity
 				$result[] = $entry;
 			}
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] list customer-backups");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] list customer data dump jobs");
 		return $this->response([
 			'count' => count($result),
 			'list' => $result
@@ -202,12 +220,12 @@ class CustomerBackups extends ApiCommand implements ResourceEntity
 	}
 	/**
-	 * returns the total number of planned backups
+	 * returns the total number of planned data exports
 	 *
 	 * @param int $customerid
-	 *            optional, admin-only, select backup-jobs of a specific customer by id
+	 *            optional, admin-only, select data export jobs of a specific customer by id
 	 * @param string $loginname
-	 *            optional, admin-only, select backup-jobs of a specific customer by loginname
+	 *            optional, admin-only, select data export jobs of a specific customer by loginname
 	 *
 	 * @access admin, customer
 	 * @return string json-encoded response message
@@ -217,9 +235,9 @@ class CustomerBackups extends ApiCommand implements ResourceEntity
 	{
 		$this->validateAccess();
-		$customer_ids = $this->getAllowedCustomerIds('extras.backup');
+		$customer_ids = $this->getAllowedCustomerIds('extras.export');
-		// check whether there is a backup-job for this customer
+		// check whether there is a data export job for this customer
 		$result_count = 0;
 		$sel_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` = '20'");
 		Database::pexecute($sel_stmt, null, true, true);
@@ -233,10 +251,10 @@ class CustomerBackups extends ApiCommand implements ResourceEntity
 	}
 	/**
-	 * delete a planned backup-jobs by id, if called from an admin you need to specify the customerid/loginname
+	 * delete a planned data export jobs by id, if called from an admin you need to specify the customerid/loginname
 	 *
-	 * @param int $backup_job_entry
+	 * @param int $job_entry
-	 *            id of backup job
+	 *            id of data export job
 	 * @param int $customerid
 	 *            optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
@@ -248,26 +266,26 @@ class CustomerBackups extends ApiCommand implements ResourceEntity
 	 */
 	public function delete()
 	{
-		// get planned backups
+		// get planned exports
-		$result = $this->apiCall('CustomerBackups.listing', $this->getParamList());
+		$result = $this->apiCall('DataDump.listing', $this->getParamList());
-		$entry = $this->getParam('backup_job_entry');
+		$entry = $this->getParam('job_entry');
-		$customer_ids = $this->getAllowedCustomerIds('extras.backup');
+		$customer_ids = $this->getAllowedCustomerIds('extras.export');
 		if ($result['count'] > 0 && $entry > 0) {
 			// prepare statement
 			$del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TASKS . "` WHERE `id` = :tid");
 			// check for the correct job
-			foreach ($result['list'] as $backupjob) {
+			foreach ($result['list'] as $exportjob) {
-				if ($backupjob['id'] == $entry && in_array($backupjob['data']['customerid'], $customer_ids)) {
+				if ($exportjob['id'] == $entry && in_array($exportjob['data']['customerid'], $customer_ids)) {
 					Database::pexecute($del_stmt, [
 						'tid' => $entry
 					], true, true);
-					$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] deleted planned customer-backup #" . $entry);
+					$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] deleted planned customer data export job #" . $entry);
 					return $this->response(true);
 				}
 			}
 		}
-		throw new Exception('Backup job with id #' . $entry . ' could not be found', 404);
+		throw new Exception('Data export job with id #' . $entry . ' could not be found', 404);
 	}
 }
--- a/lib/Froxlor/Api/Commands/DirOptions.php
+++ b/lib/Froxlor/Api/Commands/DirOptions.php
@@ -93,7 +93,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
 		// validation
 		$path = FileDir::makeCorrectDir(Validate::validate($path, 'path', Validate::REGEX_DIR, '', [], true));
 		$userpath = $path;
-		$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);
+		$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);
 		if (!empty($error404path)) {
 			$error404path = $this->correctErrorDocument($error404path, true);
@@ -144,7 +144,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
 		];
 		Database::pexecute($stmt, $params, true, true);
 		$id = Database::lastInsertId();
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] added directory-option for '" . $userpath . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added directory-option for '" . $userpath . "'");
 		Cronjob::inserttask(TaskId::REBUILD_VHOST);
 		$result = $this->apiCall('DirOptions.get', [
@@ -247,7 +247,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
 		$params['id'] = $id;
 		$result = Database::pexecute_first($result_stmt, $params, true, true);
 		if ($result) {
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] get directory options for '" . $result['path'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get directory options for '" . $result['path'] . "'");
 			return $this->response($result);
 		}
 		$key = "id #" . $id;
@@ -331,7 +331,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
 				"id" => $id
 			];
 			Database::pexecute($stmt, $params, true, true);
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] edited directory options for '" . str_replace($customer['documentroot'], '/', $result['path']) . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] edited directory options for '" . str_replace($customer['documentroot'], '/', $result['path']) . "'");
 		}
 		$result = $this->apiCall('DirOptions.get', [
@@ -379,7 +379,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$result[] = $row;
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] list directory-options");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] list directory-options");
 		return $this->response([
 			'count' => count($result),
 			'list' => $result
@@ -478,7 +478,7 @@ class DirOptions extends ApiCommand implements ResourceEntity
 			"customerid" => $customer_data['customerid'],
 			"id" => $id
 		], true, true);
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] deleted directory-option for '" . str_replace($customer_data['documentroot'], '/', $result['path']) . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] deleted directory-option for '" . str_replace($customer_data['documentroot'], '/', $result['path']) . "'");
 		Cronjob::inserttask(TaskId::REBUILD_VHOST);
 		return $this->response($result);
 	}
--- a/lib/Froxlor/Api/Commands/DirProtections.php
+++ b/lib/Froxlor/Api/Commands/DirProtections.php
@@ -84,7 +84,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
 		// validation
 		$path = FileDir::makeCorrectDir(Validate::validate($path, 'path', Validate::REGEX_DIR, '', [], true));
-		$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);
+		$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);
 		$username = Validate::validate($username, 'username', '/^[a-zA-Z0-9][a-zA-Z0-9\-_]+\$?$/', '', [], true);
 		$authname = Validate::validate($authname, 'directory_authname', '/^[a-zA-Z0-9][a-zA-Z0-9\-_ ]+\$?$/', '', [], true);
 		$password = Validate::validate($password, 'password', '', '', [], true);
@@ -129,7 +129,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
 		];
 		Database::pexecute($stmt, $params, true, true);
 		$id = Database::lastInsertId();
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] added directory-protection for '" . $username . " (" . $path . ")'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added directory-protection for '" . $username . " (" . $path . ")'");
 		Cronjob::inserttask(TaskId::REBUILD_VHOST);
 		$result = $this->apiCall('DirProtections.get', [
@@ -196,7 +196,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
 		$params['idun'] = ($id <= 0 ? $username : $id);
 		$result = Database::pexecute_first($result_stmt, $params, true, true);
 		if ($result) {
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] get directory protection for '" . $result['path'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get directory protection for '" . $result['path'] . "'");
 			return $this->response($result);
 		}
 		$key = ($id > 0 ? "id #" . $id : "username '" . $username . "'");
@@ -279,7 +279,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
 			Cronjob::inserttask(TaskId::REBUILD_VHOST);
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] updated directory-protection '" . $result['username'] . " (" . $result['path'] . ")'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] updated directory-protection '" . $result['username'] . " (" . $result['path'] . ")'");
 		$result = $this->apiCall('DirProtections.get', [
 			'id' => $result['id']
 		]);
@@ -325,7 +325,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$result[] = $row;
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] list directory-protections");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] list directory-protections");
 		return $this->response([
 			'count' => count($result),
 			'list' => $result
@@ -413,7 +413,7 @@ class DirProtections extends ApiCommand implements ResourceEntity
 			"id" => $id
 		]);
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] deleted htpasswd for '" . $result['username'] . " (" . $result['path'] . ")'");
 		Cronjob::inserttask(TaskId::REBUILD_VHOST);
 		return $this->response($result);
 	}
--- a/lib/Froxlor/Api/Commands/DomainZones.php
+++ b/lib/Froxlor/Api/Commands/DomainZones.php
@@ -302,6 +302,8 @@ class DomainZones extends ApiCommand implements ResourceEntity
 			}
 		} elseif ($type == 'SSHFP' && !empty($content)) {
 			$content = $content;
 		} elseif ($type == 'TLSA' && !empty($content)) {
 			$content = $content;
 		} elseif ($type == 'TXT' && !empty($content)) {
 			// check that TXT content is enclosed in " "
 			$content = Dns::encloseTXTContent($content);
@@ -413,7 +415,7 @@ class DomainZones extends ApiCommand implements ResourceEntity
 		$zone = Dns::createDomainZone($id);
 		$zonefile = (string)$zone;
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] get dns-zone for '" . $result['domain'] . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get dns-zone for '" . $result['domain'] . "'");
 		return $this->response(explode("\n", $zonefile));
 	}
--- a/lib/Froxlor/Api/Commands/Domains.php
+++ b/lib/Froxlor/Api/Commands/Domains.php
@@ -76,7 +76,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			$query_fields = [];
 			$result_stmt = Database::prepare("
 				SELECT
-				`d`.*, `c`.`loginname`, `c`.`deactivated`, `c`.`name`, `c`.`firstname`, `c`.`company`, `c`.`standardsubdomain`, `c`.`adminid` as customeradmin,
+				`d`.*, `c`.`loginname`, `c`.`deactivated` as `customer_deactivated`, `c`.`name`, `c`.`firstname`, `c`.`company`, `c`.`standardsubdomain`, `c`.`adminid` as customeradmin,
 				`ad`.`id` AS `aliasdomainid`, `ad`.`domain` AS `aliasdomain`
 				FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 				LEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING(`customerid`)
@@ -110,7 +110,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *
 	 * @param number $domain_id
 	 * @param bool $ssl_only
-	 *            optional, return only ssl enabled ip's, default false
+	 *            optional, return only ssl enabled ips, default false
 	 * @return array
 	 */
 	private function getIpsForDomain($domain_id = 0, $ssl_only = false)
@@ -190,9 +190,6 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            optional, whether to create an exclusive web-logfile for this domain, default 0 (false)
 	 * @param int $alias
 	 *            optional, domain-id of a domain that the new domain should be an alias of, default 0 (none)
 	 * @param int $issubof
 	 *            optional, domain-id of a domain this domain is a subdomain of (required for webserver-cronjob to
 	 *            generate the correct order), default 0 (none)
 	 * @param string $registration_date
 	 *            optional, date of domain registration in form of YYYY-MM-DD, default empty (none)
 	 * @param string $termination_date
@@ -210,7 +207,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 * @param string $ssl_specialsettings
 	 *            optional, custom webserver vhost-content which is added to the generated ssl-vhost, default empty
 	 * @param bool $include_specialsettings
-	 *            optional, whether or not to include non-ssl specialsettings in the generated ssl-vhost, default false
+	 *            optional, whether to include non-ssl specialsettings in the generated ssl-vhost, default false
 	 * @param bool $notryfiles
 	 *            optional, [nginx only] do not generate the default try-files directive, default 0 (false)
 	 * @param bool $writeaccesslog
@@ -219,12 +216,14 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            optional, Enable writing an error-log file for this domain, default 1 (true)
 	 * @param string $documentroot
 	 *            optional, specify homedir of domain by specifying a directory (relative to customer-docroot), be
-	 *            aware, if path starts with / it it considered a full path, not relative to customer-docroot. Also
+	 *            aware, if path starts with / it is considered a full path, not relative to customer-docroot. Also
 	 *            specifying a URL is possible here (redirect), default empty (autogenerated)
 	 * @param bool $phpenabled
 	 *            optional, whether php is enabled for this domain, default 0 (false)
 	 * @param bool $openbasedir
 	 *            optional, whether to activate openbasedir restriction for this domain, default 0 (false)
 	 * @param int $openbasedir_path
 	 *            optional, either 0 for domains-docroot, 1 for customers-homedir or 2 for parent-directory of domains-docroot
 	 * @param int $phpsettingid
 	 *            optional, specify php-configuration that is being used by id, default 1 (system-default)
 	 * @param int $mod_fcgid_starter
@@ -242,7 +241,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            optional, do NOT set the systems default ssl ip addresses if none are given via $ssl_ipandport
 	 *            parameter
 	 * @param bool $sslenabled
-	 *            optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default
+	 *            optional, whether SSL is enabled for this domain, regardless of the assigned ssl-ips, default
 	 *            1 (true)
 	 * @param bool $http2
 	 *            optional, whether to enable http/2 for this domain (requires to be enabled in the settings), default
@@ -250,9 +249,9 @@ class Domains extends ApiCommand implements ResourceEntity
 	 * @param int $hsts_maxage
 	 *            optional max-age value for HSTS header
 	 * @param bool $hsts_sub
-	 *            optional whether or not to add subdomains to the HSTS header
+	 *            optional whether to add subdomains to the HSTS header
 	 * @param bool $hsts_preload
-	 *            optional whether or not to preload HSTS header value
+	 *            optional whether to preload HSTS header value
 	 * @param bool $ocsp_stapling
 	 *            optional whether to enable ocsp-stapling for this domain. default 0 (false), requires SSL
 	 * @param bool $honorcipherorder
@@ -261,7 +260,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            optional whether to enable or disable TLS sessiontickets (RFC 5077) for this domain. default 1
 	 *            (true), requires SSL
 	 * @param bool $override_tls
-	 *            optional whether or not to override system-tls settings like protocol, ssl-ciphers and if applicable
+	 *            optional whether to override system-tls settings like protocol, ssl-ciphers and if applicable
 	 *            tls-1.3 ciphers, requires change_serversettings flag for the admin, default false
 	 * @param array $ssl_protocols
 	 *            optional list of allowed/used ssl/tls protocols, see system.ssl_protocols setting, only used/required
@@ -296,7 +295,6 @@ class Domains extends ApiCommand implements ResourceEntity
 				$serveraliasoption = $this->getParam('selectserveralias', true, Settings::Get('system.domaindefaultalias'));
 				$speciallogfile = $this->getBoolParam('speciallogfile', true, 0);
 				$aliasdomain = intval($this->getParam('alias', true, 0));
 				$issubof = $this->getParam('issubof', true, 0);
 				$registration_date = $this->getParam('registration_date', true, '');
 				$termination_date = $this->getParam('termination_date', true, '');
 				$caneditdomain = $this->getBoolParam('caneditdomain', true, 0);
@@ -312,14 +310,15 @@ class Domains extends ApiCommand implements ResourceEntity
 				$documentroot = $this->getParam('documentroot', true, '');
 				$phpenabled = $this->getBoolParam('phpenabled', true, 0);
 				$openbasedir = $this->getBoolParam('openbasedir', true, 0);
 				$openbasedir_path = $this->getParam('openbasedir_path', true, 0);
 				$phpsettingid = $this->getParam('phpsettingid', true, 1);
 				$mod_fcgid_starter = $this->getParam('mod_fcgid_starter', true, -1);
 				$mod_fcgid_maxrequests = $this->getParam('mod_fcgid_maxrequests', true, -1);
 				$ssl_redirect = $this->getBoolParam('ssl_redirect', true, 0);
 				$letsencrypt = $this->getBoolParam('letsencrypt', true, 0);
 				$sslenabled = $this->getBoolParam('sslenabled', true, 1);
 				$dont_use_default_ssl_ipandport_if_empty = $this->getBoolParam('dont_use_default_ssl_ipandport_if_empty', true, 0);
 				$p_ssl_ipandports = $this->getParam('ssl_ipandport', true, $dont_use_default_ssl_ipandport_if_empty ? [] : explode(',', Settings::Get('system.defaultsslip')));
 				$sslenabled = $this->getBoolParam('sslenabled', true, 1);
 				$http2 = $this->getBoolParam('http2', true, 0);
 				$hsts_maxage = $this->getParam('hsts_maxage', true, 0);
 				$hsts_sub = $this->getBoolParam('hsts_sub', true, 0);
@@ -350,6 +349,8 @@ class Domains extends ApiCommand implements ResourceEntity
 				if (substr($p_domain, 0, 4) == 'xn--') {
 					Response::standardError('domain_nopunycode', '', true);
 				} elseif (Validate::validate_ip2($p_domain, true, '', true, true)) {
 					Response::standardError('domain_noipaddress', '', true);
 				}
 				$idna_convert = new IdnaWrapper();
@@ -518,7 +519,8 @@ class Domains extends ApiCommand implements ResourceEntity
 						$mod_fcgid_maxrequests = '-1';
 					}
 				} else {
-					$phpenabled = '1';
+					// set default to whether the customer has php enabled or not
 					$phpenabled = $customer['phpenabled'];
 					$openbasedir = '1';
 					if ((int)Settings::Get('phpfpm.enabled') == 1) {
@@ -530,6 +532,10 @@ class Domains extends ApiCommand implements ResourceEntity
 					$mod_fcgid_maxrequests = '-1';
 				}
 				if ($openbasedir_path > 2 && $openbasedir_path < 0) {
 					$openbasedir_path = 0;
 				}
 				// check non-ssl IP
 				$ipandports = $this->validateIpAddresses($p_ipandports);
 				// check ssl IP
@@ -541,6 +547,10 @@ class Domains extends ApiCommand implements ResourceEntity
 						$ssl_specialsettings = Validate::validate(str_replace("\r\n", "\n", $ssl_specialsettings), 'ssl_specialsettings', '/^[^\0]*$/', '', [], true);
 					}
 				}
 				if (Settings::Get('system.use_ssl') == "1" && $sslenabled == 1 && empty($ssl_ipandports)) {
 					// enabled ssl for the domain but no ssl ip/port is selected
 					Response::standardError('nosslippportgiven', '', true);
 				}
 				if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports)) {
 					$ssl_redirect = 0;
 					$letsencrypt = 0;
@@ -658,10 +668,6 @@ class Domains extends ApiCommand implements ResourceEntity
 					$serveraliasoption = '0';
 				}
 				if ($issubof <= 0) {
 					$issubof = '0';
 				}
 				$idna_convert = new IdnaWrapper();
 				if ($domain == '') {
 					Response::standardError([
@@ -701,6 +707,7 @@ class Domains extends ApiCommand implements ResourceEntity
 						'caneditdomain' => $caneditdomain,
 						'phpenabled' => $phpenabled,
 						'openbasedir' => $openbasedir,
 						'openbasedir_path' => $openbasedir_path,
 						'speciallogfile' => $speciallogfile,
 						'specialsettings' => $specialsettings,
 						'ssl_specialsettings' => $ssl_specialsettings,
@@ -715,7 +722,6 @@ class Domains extends ApiCommand implements ResourceEntity
 						'phpsettingid' => $phpsettingid,
 						'mod_fcgid_starter' => $mod_fcgid_starter,
 						'mod_fcgid_maxrequests' => $mod_fcgid_maxrequests,
 						'ismainbutsubto' => $issubof,
 						'letsencrypt' => $letsencrypt,
 						'http2' => $http2,
 						'hsts' => $hsts_maxage,
@@ -754,6 +760,7 @@ class Domains extends ApiCommand implements ResourceEntity
 						`caneditdomain` = :caneditdomain,
 						`phpenabled` = :phpenabled,
 						`openbasedir` = :openbasedir,
 						`openbasedir_path` = :openbasedir_path,
 						`speciallogfile` = :speciallogfile,
 						`specialsettings` = :specialsettings,
 						`ssl_specialsettings` = :ssl_specialsettings,
@@ -768,7 +775,6 @@ class Domains extends ApiCommand implements ResourceEntity
 						`phpsettingid` = :phpsettingid,
 						`mod_fcgid_starter` = :mod_fcgid_starter,
 						`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
 						`ismainbutsubto` = :ismainbutsubto,
 						`letsencrypt` = :letsencrypt,
 						`http2` = :http2,
 						`hsts` = :hsts,
@@ -889,7 +895,7 @@ class Domains extends ApiCommand implements ResourceEntity
 					$result['ipsandports'] = $this->getIpsForDomain($result['id']);
 				}
 				$result['domain_hascert'] = $this->getHasCertValueForDomain((int)$result['id'], (int)$result['parentdomainid']);
-				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] get domain '" . $result['domain'] . "'");
+				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] get domain '" . $result['domain'] . "'");
 				return $this->response($result);
 			}
 			$key = ($id > 0 ? "id #" . $id : "domainname '" . $domainname . "'");
@@ -1060,9 +1066,6 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            default 0 (false)
 	 * @param int $alias
 	 *            optional, domain-id of a domain that the new domain should be an alias of, default 0 (none)
 	 * @param int $issubof
 	 *            optional, domain-id of a domain this domain is a subdomain of (required for webserver-cronjob to
 	 *            generate the correct order), default 0 (none)
 	 * @param string $registration_date
 	 *            optional, date of domain registration in form of YYYY-MM-DD, default empty (none)
 	 * @param string $termination_date
@@ -1080,7 +1083,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 * @param string $ssl_specialsettings
 	 *            optional, custom webserver vhost-content which is added to the generated ssl-vhost, default empty
 	 * @param bool $include_specialsettings
-	 *            optional, whether or not to include non-ssl specialsettings in the generated ssl-vhost, default false
+	 *            optional, whether to include non-ssl specialsettings in the generated ssl-vhost, default false
 	 * @param bool $specialsettingsforsubdomains
 	 *            optional, whether to apply specialsettings to all subdomains of this domain, default is read from
 	 *            setting system.apply_specialsettings_default
@@ -1092,7 +1095,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            optional, Enable writing an error-log file for this domain, default 1 (true)
 	 * @param string $documentroot
 	 *            optional, specify homedir of domain by specifying a directory (relative to customer-docroot), be
-	 *            aware, if path starts with / it it considered a full path, not relative to customer-docroot. Also
+	 *            aware, if path starts with / it is considered a full path, not relative to customer-docroot. Also
 	 *            specifying a URL is possible here (redirect), default empty (autogenerated)
 	 * @param bool $phpenabled
 	 *            optional, whether php is enabled for this domain, default 0 (false)
@@ -1101,6 +1104,8 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            from setting system.apply_phpconfigs_default
 	 * @param bool $openbasedir
 	 *            optional, whether to activate openbasedir restriction for this domain, default 0 (false)
 	 * @param int $openbasedir_path
 	 *            optional, either 0 for domains-docroot, 1 for customers-homedir or 2 for parent-directory of domains-docroot
 	 * @param int $phpsettingid
 	 *            optional, specify php-configuration that is being used by id, default 1 (system-default)
 	 * @param int $mod_fcgid_starter
@@ -1119,7 +1124,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            optional, if set to true and no $ssl_ipandport value is given, the ip's get removed, otherwise, the
 	 *            currently set value is used, default false
 	 * @param bool $sslenabled
-	 *            optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default
+	 *            optional, whether SSL is enabled for this domain, regardless of the assigned ssl-ips, default
 	 *            1 (true)
 	 * @param bool $http2
 	 *            optional, whether to enable http/2 for this domain (requires to be enabled in the settings), default
@@ -1127,9 +1132,9 @@ class Domains extends ApiCommand implements ResourceEntity
 	 * @param int $hsts_maxage
 	 *            optional max-age value for HSTS header
 	 * @param bool $hsts_sub
-	 *            optional whether or not to add subdomains to the HSTS header
+	 *            optional whether to add subdomains to the HSTS header
 	 * @param bool $hsts_preload
-	 *            optional whether or not to preload HSTS header value
+	 *            optional whether to preload HSTS header value
 	 * @param bool $ocsp_stapling
 	 *            optional whether to enable ocsp-stapling for this domain. default 0 (false), requires SSL
 	 * @param bool $honorcipherorder
@@ -1139,6 +1144,8 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            (true), requires SSL
 	 * @param string $description
 	 *            optional custom description (currently not used/shown in the frontend), default empty
 	 * @param bool $deactivated
 	 *            optional, if 1 (true) the domain can be deactivated/suspended
 	 *
 	 * @access admin
 	 * @return string json-encoded array
@@ -1180,7 +1187,6 @@ class Domains extends ApiCommand implements ResourceEntity
 			$speciallogfile = $this->getBoolParam('speciallogfile', true, $result['speciallogfile']);
 			$speciallogverified = $this->getBoolParam('speciallogverified', true, 0);
 			$aliasdomain = intval($this->getParam('alias', true, $result['aliasdomain']));
 			$issubof = $this->getParam('issubof', true, $result['ismainbutsubto']);
 			$registration_date = $this->getParam('registration_date', true, $result['registration_date']);
 			$termination_date = $this->getParam('termination_date', true, $result['termination_date']);
 			$caneditdomain = $this->getBoolParam('caneditdomain', true, $result['caneditdomain']);
@@ -1198,6 +1204,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			$phpenabled = $this->getBoolParam('phpenabled', true, $result['phpenabled']);
 			$phpfs = $this->getBoolParam('phpsettingsforsubdomains', true, Settings::Get('system.apply_phpconfigs_default'));
 			$openbasedir = $this->getBoolParam('openbasedir', true, $result['openbasedir']);
 			$openbasedir_path = $this->getParam('openbasedir_path', true, $result['openbasedir_path']);
 			$phpsettingid = $this->getParam('phpsettingid', true, $result['phpsettingid']);
 			$mod_fcgid_starter = $this->getParam('mod_fcgid_starter', true, $result['mod_fcgid_starter']);
 			$mod_fcgid_maxrequests = $this->getParam('mod_fcgid_maxrequests', true, $result['mod_fcgid_maxrequests']);
@@ -1207,7 +1214,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			$p_ssl_ipandports = $this->getParam('ssl_ipandport', true, $remove_ssl_ipandport ? [
 				-1
 			] : null);
-			$sslenabled = $this->getBoolParam('sslenabled', true, $result['ssl_enabled']);
+			$sslenabled = $remove_ssl_ipandport ? false : $this->getBoolParam('sslenabled', true, $result['ssl_enabled']);
 			$http2 = $this->getBoolParam('http2', true, $result['http2']);
 			$hsts_maxage = $this->getParam('hsts_maxage', true, $result['hsts']);
 			$hsts_sub = $this->getBoolParam('hsts_sub', true, $result['hsts_sub']);
@@ -1234,6 +1241,7 @@ class Domains extends ApiCommand implements ResourceEntity
 				$tlsv13_cipher_list = $result['tlsv13_cipher_list'];
 			}
 			$description = $this->getParam('description', true, $result['description']);
 			$deactivated = $this->getBoolParam('deactivated', true, $result['deactivated']);
 			// count subdomain usage of source-domain
 			$subdomains_stmt = Database::prepare("
@@ -1489,6 +1497,11 @@ class Domains extends ApiCommand implements ResourceEntity
 				$mod_fcgid_maxrequests = $result['mod_fcgid_maxrequests'];
 			}
 			// check changes of openbasedir-path variable
 			if ($openbasedir_path > 2 && $openbasedir_path < 0) {
 				$openbasedir_path = 0;
 			}
 			// check non-ssl IP
 			$ipandports = $this->validateIpAddresses($p_ipandports, false, $result['id']);
 			// check ssl IP
@@ -1511,13 +1524,16 @@ class Domains extends ApiCommand implements ResourceEntity
 			if ($remove_ssl_ipandport || (!empty($p_ssl_ipandports) && $p_ssl_ipandports[0] == -1)) {
 				$ssl_ipandports = [];
 			}
-			if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports)) {
+			if (Settings::Get('system.use_ssl') == "1" && $sslenabled && empty($ssl_ipandports)) {
 				// enabled ssl for the domain but no ssl ip/port is selected
 				Response::standardError('nosslippportgiven', '', true);
 			}
 			if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports) || !$sslenabled) {
 				$ssl_redirect = 0;
 				$letsencrypt = 0;
 				$http2 = 0;
-				// we need this for the json_encode
+				// act like $remove_ssl_ipandport
-				// if ssl is disabled or no ssl-ip/port exists
+				$ssl_ipandports = [];
 				$ssl_ipandports[] = -1;
 				// HSTS
 				$hsts_maxage = 0;
@@ -1547,7 +1563,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			}
 			// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
-			if ($ssl_redirect > 0 && $letsencrypt == 1 && $result['letsencrypt'] != $letsencrypt) {
+			if (($result['letsencrypt'] != $letsencrypt || $result['ssl_redirect'] != $ssl_redirect) && $ssl_redirect > 0 && $letsencrypt == 1) {
 				$ssl_redirect = 2;
 			}
@@ -1623,10 +1639,6 @@ class Domains extends ApiCommand implements ResourceEntity
 				Response::standardError('domainisaliasorothercustomer', '', true);
 			}
 			if ($issubof <= 0) {
 				$issubof = '0';
 			}
 			if ($serveraliasoption != '1' && $serveraliasoption != '2') {
 				$serveraliasoption = '0';
 			}
@@ -1634,7 +1646,32 @@ class Domains extends ApiCommand implements ResourceEntity
 			$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';
 			$iswildcarddomain = ($serveraliasoption == '0') ? '1' : '0';
-			if ($documentroot != $result['documentroot'] || $ssl_redirect != $result['ssl_redirect'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $phpenabled != $result['phpenabled'] || $openbasedir != $result['openbasedir'] || $phpsettingid != $result['phpsettingid'] || $mod_fcgid_starter != $result['mod_fcgid_starter'] || $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests'] || $specialsettings != $result['specialsettings'] || $ssl_specialsettings != $result['ssl_specialsettings'] || $notryfiles != $result['notryfiles'] || $writeaccesslog != $result['writeaccesslog'] || $writeerrorlog != $result['writeerrorlog'] || $aliasdomain != $result['aliasdomain'] || $issubof != $result['ismainbutsubto'] || $email_only != $result['email_only'] || ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1') || $letsencrypt != $result['letsencrypt'] || $http2 != $result['http2'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload'] || $ocsp_stapling != $result['ocsp_stapling']) {
+			if ($documentroot != $result['documentroot']
 				|| $ssl_redirect != $result['ssl_redirect']
 				|| $wwwserveralias != $result['wwwserveralias']
 				|| $iswildcarddomain != $result['iswildcarddomain']
 				|| $phpenabled != $result['phpenabled']
 				|| $openbasedir != $result['openbasedir']
 				|| $openbasedir_path != $result['openbasedir_path']
 				|| $phpsettingid != $result['phpsettingid']
 				|| $mod_fcgid_starter != $result['mod_fcgid_starter']
 				|| $mod_fcgid_maxrequests != $result['mod_fcgid_maxrequests']
 				|| $specialsettings != $result['specialsettings']
 				|| $ssl_specialsettings != $result['ssl_specialsettings']
 				|| $notryfiles != $result['notryfiles']
 				|| $writeaccesslog != $result['writeaccesslog']
 				|| $writeerrorlog != $result['writeerrorlog']
 				|| $aliasdomain != $result['aliasdomain']
 				|| $email_only != $result['email_only']
 				|| ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1')
 				|| $letsencrypt != $result['letsencrypt']
 				|| $http2 != $result['http2']
 				|| $hsts_maxage != $result['hsts']
 				|| $hsts_sub != $result['hsts_sub']
 				|| $hsts_preload != $result['hsts_preload']
 				|| $ocsp_stapling != $result['ocsp_stapling']
 				|| $sslenabled != $result['ssl_enabled']
 			) {
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
@@ -1760,7 +1797,7 @@ class Domains extends ApiCommand implements ResourceEntity
 				Database::pexecute($upd_stmt, [
 					'id' => $id
 				], true, true);
-				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] removed specialsettings on all subdomains of domain #" . $id);
+				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] removed specialsettings on all subdomains of domain #" . $id);
 			}
 			$wwwserveralias = ($serveraliasoption == '1') ? '1' : '0';
@@ -1783,6 +1820,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			$update_data['iswildcarddomain'] = $iswildcarddomain;
 			$update_data['phpenabled'] = $phpenabled;
 			$update_data['openbasedir'] = $openbasedir;
 			$update_data['openbasedir_path'] = $openbasedir_path;
 			$update_data['speciallogfile'] = $speciallogfile;
 			$update_data['phpsettingid'] = $phpsettingid;
 			$update_data['mod_fcgid_starter'] = $mod_fcgid_starter;
@@ -1795,7 +1833,6 @@ class Domains extends ApiCommand implements ResourceEntity
 			$update_data['writeerrorlog'] = $writeerrorlog;
 			$update_data['registration_date'] = $registration_date;
 			$update_data['termination_date'] = $termination_date;
 			$update_data['ismainbutsubto'] = $issubof;
 			$update_data['letsencrypt'] = $letsencrypt;
 			$update_data['http2'] = $http2;
 			$update_data['hsts'] = $hsts_maxage;
@@ -1810,6 +1847,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			$update_data['honorcipherorder'] = $honorcipherorder;
 			$update_data['sessiontickets'] = $sessiontickets;
 			$update_data['description'] = $description;
 			$update_data['deactivated'] = $deactivated;
 			$update_data['id'] = $id;
 			$update_stmt = Database::prepare("
@@ -1830,6 +1868,7 @@ class Domains extends ApiCommand implements ResourceEntity
 				`iswildcarddomain` = :iswildcarddomain,
 				`phpenabled` = :phpenabled,
 				`openbasedir` = :openbasedir,
 				`openbasedir_path` = :openbasedir_path,
 				`speciallogfile` = :speciallogfile,
 				`phpsettingid` = :phpsettingid,
 				`mod_fcgid_starter` = :mod_fcgid_starter,
@@ -1842,7 +1881,6 @@ class Domains extends ApiCommand implements ResourceEntity
 				`writeerrorlog` = :writeerrorlog,
 				`registration_date` = :registration_date,
 				`termination_date` = :termination_date,
 				`ismainbutsubto` = :ismainbutsubto,
 				`letsencrypt` = :letsencrypt,
 				`http2` = :http2,
 				`hsts` = :hsts,
@@ -1856,15 +1894,41 @@ class Domains extends ApiCommand implements ResourceEntity
 				`ssl_enabled` = :sslenabled,
 				`ssl_honorcipherorder` = :honorcipherorder,
 				`ssl_sessiontickets` = :sessiontickets,
-				`description` = :description
+				`description` = :description,
 				`deactivated` = :deactivated
 				WHERE `id` = :id
 			");
 			Database::pexecute($update_stmt, $update_data, true, true);
 			// activate/deactivate domain-based services
 			if ($deactivated != $result['deactivated']) {
 				// deactivate email accounts
 				$yesno = ($deactivated ? 'N' : 'Y');
 				$pop3 = ($deactivated ? '0' : (int)$customer['pop3']);
 				$imap = ($deactivated ? '0' : (int)$customer['imap']);
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_MAIL_USERS . "`
 					SET `postfix`= :yesno, `pop3` = :pop3, `imap` = :imap
 					WHERE `customerid` = :customerid AND `domainid` = :domainid
 				");
 				Database::pexecute($upd_stmt, [
 					'yesno' => $yesno,
 					'pop3' => $pop3,
 					'imap' => $imap,
 					'customerid' => $customerid,
 					'domainid' => $id
 				]);
 				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] " . ($deactivated ? 'deactivated' : 'reactivated') . " domain '" . $result['domain'] . "'");
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
 			$_update_data['customerid'] = $customerid;
 			$_update_data['adminid'] = $adminid;
 			$_update_data['phpenabled'] = $phpenabled;
 			$_update_data['openbasedir'] = $openbasedir;
 			$_update_data['openbasedir_path'] = $openbasedir_path;
 			$_update_data['mod_fcgid_starter'] = $mod_fcgid_starter;
 			$_update_data['mod_fcgid_maxrequests'] = $mod_fcgid_maxrequests;
 			$_update_data['notryfiles'] = $notryfiles;
@@ -1877,6 +1941,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			$_update_data['honorcipherorder'] = $honorcipherorder;
 			$_update_data['sessiontickets'] = $sessiontickets;
 			$_update_data['parentdomainid'] = $id;
 			$_update_data['deactivated'] = $deactivated;
 			// if php config is to be set for all subdomains, check here
 			$update_phpconfig = '';
@@ -1898,6 +1963,7 @@ class Domains extends ApiCommand implements ResourceEntity
 				`adminid` = :adminid,
 				`phpenabled` = :phpenabled,
 				`openbasedir` = :openbasedir,
 				`openbasedir_path` = :openbasedir_path,
 				`mod_fcgid_starter` = :mod_fcgid_starter,
 				`mod_fcgid_maxrequests` = :mod_fcgid_maxrequests,
 				`notryfiles` = :notryfiles,
@@ -1908,12 +1974,25 @@ class Domains extends ApiCommand implements ResourceEntity
 				`ssl_cipher_list` = :ssl_cipher_list,
 				`tlsv13_cipher_list` = :tlsv13_cipher_list,
 				`ssl_honorcipherorder` = :honorcipherorder,
-				`ssl_sessiontickets` = :sessiontickets
+				`ssl_sessiontickets` = :sessiontickets,
 				`deactivated` = :deactivated
 				" . $update_phpconfig . $upd_specialsettings . $updatechildren . $update_sslredirect . "
 				WHERE `parentdomainid` = :parentdomainid
 			");
 			Database::pexecute($_update_stmt, $_update_data, true, true);
 			// get current ip<>domain entries
 			$ip_sel_stmt = Database::prepare("
 				SELECT id_ipandports FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :id
 			");
 			Database::pexecute($ip_sel_stmt, [
 				'id' => $id
 			], true, true);
 			$current_ips = [];
 			while ($cIP = $ip_sel_stmt->fetch(\PDO::FETCH_ASSOC)) {
 				$current_ips[] = $cIP['id_ipandports'];
 			}
 			// Cleanup domain <-> ip mapping
 			$del_stmt = Database::prepare("
 				DELETE FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :id
@@ -1941,6 +2020,12 @@ class Domains extends ApiCommand implements ResourceEntity
 				}
 			}
 			// check ip changes
 			$all_new_ips = array_merge($ipandports, $ssl_ipandports);
 			if (count(array_diff($current_ips, $all_new_ips)) != 0 || count(array_diff($all_new_ips, $current_ips)) != 0) {
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
 			// Cleanup domain <-> ip mapping for subdomains
 			$domainidsresult_stmt = Database::prepare("
 				SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `parentdomainid` = :id
@@ -2010,9 +2095,6 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            optional, the domain-id
 	 * @param string $domainname
 	 *            optional, the domainname
 	 * @param bool $delete_mainsubdomains
 	 *            optional, remove also domains that are subdomains of this domain but added as main domains; default
 	 *            false
 	 * @param bool $is_stdsubdomain
 	 *            optional, default false, specify whether it's a std-subdomain you are deleting as it does not count
 	 *            as subdomain-resource
@@ -2028,7 +2110,6 @@ class Domains extends ApiCommand implements ResourceEntity
 			$dn_optional = $id > 0;
 			$domainname = $this->getParam('domainname', $dn_optional, '');
 			$is_stdsubdomain = $this->getParam('is_stdsubdomain', true, 0);
 			$remove_subbutmain_domains = $this->getParam('delete_mainsubdomains', true, 0);
 			$result = $this->apiCall('Domains.get', [
 				'id' => $id,
@@ -2036,15 +2117,10 @@ class Domains extends ApiCommand implements ResourceEntity
 			]);
 			$id = $result['id'];
 			// check for deletion of main-domains which are logically subdomains, #329
 			$rsd_sql = '';
 			if ($remove_subbutmain_domains) {
 				$rsd_sql .= " OR `ismainbutsubto` = :id";
 			}
 			$subresult_stmt = Database::prepare("
-					SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "`
+				SELECT `id` FROM `" . TABLE_PANEL_DOMAINS . "`
-					WHERE (`id` = :id OR `parentdomainid` = :id " . $rsd_sql . ")");
+				WHERE (`id` = :id OR `parentdomainid` = :id)
 			");
 			Database::pexecute($subresult_stmt, [
 				'id' => $id
 			], true, true);
@@ -2066,23 +2142,10 @@ class Domains extends ApiCommand implements ResourceEntity
 				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] deleted domain/s from mail-tables");
 			}
 			// if mainbutsubto-domains are not to be deleted, re-assign the (ismainbutsubto value of the main
 			// domain which is being deleted) as their new ismainbutsubto value
 			if ($remove_subbutmain_domains !== 1) {
 				$upd_stmt = Database::prepare("
 						UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
 						`ismainbutsubto` = :newIsMainButSubtoValue
 						WHERE `ismainbutsubto` = :deletedMainDomainId
 						");
 				Database::pexecute($upd_stmt, [
 					'newIsMainButSubtoValue' => $result['ismainbutsubto'],
 					'deletedMainDomainId' => $id
 				], true, true);
 			}
 			$del_stmt = Database::prepare("
-					DELETE FROM `" . TABLE_PANEL_DOMAINS . "`
+				DELETE FROM `" . TABLE_PANEL_DOMAINS . "`
-					WHERE `id` = :id OR `parentdomainid` = :id " . $rsd_sql);
+				WHERE `id` = :id OR `parentdomainid` = :id
 			");
 			Database::pexecute($del_stmt, [
 				'id' => $id
 			], true, true);
@@ -2158,7 +2221,7 @@ class Domains extends ApiCommand implements ResourceEntity
 			// remove domain from acme.sh / lets encrypt if used
 			Cronjob::inserttask(TaskId::DELETE_DOMAIN_SSL, $result['domain']);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] deleted domain/subdomains (#" . $result['id'] . ")");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] deleted domain/subdomains (#" . $result['id'] . ")");
 			User::updateCounters();
 			Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			// Using nameserver, insert a task which rebuilds the server config
@@ -2167,4 +2230,118 @@ class Domains extends ApiCommand implements ResourceEntity
 		}
 		throw new Exception("Not allowed to execute given command.", 403);
 	}
 	/**
 	 * duplicate domain entry by either id or domainname. All parameters from Domains.add() can be used
 	 * to overwrite source entity values if necessary.
 	 *
 	 * @param int $id
 	 *            optional, the domain-id
 	 * @param string $domainname
 	 *            optional, the domainname
 	 * @param string $domain
 	 *            required, name of the new domain to be added
 	 *
 	 * @access admin
 	 * @return string json-encoded array
 	 * @throws Exception
 	 */
 	public function duplicate()
 	{
 		if ($this->isAdmin()) {
 			// parameters
 			$id = $this->getParam('id', true, 0);
 			$dn_optional = $id > 0;
 			$domainname = $this->getParam('domainname', $dn_optional, '');
 			$p_domain = $this->getParam('domain');
 			// get requested domain
 			$result = $this->apiCall('Domains.get', [
 				'id' => $id,
 				'domainname' => $domainname,
 			]);
 			// clear some defaults
 			unset($result['domain_ace']);
 			unset($result['adminid']);
 			unset($result['documentroot']);
 			unset($result['registration_date']);
 			unset($result['termination_date']);
 			unset($result['zonefile']);
 			// clear auto-generated values
 			unset($result['bindserial']);
 			unset($result['dkim_privkey']);
 			unset($result['dkim_pubkey']);
 			// clear api-call generated fields
 			unset($result['domain_hascert']);
 			// set correct ip/port information
 			$domain_ips = $result['ipsandports'];
 			unset($result['ipsandports']);
 			$result['ipandport'] = [];
 			$result['ssl_ipandport'] = [];
 			foreach ($domain_ips as $dip) {
 				if ($dip['ssl'] == 1) {
 					$result['ssl_ipandport'][] = $dip['id'];
 				} else {
 					$result['ipandport'][] = $dip['id'];
 				}
 			}
 			// check whether we are changing the customer/owner
 			if ($this->getParam('customerid', true, 0) == 0 && $this->getParam('loginname', true, '') == '') {
 				$customerid = $result['customerid'];
 			} else {
 				$customer = $this->getCustomerData();
 				$customerid = $customer['customerid'];
 			}
 			// check for alias-domain and whether it belongs to the target user
 			if (!empty($result['aliasdomain']) && $customerid == $result['customerid']) {
 				// duplicate alias entry
 				$result['alias'] = $result['aliasdomain'];
 			}
 			unset($result['aliasdomain']);
 			// validate possible fpm configs and whether the customer is allowed to use them
 			if ($customerid != $result['customerid']) {
 				$allowed_phpconfigs = json_decode($customer['allowed_phpconfigs'] ?? '[]', true);
 				if (empty($allowed_phpconfigs)) {
 					// system defaults
 					unset($result['phpsettingid']);
 				} elseif (!in_array($result['phpsettingid'], $allowed_phpconfigs)) {
 					// use the first customer allowed config
 					$result['phpsettingid'] = array_shift($allowed_phpconfigs);
 				}
 			}
 			// translate serveralias values
 			$result['selectserveralias'] = 2;
 			if ((int)$result['wwwserveralias'] == 1) {
 				$result['selectserveralias'] = 1;
 			} elseif ((int)$result['iswildcarddomain'] == 1) {
 				$result['selectserveralias'] = 0;
 			}
 			unset($result['wwwserveralias']);
 			unset($result['iswildcarddomain']);
 			// translate sslenabled flag
 			$result['sslenabled'] = $result['ssl_enabled'];
 			unset($result['ssl_enabled']);
 			$additional_params = $this->getParamList();
 			// unset unneeded params from this call
 			unset($additional_params['id']);
 			unset($additional_params['domainname']);
 			unset($additional_params['domain']);
 			// set new values and merge with optional add() parameters
 			$new_domain = array_merge($result, $additional_params);
 			$new_domain['domain'] = $p_domain;
 			$result_new = $this->apiCall('Domains.add', $new_domain);
 			return $this->response($result_new);
 		}
 		throw new Exception("Not allowed to execute given command.", 403);
 	}
 }
--- a/lib/Froxlor/Api/Commands/EmailAccounts.php
+++ b/lib/Froxlor/Api/Commands/EmailAccounts.php
@@ -63,7 +63,7 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 	 * @param string $alternative_email
 	 *            optional email address to send account information to, default is the account that is being created
 	 * @param int $email_quota
-	 *            optional quota if enabled in MB, default 0
+	 *            optional quota if enabled in MB, default setting: system.mail_quota
 	 * @param bool $sendinfomail
 	 *            optional, sends the welcome message to the new account (needed for creation, without the user won't
 	 *            be able to login before any mail is received), default 1 (true)
@@ -85,7 +85,7 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 			$emailaddr = $this->getParam('emailaddr', $ea_optional, '');
 			$email_password = $this->getParam('email_password');
 			$alternative_email = $this->getParam('alternative_email', true, '');
-			$quota = $this->getParam('email_quota', true, 0);
+			$quota = $this->getParam('email_quota', true, Settings::Get('system.mail_quota') ?? 0);
 			$sendinfomail = $this->getBoolParam('sendinfomail', true, 1);
 			// validation
@@ -95,9 +95,18 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 			$customer = $this->getCustomerData('email_accounts');
 			// check for imap||pop3 == 1, see #1298
 			// d00p, 6.5.2023 @revert this - if a customer has resources which allow email accounts
 			// it implicitly allowed SMTP, e.g. sending of emails which also requires an account to exist
 			/*
 			if ($customer['imap'] != '1' && $customer['pop3'] != '1') {
 				Response::standardError('notallowedtouseaccounts', '', true);
 			}
 			*/
 			if (!empty($emailaddr)) {
 				$idna_convert = new IdnaWrapper();
 				$emailaddr = $idna_convert->encode($emailaddr);
 			}
 			// get email address
 			$result = $this->apiCall('Emails.get', [
@@ -148,10 +157,10 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 			// prefix hash-algo
 			switch (Settings::Get('system.passwordcryptfunc')) {
-				case PASSWORD_ARGON2I:
+				case 'argon2i':
 					$cpPrefix = '{ARGON2I}';
 					break;
-				case PASSWORD_ARGON2ID:
+				case 'argon2id':
 					$cpPrefix = '{ARGON2ID}';
 					break;
 				default:
@@ -306,7 +315,7 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 				}
 			}
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] added email account for '" . $result['email_full'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added email account for '" . $result['email_full'] . "'");
 			$result = $this->apiCall('Emails.get', [
 				'emailaddr' => $result['email_full']
 			]);
@@ -357,6 +366,11 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 		$ea_optional = $id > 0;
 		$emailaddr = $this->getParam('emailaddr', $ea_optional, '');
 		if (!empty($emailaddr)) {
 			$idna_convert = new IdnaWrapper();
 			$emailaddr = $idna_convert->encode($emailaddr);
 		}
 		// validation
 		$result = $this->apiCall('Emails.get', [
 			'id' => $id,
@@ -390,10 +404,10 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 			$password = Crypt::validatePassword($password, true);
 			// prefix hash-algo
 			switch (Settings::Get('system.passwordcryptfunc')) {
-				case PASSWORD_ARGON2I:
+				case 'argon2i':
 					$cpPrefix = '{ARGON2I}';
 					break;
-				case PASSWORD_ARGON2ID:
+				case 'argon2id':
 					$cpPrefix = '{ARGON2ID}';
 					break;
 				default:
@@ -450,7 +464,7 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 			Admins::increaseUsage($customer['adminid'], 'email_quota_used', '', ($quota - $result['quota']));
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] updated email account '" . $result['email_full'] . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] updated email account '" . $result['email_full'] . "'");
 		$result = $this->apiCall('Emails.get', [
 			'emailaddr' => $result['email_full']
 		]);
@@ -556,7 +570,7 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 		Customers::decreaseUsage($customer['customerid'], 'email_accounts_used');
 		Customers::decreaseUsage($customer['customerid'], 'email_quota_used', '', $quota);
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] deleted email account for '" . $result['email_full'] . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] deleted email account for '" . $result['email_full'] . "'");
 		return $this->response($result);
 	}
 }
--- a/lib/Froxlor/Api/Commands/EmailDomains.php
+++ b/lib/Froxlor/Api/Commands/EmailDomains.php
@@ -89,7 +89,7 @@ class EmailDomains extends ApiCommand implements ResourceEntity
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$result[] = $row;
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE,
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO,
 			"[API] list email-domains");
 		return $this->response([
 			'count' => count($result),
--- a/lib/Froxlor/Api/Commands/EmailForwarders.php
+++ b/lib/Froxlor/Api/Commands/EmailForwarders.php
@@ -77,6 +77,11 @@ class EmailForwarders extends ApiCommand implements ResourceEntity
 			$idna_convert = new IdnaWrapper();
 			$destination = $idna_convert->encode($destination);
 			if (!empty($emailaddr)) {
 				$idna_convert = new IdnaWrapper();
 				$emailaddr = $idna_convert->encode($emailaddr);
 			}
 			$result = $this->apiCall('Emails.get', [
 				'id' => $id,
 				'emailaddr' => $emailaddr
@@ -116,7 +121,7 @@ class EmailForwarders extends ApiCommand implements ResourceEntity
 			// update customer usage
 			Customers::increaseUsage($customer['customerid'], 'email_forwarders_used');
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] added email forwarder for '" . $result['email_full'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added email forwarder for '" . $result['email_full'] . "'");
 			$result = $this->apiCall('Emails.get', [
 				'emailaddr' => $result['email_full']
@@ -293,7 +298,7 @@ class EmailForwarders extends ApiCommand implements ResourceEntity
 			// update customer usage
 			Customers::decreaseUsage($customer['customerid'], 'email_forwarders_used');
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] deleted email forwarder for '" . $result['email_full'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] deleted email forwarder for '" . $result['email_full'] . "'");
 			$result = $this->apiCall('Emails.get', [
 				'emailaddr' => $result['email_full']
--- a/lib/Froxlor/Api/Commands/Emails.php
+++ b/lib/Froxlor/Api/Commands/Emails.php
@@ -88,9 +88,12 @@ class Emails extends ApiCommand implements ResourceEntity
 			$domain_check = $this->apiCall('SubDomains.get', [
 				'domainname' => $domain
 			], true);
-			if ($domain_check['isemaildomain'] == 0) {
+			if ((int)$domain_check['isemaildomain'] == 0) {
 				Response::standardError('maindomainnonexist', $domain, true);
 			}
 			if ((int)$domain_check['deactivated'] == 1) {
 				Response::standardError('maindomaindeactivated', $domain, true);
 			}
 			if (Settings::Get('catchall.catchall_enabled') != '1') {
 				$iscatchall = 0;
@@ -159,7 +162,7 @@ class Emails extends ApiCommand implements ResourceEntity
 			// update customer usage
 			Customers::increaseUsage($customer['customerid'], 'emails_used');
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] added email address '" . $email_full . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added email address '" . $email_full . "'");
 			$result = $this->apiCall('Emails.get', [
 				'emailaddr' => $email_full
@@ -195,11 +198,11 @@ class Emails extends ApiCommand implements ResourceEntity
 			FROM `" . TABLE_MAIL_VIRTUAL . "` v
 			LEFT JOIN `" . TABLE_MAIL_USERS . "` u ON v.`popaccountid` = u.`id`
 			WHERE v.`customerid` IN (" . implode(", ", $customer_ids) . ")
-			AND (v.`id`= :idea OR (v.`email` = :idea OR v.`email_full` = :idea))
+			AND " . (is_numeric($params['idea']) ? "v.`id`= :idea" : "(v.`email` = :idea OR v.`email_full` = :idea)")
-		");
+		);
 		$result = Database::pexecute_first($result_stmt, $params, true, true);
 		if ($result) {
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] get email address '" . $result['email_full'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get email address '" . $result['email_full'] . "'");
 			return $this->response($result);
 		}
 		$key = ($id > 0 ? "id #" . $id : "emailaddr '" . $emailaddr . "'");
@@ -294,7 +297,7 @@ class Emails extends ApiCommand implements ResourceEntity
 			"id" => $id
 		];
 		Database::pexecute($stmt, $params, true, true);
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] toggled catchall-flag for email address '" . $result['email_full'] . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] toggled catchall-flag for email address '" . $result['email_full'] . "'");
 		$result = $this->apiCall('Emails.get', [
 			'emailaddr' => $result['email_full']
@@ -340,7 +343,7 @@ class Emails extends ApiCommand implements ResourceEntity
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$result[] = $row;
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] list email-addresses");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] list email-addresses");
 		return $this->response([
 			'count' => count($result),
 			'list' => $result
@@ -445,7 +448,7 @@ class Emails extends ApiCommand implements ResourceEntity
 		], true, true);
 		Customers::decreaseUsage($customer['customerid'], 'emails_used');
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] deleted email address '" . $result['email_full'] . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] deleted email address '" . $result['email_full'] . "'");
 		return $this->response($result);
 	}
 }
--- a/lib/Froxlor/Api/Commands/FpmDaemons.php
+++ b/lib/Froxlor/Api/Commands/FpmDaemons.php
@@ -64,7 +64,7 @@ class FpmDaemons extends ApiCommand implements ResourceEntity
 	public function listing()
 	{
 		if ($this->isAdmin()) {
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] list fpm-daemons");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] list fpm-daemons");
 			$query_fields = [];
 			$result_stmt = Database::prepare("
 				SELECT * FROM `" . TABLE_PANEL_FPMDAEMONS . "`" . $this->getSearchWhere($query_fields) . $this->getOrderBy() . $this->getLimit());
@@ -202,7 +202,7 @@ class FpmDaemons extends ApiCommand implements ResourceEntity
 			// validation
 			$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);
-			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\/\._\- ]+$/i', '', [], true);
+			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\/\._\-@ ]+$/i', '', [], true);
 			$sel_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_FPMDAEMONS."` WHERE `reload_cmd` = :rc");
 			$dupcheck = Database::pexecute_first($sel_stmt, ['rc' => $reload_cmd]);
 			if ($dupcheck && $dupcheck['id']) {
@@ -258,7 +258,7 @@ class FpmDaemons extends ApiCommand implements ResourceEntity
 			$id = Database::lastInsertId();
 			Cronjob::inserttask(TaskId::REBUILD_VHOST);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] fpm-daemon with description '" . $description . "' has been created by '" . $this->getUserDetail('loginname') . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] fpm-daemon with description '" . $description . "' has been created by '" . $this->getUserDetail('loginname') . "'");
 			$result = $this->apiCall('FpmDaemons.get', [
 				'id' => $id
 			]);
@@ -327,7 +327,7 @@ class FpmDaemons extends ApiCommand implements ResourceEntity
 			// validation
 			$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);
-			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\/\._\- ]+$/i', '', [], true);
+			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\/\._\-@ ]+$/i', '', [], true);
 			$sel_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_FPMDAEMONS."` WHERE `reload_cmd` = :rc");
 			$dupcheck = Database::pexecute_first($sel_stmt, ['rc' => $reload_cmd]);
 			if ($dupcheck && $dupcheck['id'] != $id) {
@@ -384,7 +384,7 @@ class FpmDaemons extends ApiCommand implements ResourceEntity
 			Database::pexecute($upd_stmt, $upd_data, true, true);
 			Cronjob::inserttask(TaskId::REBUILD_VHOST);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] fpm-daemon with description '" . $description . "' has been updated by '" . $this->getUserDetail('loginname') . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] fpm-daemon with description '" . $description . "' has been updated by '" . $this->getUserDetail('loginname') . "'");
 			$result = $this->apiCall('FpmDaemons.get', [
 				'id' => $id
 			]);
@@ -433,7 +433,7 @@ class FpmDaemons extends ApiCommand implements ResourceEntity
 			], true, true);
 			Cronjob::inserttask(TaskId::REBUILD_VHOST);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] fpm-daemon setting '" . $result['description'] . "' has been deleted by '" . $this->getUserDetail('loginname') . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] fpm-daemon setting '" . $result['description'] . "' has been deleted by '" . $this->getUserDetail('loginname') . "'");
 			return $this->response($result);
 		}
 		throw new Exception("Not allowed to execute given command.", 403);
--- a/lib/Froxlor/Api/Commands/Froxlor.php
+++ b/lib/Froxlor/Api/Commands/Froxlor.php
@@ -37,6 +37,7 @@ use Froxlor\Settings;
 use Froxlor\SImExporter;
 use Froxlor\System\Cronjob;
 use Froxlor\System\Crypt;
 use Froxlor\Validate\Validate;
 use PDO;
 use RecursiveDirectoryIterator;
 use RecursiveIteratorIterator;
@@ -72,7 +73,7 @@ class Froxlor extends ApiCommand
 			if (empty($uc_data) || empty($response) || $uc_data['ts'] + self::UPDATE_CHECK_INTERVAL < time() || $uc_data['channel'] != Settings::Get('system.update_channel') || $force_ucheck) {
 				// log our actions
-				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] checking for updates");
+				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] checking for updates");
 				// check for new version
 				$aucheck = AutoUpdate::checkVersion();
@@ -81,7 +82,7 @@ class Froxlor extends ApiCommand
 				if ($aucheck == 1) {
 					// anzeige über version-status mit ggfls. formular
 					// zum update schritt #1 -> download
-					$text = lng('update.uc_newinfo', [(Settings::Get('system.update_channel') == 'testing' ? 'testing ' : ''), AutoUpdate::getFromResult('version'), $this->version]);
+					$text = lng('update.uc_newinfo', [(Settings::Get('system.update_channel') != 'stable' ? Settings::Get('system.update_channel').' ' : ''), AutoUpdate::getFromResult('version'), $this->version]);
 					$response = [
 						'isnewerversion' => (int) !AutoUpdate::getFromResult('has_latest'),
 						'version' => $this->version,
@@ -90,7 +91,7 @@ class Froxlor extends ApiCommand
 						'additional_info' => AutoUpdate::getFromResult('info'),
 						'aucheck' => $aucheck
 					];
-				} else if ($aucheck < 0 || $aucheck > 1) {
+				} elseif ($aucheck < 0 || $aucheck > 1) {
 					// errors
 					if ($aucheck < 0) {
 						$errmsg = AutoUpdate::getLastError();
@@ -142,7 +143,7 @@ class Froxlor extends ApiCommand
 	{
 		if ($this->isAdmin() && $this->getUserDetail('change_serversettings')) {
 			$json_str = $this->getParam('json_str');
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "User " . $this->getUserDetail('loginname') . " imported settings");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "User " . $this->getUserDetail('loginname') . " imported settings");
 			try {
 				SImExporter::import($json_str);
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
@@ -258,17 +259,91 @@ class Froxlor extends ApiCommand
 	 * returns a random password based on froxlor settings for min-length, included characters, etc.
 	 *
 	 * @param int $length
-	 *            optional length of password, defaults to 10
+	 *            optional length of password, defaults to 0 (panel.password_min_length)
 	 *
 	 * @access admin, customer
 	 * @return string
 	 * @throws Exception
 	 */
-	public function generatePassword()
+	public function generatePassword(): string
 	{
-		$length = $this->getParam('length', true, 10);
+		$length = $this->getParam('length', true, 0);
 		return $this->response(Crypt::generatePassword($length));
 	}
 	/**
 	 * return a one-time login link URL for a given user
 	 *
 	 * @param int $customerid optional, required if $loginname is not specified, user to create link for
 	 * @param string $loginname optional, required if $customerid is not specified, user to create link for
 	 * @param int $valid_time optional, value in seconds how long the link will be valid, default is 10 seconds, valid values are numbers from 10 to 120
 	 * @param string $allowed_from optional, comma separated list of ip addresses or networks to allow login from via this link
 	 *
 	 * @access admin
 	 * @return string json-encoded array [base => domain, uri => relative link]
 	 * @throws Exception
 	 */
 	public function generateLoginLink()
 	{
 		if ($this->isAdmin()) {
 			$customer = $this->getCustomerData();
 			// cannot create link for deactivated users
 			if ((int)$customer['deactivated'] == 1) {
 				throw new Exception("Cannot generate link for deactivated user", 406);
 			}
 			$valid_time = (int)$this->getParam('valid_time', true, 10);
 			$allowed_from = $this->getParam('allowed_from', true, '');
 			$valid_time = Validate::validate($valid_time, 'valid time', '/^(1[0-1][0-9]|120|[1-9][0-9])$/', 'invalid_validtime', [10], true);
 			// validate allowed_from
 			if (!empty($allowed_from)) {
 				$ip_list = array_map('trim', explode(",", $allowed_from));
 				$_check_list = $ip_list;
 				foreach ($_check_list as $idx => $ip) {
 					if (Validate::validate_ip2($ip, true, 'invalidip', true, true, true) == false) {
 						throw new Exception('Invalid ip address', 406);
 					}
 					// check for cidr
 					if (strpos($ip, '/') !== false) {
 						$ipparts = explode("/", $ip);
 						// shorten IP
 						$ip = inet_ntop(inet_pton($ipparts[0]));
 						// re-add cidr
 						$ip .= '/' . $ipparts[1];
 					} else {
 						// shorten IP
 						$ip = inet_ntop(inet_pton($ip));
 					}
 					$ip_list[$idx] = $ip;
 				}
 				$allowed_from = implode(",", array_unique($ip_list));
 			}
 			$hash = hash('sha256', openssl_random_pseudo_bytes(64 * 64));
 			$ins_stmt = Database::prepare("
 				INSERT INTO `" . TABLE_PANEL_LOGINLINKS . "`
 				SET `hash` = :hash, `loginname` = :loginname, `valid_until` = :validuntil, `allowed_from` = :allowedfrom
 				ON DUPLICATE KEY UPDATE `hash` = :hash, `valid_until` = :validuntil, `allowed_from` = :allowedfrom
 			");
 			Database::pexecute($ins_stmt, [
 				'hash' => $hash,
 				'loginname' => $customer['loginname'],
 				'validuntil' => time() + $valid_time,
 				'allowedfrom' => $allowed_from
 			]);
 			return $this->response([
 				'base' => 'https://' . Settings::Get('system.hostname') . '/' . (Settings::Get('system.froxlordirectlyviahostname') != 1 ? basename(\Froxlor\Froxlor::getInstallDir()) . '/' : ''),
 				'uri' => 'index.php?action=ll&ln=' . $customer['loginname'] . '&h=' . $hash
 			]);
 		}
 		throw new Exception("Not allowed to execute given command.", 403);
 	}
 	/**
 	 * can be used to remotely run the integritiy checks froxlor implements
 	 *
--- a/lib/Froxlor/Api/Commands/Ftps.php
+++ b/lib/Froxlor/Api/Commands/Ftps.php
@@ -72,6 +72,8 @@ class Ftps extends ApiCommand implements ResourceEntity
 	 *            optional whether to add additional usernames to the group
 	 * @param bool $is_defaultuser
 	 *            optional whether this is the standard default ftp user which is being added so no usage is decreased
 	 * @param bool $login_enabled
 	 *            optional whether to allow login (default) or not
 	 *
 	 * @access admin, customer
 	 * @return string json-encoded array
@@ -84,6 +86,7 @@ class Ftps extends ApiCommand implements ResourceEntity
 		}
 		$is_defaultuser = $this->getBoolParam('is_defaultuser', true, 0);
 		$login_enabled = $this->getBoolParam('login_enabled', true, 1);
 		if (($this->getUserDetail('ftps_used') < $this->getUserDetail('ftps') || $this->getUserDetail('ftps') == '-1') || $this->isAdmin() && $is_defaultuser == 1) {
 			// required parameters
@@ -171,18 +174,19 @@ class Ftps extends ApiCommand implements ResourceEntity
 			} elseif ($username == $password) {
 				Response::standardError('passwordshouldnotbeusername', '', true);
 			} else {
-				$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);
+				$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);
 				$cryptPassword = Crypt::makeCryptPassword($password, false, true);
 				$stmt = Database::prepare("INSERT INTO `" . TABLE_FTP_USERS . "`
 						(`customerid`, `username`, `description`, `password`, `homedir`, `login_enabled`, `uid`, `gid`, `shell`)
-						VALUES (:customerid, :username, :description, :password, :homedir, 'y', :guid, :guid, :shell)");
+						VALUES (:customerid, :username, :description, :password, :homedir, :loginenabled, :guid, :guid, :shell)");
 				$params = [
 					"customerid" => $customer['customerid'],
 					"username" => $username,
 					"description" => $description,
 					"password" => $cryptPassword,
 					"homedir" => $path,
 					"loginenabled" => $login_enabled ? 'Y' : 'N',
 					"guid" => $customer['guid'],
 					"shell" => $shell
 				];
@@ -257,7 +261,7 @@ class Ftps extends ApiCommand implements ResourceEntity
 					Customers::increaseUsage($customer['customerid'], 'ftp_lastaccountnumber');
 				}
-				$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] added ftp-account '" . $username . " (" . $path . ")'");
+				$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added ftp-account '" . $username . " (" . $path . ")'");
 				Cronjob::inserttask(TaskId::CREATE_FTP);
 				if ($sendinfomail == 1) {
@@ -302,7 +306,7 @@ class Ftps extends ApiCommand implements ResourceEntity
 					$this->mailer()->clearAddresses();
 				}
-				$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] added ftp-user '" . $username . "'");
+				$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added ftp-user '" . $username . "'");
 				$result = $this->apiCall('Ftps.get', [
 					'username' => $username
@@ -367,7 +371,7 @@ class Ftps extends ApiCommand implements ResourceEntity
 		$params['idun'] = ($id <= 0 ? $username : $id);
 		$result = Database::pexecute_first($result_stmt, $params, true, true);
 		if ($result) {
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] get ftp-user '" . $result['username'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get ftp-user '" . $result['username'] . "'");
 			return $this->response($result);
 		}
 		$key = ($id > 0 ? "id #" . $id : "username '" . $username . "'");
@@ -389,6 +393,8 @@ class Ftps extends ApiCommand implements ResourceEntity
 	 *            optional, description for ftp-user
 	 * @param string $shell
 	 *            optional, default /bin/false (not changeable when deactivated)
 	 * @param bool $login_enabled
 	 *            optional whether to allow login (default) or not
 	 * @param int $customerid
 	 *            optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
@@ -419,6 +425,7 @@ class Ftps extends ApiCommand implements ResourceEntity
 		$password = $this->getParam('ftp_password', true, '');
 		$description = $this->getParam('ftp_description', true, $result['description']);
 		$shell = $this->getParam('shell', true, $result['shell']);
 		$login_enabled = $this->getBoolParam('login_enabled', true, ($result['login_enabled'] == 'Y' ? 1 : 0));
 		// validation
 		$password = Validate::validate($password, 'password', '', '', [], true);
@@ -430,6 +437,10 @@ class Ftps extends ApiCommand implements ResourceEntity
 			$shell = "/bin/false";
 		}
 		if ($login_enabled != 1) {
 			$login_enabled = 0;
 		}
 		// get needed customer info to reduce the ftp-user-counter by one
 		$customer = $this->getCustomerData();
@@ -453,12 +464,12 @@ class Ftps extends ApiCommand implements ResourceEntity
 				"id" => $id,
 				"password" => $cryptPassword
 			], true, true);
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] updated ftp-account password for '" . $result['username'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] updated ftp-account password for '" . $result['username'] . "'");
 		}
 		// path update?
 		if ($path != '') {
-			$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);
+			$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);
 			if ($path != $result['homedir']) {
 				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
@@ -471,7 +482,7 @@ class Ftps extends ApiCommand implements ResourceEntity
 					"customerid" => $customer['customerid'],
 					"id" => $id
 				], true, true);
-				$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] updated ftp-account homdir for '" . $result['username'] . "'");
+				$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] updated ftp-account homdir for '" . $result['username'] . "'");
 			}
 		}
 		// it's the task for "new ftp" but that will
@@ -480,13 +491,14 @@ class Ftps extends ApiCommand implements ResourceEntity
 		$stmt = Database::prepare("
 			UPDATE `" . TABLE_FTP_USERS . "`
-			SET `description` = :desc, `shell` = :shell
+			SET `description` = :desc, `shell` = :shell, `login_enabled` = :loginenabled
 			WHERE `customerid` = :customerid
 			AND `id` = :id
 		");
 		Database::pexecute($stmt, [
 			"desc" => $description,
 			"shell" => $shell,
 			"loginenabled" => $login_enabled ? 'Y' : 'N',
 			"customerid" => $customer['customerid'],
 			"id" => $id
 		], true, true);
@@ -533,7 +545,7 @@ class Ftps extends ApiCommand implements ResourceEntity
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$result[] = $row;
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] list ftp-users");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] list ftp-users");
 		return $this->response([
 			'count' => count($result),
 			'list' => $result
--- a/lib/Froxlor/Api/Commands/HostingPlans.php
+++ b/lib/Froxlor/Api/Commands/HostingPlans.php
@@ -61,7 +61,7 @@ class HostingPlans extends ApiCommand implements ResourceEntity
 	public function listing()
 	{
 		if ($this->isAdmin()) {
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] list hosting-plans");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] list hosting-plans");
 			$query_fields = [];
 			$result_stmt = Database::prepare("
 				SELECT p.*, a.loginname as adminname
@@ -200,7 +200,7 @@ class HostingPlans extends ApiCommand implements ResourceEntity
 			$value_arr['logviewenabled'] = $this->getBoolParam('logviewenabled', true, 0);
 			// validation
-			$name = Validate::validate(trim($name), 'name', '', '', [], true);
+			$name = Validate::validate(trim($name), 'name', Validate::REGEX_DESC_TEXT, '', [], true);
 			$description = Validate::validate(str_replace("\r\n", "\n", $description), 'description', Validate::REGEX_DESC_TEXT);
 			if (Settings::Get('system.mail_quota_enabled') != '1') {
@@ -227,7 +227,7 @@ class HostingPlans extends ApiCommand implements ResourceEntity
 				'valuearr' => json_encode($value_arr)
 			];
 			Database::pexecute($ins_stmt, $ins_data, true, true);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] added hosting-plan '" . $name . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] added hosting-plan '" . $name . "'");
 			$result = $this->apiCall('HostingPlans.get', [
 				'planname' => $name
 			]);
@@ -264,7 +264,7 @@ class HostingPlans extends ApiCommand implements ResourceEntity
 			}
 			$result = Database::pexecute_first($result_stmt, $params, true, true);
 			if ($result) {
-				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] get hosting-plan '" . $result['name'] . "'");
+				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] get hosting-plan '" . $result['name'] . "'");
 				return $this->response($result);
 			}
 			$key = ($id > 0 ? "id #" . $id : "planname '" . $planname . "'");
@@ -382,7 +382,7 @@ class HostingPlans extends ApiCommand implements ResourceEntity
 			$value_arr['logviewenabled'] = $this->getBoolParam('logviewenabled', true, $result['logviewenabled']);
 			// validation
-			$name = Validate::validate(trim($name), 'name', '', '', [], true);
+			$name = Validate::validate(trim($name), 'name', Validate::REGEX_DESC_TEXT, '', [], true);
 			$description = Validate::validate(str_replace("\r\n", "\n", $description), 'description', Validate::REGEX_DESC_TEXT);
 			if (Settings::Get('system.mail_quota_enabled') != '1') {
@@ -414,7 +414,7 @@ class HostingPlans extends ApiCommand implements ResourceEntity
 				'id' => $id
 			];
 			Database::pexecute($upd_stmt, $update_data, true, true);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] updated hosting-plan '" . $result['name'] . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] updated hosting-plan '" . $result['name'] . "'");
 			return $this->response($update_data);
 		}
 		throw new Exception("Not allowed to execute given command.", 403);
--- a/lib/Froxlor/Api/Commands/IpsAndPorts.php
+++ b/lib/Froxlor/Api/Commands/IpsAndPorts.php
@@ -65,7 +65,7 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 	public function listing()
 	{
 		if ($this->isAdmin() && ($this->getUserDetail('change_serversettings') || !empty($this->getUserDetail('ip')))) {
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] list ips and ports");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] list ips and ports");
 			$ip_where = "";
 			$append_where = false;
 			if (!empty($this->getUserDetail('ip')) && $this->getUserDetail('ip') != -1) {
@@ -175,9 +175,10 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 			$docroot = Validate::validate($this->getParam('docroot', true, ''), 'docroot', Validate::REGEX_DIR, '', [], true);
 			if ((int)Settings::Get('system.use_ssl') == 1) {
-				$ssl = !empty($this->getBoolParam('ssl', true, 0)) ? intval($this->getBoolParam('ssl', true, 0)) : 0;
+				$ssl = (bool)$this->getBoolParam('ssl', true, 0);
-				$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', $ssl, ''), 'ssl_cert_file', '', '', [], true);
+				$cert_optional = !($ssl && empty(Settings::Get('system.ssl_cert_file')));
-				$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', $ssl, ''), 'ssl_key_file', '', '', [], true);
+				$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', $cert_optional, ''), 'ssl_cert_file', '', '', [], true);
 				$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', $cert_optional, ''), 'ssl_key_file', '', '', [], true);
 				$ssl_ca_file = Validate::validate($this->getParam('ssl_ca_file', true, ''), 'ssl_ca_file', '', '', [], true);
 				$ssl_cert_chainfile = Validate::validate($this->getParam('ssl_cert_chainfile', true, ''), 'ssl_cert_chainfile', '', '', [], true);
 				$sslss = $this->getParam('ssl_specialsettings', true, '');
@@ -335,7 +336,7 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 				'id' => $id
 			], true, true);
 			if ($result) {
-				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] get ip " . $result['ip'] . " " . $result['port']);
+				$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] get ip " . $result['ip'] . " " . $result['port']);
 				return $this->response($result);
 			}
 			throw new Exception("IP/port with id #" . $id . " could not be found", 404);
@@ -414,9 +415,10 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 			$docroot = Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', Validate::REGEX_DIR, '', [], true);
 			if ((int)Settings::Get('system.use_ssl') == 1) {
-				$ssl = $this->getBoolParam('ssl', true, $result['ssl']);
+				$ssl = (bool)$this->getBoolParam('ssl', true, $result['ssl']);
-				$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', $ssl, $result['ssl_cert_file']), 'ssl_cert_file', '', '', [], true);
+				$cert_optional = !($ssl && empty(Settings::Get('system.ssl_cert_file')));
-				$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', $ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', [], true);
+				$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', $cert_optional, $result['ssl_cert_file']), 'ssl_cert_file', '', '', [], true);
 				$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', $cert_optional, $result['ssl_key_file']), 'ssl_key_file', '', '', [], true);
 				$ssl_ca_file = Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', [], true);
 				$ssl_cert_chainfile = Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', [], true);
 				$sslss = $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings']);
--- a/lib/Froxlor/Api/Commands/MysqlServer.php
+++ b/lib/Froxlor/Api/Commands/MysqlServer.php
@@ -26,14 +26,15 @@
 namespace Froxlor\Api\Commands;
 use Exception;
 use PDO;
 use PDOException;
 use Froxlor\Froxlor;
 use Froxlor\PhpHelper;
 use Froxlor\Api\ApiCommand;
 use Froxlor\Api\ResourceEntity;
 use Froxlor\Database\Database;
 use Froxlor\Froxlor;
 use Froxlor\FroxlorLogger;
 use Froxlor\PhpHelper;
 use Froxlor\Validate\Validate;
 use PDO;
 use PDOException;
 class MysqlServer extends ApiCommand implements ResourceEntity
 {
@@ -73,8 +74,8 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 	 *             optional, test connection with given credentials, default is true (yes)
 	 *
 	 * @access admin
 	 * @throws Exception
 	 * @return string json-encoded array
 	 * @throws Exception
 	 */
 	public function add()
 	{
@@ -112,7 +113,7 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 			);
 			if (!empty($mysql_ca)) {
 				$options[PDO::MYSQL_ATTR_SSL_CA] = $mysql_ca;
-				$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $mysql_verifycert;
+				$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool)$mysql_verifycert;
 			}
 			$dsn = "mysql:host=" . $mysql_host . ";port=" . $mysql_port . ";";
@@ -167,6 +168,8 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 			$this->addDatabaseFromCustomerAllowedList($newdbserver);
 		}
 		$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] added new database server '" . $description . "' (" . $mysql_host . ")");
 		return $this->response(['dbserver' => $newdbserver]);
 	}
@@ -179,16 +182,16 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 	 *             optional the number of the mysql server (either id or dbserver must be set)
 	 *
 	 * @access admin
 	 * @throws Exception
 	 * @return string json-encoded array
 	 * @throws Exception
 	 */
 	public function delete()
 	{
 		$this->validateAccess();
-		$id = (int) $this->getParam('id', true, -1);
+		$id = (int)$this->getParam('id', true, -1);
 		$dn_optional = $id >= 0;
-		$dbserver = (int) $this->getParam('dbserver', $dn_optional, -1);
+		$dbserver = (int)$this->getParam('dbserver', $dn_optional, -1);
 		$dbserver = $id >= 0 ? $id : $dbserver;
 		if ($dbserver == 0) {
@@ -212,8 +215,12 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 		// when removing, remove from list of allowed_mysqlservers from any customers
 		$this->removeDatabaseFromCustomerAllowedList($dbserver);
 		$description = $sql_root[$dbserver]['caption'] ?? "unknown";
 		$mysql_host = $sql_root[$dbserver]['host'] ?? "unknown";
 		unset($sql_root[$dbserver]);
 		$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] removed database server '" . $description . "' (" . $mysql_host . ")");
 		$this->generateNewUserData($sql, $sql_root);
 		return $this->response(['true']);
 	}
@@ -287,14 +294,14 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 	 *             optional the number of the mysql server (either id or dbserver must be set)
 	 *
 	 * @access admin, customer
 	 * @throws Exception
 	 * @return string json-encoded array
 	 * @throws Exception
 	 */
 	public function get()
 	{
-		$id = (int) $this->getParam('id', true, -1);
+		$id = (int)$this->getParam('id', true, -1);
 		$dn_optional = $id >= 0;
-		$dbserver = (int) $this->getParam('dbserver', $dn_optional, -1);
+		$dbserver = (int)$this->getParam('dbserver', $dn_optional, -1);
 		$dbserver = $id >= 0 ? $id : $dbserver;
 		$sql_root = [];
@@ -317,6 +324,7 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 		unset($sql_root[$dbserver]['password']);
 		$sql_root[$dbserver]['id'] = $dbserver;
 		$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] get database-server '" . $sql_root[$dbserver]['caption'] . "'");
 		return $this->response($sql_root[$dbserver]);
 	}
@@ -347,16 +355,16 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 	 *             optional, test connection with given credentials, default is true (yes)
 	 *
 	 * @access admin
 	 * @throws Exception
 	 * @return string json-encoded array
 	 * @throws Exception
 	 */
 	public function update()
 	{
 		$this->validateAccess();
-		$id = (int) $this->getParam('id', true, -1);
+		$id = (int)$this->getParam('id', true, -1);
 		$dn_optional = $id >= 0;
-		$dbserver = (int) $this->getParam('dbserver', $dn_optional, -1);
+		$dbserver = (int)$this->getParam('dbserver', $dn_optional, -1);
 		$dbserver = $id >= 0 ? $id : $dbserver;
 		$sql_root = [];
@@ -417,7 +425,7 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 			);
 			if (!empty($mysql_ca)) {
 				$options[PDO::MYSQL_ATTR_SSL_CA] = $mysql_ca;
-				$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool) $mysql_verifycert;
+				$options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = (bool)$mysql_verifycert;
 			}
 			$dsn = "mysql:host=" . $mysql_host . ";port=" . $mysql_port . ";";
@@ -448,6 +456,8 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 			$this->addDatabaseFromCustomerAllowedList($dbserver);
 		}
 		$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] edited database server '" . $description . "' (" . $mysql_host . ")");
 		return $this->response(['true']);
 	}
@@ -472,7 +482,7 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 				WHERE `dbserver` = :dbserver
 			");
 			$result = Database::pexecute_first($result_stmt, ['dbserver' => $dbserver], true, true);
-			return (int) $result['num_dbs'];
+			return (int)$result['num_dbs'];
 		} else {
 			$dbserver = $this->getParam('mysql_server');
 			$customer_ids = $this->getAllowedCustomerIds();
@@ -516,7 +526,7 @@ class MysqlServer extends ApiCommand implements ResourceEntity
 			`allowed_mysqlserver` = :am WHERE `customerid` = :cid
 		");
 		while ($customer = $sel_stmt->fetch(PDO::FETCH_ASSOC)) {
-			$allowed_mysqls = json_decode(($customer['allowed_mysqlserver'] ?? '[]'), true);
+			$allowed_mysqls = json_decode(($customer['allowed_mysqlserver'] ?: '[]'), true);
 			if (!in_array($dbserver, $allowed_mysqls)) {
 				$allowed_mysqls[] = $dbserver;
 				$allowed_mysqls = json_encode($allowed_mysqls);
--- a/lib/Froxlor/Api/Commands/Mysqls.php
+++ b/lib/Froxlor/Api/Commands/Mysqls.php
@@ -199,7 +199,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 				$this->mailer()->clearAddresses();
 			}
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] added mysql-database '" . $username . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added mysql-database '" . $username . "'");
 			$result = $this->apiCall('Mysqls.get', [
 				'dbname' => $username,
@@ -299,7 +299,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 			$mbdata = $mbdata_stmt->fetch(PDO::FETCH_ASSOC);
 			Database::needRoot(false);
 			$result['size'] = $mbdata['MB'] ?? 0;
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] get database '" . $result['databasename'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get database '" . $result['databasename'] . "'");
 			return $this->response($result);
 		}
 		$key = ($id > 0 ? "id #" . $id : "dbname '" . $dbname . "'");
@@ -388,7 +388,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 		];
 		Database::pexecute($stmt, $params, true, true);
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] updated mysql-database '" . $result['databasename'] . "'");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] updated mysql-database '" . $result['databasename'] . "'");
 		$result = $this->apiCall('Mysqls.get', [
 			'dbname' => $result['databasename']
 		]);
--- a/lib/Froxlor/Api/Commands/PhpSettings.php
+++ b/lib/Froxlor/Api/Commands/PhpSettings.php
@@ -67,7 +67,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 	public function listing()
 	{
 		if ($this->isAdmin()) {
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] list php-configs");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] list php-configs");
 			$with_subdomains = $this->getBoolParam('with_subdomains', true, false);
 			$query_fields = [];
@@ -222,8 +222,8 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 	 *            optional request terminate timeout if FPM is used, default is '60s'
 	 * @param string $phpfpm_reqslowtimeout
 	 *            optional request slowlog timeout if FPM is used, default is '5s'
-	 * @param bool $phpfpm_pass_authorizationheader
+	 * @param bool $pass_authorizationheader
-	 *            optional whether to pass authorization header to webserver if FPM is used, default is 0 (false)
+	 *            optional whether to pass authorization header to webserver if FPM/FCGID is used, default is 0 (false)
 	 * @param bool $override_fpmconfig
 	 *            optional whether to override fpm-daemon-config value for the following settings if FPM is used,
 	 *            default is 0 (false)
@@ -276,7 +276,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 			$fpm_enableslowlog = $this->getBoolParam('phpfpm_enable_slowlog', true, 0);
 			$fpm_reqtermtimeout = $this->getParam('phpfpm_reqtermtimeout', true, "60s");
 			$fpm_reqslowtimeout = $this->getParam('phpfpm_reqslowtimeout', true, "5s");
-			$fpm_pass_authorizationheader = $this->getBoolParam('phpfpm_pass_authorizationheader', true, 0);
+			$pass_authorizationheader = $this->getBoolParam('pass_authorizationheader', true, 0);
 			$override_fpmconfig = $this->getBoolParam('override_fpmconfig', true, 0);
 			$def_fpmconfig = $this->apiCall('FpmDaemons.get', [
@@ -312,7 +312,6 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 				$fpm_enableslowlog = 0;
 				$fpm_reqtermtimeout = 0;
 				$fpm_reqslowtimeout = 0;
 				$fpm_pass_authorizationheader = 0;
 				$override_fpmconfig = 0;
 			} elseif (Settings::Get('phpfpm.enabled') == 1) {
 				$fpm_reqtermtimeout = Validate::validate($fpm_reqtermtimeout, 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/', '', [], true);
@@ -377,7 +376,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 				'fpmreqslow' => $fpm_reqslowtimeout,
 				'phpsettings' => $phpsettings,
 				'fpmsettingid' => $fpm_config_id,
-				'fpmpassauth' => $fpm_pass_authorizationheader,
+				'fpmpassauth' => $pass_authorizationheader,
 				'ofc' => $override_fpmconfig,
 				'pm' => $pmanager,
 				'max_children' => $max_children,
@@ -392,7 +391,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 			$ins_data['id'] = Database::lastInsertId();
 			Cronjob::inserttask(TaskId::REBUILD_VHOST);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] php setting with description '" . $description . "' has been created by '" . $this->getUserDetail('loginname') . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] php setting with description '" . $description . "' has been created by '" . $this->getUserDetail('loginname') . "'");
 			$result = $this->apiCall('PhpSettings.get', [
 				'id' => $ins_data['id']
@@ -464,7 +463,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 	 *            optional request terminate timeout if FPM is used, default is '60s'
 	 * @param string $phpfpm_reqslowtimeout
 	 *            optional request slowlog timeout if FPM is used, default is '5s'
-	 * @param bool $phpfpm_pass_authorizationheader
+	 * @param bool $pass_authorizationheader
 	 *            optional whether to pass authorization header to webserver if FPM is used, default is 0 (false)
 	 * @param bool $override_fpmconfig
 	 *            optional whether to override fpm-daemon-config value for the following settings if FPM is used,
@@ -516,7 +515,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 			$fpm_enableslowlog = $this->getBoolParam('phpfpm_enable_slowlog', true, $result['fpm_slowlog']);
 			$fpm_reqtermtimeout = $this->getParam('phpfpm_reqtermtimeout', true, $result['fpm_reqterm']);
 			$fpm_reqslowtimeout = $this->getParam('phpfpm_reqslowtimeout', true, $result['fpm_reqslow']);
-			$fpm_pass_authorizationheader = $this->getBoolParam('phpfpm_pass_authorizationheader', true, $result['pass_authorizationheader']);
+			$pass_authorizationheader = $this->getBoolParam('pass_authorizationheader', true, $result['pass_authorizationheader']);
 			$override_fpmconfig = $this->getBoolParam('override_fpmconfig', true, $result['override_fpmconfig']);
 			$pmanager = $this->getParam('pm', true, $result['pm']);
 			$max_children = $this->getParam('max_children', true, $result['max_children']);
@@ -548,7 +547,6 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 				$fpm_enableslowlog = 0;
 				$fpm_reqtermtimeout = 0;
 				$fpm_reqslowtimeout = 0;
 				$fpm_pass_authorizationheader = 0;
 				$override_fpmconfig = 0;
 			} elseif (Settings::Get('phpfpm.enabled') == 1) {
 				$fpm_reqtermtimeout = Validate::validate($fpm_reqtermtimeout, 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/', '', [], true);
@@ -614,7 +612,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 				'fpmreqslow' => $fpm_reqslowtimeout,
 				'phpsettings' => $phpsettings,
 				'fpmsettingid' => $fpm_config_id,
-				'fpmpassauth' => $fpm_pass_authorizationheader,
+				'fpmpassauth' => $pass_authorizationheader,
 				'ofc' => $override_fpmconfig,
 				'pm' => $pmanager,
 				'max_children' => $max_children,
@@ -629,7 +627,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 			Database::pexecute($upd_stmt, $upd_data, true, true);
 			Cronjob::inserttask(TaskId::REBUILD_VHOST);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] php setting with description '" . $description . "' has been updated by '" . $this->getUserDetail('loginname') . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "[API] php setting with description '" . $description . "' has been updated by '" . $this->getUserDetail('loginname') . "'");
 			$result = $this->apiCall('PhpSettings.get', [
 				'id' => $id
@@ -686,7 +684,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 			], true, true);
 			Cronjob::inserttask(TaskId::REBUILD_VHOST);
-			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "[API] php setting '" . $result['description'] . "' has been deleted by '" . $this->getUserDetail('loginname') . "'");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] php setting '" . $result['description'] . "' has been deleted by '" . $this->getUserDetail('loginname') . "'");
 			return $this->response($result);
 		}
 		throw new Exception("Not allowed to execute given command.", 403);
--- a/lib/Froxlor/Api/Commands/SubDomains.php
+++ b/lib/Froxlor/Api/Commands/SubDomains.php
@@ -62,11 +62,13 @@ class SubDomains extends ApiCommand implements ResourceEntity
 	 *            optional, overwrites path value with an URL to generate a redirect, alternatively use the path
 	 *            parameter also for URLs
 	 * @param int $openbasedir_path
-	 *            optional, either 0 for domains-docroot, 1 for customers-homedir or 2 for parent-directory of domains-docroot
+	 *            optional, either 0 for domains-docroot [default], 1 for customers-homedir or 2 for parent-directory of domains-docroot
 	 * @param int $phpsettingid
 	 *            optional, php-settings-id, if empty the $domain value is used
 	 * @param int $redirectcode
 	 *            optional, redirect-code-id from TABLE_PANEL_REDIRECTCODES
 	 * @param int $speciallogfile
 	 *            optional, whether to create an exclusive web-logfile for this domain (1) or not (0) or inherit value from parentdomain (2, default)
 	 * @param bool $sslenabled
 	 *            optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default
 	 *            1 (true)
@@ -104,9 +106,10 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			$aliasdomain = $this->getParam('alias', true, 0);
 			$path = $this->getParam('path', true, '');
 			$url = $this->getParam('url', true, '');
-			$openbasedir_path = $this->getParam('openbasedir_path', true, 1);
+			$openbasedir_path = $this->getParam('openbasedir_path', true, 0);
 			$phpsettingid = $this->getParam('phpsettingid', true, 0);
 			$redirectcode = $this->getParam('redirectcode', true, Settings::Get('customredirect.default'));
 			$speciallogfile = intval($this->getParam('speciallogfile', true, 2));
 			$isemaildomain = $this->getParam('isemaildomain', true, 0);
 			if (Settings::Get('system.use_ssl')) {
 				$sslenabled = $this->getBoolParam('sslenabled', true, 1);
@@ -229,6 +232,9 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			} elseif ($completedomain_check && strtolower($completedomain_check['domain']) == strtolower($completedomain)) {
 				// the domain does already exist as main-domain
 				Response::standardError('domainexistalready', $completedomain, true);
 			} elseif ((int)$domain_check['deactivated'] == 1) {
 				// main domain is deactivated
 				Response::standardError('maindomaindeactivated', $domain, true);
 			}
 			// if allowed, check for 'is email domain'-flag
@@ -273,6 +279,11 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				$ssl_redirect = 2;
 			}
 			// validate speciallogfile value
 			if ($speciallogfile < 0 || $speciallogfile > 2) {
 				$speciallogfile = 2; // inherit from parent-domain
 			}
 			// get the phpsettingid from parentdomain, #107
 			$phpsid_stmt = Database::prepare("
 				SELECT `phpsettingid` FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `id` = :id
@@ -285,21 +296,24 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				// assign default config
 				$phpsid_result['phpsettingid'] = 1;
 			}
 			// check whether the customer has chosen its own php-config
 			if ($phpsettingid > 0 && $phpsettingid != $phpsid_result['phpsettingid']) {
 				$phpsid_result['phpsettingid'] = intval($phpsettingid);
 			}
-			$allowed_phpconfigs = $customer['allowed_phpconfigs'];
+			if ($domain_check['phpenabled'] == 1) {
-			if (!empty($allowed_phpconfigs)) {
+				// check whether the customer has chosen its own php-config
-				$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);
+				if ($phpsettingid > 0 && $phpsettingid != $phpsid_result['phpsettingid']) {
-			} else {
+					$phpsid_result['phpsettingid'] = intval($phpsettingid);
-				$allowed_phpconfigs = [];
+				}
-			}
+
-			// only with fcgid/fpm enabled will it be possible to select a php-setting
+				$allowed_phpconfigs = $customer['allowed_phpconfigs'];
-			if ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
+				if (!empty($allowed_phpconfigs)) {
-				if (!in_array($phpsid_result['phpsettingid'], $allowed_phpconfigs)) {
+					$allowed_phpconfigs = json_decode($allowed_phpconfigs, true);
-					Response::standardError('notallowedphpconfigused', '', true);
+				} else {
 					$allowed_phpconfigs = [];
 				}
 				// only with fcgid/fpm enabled will it be possible to select a php-setting
 				if ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
 					if (!in_array($phpsid_result['phpsettingid'], $allowed_phpconfigs)) {
 						Response::standardError('notallowedphpconfigused', '', true);
 					}
 				}
 			}
@@ -351,7 +365,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				"openbasedir" => $domain_check['openbasedir'],
 				"openbasedir_path" => $openbasedir_path,
 				"phpenabled" => $domain_check['phpenabled'],
-				"speciallogfile" => $domain_check['speciallogfile'],
+				"speciallogfile" => $speciallogfile == 2 ? $domain_check['speciallogfile'] : $speciallogfile,
 				"specialsettings" => $domain_check['specialsettings'],
 				"ssl_specialsettings" => $domain_check['ssl_specialsettings'],
 				"include_specialsettings" => $domain_check['include_specialsettings'],
@@ -486,7 +500,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				$result['ipsandports'] = $this->getIpsForDomain($result['id']);
 			}
 			$result['domain_hascert'] = $this->getHasCertValueForDomain((int)$result['id'], (int)$result['parentdomainid']);
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] get subdomain '" . $result['domain'] . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get subdomain '" . $result['domain'] . "'");
 			return $this->response($result);
 		}
 		$key = ($id > 0 ? "id #" . $id : "domainname '" . $domainname . "'");
@@ -553,9 +567,9 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
 			// set default path to subdomain or domain name
 			if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
-				$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $completedomain);
+				$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $completedomain, $customer['documentroot']);
 			} else {
-				$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path);
+				$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);
 			}
 		} else {
 			// no it's not, create a redirect
@@ -588,6 +602,11 @@ class SubDomains extends ApiCommand implements ResourceEntity
 	 *            optional, php-settings-id, if empty the $domain value is used
 	 * @param int $redirectcode
 	 *            optional, redirect-code-id from TABLE_PANEL_REDIRECTCODES
 	 * @param bool $speciallogfile
 	 *            optional, whether to create an exclusive web-logfile for this domain
 	 * @param bool $speciallogverified
 	 *            optional, when setting $speciallogfile to false, this needs to be set to true to confirm the action,
 	 *            default 0 (false)
 	 * @param bool $sslenabled
 	 *            optional, whether or not SSL is enabled for this domain, regardless of the assigned ssl-ips, default
 	 *            1 (true)
@@ -645,6 +664,8 @@ class SubDomains extends ApiCommand implements ResourceEntity
 		$openbasedir_path = $this->getParam('openbasedir_path', true, $result['openbasedir_path']);
 		$phpsettingid = $this->getParam('phpsettingid', true, $result['phpsettingid']);
 		$redirectcode = $this->getParam('redirectcode', true, Domain::getDomainRedirectId($id));
 		$speciallogfile = $this->getBoolParam('speciallogfile', true, $result['speciallogfile']);
 		$speciallogverified = $this->getBoolParam('speciallogverified', true, 0);
 		if (Settings::Get('system.use_ssl')) {
 			$sslenabled = $this->getBoolParam('sslenabled', true, $result['ssl_enabled']);
 			$ssl_redirect = $this->getBoolParam('ssl_redirect', true, $result['ssl_redirect']);
@@ -754,6 +775,10 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			$ssl_redirect = 2;
 		}
 		if ($speciallogfile != $result['speciallogfile'] && $speciallogverified != '1') {
 			$speciallogfile = $result['speciallogfile'];
 		}
 		// is-email-domain flag changed - remove mail accounts and mail-addresses
 		if (($result['isemaildomain'] == '1') && $isemaildomain == '0') {
 			$params = [
@@ -775,7 +800,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			$allowed_phpconfigs = [];
 		}
 		// only with fcgid/fpm enabled will it be possible to select a php-setting
-		if ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
+		if ((int)$result['phpenabled'] == 1 && ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1)) {
 			if (!in_array($phpsettingid, $allowed_phpconfigs)) {
 				Response::standardError('notallowedphpconfigused', '', true);
 			}
@@ -786,7 +811,21 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			Domain::updateRedirectOfDomain($id, $redirectcode);
 		}
-		if ($path != $result['documentroot'] || $isemaildomain != $result['isemaildomain'] || $wwwserveralias != $result['wwwserveralias'] || $iswildcarddomain != $result['iswildcarddomain'] || $aliasdomain != (int)$result['aliasdomain'] || $openbasedir_path != $result['openbasedir_path'] || $ssl_redirect != $result['ssl_redirect'] || $letsencrypt != $result['letsencrypt'] || $hsts_maxage != $result['hsts'] || $hsts_sub != $result['hsts_sub'] || $hsts_preload != $result['hsts_preload'] || $phpsettingid != $result['phpsettingid'] || $http2 != $result['http2']) {
+		if ($path != $result['documentroot']
 			|| $isemaildomain != $result['isemaildomain']
 			|| $wwwserveralias != $result['wwwserveralias']
 			|| $iswildcarddomain != $result['iswildcarddomain']
 			|| $aliasdomain != (int)$result['aliasdomain']
 			|| $openbasedir_path != $result['openbasedir_path']
 			|| $ssl_redirect != $result['ssl_redirect']
 			|| $letsencrypt != $result['letsencrypt']
 			|| $hsts_maxage != $result['hsts']
 			|| $hsts_sub != $result['hsts_sub']
 			|| $hsts_preload != $result['hsts_preload']
 			|| $phpsettingid != $result['phpsettingid']
 			|| $http2 != $result['http2']
 			|| ($speciallogfile != $result['speciallogfile'] && $speciallogverified == '1')
 		) {
 			$stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
 					`documentroot` = :documentroot,
@@ -802,7 +841,8 @@ class SubDomains extends ApiCommand implements ResourceEntity
 					`hsts` = :hsts,
 					`hsts_sub` = :hsts_sub,
 					`hsts_preload` = :hsts_preload,
-					`phpsettingid` = :phpsettingid
+					`phpsettingid` = :phpsettingid,
 					`speciallogfile` = :speciallogfile
 					WHERE `customerid`= :customerid AND `id`= :id
 				");
 			$params = [
@@ -820,6 +860,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				"hsts_sub" => $hsts_sub,
 				"hsts_preload" => $hsts_preload,
 				"phpsettingid" => $phpsettingid,
 				"speciallogfile" => $speciallogfile,
 				"customerid" => $customer['customerid'],
 				"id" => $id
 			];
@@ -856,7 +897,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			Cronjob::inserttask(TaskId::REBUILD_DNS);
 			$idna_convert = new IdnaWrapper();
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] edited domain '" . $idna_convert->decode($result['domain']) . "'");
+			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] edited domain '" . $idna_convert->decode($result['domain']) . "'");
 		}
 		$result = $this->apiCall('SubDomains.get', [
 			'id' => $id
@@ -865,7 +906,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 	}
 	/**
-	 * lists all subdomain entries
+	 * lists all customer domain/subdomain entries
 	 *
 	 * @param bool $with_ips
 	 *            optional, default true
@@ -910,17 +951,12 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				$custom_list_result = $_custom_list_result['list'];
 			}
 			$customer_ids = [];
 			$customer_stdsubs = [];
 			foreach ($custom_list_result as $customer) {
 				$customer_ids[] = $customer['customerid'];
 				$customer_stdsubs[$customer['customerid']] = $customer['standardsubdomain'];
 			}
 			if (empty($customer_ids)) {
 				throw new Exception("Required resource unsatisfied.", 405);
 			}
 			if (empty($customer_stdsubs)) {
 				throw new Exception("Required resource unsatisfied.", 405);
 			}
 			$select_fields = [
 				'`d`.*'
@@ -932,9 +968,6 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			$customer_ids = [
 				$this->getUserDetail('customerid')
 			];
 			$customer_stdsubs = [
 				$this->getUserDetail('customerid') => $this->getUserDetail('standardsubdomain')
 			];
 			$select_fields = [
 				'`d`.`id`',
@@ -949,7 +982,8 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				'`d`.`parentdomainid`',
 				'`d`.`letsencrypt`',
 				'`d`.`registration_date`',
-				'`d`.`termination_date`'
+				'`d`.`termination_date`',
 				'`d`.`deactivated`'
 			];
 		}
 		$query_fields = [];
@@ -963,7 +997,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `pd` ON `pd`.`id`=`d`.`parentdomainid`
 			WHERE `d`.`customerid` IN (" . implode(', ', $customer_ids) . ")
 			AND `d`.`email_only` = '0'
-			AND `d`.`id` NOT IN (" . implode(', ', $customer_stdsubs) . ")" . $this->getSearchWhere($query_fields, true) . " GROUP BY `d`.`id` ORDER BY `parentdomainname` ASC, `d`.`parentdomainid` ASC " . $this->getOrderBy(true) . $this->getLimit());
+			" . $this->getSearchWhere($query_fields, true) . " GROUP BY `d`.`id` ORDER BY `parentdomainname` ASC, `d`.`parentdomainid` ASC " . $this->getOrderBy(true) . $this->getLimit());
 		$result = [];
 		Database::pexecute($domains_stmt, $query_fields, true, true);
@@ -1047,10 +1081,8 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				$custom_list_result = $_custom_list_result['list'];
 			}
 			$customer_ids = [];
 			$customer_stdsubs = [];
 			foreach ($custom_list_result as $customer) {
 				$customer_ids[] = $customer['customerid'];
 				$customer_stdsubs[$customer['customerid']] = $customer['standardsubdomain'];
 			}
 		} else {
 			if (Settings::IsInList('panel.customer_hide_options', 'domains')) {
@@ -1059,21 +1091,19 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			$customer_ids = [
 				$this->getUserDetail('customerid')
 			];
 			$customer_stdsubs = [
 				$this->getUserDetail('customerid') => $this->getUserDetail('standardsubdomain')
 			];
 		}
-		// prepare select statement
+		if (!empty($customer_ids)) {
-		$domains_stmt = Database::prepare("
+			// prepare select statement
-			SELECT COUNT(*) as num_subdom
+			$domains_stmt = Database::prepare("
-			FROM `" . TABLE_PANEL_DOMAINS . "` `d`
+				SELECT COUNT(*) as num_subdom
-			WHERE `d`.`customerid` IN (" . implode(', ', $customer_ids) . ")
+				FROM `" . TABLE_PANEL_DOMAINS . "` `d`
-			AND `d`.`email_only` = '0'
+				WHERE `d`.`customerid` IN (" . implode(', ', $customer_ids) . ")
-			AND `d`.`id` NOT IN (" . implode(', ', $customer_stdsubs) . ")
+				AND `d`.`email_only` = '0'
-		");
+			");
-		$result = Database::pexecute_first($domains_stmt, null, true, true);
+			$result = Database::pexecute_first($domains_stmt, null, true, true);
-		if ($result) {
+			if ($result) {
-			return $this->response($result['num_subdom']);
+				return $this->response($result['num_subdom']);
 			}
 		}
 		return $this->response(0);
 	}
--- a/lib/Froxlor/Api/Commands/SysLog.php
+++ b/lib/Froxlor/Api/Commands/SysLog.php
@@ -92,7 +92,7 @@ class SysLog extends ApiCommand implements ResourceEntity
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 			$result[] = $row;
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] list log-entries");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] list log-entries");
 		return $this->response([
 			'count' => count($result),
 			'list' => $result
--- a/lib/Froxlor/Api/Commands/Traffic.php
+++ b/lib/Froxlor/Api/Commands/Traffic.php
@@ -166,7 +166,7 @@ class Traffic extends ApiCommand implements ResourceEntity
 			$row['mail'] *= 1024;
 			$result[] = $row;
 		}
-		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] list traffic");
+		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] list traffic");
 		return $this->response([
 			'count' => count($result),
 			'list' => $result
--- a/lib/Froxlor/Api/FroxlorRPC.php
+++ b/lib/Froxlor/Api/FroxlorRPC.php
@@ -112,11 +112,11 @@ class FroxlorRPC
 	 *
 	 * @return bool
 	 */
-	private static function validateAllowedFrom(array $allowed_from, string $remote_addr): bool
+	public static function validateAllowedFrom(array $allowed_from, string $remote_addr): bool
 	{
 		// shorten IP for comparison
 		$remote_addr = inet_ntop(inet_pton($remote_addr));
-		// check for diret matches
+		// check for direct matches
 		if (in_array($remote_addr, $allowed_from)) {
 			return true;
 		}
--- a/lib/Froxlor/Cli/CliCommand.php
+++ b/lib/Froxlor/Cli/CliCommand.php
@@ -25,19 +25,18 @@
 namespace Froxlor\Cli;
 use PDO;
 use Exception;
 use Froxlor\Database\Database;
 use Froxlor\Froxlor;
 use Froxlor\Settings;
-use Froxlor\Database\Database;
+use PDO;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
 class CliCommand extends Command
 {
-	protected function validateRequirements(InputInterface $input, OutputInterface $output, bool $ignore_has_updates = false): int
+	protected function validateRequirements(OutputInterface $output, bool $ignore_has_updates = false): int
 	{
 		if (!file_exists(Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {
 			$output->writeln("<error>Could not find froxlor's userdata.inc.php file. You should use this script only with an installed froxlor system.</>");
@@ -116,22 +115,24 @@ class CliCommand extends Command
 		return $userinfo;
 	}
-	private function runUpdate(OutputInterface $output): int
+	protected function runUpdate(OutputInterface $output, bool $manual = false): int
 	{
-		$output->writeln('<comment>Automatic update is activated and we are going to proceed without any notices</>');
+		if (!$manual) {
 			$output->writeln('<comment>Automatic update is activated and we are going to proceed without any notices</>');
 		}
 		include_once Froxlor::getInstallDir() . '/lib/tables.inc.php';
 		define('_CRON_UPDATE', 1);
 		ob_start([
-			'this',
+			$this,
 			'cleanUpdateOutput'
 		]);
 		include_once Froxlor::getInstallDir() . '/install/updatesql.php';
 		ob_end_flush();
-		$output->writeln('<info>Automatic update done - you should check your settings to be sure everything is fine</>');
+		$output->writeln('<info>' . ($manual ? 'Database' : 'Automatic') . ' update done - you should check your settings to be sure everything is fine</>');
 		return self::SUCCESS;
 	}
-	private function cleanUpdateOutput($buffer)
+	private function cleanUpdateOutput($buffer): string
 	{
 		return strip_tags(preg_replace("/<br\W*?\/>/", "\n", $buffer));
 	}
--- a/lib/Froxlor/Cli/ConfigDiff.php
+++ b/lib/Froxlor/Cli/ConfigDiff.php
@@ -0,0 +1,181 @@
 <?php
 /**
 * This file is part of the Froxlor project.
 * Copyright (c) 2010 the Froxlor Team (see authors).
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, you can also view it online at
 * https://files.froxlor.org/misc/COPYING.txt
 *
 * @copyright  the authors
 * @author     Froxlor team <team@froxlor.org>
 * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
 */
 namespace Froxlor\Cli;
 use Froxlor\Config\ConfigParser;
 use Froxlor\FileDir;
 use Froxlor\Froxlor;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
 final class ConfigDiff extends CliCommand
 {
 	protected function configure(): void
 	{
 		$this->setName('froxlor:config-diff')
 			->setDescription('Shows differences in config templates between OS versions')
 			->addArgument('from', InputArgument::OPTIONAL, 'OS version to compare against')
 			->addArgument('to', InputArgument::OPTIONAL, 'OS version to compare from')
 			->addOption('list', 'l', InputOption::VALUE_NONE, 'List all possible OS versions')
 			->addOption('diff-params', '', InputOption::VALUE_REQUIRED, 'Additional parameters for `diff`, e.g. --diff-params="--color=always"');
 	}
 	/**
 	 * @throws \Exception
 	 */
 	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
 		require Froxlor::getInstallDir() . '/lib/functions.php';
 		$parsers = $versions = [];
 		foreach (glob(Froxlor::getInstallDir() . '/lib/configfiles/*.xml') as $config) {
 			$name = str_replace(".xml", "", strtolower(basename($config)));
 			$parser = new ConfigParser($config);
 			$versions[$name] = $parser->getCompleteDistroName();
 			$parsers[$name] = $parser;
 		}
 		asort($versions);
 		if ($input->getOption('list') === true) {
 			$output->writeln('The following OS version templates are available:');
 			foreach ($versions as $k => $v) {
 				$output->writeln(str_pad($k, 20) . $v);
 			}
 			return self::SUCCESS;
 		}
 		if (!$input->hasArgument('from') || !array_key_exists($input->getArgument('from'), $versions)) {
 			$output->writeln('<error>Missing or invalid "from" argument.</error>');
 			$output->writeln('Available versions: ' . implode(', ', array_keys($versions)));
 			return self::INVALID;
 		}
 		if (!$input->hasArgument('to') || !array_key_exists($input->getArgument('to'), $versions)) {
 			$output->writeln('<error>Missing or invalid "to" argument.</error>');
 			$output->writeln('Available versions: ' . implode(', ', array_keys($versions)));
 			return self::INVALID;
 		}
 		// Make sure diff is installed
 		$check_diff_installed = FileDir::safe_exec('which diff');
 		if (count($check_diff_installed) === 0) {
 			$output->writeln('<error>Unable to find "diff" installation on your system.</error>');
 			return self::INVALID;
 		}
 		$parser_from = $parsers[$input->getArgument('from')];
 		$parser_to = $parsers[$input->getArgument('to')];
 		$tmp_from = tempnam(sys_get_temp_dir(), 'froxlor_config_diff_from');
 		$tmp_to = tempnam(sys_get_temp_dir(), 'froxlor_config_diff_to');
 		$files = [];
 		$titles_by_key = [];
 		// Aggregate content for each config file
 		foreach ([[$parser_from, 'from'], [$parser_to, 'to']] as $todo) {
 			foreach ($todo[0]->getServices() as $service_type => $service) {
 				foreach ($service->getDaemons() as $daemon_name => $daemon) {
 					foreach ($daemon->getConfig() as $instruction) {
 						if ($instruction['type'] !== 'file') {
 							continue;
 						}
 						if (isset($instruction['subcommands'])) {
 							foreach ($instruction['subcommands'] as $subinstruction) {
 								if ($subinstruction['type'] !== 'file') {
 									continue;
 								}
 								$content = $subinstruction['content'];
 							}
 						} else {
 							$content = $instruction['content'];
 						}
 						if (!isset($content)) {
 							throw new \Exception("Cannot find content for {$instruction['name']}");
 						}
 						$key = "{$service_type}_{$daemon_name}_{$instruction['name']}";
 						$titles_by_key[$key] = "{$service->title} : {$daemon->title} : {$instruction['name']}";
 						if (!isset($files[$key])) {
 							$files[$key] = ['from' => '', 'to' => ''];
 						}
 						$files[$key][$todo[1]] = $this->filterContent($content);
 					}
 				}
 			}
 		}
 		ksort($files);
 		$diff_params = '';
 		if ($input->hasOption('diff-params') && trim($input->getOption('diff-params')) !== '') {
 			$diff_params = trim($input->getOption('diff-params'));
 		}
 		// Run diff on each file and output, if anything changed
 		foreach ($files as $file_key => $content) {
 			file_put_contents($tmp_from, $content['from']);
 			file_put_contents($tmp_to, $content['to']);
 			$diff_output = FileDir::safe_exec("{$check_diff_installed[0]} {$diff_params} {$tmp_from} {$tmp_to}");
 			if (count($diff_output) === 0) {
 				continue;
 			}
 			$output->writeln('<info># ' . $titles_by_key[$file_key] . '</info>');
 			$output->writeln(implode("\n", $diff_output) . "\n");
 			unset($diff_output);
 		}
 		// Remove tmp files again
 		unlink($tmp_from);
 		unlink($tmp_to);
 		return self::SUCCESS;
 	}
 	private function filterContent(string $content): string
 	{
 		$new_content = '';
 		foreach (explode("\n", $content) as $n) {
 			$n = trim($n);
 			if (!$n) {
 				continue;
 			}
 			if (str_starts_with($n, '#')) {
 				continue;
 			}
 			$new_content .= $n . "\n";
 		}
 		return $new_content;
 	}
 }
--- a/lib/Froxlor/Cli/ConfigServices.php
+++ b/lib/Froxlor/Cli/ConfigServices.php
@@ -25,6 +25,7 @@
 namespace Froxlor\Cli;
 use Exception;
 use Froxlor\Config\ConfigParser;
 use Froxlor\Database\Database;
 use Froxlor\FileDir;
@@ -40,9 +41,8 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 final class ConfigServices extends CliCommand
 {
 	private $yes_to_all_supported = [
-		/* 'bookworm', */
+		'bookworm',
 		'bionic',
 		'bullseye',
 		'buster',
@@ -62,11 +62,9 @@ final class ConfigServices extends CliCommand
 			->addOption('yes-to-all', 'A', InputOption::VALUE_NONE, 'Install packages without asking questions (Debian/Ubuntu only currently)');
 	}
-	protected function execute(InputInterface $input, OutputInterface $output)
+	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
-		$result = self::SUCCESS;
+		$result = $this->validateRequirements($output);
 		$result = $this->validateRequirements($input, $output);
 		require Froxlor::getInstallDir() . '/lib/functions.php';
@@ -93,7 +91,7 @@ final class ConfigServices extends CliCommand
 		if ($result == self::SUCCESS) {
 			$io = new SymfonyStyle($input, $output);
 			if ($input->getOption('create')) {
-				$result = $this->createConfig($input, $output, $io);
+				$result = $this->createConfig($output, $io);
 			} elseif ($input->getOption('apply')) {
 				$result = $this->applyConfig($input, $output, $io);
 			} elseif ($input->getOption('list') || $input->getOption('daemon')) {
@@ -158,7 +156,10 @@ final class ConfigServices extends CliCommand
 		fclose($fp);
 	}
-	private function createConfig(InputInterface $input, OutputInterface $output, SymfonyStyle $io)
+	/**
 	 * @throws Exception
 	 */
 	private function createConfig(OutputInterface $output, SymfonyStyle $io): int
 	{
 		$_daemons_config = [
 			'distro' => ""
@@ -285,7 +286,10 @@ final class ConfigServices extends CliCommand
 		return self::SUCCESS;
 	}
-	private function applyConfig(InputInterface $input, OutputInterface $output, SymfonyStyle $io)
+	/**
 	 * @throws Exception
 	 */
 	private function applyConfig(InputInterface $input, OutputInterface $output, SymfonyStyle $io): int
 	{
 		$applyFile = $input->getOption('apply');
@@ -398,7 +402,7 @@ final class ConfigServices extends CliCommand
 							case "file":
 								if (array_key_exists('content', $action)) {
 									$output->writeln('<comment>Creating file "' . $action['name'] . '"</>');
-									file_put_contents($action['name'], trim(strtr($action['content'], $replace_arr)));
+									file_put_contents($action['name'], trim(strtr($action['content'], $replace_arr)) . PHP_EOL);
 								} elseif (array_key_exists('subcommands', $action)) {
 									foreach ($action['subcommands'] as $fileaction) {
 										if (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "pre") {
@@ -407,7 +411,7 @@ final class ConfigServices extends CliCommand
 											exec(strtr($fileaction['content'], $replace_arr));
 										} elseif ($fileaction['type'] == 'file') {
 											$output->writeln('<comment>Creating file "' . $fileaction['name'] . '"</>');
-											file_put_contents($fileaction['name'], trim(strtr($fileaction['content'], $replace_arr)));
+											file_put_contents($fileaction['name'], trim(strtr($fileaction['content'], $replace_arr)) . PHP_EOL);
 										}
 									}
 								}
@@ -429,7 +433,10 @@ final class ConfigServices extends CliCommand
 		}
 	}
-	private function getReplacerArray()
+	/**
 	 * @throws Exception
 	 */
 	private function getReplacerArray(): array
 	{
 		$customer_tmpdir = '/tmp/';
 		if (Settings::Get('system.mod_fcgid') == '1' && Settings::Get('system.mod_fcgid_tmpdir') != '') {
@@ -438,7 +445,7 @@ final class ConfigServices extends CliCommand
 			$customer_tmpdir = Settings::Get('phpfpm.tmpdir');
 		}
-		// try to convert namserver hosts to ip's
+		// try to convert nameserver hosts to ip's
 		$ns_ips = "";
 		$known_ns_ips = [];
 		if (Settings::Get('system.nameservers') != '') {
@@ -484,12 +491,12 @@ final class ConfigServices extends CliCommand
 		Database::needSqlData();
 		$sql = Database::getSqlData();
-		$replace_arr = [
+		return [
 			'<SQL_UNPRIVILEGED_USER>' => $sql['user'],
 			'<SQL_UNPRIVILEGED_PASSWORD>' => $sql['passwd'],
 			'<SQL_DB>' => $sql['db'],
 			'<SQL_HOST>' => $sql['host'],
-			'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
+			'<SQL_SOCKET>' => $sql['socket'] ?? null,
 			'<SERVERNAME>' => Settings::Get('system.hostname'),
 			'<SERVERIP>' => Settings::Get('system.ipaddress'),
 			'<NAMESERVERS>' => Settings::Get('system.nameservers'),
@@ -507,7 +514,7 @@ final class ConfigServices extends CliCommand
 			'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup'),
 			'<SSL_CERT_FILE>' => Settings::Get('system.ssl_cert_file'),
 			'<SSL_KEY_FILE>' => Settings::Get('system.ssl_key_file'),
 			'<ADMIN_MAIL>' => Settings::Get('panel.adminmail'),
 		];
 		return $replace_arr;
 	}
 }
--- a/lib/Froxlor/Cli/InstallCommand.php
+++ b/lib/Froxlor/Cli/InstallCommand.php
@@ -26,13 +26,13 @@
 namespace Froxlor\Cli;
 use Exception;
 use Froxlor\Froxlor;
 use Froxlor\Config\ConfigParser;
 use Froxlor\Froxlor;
 use Froxlor\Install\Install;
 use Froxlor\Install\Install\Core;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Style\SymfonyStyle;
@@ -53,7 +53,10 @@ final class InstallCommand extends Command
 			->addOption('create-userdata-from-str', 'c', InputOption::VALUE_REQUIRED, 'Creates lib/userdata.inc.php file from string created by web-install process');
 	}
-	protected function execute(InputInterface $input, OutputInterface $output)
+	/**
 	 * @throws Exception
 	 */
 	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
 		$result = self::SUCCESS;
@@ -80,7 +83,7 @@ final class InstallCommand extends Command
 		$_SERVER['SERVER_NAME'] = $host[0] ?? '';
 		$ips = [];
 		exec('hostname -I', $ips);
-		$ips = explode(" ", $ips[0]);
+		$ips = explode(" ", $ips[0] ?? "");
 		// ipv4 address?
 		$_SERVER['SERVER_ADDR'] = filter_var($ips[0] ?? "", FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? ($ips[0] ?? '') : '';
 		if (empty($_SERVER['SERVER_ADDR'])) {
@@ -137,10 +140,12 @@ final class InstallCommand extends Command
 			$decoded_input = [];
 		}
-		$result = $this->showStep(0, $extended, $decoded_input);
+		return $this->showStep(0, $extended, $decoded_input);
 		return $result;
 	}
 	/**
 	 * @throws Exception
 	 */
 	private function showStep(int $step = 0, bool $extended = false, array $decoded_input = []): int
 	{
 		$result = self::SUCCESS;
@@ -206,7 +211,7 @@ final class InstallCommand extends Command
 						$ask_field = false;
 					}
 					$fielddata['value'] = $this->formfielddata[$fieldname] ?? ($fielddata['value'] ?? null);
-					$fielddata['label'] = strip_tags(str_replace("<br>", " ", $fielddata['label']));
+					$fielddata['label'] = $this->cliTextFormat($fielddata['label'], " ");
 					if ($ask_field) {
 						if ($fielddata['type'] == 'password') {
 							$this->formfielddata[$fieldname] = $this->io->askHidden($fielddata['label'], function ($value) use ($fielddata) {
@@ -262,14 +267,16 @@ final class InstallCommand extends Command
 			case 4:
 				$section = $inst->formfield['install']['sections']['step' . $step] ?? [];
 				$this->io->section($section['title']);
-				$this->io->note($section['description']);
+				$this->io->note($this->cliTextFormat($section['description']));
 				$cmdfield = $section['fields']['system'];
 				$this->io->success([
 					$cmdfield['label'],
 					$cmdfield['value']
 				]);
-				if (!empty($decoded_input) || $this->io->confirm('Execute command now?', false)) {
+				if (!isset($decoded_input['manual_config']) || (bool)$decoded_input['manual_config'] === false) {
-					passthru($cmdfield['value']);
+					if (!empty($decoded_input) || $this->io->confirm('Execute command now?', false)) {
 						passthru($cmdfield['value']);
 					}
 				}
 				break;
 		}
@@ -300,7 +307,7 @@ final class InstallCommand extends Command
 		$json_output = [];
 		foreach ($fields['install']['sections'] as $section => $section_fields) {
 			foreach ($section_fields['fields'] as $name => $field) {
-				if ($name == 'system' || $name == 'manual_config' || $name == 'target_servername') {
+				if ($name == 'system' || $name == 'target_servername') {
 					continue;
 				}
 				if ($field['type'] == 'text' || $field['type'] == 'email') {
@@ -313,7 +320,7 @@ final class InstallCommand extends Command
 					$fieldval = '******';
 				} elseif ($field['type'] == 'select') {
 					$fieldval = implode("|", array_keys($field['select_var']));
-				} else if ($field['type'] == 'checkbox') {
+				} elseif ($field['type'] == 'checkbox') {
 					$fieldval = "1|0";
 				} else {
 					$fieldval = "?";
@@ -341,4 +348,10 @@ final class InstallCommand extends Command
 		curl_close($ch);
 		fclose($fp);
 	}
 	private function cliTextFormat(string $text, string $nl_char = "\n"): string
 	{
 		$text = str_replace(['<br>', '<br/>', '<br />'], [$nl_char, $nl_char, $nl_char], $text);
 		return strip_tags($text);
 	}
 }
--- a/lib/Froxlor/Cli/MasterCron.php
+++ b/lib/Froxlor/Cli/MasterCron.php
@@ -25,19 +25,20 @@
 namespace Froxlor\Cli;
-use PDO;
+use Exception;
 use Froxlor\Froxlor;
 use Froxlor\FileDir;
 use Froxlor\Settings;
 use Froxlor\FroxlorLogger;
 use Froxlor\Database\Database;
 use Froxlor\System\Cronjob;
 use Froxlor\Cron\TaskId;
 use Froxlor\Cron\CronConfig;
 use Froxlor\Cron\System\Extrausers;
 use Froxlor\Cron\TaskId;
 use Froxlor\Database\Database;
 use Froxlor\FileDir;
 use Froxlor\Froxlor;
 use Froxlor\FroxlorLogger;
 use Froxlor\Settings;
 use Froxlor\System\Cronjob;
 use PDO;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Output\OutputInterface;
 final class MasterCron extends CliCommand
@@ -52,26 +53,34 @@ final class MasterCron extends CliCommand
 		$this->setDescription('Regulary perform tasks created by froxlor');
 		$this->addArgument('job', InputArgument::IS_ARRAY, 'Job(s) to run');
 		$this->addOption('run-task', 'r', InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Run a specific task [1 = re-generate configs, 4 = re-generate dns zones, 10 = re-set quotas, 99 = re-create cron.d-file]')
-			->addOption('force', 'f', InputOption::VALUE_NONE, 'Forces re-generating of config-files (webserver, nameserver, etc.)')
+			->addOption('force', 'f', InputOption::VALUE_NONE, 'Forces given job or, if none given, forces re-generating of config-files (webserver, nameserver, etc.)')
 			->addOption('debug', 'd', InputOption::VALUE_NONE, 'Output debug information about what is going on to STDOUT.')
 			->addOption('no-fork', 'N', InputOption::VALUE_NONE, 'Do not fork to background (traffic cron only).');
 	}
-	protected function execute(InputInterface $input, OutputInterface $output)
+	/**
 	 * @throws Exception
 	 */
 	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
-		$result = self::SUCCESS;
+		$result = $this->validateRequirements($output);
-		$result = $this->validateRequirements($input, $output);
+
 		if ($result != self::SUCCESS) {
 			// requirements failed, exit
 			return $result;
 		}
 		$jobs = $input->getArgument('job');
 		// handle force option
 		if ($input->getOption('force')) {
-			// rebuild all config files
+			if (empty($jobs) || in_array('tasks', $jobs)) {
-			Cronjob::inserttask(TaskId::REBUILD_VHOST);
+				Cronjob::inserttask(TaskId::REBUILD_VHOST);
-			Cronjob::inserttask(TaskId::REBUILD_DNS);
+				Cronjob::inserttask(TaskId::REBUILD_DNS);
-			Cronjob::inserttask(TaskId::CREATE_QUOTA);
+				Cronjob::inserttask(TaskId::CREATE_QUOTA);
-			Cronjob::inserttask(TaskId::REBUILD_CRON);
+				Cronjob::inserttask(TaskId::REBUILD_CRON);
-			array_push($jobs, 'tasks');
+				$jobs[] = 'tasks';
 			}
 			define('CRON_IS_FORCED', 1);
 		}
 		// handle debug option
@@ -86,9 +95,9 @@ final class MasterCron extends CliCommand
 		if ($input->getOption('run-task')) {
 			$tasks_to_run = $input->getOption('run-task');
 			foreach ($tasks_to_run as $ttr) {
-				if (in_array($ttr, [1, 4, 10, 99])) {
+				if (in_array($ttr, [TaskId::REBUILD_VHOST, TaskId::REBUILD_DNS, TaskId::CREATE_QUOTA, TaskId::REBUILD_CRON])) {
 					Cronjob::inserttask($ttr);
-					array_push($jobs, 'tasks');
+					$jobs[] = 'tasks';
 				} else {
 					$output->writeln('<comment>Unknown task number "' . $ttr . '"</>');
 				}
@@ -111,8 +120,8 @@ final class MasterCron extends CliCommand
 		]);
 		$this->cronLog->setCronDebugFlag(defined('CRON_DEBUG_FLAG'));
-		// check whether there are actual tasks to perform by 'tasks'-cron so
+		// check whether there are actual tasks to perform by 'tasks'-cron, so
-		// we dont regenerate files unnecessarily
+		// we don't regenerate files unnecessarily
 		$tasks_cnt_stmt = Database::query("SELECT COUNT(*) as jobcnt FROM `panel_tasks`");
 		$tasks_cnt = $tasks_cnt_stmt->fetch(PDO::FETCH_ASSOC);
@@ -134,12 +143,12 @@ final class MasterCron extends CliCommand
 					$cronfile::run();
 				}
 				// free the lockfile
-				$this->unlockJob($job);
+				$this->unlockJob();
 			}
 		}
 		// regenerate nss-extrausers files / invalidate nscd cache (if used)
-		$this->refreshUsers((int) $tasks_cnt['jobcnt']);
+		$this->refreshUsers((int)$tasks_cnt['jobcnt']);
 		// we have to check the system's last guid with every cron run
 		// in case the admin installed new software which added a new user
@@ -151,40 +160,25 @@ final class MasterCron extends CliCommand
 		CronConfig::checkCrondConfigurationFile();
 		// check for old/compatibility cronjob file
-		if (file_exists(Froxlor::getInstallDir().'/scripts/froxlor_master_cronjob.php')) {
+		if (file_exists(Froxlor::getInstallDir() . '/scripts/froxlor_master_cronjob.php')) {
-			@unlink(Froxlor::getInstallDir().'/scripts/froxlor_master_cronjob.php');
+			@unlink(Froxlor::getInstallDir() . '/scripts/froxlor_master_cronjob.php');
-			@rmdir(Froxlor::getInstallDir().'/scripts');
+			@rmdir(Froxlor::getInstallDir() . '/scripts');
 		}
 		// reset cronlog-flag if set to "once"
-		if ((int) Settings::Get('logger.log_cron') == 1) {
+		if ((int)Settings::Get('logger.log_cron') == 1) {
 			FroxlorLogger::getInstanceOf()->setCronLog(0);
 		}
 		// clean up possible old login-links
 		Database::query("DELETE FROM `" . TABLE_PANEL_LOGINLINKS . "` WHERE `valid_until` < UNIX_TIMESTAMP()");
 		return $result;
 	}
-	private function refreshUsers(int $jobcount = 0)
+	/**
-	{
+	 * @throws Exception
-		if ($jobcount > 0) {
+	 */
 			if (Settings::Get('system.nssextrausers') == 1) {
 				Extrausers::generateFiles($this->cronLog);
 				return;
 			}
 			// clear NSCD cache if using fcgid or fpm, #1570 - not needed for nss-extrausers
 			if ((Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) && Settings::Get('system.nssextrausers') == 0) {
 				$false_val = false;
 				FileDir::safe_exec('nscd -i passwd 1> /dev/null', $false_val, [
 					'>'
 				]);
 				FileDir::safe_exec('nscd -i group 1> /dev/null', $false_val, [
 					'>'
 				]);
 			}
 		}
 	}
 	private function validateOwnership(OutputInterface $output)
 	{
 		// when using fcgid or fpm for froxlor-vhost itself, we have to check
@@ -211,21 +205,6 @@ final class MasterCron extends CliCommand
 		$output->writeln('OK');
 	}
 	private function getCronModule(string $cronname, OutputInterface $output)
 	{
 		$upd_stmt = Database::prepare("
 			SELECT `cronclass` FROM `" . TABLE_PANEL_CRONRUNS . "` WHERE `cronfile` = :cron;
 		");
 		$cron = Database::pexecute_first($upd_stmt, [
 			'cron' => $cronname
 		]);
 		if ($cron) {
 			return $cron['cronclass'];
 		}
 		$output->writeln("<error>Requested cronjob '" . $cronname . "' could not be found.</>");
 		return false;
 	}
 	private function lockJob(string $job, OutputInterface $output): bool
 	{
@@ -238,12 +217,12 @@ final class MasterCron extends CliCommand
 			system("kill -CHLD " . (int)$jobinfo['pid'] . " 1> /dev/null 2> /dev/null", $check_pid_return);
 			if ($check_pid_return == 1) {
 				// Process does not seem to run, most likely it has died
-				$this->unlockJob($job);
+				$this->unlockJob();
 			} else {
 				// cronjob still running, output info and stop
 				$output->writeln([
 					'<comment>Job "' . $jobinfo['job'] . '" is currently running.',
-					'Started: ' . date('d.m.Y H:i', (int) $jobinfo['startts']),
+					'Started: ' . date('d.m.Y H:i', (int)$jobinfo['startts']),
 					'PID: ' . $jobinfo['pid'] . '</>'
 				]);
 				return false;
@@ -259,8 +238,48 @@ final class MasterCron extends CliCommand
 		return true;
 	}
-	private function unlockJob(string $job): bool
+	private function unlockJob(): bool
 	{
 		return @unlink($this->lockFile);
 	}
 	private function getCronModule(string $cronname, OutputInterface $output)
 	{
 		$upd_stmt = Database::prepare("
 			SELECT `cronclass` FROM `" . TABLE_PANEL_CRONRUNS . "` WHERE `cronfile` = :cron;
 		");
 		$cron = Database::pexecute_first($upd_stmt, [
 			'cron' => $cronname
 		]);
 		if ($cron) {
 			return $cron['cronclass'];
 		}
 		$output->writeln("<error>Requested cronjob '" . $cronname . "' could not be found.</>");
 		return false;
 	}
 	private function refreshUsers(int $jobcount = 0)
 	{
 		if ($jobcount > 0) {
 			if (Settings::Get('system.nssextrausers') == 1) {
 				Extrausers::generateFiles($this->cronLog);
 				// reload crond as shell users might use crontab and the user is only known to crond if reloaded
 				FileDir::safe_exec(escapeshellcmd(Settings::Get('system.crondreload')));
 				return;
 			}
 			// clear NSCD cache if using fcgid or fpm, #1570 - not needed for nss-extrausers
 			if ((Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) && Settings::Get('system.nssextrausers') == 0) {
 				$false_val = false;
 				FileDir::safe_exec('nscd -i passwd 1> /dev/null', $false_val, [
 					'>'
 				]);
 				FileDir::safe_exec('nscd -i group 1> /dev/null', $false_val, [
 					'>'
 				]);
 				// reload crond as shell users might use crontab and the user is only known to crond if reloaded
 				FileDir::safe_exec(escapeshellcmd(Settings::Get('system.crondreload')));
 			}
 		}
 	}
 }
--- a/lib/Froxlor/Cli/PhpSessionclean.php
+++ b/lib/Froxlor/Cli/PhpSessionclean.php
@@ -43,9 +43,9 @@ final class PhpSessionclean extends CliCommand
 		$this->addArgument('max-lifetime', InputArgument::OPTIONAL, 'The number of seconds after which data will be seen as "garbage" and potentially cleaned up. Defaults to "1440"');
 	}
-	protected function execute(InputInterface $input, OutputInterface $output)
+	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
-		$result = $this->validateRequirements($input, $output);
+		$result = $this->validateRequirements($output);
 		if ($result == self::SUCCESS) {
 			if ((int)Settings::Get('phpfpm.enabled') == 1) {
@@ -89,7 +89,7 @@ final class PhpSessionclean extends CliCommand
 		if (count($paths_to_clean) > 0) {
 			foreach ($paths_to_clean as $ptc) {
-				// find all files older then maxlifetime and delete them
+				// find all files older than maxlifetime and delete them
 				FileDir::safe_exec("find -O3 \"" . $ptc . "\" -ignore_readdir_race -depth -mindepth 1 -name 'sess_*' -type f -cmin \"+" . $maxlifetime . "\" -delete");
 			}
 		}
--- a/lib/Froxlor/Cli/RunApiCommand.php
+++ b/lib/Froxlor/Cli/RunApiCommand.php
@@ -26,14 +26,12 @@
 namespace Froxlor\Cli;
 use Exception;
-use PDO;
+use Froxlor\Froxlor;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Style\SymfonyStyle;
 use Froxlor\Database\Database;
 use Froxlor\Froxlor;
 final class RunApiCommand extends CliCommand
 {
@@ -48,11 +46,9 @@ final class RunApiCommand extends CliCommand
 		$this->addOption('show-params', 's', InputOption::VALUE_NONE, 'Show possible parameters for given api-command (given command will *not* be called)');
 	}
-	protected function execute(InputInterface $input, OutputInterface $output)
+	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
-		$result = self::SUCCESS;
+		$result = $this->validateRequirements($output);
 		$result = $this->validateRequirements($input, $output);
 		require Froxlor::getInstallDir() . '/lib/functions.php';
@@ -110,6 +106,9 @@ final class RunApiCommand extends CliCommand
 		return self::SUCCESS;
 	}
 	/**
 	 * @throws Exception
 	 */
 	private function validateCommand(string $command): array
 	{
 		$command = explode(".", $command);
--- a/lib/Froxlor/Cli/SwitchServerIp.php
+++ b/lib/Froxlor/Cli/SwitchServerIp.php
@@ -43,11 +43,9 @@ final class SwitchServerIp extends CliCommand
 			->addOption('list', 'l', InputOption::VALUE_NONE, 'List all IP addresses currently added for this server in froxlor');
 	}
-	protected function execute(InputInterface $input, OutputInterface $output)
+	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
-		$result = self::SUCCESS;
+		$result = $this->validateRequirements($output);
 		$result = $this->validateRequirements($input, $output);
 		if ($result == self::SUCCESS && $input->getOption('list') == false && $input->getOption('switch') == false) {
 			$output->writeln('<error>Either --list or --switch option must be provided. Nothing to do, exiting.</>');
@@ -83,6 +81,7 @@ final class SwitchServerIp extends CliCommand
 		$ip_list = $input->getOption('switch');
 		$has_error = false;
 		$ips_to_switch = [];
 		foreach ($ip_list as $ips_combo) {
 			$ip_pair = explode(",", $ips_combo);
 			if (count($ip_pair) != 2) {
--- a/lib/Froxlor/Cli/UpdateCommand.php
+++ b/lib/Froxlor/Cli/UpdateCommand.php
@@ -27,9 +27,9 @@ namespace Froxlor\Cli;
 use Exception;
 use Froxlor\Froxlor;
 use Froxlor\Settings;
 use Froxlor\Install\Update;
 use Froxlor\Install\AutoUpdate;
 use Froxlor\Install\Update;
 use Froxlor\Settings;
 use Froxlor\System\Mailer;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
@@ -44,6 +44,7 @@ final class UpdateCommand extends CliCommand
 		$this->setName('froxlor:update');
 		$this->setDescription('Check for newer version and update froxlor');
 		$this->addOption('check-only', 'c', InputOption::VALUE_NONE, 'Only check for newer version and exit')
 			->addOption('database', 'd', InputOption::VALUE_NONE, 'Only run database updates in case updates are done via apt or manually.')
 			->addOption('mail-notify', 'm', InputOption::VALUE_NONE, 'Additionally inform administrator via email if a newer version was found')
 			->addOption('yes-to-all', 'A', InputOption::VALUE_NONE, 'Do not ask for download, extract and database-update, just do it (if not --check-only is set)')
 			->addOption('integer-return', 'i', InputOption::VALUE_NONE, 'Return integer whether a new version is available or not (implies --check-only). Useful for programmatic use.');
@@ -53,7 +54,35 @@ final class UpdateCommand extends CliCommand
 	{
 		$result = self::SUCCESS;
-		$result = $this->validateRequirements($input, $output);
+		// database update only
 		if ($input->getOption('database')) {
 			$result = $this->validateRequirements($output, true);
 			if ($result == self::SUCCESS) {
 				if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
 					$output->writeln('<info>' . lng('updates.dbupdate_required') . '</>');
 					if ($input->getOption('check-only')) {
 						$output->writeln('<comment>Doing nothing because of "check-only" flag.</>');
 					} else {
 						$yestoall = $input->getOption('yes-to-all') !== false;
 						$helper = $this->getHelper('question');
 						$question = new ConfirmationQuestion('Update database? [no] ', false, '/^(y|j)/i');
 						if ($yestoall || $helper->ask($input, $output, $question)) {
 							$result = $this->runUpdate($output, true);
 						}
 					}
 					return $result;
 				}
 				$output->writeln('<info>' . lng('update.noupdatesavail', (Settings::Get('system.update_channel') == 'testing' ? lng('serversettings.uc_testing') . ' ' : '')) . '</>');
 			}
 			return $result;
 		}
 		$result = $this->validateRequirements($output);
 		if ($result != self::SUCCESS) {
 			// requirements failed, exit
 			return $result;
 		}
 		require Froxlor::getInstallDir() . '/lib/functions.php';
@@ -71,7 +100,7 @@ final class UpdateCommand extends CliCommand
 					}
 					// there is a new version
 					if ($input->getOption('check-only')) {
-						$text = lng('update.uc_newinfo', [(Settings::Get('system.update_channel') == 'testing' ? 'testing ' : ''), AutoUpdate::getFromResult('version'), Froxlor::VERSION]);
+						$text = lng('update.uc_newinfo', [(Settings::Get('system.update_channel') != 'stable' ? Settings::Get('system.update_channel').' ' : ''), AutoUpdate::getFromResult('version'), Froxlor::VERSION]);
 					} else {
 						$text = lng('admin.newerversionavailable') . ' ' . lng('admin.newerversiondetails', [AutoUpdate::getFromResult('version'), Froxlor::VERSION]);
 					}
@@ -81,7 +110,7 @@ final class UpdateCommand extends CliCommand
 					$newversionavail = true;
 					$output->writeln('<comment>' . $text . '</>');
 					$result = self::SUCCESS;
-				} else if ($aucheck < 0 || $aucheck > 1) {
+				} elseif ($aucheck < 0 || $aucheck > 1) {
 					if ($input->getOption('integer-return')) {
 						$output->write(-1);
 						return self::INVALID;
@@ -146,7 +175,7 @@ final class UpdateCommand extends CliCommand
 								$result = self::SUCCESS;
 								$question = new ConfirmationQuestion('Update database? [no] ', false, '/^(y|j)/i');
 								if ($yestoall || $helper->ask($input, $output, $question)) {
-									$result = $this->updateDatabase();
+									$result = $this->runUpdate($output, true);
 								}
 							} else {
 								$errmsg = 'error.autoupdate_' . $auex;
@@ -170,7 +199,7 @@ final class UpdateCommand extends CliCommand
 		if ($input->getOption('mail-notify')) {
 			$last_check_version = Settings::Get('system.update_notify_last');
 			if (Update::versionInUpdate($last_check_version, AutoUpdate::getFromResult('version'))) {
-				$text = lng('update.uc_newinfo', [(Settings::Get('system.update_channel') == 'testing' ? 'testing ' : ''), AutoUpdate::getFromResult('version'), Froxlor::VERSION]);
+				$text = lng('update.uc_newinfo', [(Settings::Get('system.update_channel') != 'stable' ? Settings::Get('system.update_channel').' ' : ''), AutoUpdate::getFromResult('version'), Froxlor::VERSION]);
 				$mail = new Mailer(true);
 				$mail->Body = $text;
 				$mail->Subject = "[froxlor] " . lng('update.notify_subject');
@@ -182,22 +211,4 @@ final class UpdateCommand extends CliCommand
 			}
 		}
 	}
 	private function updateDatabase()
 	{
 		include_once Froxlor::getInstallDir() . '/lib/tables.inc.php';
 		define('_CRON_UPDATE', 1);
 		ob_start([
 			$this,
 			'cleanUpdateOutput'
 		]);
 		include_once Froxlor::getInstallDir() . '/install/updatesql.php';
 		ob_end_flush();
 		return self::SUCCESS;
 	}
 	private function cleanUpdateOutput($buffer)
 	{
 		return strip_tags(preg_replace("/<br\W*?\/>/", "\n", $buffer));
 	}
 }
--- a/lib/Froxlor/Cli/UserCommand.php
+++ b/lib/Froxlor/Cli/UserCommand.php
@@ -26,15 +26,15 @@
 namespace Froxlor\Cli;
 use Exception;
-use Symfony\Component\Console\Input\InputInterface;
+use Froxlor\Api\Commands\Admins;
 use Froxlor\Api\Commands\Customers;
 use Froxlor\Froxlor;
 use Froxlor\System\Crypt;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Style\SymfonyStyle;
 use Froxlor\Api\Commands\Admins;
 use Froxlor\Api\Commands\Customers;
 use Froxlor\System\Crypt;
 use Froxlor\Froxlor;
 final class UserCommand extends CliCommand
 {
@@ -50,11 +50,11 @@ final class UserCommand extends CliCommand
 			->addOption('show-info', 's', InputOption::VALUE_NONE, 'Output information details of given user');
 	}
-	protected function execute(InputInterface $input, OutputInterface $output)
+	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
 		$result = self::SUCCESS;
-		$result = $this->validateRequirements($input, $output);
+		$result = $this->validateRequirements($output);
 		require Froxlor::getInstallDir() . '/lib/functions.php';
--- a/lib/Froxlor/Cli/ValidateAcmeWebroot.php
+++ b/lib/Froxlor/Cli/ValidateAcmeWebroot.php
@@ -48,15 +48,16 @@ final class ValidateAcmeWebroot extends CliCommand
 		$this->addOption('yes-to-all', 'A', InputOption::VALUE_NONE, 'Do not ask for confirmation, update files if necessary');
 	}
-	protected function execute(InputInterface $input, OutputInterface $output)
+	/**
 	 * @throws \Exception
 	 */
 	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
-		$result = self::SUCCESS;
+		$result = $this->validateRequirements($output, true);
 		$result = $this->validateRequirements($input, $output, true);
 		$io = new SymfonyStyle($input, $output);
-		if ((int) Settings::Get('system.leenabled') == 0) {
+		if ((int)Settings::Get('system.leenabled') == 0) {
 			$io->info("Let's Encrypt not activated in froxlor settings.");
 			$result = self::INVALID;
 		}
@@ -94,7 +95,7 @@ final class ValidateAcmeWebroot extends CliCommand
 					$acmesh_challenge_dir = $recommended;
 					// need to update the corresponding acme-alias config-file
 					$acme_alias_file = Settings::Get('system.letsencryptacmeconf');
-					$sed_params = "s@".$former_value."@" . $acmesh_challenge_dir . "@";
+					$sed_params = "s@" . $former_value . "@" . $acmesh_challenge_dir . "@";
 					FileDir::safe_exec('sed -i -e "' . $sed_params . '" ' . escapeshellarg($acme_alias_file));
 					$count_changes++;
 				}
@@ -138,8 +139,6 @@ final class ValidateAcmeWebroot extends CliCommand
 								$io->info("Domain '" . $domain . "' Le_Webroot value is correct");
 							}
 							break;
 						} else {
 							continue;
 						}
 					}
 				}
--- a/lib/Froxlor/Config/ConfigDisplay.php
+++ b/lib/Froxlor/Config/ConfigDisplay.php
@@ -117,7 +117,7 @@ class ConfigDisplay
 			'<SQL_UNPRIVILEGED_PASSWORD>' => 'FROXLOR_MYSQL_PASSWORD',
 			'<SQL_DB>' => $sql['db'],
 			'<SQL_HOST>' => $sql['host'],
-			'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
+			'<SQL_SOCKET>' => $sql['socket'] ?? null,
 			'<SERVERNAME>' => Settings::Get('system.hostname'),
 			'<SERVERIP>' => Settings::Get('system.ipaddress'),
 			'<NAMESERVERS>' => Settings::Get('system.nameservers'),
@@ -127,12 +127,15 @@ class ConfigDisplay
 			'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
 			'<SSLPROTOCOLS>' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',
 			'<CUSTOMER_TMP>' => FileDir::makeCorrectDir($customer_tmpdir),
-			'<BASE_PATH>' => FileDir::makeCorrectDir(Froxlor::getInstallDir()),
+			'<BASE_PATH>' => Froxlor::getInstallDir(),
 			'<BIND_CONFIG_PATH>' => FileDir::makeCorrectDir(Settings::Get('system.bindconf_directory')),
 			'<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
 			'<CUSTOMER_LOGS>' => FileDir::makeCorrectDir(Settings::Get('system.logfiles_directory')),
 			'<FPM_IPCDIR>' => FileDir::makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),
-			'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup')
+			'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup'),
 			'<SSL_CERT_FILE>' => Settings::Get('system.ssl_cert_file'),
 			'<SSL_KEY_FILE>' => Settings::Get('system.ssl_key_file'),
 			'<ADMIN_MAIL>' => Settings::Get('panel.adminmail'),
 		];
 		$commands_pre = "";
--- a/lib/Froxlor/Cron/Dns/Bind.php
+++ b/lib/Froxlor/Cron/Dns/Bind.php
@@ -55,18 +55,17 @@ class Bind extends DnsBase
 		$domains = $this->getDomainList();
 		if (empty($domains)) {
-			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, skipping...');
+			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, not creating any zones...');
-			return;
+			$this->bindconf_file = '';
-		}
+		} else {
-
+			$this->bindconf_file = '# ' . Settings::Get('system.bindconf_directory') . 'froxlor_bind.conf' . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n\n";
-		$this->bindconf_file = '# ' . Settings::Get('system.bindconf_directory') . 'froxlor_bind.conf' . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n\n";
+			foreach ($domains as $domain) {
-
+				if ($domain['is_child']) {
-		foreach ($domains as $domain) {
+					// domains that are subdomains to other main domains are handled by recursion within walkDomainList()
-			if ($domain['ismainbutsubto'] > 0) {
+					continue;
-				// domains with ismainbutsubto>0 are handled by recursion within walkDomainList()
+				}
-				continue;
+				$this->walkDomainList($domain, $domains);
 			}
 			$this->walkDomainList($domain, $domains);
 		}
 		$bindconf_file_handler = fopen(FileDir::makeCorrectFile(Settings::Get('system.bindconf_directory') . '/froxlor_bind.conf'), 'w');
@@ -114,7 +113,7 @@ class Bind extends DnsBase
 				$isFroxlorHostname = true;
 			}
-			if ($domain['ismainbutsubto'] == 0) {
+			if (!$domain['is_child']) {
 				$zoneContent = (string)Dns::createDomainZone(($domain['id'] == 'none') ? $domain : $domain['id'], $isFroxlorHostname);
 				$domain['zonefile'] = 'domains/' . $domain['domain'] . '.zone';
 				$zonefile_name = FileDir::makeCorrectFile(Settings::Get('system.bindconf_directory') . '/' . $domain['zonefile']);
--- a/lib/Froxlor/Cron/Dns/DnsBase.php
+++ b/lib/Froxlor/Cron/Dns/DnsBase.php
@@ -26,6 +26,7 @@
 namespace Froxlor\Cron\Dns;
 use Froxlor\Database\Database;
 use Froxlor\Domain\Domain;
 use Froxlor\FileDir;
 use Froxlor\FroxlorLogger;
 use Froxlor\PhpHelper;
@@ -210,7 +211,6 @@ abstract class DnsBase
 				`d`.`dkim`,
 				`d`.`dkim_id`,
 				`d`.`dkim_pubkey`,
 				`d`.`ismainbutsubto`,
 				`c`.`loginname`,
 				`c`.`guid`
 			FROM
@@ -219,7 +219,7 @@ abstract class DnsBase
 			WHERE
 				`d`.`isbinddomain` = '1'
 			ORDER BY
-				`d`.`domain` ASC
+				LENGTH(`d`.`domain`), `d`.`domain` ASC
 		");
 		$domains = [];
@@ -241,11 +241,10 @@ abstract class DnsBase
 				'bindserial' => date('Ymd') . '00',
 				'dkim' => '0',
 				'iswildcarddomain' => '1',
 				'ismainbutsubto' => '0',
 				'zonefile' => '',
 				'froxlorhost' => '1'
 			];
-			$domains['none'] = $hostname_arr;
+			$domains[0] = $hostname_arr;
 		}
 		if (empty($domains)) {
@@ -257,18 +256,23 @@ abstract class DnsBase
 			if (!isset($domains[$key]['children'])) {
 				$domains[$key]['children'] = [];
 			}
-			if ($domains[$key]['ismainbutsubto'] > 0) {
+			if (!isset($domains[$key]['is_child'])) {
-				if (isset($domains[$domains[$key]['ismainbutsubto']])) {
+				$domains[$key]['is_child'] = false;
-					$domains[$domains[$key]['ismainbutsubto']]['children'][] = $domains[$key]['id'];
+			}
-				} else {
+			$children = Domain::getMainSubdomainIds($key);
-					$domains[$key]['ismainbutsubto'] = 0;
+			if (count($children) > 0) {
 				foreach ($children as $child) {
 					if (isset($domains[$child])) {
 						$domains[$key]['children'][] = $domains[$child]['id'];
 						$domains[$child]['is_child'] = true;
 					}
 				}
 			}
 		}
-		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . 'ismainbutsubto ' . str_pad('parent domain', 40, ' ') . "list of child domain ids");
+		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, str_pad('domId', 9, ' ') . str_pad('domain', 40, ' ') . "list of child domain ids");
 		foreach ($domains as $domain) {
-			$logLine = str_pad($domain['id'], 9, ' ') . str_pad($domain['domain'], 40, ' ') . str_pad($domain['ismainbutsubto'], 15, ' ') . str_pad(((isset($domains[$domain['ismainbutsubto']])) ? $domains[$domain['ismainbutsubto']]['domain'] : '-'), 40, ' ') . join(', ', $domain['children']);
+			$logLine = str_pad($domain['id'], 9, ' ') . str_pad($domain['domain'], 40, ' ') . join(', ', $domain['children']);
 			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, $logLine);
 		}
--- a/lib/Froxlor/Cron/Dns/PowerDNS.php
+++ b/lib/Froxlor/Cron/Dns/PowerDNS.php
@@ -45,18 +45,16 @@ class PowerDNS extends DnsBase
 		$this->clearZoneTables($domains);
 		if (empty($domains)) {
-			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, skipping...');
+			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, not creating any zones...');
-			return;
+		} else {
-		}
+			foreach ($domains as $domain) {
-
+				if ($domain['is_child']) {
-		foreach ($domains as $domain) {
+					// domains that are subdomains to other main domains are handled by recursion within walkDomainList()
-			if ($domain['ismainbutsubto'] > 0) {
+					continue;
-				// domains with ismainbutsubto>0 are handled by recursion within walkDomainList()
+				}
-				continue;
+				$this->walkDomainList($domain, $domains);
 			}
 			$this->walkDomainList($domain, $domains);
 		}
 		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'PowerDNS database updated');
 		$this->reloadDaemon();
 		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task4 finished');
@@ -108,7 +106,7 @@ class PowerDNS extends DnsBase
 				$isFroxlorHostname = true;
 			}
-			if ($domain['ismainbutsubto'] == 0) {
+			if (!$domain['is_child']) {
 				$zoneContent = Dns::createDomainZone(($domain['id'] == 'none') ? $domain : $domain['id'], $isFroxlorHostname);
 				if (count($subzones)) {
 					foreach ($subzones as $subzone) {
--- a/lib/Froxlor/Cron/Forkable.php
+++ b/lib/Froxlor/Cron/Forkable.php
@@ -0,0 +1,57 @@
 <?php
 namespace Froxlor\Cron;
 use Froxlor\Database\Database;
 use Froxlor\FroxlorLogger;
 trait Forkable
 {
 	public static function runFork($closure, array $attributes = [], int $concurrentChildren = 3)
 	{
 		$childrenPids = [];
 		// We only fork if pcntl_fork is available and nofork flag is not set
 		if (function_exists('pcntl_fork') && !defined('CRON_NOFORK_FLAG')) {
 			foreach ($attributes as $closureAttributes) {
 				// We close the database - connection before we fork, so we don't share resources with the child
 				Database::needRoot(false); // this forces the connection to be set to null
 				$pid = pcntl_fork();
 				if ($pid == -1) {
 					exit("Error forking...\n");
 				} elseif ($pid == 0) {
 					// re-create db
 					Database::needRoot(false);
 					$closure($closureAttributes);
 					exit();
 				} else {
 					$childrenPids[] = $pid;
 					while (count($childrenPids) >= $concurrentChildren) {
 						foreach ($childrenPids as $key => $pid) {
 							$res = pcntl_waitpid($pid, $status, WNOHANG);
 							// If the process has already exited
 							if ($res == -1 || $res > 0) {
 								unset($childrenPids[$key]);
 							}
 						}
 						sleep(1);
 					}
 				}
 			}
 			while (pcntl_waitpid(0, $status) != -1);
 		} else {
 			if (!defined('CRON_NOFORK_FLAG')) {
 				if (extension_loaded('pcntl')) {
 					$msg = "PHP compiled with pcntl but pcntl_fork function is not available.";
 				} else {
 					$msg = "PHP compiled without pcntl.";
 				}
 				FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, $msg . " Not forking " . self::class . ", this may take a long time!");
 			}
 			foreach ($attributes as $closureAttributes) {
 				$closure($closureAttributes);
 			}
 		}
 	}
 }
--- a/lib/Froxlor/Cron/Http/Apache.php
+++ b/lib/Froxlor/Cron/Http/Apache.php
@@ -25,19 +25,21 @@
 namespace Froxlor\Cron\Http;
 use Froxlor\Froxlor;
 use Froxlor\Cron\Http\Php\PhpInterface;
 use Froxlor\Cron\TaskId;
 use Froxlor\Customer\Customer;
 use Froxlor\Database\Database;
 use Froxlor\Domain\Domain;
 use Froxlor\FileDir;
 use Froxlor\Froxlor;
 use Froxlor\FroxlorLogger;
 use Froxlor\Http\Directory;
 use Froxlor\Http\Statistics;
 use Froxlor\PhpHelper;
 use Froxlor\Settings;
-use Froxlor\Validate\Validate;
+use Froxlor\System\Cronjob;
 use Froxlor\System\Crypt;
 use Froxlor\Validate\Validate;
 use PDO;
 class Apache extends HttpConfigBase
@@ -129,10 +131,11 @@ class Apache extends HttpConfigBase
 				if ($row_ipsandports['ssl'] == '0' && Settings::Get('system.le_froxlor_redirect') == '1') {
 					$is_redirect = true;
 					// check whether froxlor uses Let's Encrypt and not cert is being generated yet
-					// or a renew is ongoing - disable redirect
+					// or a renewal is ongoing - disable redirect
 					if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
 						$this->virtualhosts_data[$vhosts_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
 						$is_redirect = false;
 						Cronjob::inserttask(TaskId::REBUILD_VHOST);
 					} else {
 						$_sslport = $this->checkAlternativeSslPort();
@@ -159,7 +162,7 @@ class Apache extends HttpConfigBase
 					if (Settings::Get('system.froxlordirectlyviahostname')) {
 						$relpath = "/";
 					} else {
-						$relpath = "/".basename(Froxlor::getInstallDir());
+						$relpath = "/" . basename(Froxlor::getInstallDir());
 					}
 					// protect lib/userdata.inc.php
 					$this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . rtrim($relpath, "/") . '/lib/">' . "\n";
@@ -205,7 +208,9 @@ class Apache extends HttpConfigBase
 							];
 							$php = new PhpInterface($domain);
 							$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
-
+							if ($phpconfig['pass_authorizationheader'] == '1') {
 								$this->virtualhosts_data[$vhosts_filename] .= '  FcgidPassHeader     Authorization' . "\n";
 							}
 							$starter_filename = FileDir::makeCorrectFile($configdir . '/php-fcgi-starter');
 							$this->virtualhosts_data[$vhosts_filename] .= '  SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
@@ -276,7 +281,9 @@ class Apache extends HttpConfigBase
 							// start block, cut off last pipe and close block
 							$filesmatch = '(' . str_replace(".", "\.", substr($filesmatch, 0, -1)) . ')';
 							$this->virtualhosts_data[$vhosts_filename] .= '  <FilesMatch \.' . $filesmatch . '$>' . "\n";
-							$this->virtualhosts_data[$vhosts_filename] .= '  SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n";
+							$this->virtualhosts_data[$vhosts_filename] .= '    <If "-f %{SCRIPT_FILENAME}">' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  	SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '    </If>' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  </FilesMatch>' . "\n";
 							if ($phpconfig['pass_authorizationheader'] == '1') {
 								$this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
@@ -515,13 +522,7 @@ class Apache extends HttpConfigBase
 	 */
 	private function createStandardDirectoryEntry()
 	{
-		$vhosts_folder = '';
+		$vhosts_filename = $this->getCustomVhostFilename('05_froxlor_dirfix_nofcgid.conf');
 		if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
 			$vhosts_folder = FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
 		} else {
 			$vhosts_folder = FileDir::makeCorrectDir(dirname(Settings::Get('system.apacheconf_vhost')));
 		}
 		$vhosts_filename = FileDir::makeCorrectFile($vhosts_folder . '/05_froxlor_dirfix_nofcgid.conf');
 		if (!isset($this->virtualhosts_data[$vhosts_filename])) {
 			$this->virtualhosts_data[$vhosts_filename] = '';
@@ -545,7 +546,7 @@ class Apache extends HttpConfigBase
 		}
 		$this->virtualhosts_data[$vhosts_filename] .= '  </Directory>' . "\n";
-		$ocsp_cache_filename = FileDir::makeCorrectFile($vhosts_folder . '/03_froxlor_ocsp_cache.conf');
+		$ocsp_cache_filename = $this->getCustomVhostFilename('03_froxlor_ocsp_cache.conf');
 		if (Settings::Get('system.use_ssl') == '1' && Settings::Get('system.apache24') == 1) {
 			$this->virtualhosts_data[$ocsp_cache_filename] = 'SSLStaplingCache ' . Settings::Get('system.apache24_ocsp_cache_path') . "\n";
 		} else {
@@ -562,14 +563,7 @@ class Apache extends HttpConfigBase
 	private function createStandardErrorHandler()
 	{
 		if (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && (Settings::Get('defaultwebsrverrhandler.err401') != '' || Settings::Get('defaultwebsrverrhandler.err403') != '' || Settings::Get('defaultwebsrverrhandler.err404') != '' || Settings::Get('defaultwebsrverrhandler.err500') != '')) {
-			$vhosts_folder = '';
+			$vhosts_filename = $this->getCustomVhostFilename('05_froxlor_default_errorhandler.conf');
 			if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
 				$vhosts_folder = FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
 			} else {
 				$vhosts_folder = FileDir::makeCorrectDir(dirname(Settings::Get('system.apacheconf_vhost')));
 			}
 			$vhosts_filename = FileDir::makeCorrectFile($vhosts_folder . '/05_froxlor_default_errorhandler.conf');
 			if (!isset($this->virtualhosts_data[$vhosts_filename])) {
 				$this->virtualhosts_data[$vhosts_filename] = '';
@@ -630,29 +624,6 @@ class Apache extends HttpConfigBase
 		}
 	}
 	/**
 	 * Get the filename for the virtualhost
 	 */
 	protected function getVhostFilename($domain, $ssl_vhost = false)
 	{
 		if ((int)$domain['parentdomainid'] == 0 && Domain::isCustomerStdSubdomain((int)$domain['id']) == false && ((int)$domain['ismainbutsubto'] == 0 || Domain::domainMainToSubExists($domain['ismainbutsubto']) == false)) {
 			$vhost_no = '35';
 		} elseif ((int)$domain['parentdomainid'] == 0 && Domain::isCustomerStdSubdomain((int)$domain['id']) == false && (int)$domain['ismainbutsubto'] > 0) {
 			$vhost_no = '30';
 		} else {
 			// number of dots in a domain specifies it's position (and depth of subdomain) starting at 29 going downwards on higher depth
 			$vhost_no = (string)(30 - substr_count($domain['domain'], ".") + 1);
 		}
 		if ($ssl_vhost === true) {
 			$vhost_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_ssl_vhost_' . $domain['domain'] . '.conf');
 		} else {
 			$vhost_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_normal_vhost_' . $domain['domain'] . '.conf');
 		}
 		return $vhost_filename;
 	}
 	/**
 	 * We compose the virtualhost entry for one domain
 	 */
@@ -852,6 +823,7 @@ class Apache extends HttpConfigBase
 					$modrew_red = ' [R=' . $code . ';L,NE]';
 				}
 				$vhost_content .= $this->getLogfiles($domain);
 				// redirect everything, not only root-directory, #541
 				$vhost_content .= '  <IfModule mod_rewrite.c>' . "\n";
 				$vhost_content .= '    RewriteEngine On' . "\n";
@@ -878,24 +850,26 @@ class Apache extends HttpConfigBase
 			}
 			$vhost_content .= $this->getLogfiles($domain);
-			if ($domain['specialsettings'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $domain['include_specialsettings'] == 1))) {
+			if ($this->deactivated == false) {
-				$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
+				if ($domain['specialsettings'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $domain['include_specialsettings'] == 1))) {
-			}
+					$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 				}
-			if ($domain['ssl_specialsettings'] != '' && $ssl_vhost == true) {
+				if ($domain['ssl_specialsettings'] != '' && $ssl_vhost == true) {
-				$vhost_content .= $this->processSpecialConfigTemplate($domain['ssl_specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
+					$vhost_content .= $this->processSpecialConfigTemplate($domain['ssl_specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
-			}
+				}
-			if ($_vhost_content != '') {
+				if ($_vhost_content != '') {
-				$vhost_content .= $_vhost_content;
+					$vhost_content .= $_vhost_content;
-			}
+				}
-			if (Settings::Get('system.default_vhostconf') != '' && ($ssl_vhost == false || ($ssl_vhost == true && Settings::Get('system.include_default_vhostconf') == 1))) {
+				if (Settings::Get('system.default_vhostconf') != '' && ($ssl_vhost == false || ($ssl_vhost == true && Settings::Get('system.include_default_vhostconf') == 1))) {
-				$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
+					$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_vhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
-			}
+				}
-			if (Settings::Get('system.default_sslvhostconf') != '' && $ssl_vhost == true) {
+				if (Settings::Get('system.default_sslvhostconf') != '' && $ssl_vhost == true) {
-				$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
+					$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 				}
 			}
 		}
@@ -1000,8 +974,8 @@ class Apache extends HttpConfigBase
 			if ($domain['openbasedir'] == '1') {
 				if ($domain['openbasedir_path'] == '1' || strstr($domain['documentroot'], ":") !== false) {
 					$_phpappendopenbasedir = Domain::appendOpenBasedirPath($domain['customerroot'], true);
-				} else if ($domain['openbasedir_path'] == '2' && strpos(dirname($domain['documentroot']).'/', $domain['customerroot']) !== false) {
+				} else if ($domain['openbasedir_path'] == '2' && strpos(dirname($domain['documentroot']) . '/', $domain['customerroot']) !== false) {
-					$_phpappendopenbasedir = Domain::appendOpenBasedirPath(dirname($domain['documentroot']).'/', true);
+					$_phpappendopenbasedir = Domain::appendOpenBasedirPath(dirname($domain['documentroot']) . '/', true);
 				} else {
 					$_phpappendopenbasedir = Domain::appendOpenBasedirPath($domain['documentroot'], true);
 				}
@@ -1049,10 +1023,10 @@ class Apache extends HttpConfigBase
 		}
 		$statDocroot = FileDir::makeCorrectFile($domain['customerroot'] . '/' . $statTool . $statDomain);
-		$stats_text .= '  Alias /'.$statTool.' "' . $statDocroot . '"' . "\n";
+		$stats_text .= '  Alias /' . $statTool . ' "' . $statDocroot . '"' . "\n";
 		// awstats special requirement for icons
 		if ($statTool == 'awstats') {
-				$stats_text .= '  Alias /awstats-icon "' . FileDir::makeCorrectDir(Settings::Get('system.awstats_icons')) . '"' . "\n";
+			$stats_text .= '  Alias /awstats-icon "' . FileDir::makeCorrectDir(Settings::Get('system.awstats_icons')) . '"' . "\n";
 		}
 		return $stats_text;
@@ -1278,7 +1252,7 @@ class Apache extends HttpConfigBase
 					// >=apache-2.4 enabled?
 					if (Settings::Get('system.apache24') == '1') {
 						$mypath_dir = new Directory($row_diroptions['path']);
-						// only create the require all granted if there is not active directory-protection
+						// only create the' require all granted' if there is no active directory-protection
 						// for this path, as this would be the first require and therefore grant all access
 						if ($mypath_dir->isUserProtected() == false) {
 							$this->diroptions_data[$diroptions_filename] .= '  Require all granted' . "\n";
--- a/lib/Froxlor/Cron/Http/ApacheFcgi.php
+++ b/lib/Froxlor/Cron/Http/ApacheFcgi.php
@@ -126,6 +126,9 @@ class ApacheFcgi extends Apache
 				// mod_proxy stuff for apache-2.4
 				if (Settings::Get('system.apache24') == '1' && Settings::Get('phpfpm.use_mod_proxy') == '1') {
 					$php_options_text .= '  <Directory "' . FileDir::makeCorrectDir($domain['documentroot']) . '">' . "\n";
 					$filesmatch = $phpconfig['fpm_settings']['limit_extensions'];
 					$extensions = explode(" ", $filesmatch);
 					$filesmatch = "";
@@ -141,23 +144,19 @@ class ApacheFcgi extends Apache
 					$php_options_text .= '  </FilesMatch>' . "\n";
 					$mypath_dir = new Directory($domain['documentroot']);
-
+					// only create the "require all granted" directive if there is no active directory-protection
 					// only create the require all granted if there is not active directory-protection
 					// for this path, as this would be the first require and therefore grant all access
 					if ($mypath_dir->isUserProtected() == false) {
 						$php_options_text .= '  <Directory "' . FileDir::makeCorrectDir($domain['documentroot']) . '">' . "\n";
 						if ($phpconfig['pass_authorizationheader'] == '1') {
 							$php_options_text .= '    CGIPassAuth On' . "\n";
 						}
 						$php_options_text .= '    Require all granted' . "\n";
 						$php_options_text .= '    AllowOverride All' . "\n";
 						$php_options_text .= '  </Directory>' . "\n";
 					} elseif ($phpconfig['pass_authorizationheader'] == '1') {
 						// allow Pass of Authorization header
 						$php_options_text .= '  <Directory "' . FileDir::makeCorrectDir($domain['documentroot']) . '">' . "\n";
 						$php_options_text .= '    CGIPassAuth On' . "\n";
 						$php_options_text .= '  </Directory>' . "\n";
 					}
 					$php_options_text .= '  </Directory>' . "\n";
 				} else {
 					$addheader = "";
 					if ($phpconfig['pass_authorizationheader'] == '1') {
--- a/lib/Froxlor/Cron/Http/DomainSSL.php
+++ b/lib/Froxlor/Cron/Http/DomainSSL.php
@@ -43,23 +43,29 @@ class DomainSSL
 	 *            domain-array as reference so we can set the corresponding array-indices
 	 *
 	 * @return null
 	 * @throws \Exception
 	 */
 	public function setDomainSSLFilesArray(array &$domain = null)
 	{
 		// check if the domain itself has a certificate defined
 		$dom_certs_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :domid
+			SELECT s.*, d.domain
 			FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` d ON d.id = s.domainid
 			WHERE s.`domainid` = :domid
 		");
 		$dom_certs = Database::pexecute_first($dom_certs_stmt, [
 			'domid' => $domain['id']
 		]);
 		$parent_certificate = false;
 		if (!is_array($dom_certs) || !isset($dom_certs['ssl_cert_file']) || $dom_certs['ssl_cert_file'] == '') {
 			// maybe its parent?
 			if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
 				$dom_certs = Database::pexecute_first($dom_certs_stmt, [
 					'domid' => $domain['parentdomainid']
 				]);
 				$parent_certificate = true;
 			}
 		}
@@ -73,8 +79,8 @@ class DomainSSL
 			}
 			// make correct files for the certificates
 			$ssl_files = [
-				'ssl_cert_file' => FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '.crt'),
+				'ssl_cert_file' => FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '.crt'),
-				'ssl_key_file' => FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '.key')
+				'ssl_key_file' => FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '.key')
 			];
 			if (!$this->validateCertificate($dom_certs)) {
@@ -93,19 +99,19 @@ class DomainSSL
 			$ssl_files['ssl_cert_chainfile'] = '';
 			// set them if they are != empty
 			if ($dom_certs['ssl_ca_file'] != '') {
-				$ssl_files['ssl_ca_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '_CA.pem');
+				$ssl_files['ssl_ca_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '_CA.pem');
 			}
 			if ($dom_certs['ssl_cert_chainfile'] != '') {
 				if (Settings::Get('system.webserver') == 'nginx') {
 					// put ca.crt in my.crt, as nginx does not support a separate chain file.
 					$dom_certs['ssl_cert_file'] = trim($dom_certs['ssl_cert_file']) . "\n" . trim($dom_certs['ssl_cert_chainfile']) . "\n";
 				} else {
-					$ssl_files['ssl_cert_chainfile'] = FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '_chain.pem');
+					$ssl_files['ssl_cert_chainfile'] = FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '_chain.pem');
 				}
 			}
 			// will only be generated to be used externally, froxlor does not need this
 			if ($dom_certs['ssl_fullchain_file'] != '') {
-				$ssl_files['ssl_fullchain_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '_fullchain.pem');
+				$ssl_files['ssl_fullchain_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '_fullchain.pem');
 			}
 			// create them on the filesystem
 			foreach ($ssl_files as $type => $filename) {
@@ -131,7 +137,7 @@ class DomainSSL
 		return;
 	}
-	private function validateCertificate($dom_certs = [])
+	private function validateCertificate($dom_certs = []): bool
 	{
 		return openssl_x509_check_private_key($dom_certs['ssl_cert_file'], $dom_certs['ssl_key_file']);
 	}
--- a/lib/Froxlor/Cron/Http/HttpConfigBase.php
+++ b/lib/Froxlor/Cron/Http/HttpConfigBase.php
@@ -28,6 +28,7 @@ namespace Froxlor\Cron\Http;
 use Froxlor\Cron\Http\LetsEncrypt\AcmeSh;
 use Froxlor\Cron\Http\Php\Fpm;
 use Froxlor\Database\Database;
 use Froxlor\Domain\Domain;
 use Froxlor\FileDir;
 use Froxlor\Froxlor;
 use Froxlor\FroxlorLogger;
@@ -187,4 +188,27 @@ class HttpConfigBase
 		}
 		return false;
 	}
 	/**
 	 * Get the filename for the virtualhost
 	 */
 	protected function getVhostFilename(array $domain, bool $ssl_vhost = false, bool $filename_only = false)
 	{
 		// number of dots in a domain specifies its position (and depth of subdomain) starting at 35 going downwards on higher depth
 		$vhost_no = (string)(35 - substr_count($domain['domain'], ".") + 1);
 		$filename = $vhost_no . '_froxlor_' . ($ssl_vhost ? 'ssl' : 'normal') . '_vhost_' . $domain['domain'] . '.conf';
 		if ($filename_only) {
 			return $filename;
 		}
 		return FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $filename);
 	}
 	protected function getCustomVhostFilename(string $name)
 	{
 		$vhosts_folder = FileDir::makeCorrectDir(dirname(Settings::Get('system.apacheconf_vhost')));
 		if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
 			$vhosts_folder = FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
 		}
 		return FileDir::makeCorrectFile($vhosts_folder . '/' . $name);
 	}
 }
--- a/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
+++ b/lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
@@ -26,6 +26,7 @@
 namespace Froxlor\Cron\Http\LetsEncrypt;
 use Froxlor\Cron\FroxlorCron;
 use Froxlor\Cron\TaskId;
 use Froxlor\Database\Database;
 use Froxlor\Domain\Domain;
 use Froxlor\FileDir;
@@ -83,7 +84,7 @@ class AcmeSh extends FroxlorCron
 			$renew_domains = self::renewDomains(true);
 			if ($issue_froxlor || !empty($issue_domains) || !empty($renew_froxlor) || $renew_domains) {
 				// insert task to generate certificates and vhost-configs
-				Cronjob::inserttask(1);
+				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
 			return 0;
 		}
@@ -203,7 +204,7 @@ class AcmeSh extends FroxlorCron
 		// This is easiest done by just creating a new task ;)
 		if ($changedetected) {
 			if (self::$no_inserttask == false) {
-				Cronjob::inserttask(1);
+				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
 			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Let's Encrypt certificates have been updated");
 		} else {
@@ -236,9 +237,12 @@ class AcmeSh extends FroxlorCron
 		return false;
 	}
-	private static function checkFsFilesAreNewer($domain, $cert_date = 0)
+	private static function checkFsFilesAreNewer($domain, $cert_date = 0): bool
 	{
-		$certificate_folder = self::getWorkingDirFromEnv(strtolower($domain));
+		$certificate_folder = self::getCertificateFolder(strtolower($domain));
 		if (empty($certificate_folder)) {
 			return false;
 		}
 		$ssl_file = FileDir::makeCorrectFile($certificate_folder . '/' . strtolower($domain) . '.cer');
 		if (is_dir($certificate_folder) && file_exists($ssl_file) && is_readable($ssl_file)) {
@@ -250,9 +254,13 @@ class AcmeSh extends FroxlorCron
 		return false;
 	}
-	public static function getWorkingDirFromEnv($domain = "", $forced_noecc = false)
+	public static function getWorkingDirFromEnv($domain = "", $forced_ecc = false): string
 	{
-		if (Settings::Get('system.leecc') > 0 && !$forced_noecc) {
+		// first try without _ecc either if it's enabled currently or not as
 		// it might have been at some point so there is a chance we have certificates
 		// with and without _ecc - the method getCertificateFolder() will check both
 		// possibilities
 		if ($forced_ecc) {
 			$domain .= "_ecc";
 		}
 		$env_file = FileDir::makeCorrectFile(dirname(self::getAcmeSh()) . '/acme.sh.env');
@@ -262,7 +270,7 @@ class AcmeSh extends FroxlorCron
 cut -d'"' -f2
 EOC;
 			exec('grep "LE_WORKING_DIR" ' . escapeshellarg($env_file) . ' | ' . $cut, $output);
-			if (is_array($output) && !empty($output) && isset($output[0]) && !empty($output[0])) {
+			if (is_array($output) && !empty($output) && !empty($output[0])) {
 				return FileDir::makeCorrectDir($output[0] . "/" . $domain);
 			}
 		}
@@ -513,6 +521,8 @@ EOC;
 				self::runAcmeSh($certrow, $domains, $cronlog, $do_force);
 			} else {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
 				// we need another reconfigure in order to get the certificate
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
 		}
 	}
@@ -549,6 +559,10 @@ EOC;
 						Settings::Set('system.le_froxlor_enabled', 0);
 					}
 					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Let's Encrypt deactivated for domain " . $domain);
 					if (!defined('CRON_IS_FORCED') && !defined('CRON_DEBUG_FLAG')) {
 						// email info to admin that lets encrypt has been disabled for this domain
 						Cronjob::notifyMailToAdmin("Let's Encrypt has been deactivated for domain '" . $domain . "' due to failed dns validation (wrong or no IP address)");
 					}
 				}
 			}
 		}
@@ -579,11 +593,20 @@ EOC;
 				$acmesh_cmd .= " --debug";
 			}
-			$acme_result = FileDir::safe_exec($acmesh_cmd);
+			$exit_code = null;
 			$acme_result = FileDir::safe_exec($acmesh_cmd, $exit_code);
 			// debug output of acme.sh run
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, implode("\n", $acme_result));
-			self::certToDb($certrow, $cronlog, $acme_result);
+			if ($exit_code != 0) {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, "Non-successful exit-code returned :(");
 				if (!defined('CRON_IS_FORCED') && !defined('CRON_DEBUG_FLAG')) {
 					Cronjob::notifyMailToAdmin("Let's Encrypt certificate could not be obtained for: " . implode(", ", $domains) . "\n\n" . implode("\n", $acme_result));
 				}
 			} else {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, "Successful exit-code returned - storing certificate");
 				self::certToDb($certrow, $cronlog, $acme_result);
 			}
 		}
 	}
@@ -635,35 +658,21 @@ EOC;
 	 */
 	private static function readCertificateToVar($domain, &$return, &$cronlog)
 	{
-		$certificate_folder = self::getWorkingDirFromEnv($domain);
+		$certificate_folder = self::getCertificateFolder($domain);
 		$certificate_folder_noecc = null;
 		if (Settings::Get('system.leecc') > 0) {
 			$certificate_folder_noecc = self::getWorkingDirFromEnv($domain, true);
 		}
 		$certificate_folder = FileDir::makeCorrectDir($certificate_folder);
-		if (is_dir($certificate_folder) || is_dir($certificate_folder_noecc)) {
+		if (!empty($certificate_folder)) {
-			foreach (
+			$certificate_files = [
-				[
+				'crt' => $domain . '.cer',
-					'crt' => $domain . '.cer',
+				'key' => $domain . '.key',
-					'key' => $domain . '.key',
+				'chain' => 'ca.cer',
-					'chain' => 'ca.cer',
+				'fullchain' => 'fullchain.cer',
-					'fullchain' => 'fullchain.cer',
+				'csr' => $domain . '.csr'
-					'csr' => $domain . '.csr'
+			];
-				] as $index => $sslfile
+			foreach ($certificate_files as $index => $sslfile) {
 			) {
 				$ssl_file = FileDir::makeCorrectFile($certificate_folder . '/' . $sslfile);
 				if (file_exists($ssl_file)) {
 					$return[$index] = file_get_contents($ssl_file);
 				} else {
 					if (!empty($certificate_folder_noecc)) {
 						$ssl_file_fb = FileDir::makeCorrectFile($certificate_folder_noecc . '/' . $sslfile);
 						if (file_exists($ssl_file_fb)) {
 							$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "ECC certificates activated but found only non-ecc file");
 							$return[$index] = file_get_contents($ssl_file_fb);
 							continue;
 						}
 					}
 					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find file '" . $sslfile . "' in '" . $certificate_folder . "'");
 					$return[$index] = null;
 				}
@@ -672,4 +681,18 @@ EOC;
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find certificate-folder '" . $certificate_folder . "'");
 		}
 	}
 	private static function getCertificateFolder(string $domain): string
 	{
 		$certificate_folder = self::getWorkingDirFromEnv(strtolower($domain));
 		if (file_exists($certificate_folder)) {
 			return $certificate_folder;
 		}
 		$certificate_folder_ecc = self::getWorkingDirFromEnv($domain, true);
 		if (file_exists($certificate_folder_ecc)) {
 			return $certificate_folder_ecc;
 		}
 		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find certificate-folder for domain '" . $domain . "'");
 		return "";
 	}
 }
--- a/lib/Froxlor/Cron/Http/Lighttpd.php
+++ b/lib/Froxlor/Cron/Http/Lighttpd.php
@@ -336,24 +336,9 @@ class Lighttpd extends HttpConfigBase
 				$_pos = strrpos($_tmp_path, '/');
 				$_inc_path = substr($_tmp_path, $_pos + 1);
-				// maindomain
+				$filename = self::getVhostFilename($domain, ($ssl == '1'), true);
-				if ((int)$domain['parentdomainid'] == 0 && Domain::isCustomerStdSubdomain((int)$domain['id']) == false && ((int)$domain['ismainbutsubto'] == 0 || Domain::domainMainToSubExists($domain['ismainbutsubto']) == false)) {
+				$vhost_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/vhosts/' . $filename);
-					$vhost_no = '50';
+				$included_vhosts[] = $_inc_path . '/vhosts/' . $filename;
 				} elseif ((int)$domain['parentdomainid'] == 0 && Domain::isCustomerStdSubdomain((int)$domain['id']) == false && (int)$domain['ismainbutsubto'] > 0) {
 					// sub-but-main-domain
 					$vhost_no = '51';
 				} else {
 					// subdomains
 					// number of dots in a domain specifies it's position (and depth of subdomain) starting at 89 going downwards on higher depth
 					$vhost_no = (string)(90 - substr_count($domain['domain'], ".") + 1);
 				}
 				if ($ssl == '1') {
 					$vhost_no = (int)$vhost_no += 10;
 				}
 				$vhost_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/vhosts/' . $vhost_no . '_' . $domain['domain'] . '.conf');
 				$included_vhosts[] = $_inc_path . '/vhosts/' . $vhost_no . '_' . $domain['domain'] . '.conf';
 			}
 			if (!isset($this->lighttpd_data[$vhost_filename])) {
@@ -421,6 +406,7 @@ class Lighttpd extends HttpConfigBase
 				// Get domain's redirect code
 				$code = Domain::getDomainRedirectCode($domain['id']);
 				$vhost_content .= $this->getLogFiles($domain);
 				$vhost_content .= '  url.redirect-code = ' . $code . "\n";
 				$vhost_content .= '  url.redirect = (' . "\n";
 				$vhost_content .= '     "^/(.*)$" => "' . $uri . '$1"' . "\n";
--- a/lib/Froxlor/Cron/Http/Nginx.php
+++ b/lib/Froxlor/Cron/Http/Nginx.php
@@ -225,7 +225,7 @@ class Nginx extends HttpConfigBase
 					$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
 					// protect bin/
-					$this->nginx_data[$vhost_filename] .= "\t" . 'location ~ ' . rtrim($relpath, "/") . '/(bin|cache|logs|tests|vendor) {' . "\n";
+					$this->nginx_data[$vhost_filename] .= "\t" . 'location ~ ^' . rtrim($relpath, "/") . '/(bin|cache|logs|tests|vendor) {' . "\n";
 					$this->nginx_data[$vhost_filename] .= "\t" . '    deny all;' . "\n";
 					$this->nginx_data[$vhost_filename] .= "\t" . '}' . "\n";
 				}
@@ -467,26 +467,6 @@ class Nginx extends HttpConfigBase
 		}
 	}
 	protected function getVhostFilename($domain, $ssl_vhost = false)
 	{
 		if ((int)$domain['parentdomainid'] == 0 && Domain::isCustomerStdSubdomain((int)$domain['id']) == false && ((int)$domain['ismainbutsubto'] == 0 || Domain::domainMainToSubExists($domain['ismainbutsubto']) == false)) {
 			$vhost_no = '35';
 		} elseif ((int)$domain['parentdomainid'] == 0 && Domain::isCustomerStdSubdomain((int)$domain['id']) == false && (int)$domain['ismainbutsubto'] > 0) {
 			$vhost_no = '30';
 		} else {
 			// number of dots in a domain specifies it's position (and depth of subdomain) starting at 29 going downwards on higher depth
 			$vhost_no = (string)(30 - substr_count($domain['domain'], ".") + 1);
 		}
 		if ($ssl_vhost === true) {
 			$vhost_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_ssl_vhost_' . $domain['domain'] . '.conf');
 		} else {
 			$vhost_filename = FileDir::makeCorrectFile(Settings::Get('system.apacheconf_vhost') . '/' . $vhost_no . '_froxlor_normal_vhost_' . $domain['domain'] . '.conf');
 		}
 		return $vhost_filename;
 	}
 	protected function getVhostContent($domain, $ssl_vhost = false)
 	{
 		if ($ssl_vhost === true && $domain['ssl'] != '1' && $domain['ssl_redirect'] != '1') {
@@ -606,6 +586,7 @@ class Nginx extends HttpConfigBase
 				// Get domain's redirect code
 				$code = Domain::getDomainRedirectCode($domain['id']);
 				$vhost_content .= $this->getLogFiles($domain);
 				$vhost_content .= "\t" . 'location / {' . "\n";
 				$vhost_content .= "\t\t" . 'return ' . $code . ' ' . $uri . '$request_uri;' . "\n";
 				$vhost_content .= "\t" . '}' . "\n";
@@ -883,13 +864,7 @@ class Nginx extends HttpConfigBase
 		// remove comments
 		$vhost = implode("\n", preg_replace('/^(\s+)?#(.*)$/', '', explode("\n", $vhost)));
 		// Break blocks into lines
-		$vhost = str_replace([
+		$vhost = preg_replace("/^(\s+)?location(.+)\{(.+)\}$/misU", "location $2 {\n $3 \n}", $vhost);
 			"{",
 			"}"
 		], [
 			" {\n",
 			"\n}"
 		], $vhost);
 		// Break into array items
 		$vhost = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost))));
 		// Remove empty lines
@@ -1040,9 +1015,11 @@ class Nginx extends HttpConfigBase
 						$path_options .= "\t\t" . 'auth_basic_user_file  ' . FileDir::makeCorrectFile($single['usrf']) . ';' . "\n";
 						if ($domain['phpenabled_customer'] == 1 && $domain['phpenabled_vhost'] == '1') {
 							$path_options .= "\t\t" . 'index    index.php index.html index.htm;' . "\n";
-							$path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
+							if ($domain['notryfiles'] != 1) {
-							$path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
+								$path_options .= "\t\t" . 'location ~ ^(.+?\.php)(/.*)?$ {' . "\n";
-							$path_options .= "\t\t" . '}' . "\n\n";
+								$path_options .= "\t\t\t" . 'try_files ' . $domain['nonexistinguri'] . ' @php;' . "\n";
 								$path_options .= "\t\t" . '}' . "\n\n";
 							}
 						} else {
 							$path_options .= "\t\t" . 'index    index.html index.htm;' . "\n";
 						}
@@ -1169,7 +1146,6 @@ class Nginx extends HttpConfigBase
 			$phpopts .= "\t\tinclude " . Settings::Get('nginx.fastcgiparams') . ";\n";
 			$phpopts .= "\t\tfastcgi_param SCRIPT_FILENAME \$request_filename;\n";
 			$phpopts .= "\t\tfastcgi_param PATH_INFO \$fastcgi_path_info;\n";
 			$phpopts .= "\t\ttry_files \$fastcgi_script_name =404;\n";
 			$phpopts .= "\t\tfastcgi_pass " . Settings::Get('system.nginx_php_backend') . ";\n";
 			$phpopts .= "\t\tfastcgi_index index.php;\n";
 			if ($domain['ssl'] == '1' && $ssl_vhost) {
@@ -1186,14 +1162,7 @@ class Nginx extends HttpConfigBase
 	private function createStandardErrorHandler()
 	{
 		if (Settings::Get('defaultwebsrverrhandler.enabled') == '1' && (Settings::Get('defaultwebsrverrhandler.err401') != '' || Settings::Get('defaultwebsrverrhandler.err403') != '' || Settings::Get('defaultwebsrverrhandler.err404') != '' || Settings::Get('defaultwebsrverrhandler.err500') != '')) {
-			$vhosts_folder = '';
+			$vhosts_filename = $this->getCustomVhostFilename('05_froxlor_default_errorhandler.conf');
 			if (is_dir(Settings::Get('system.apacheconf_vhost'))) {
 				$vhosts_folder = FileDir::makeCorrectDir(Settings::Get('system.apacheconf_vhost'));
 			} else {
 				$vhosts_folder = FileDir::makeCorrectDir(dirname(Settings::Get('system.apacheconf_vhost')));
 			}
 			$vhosts_filename = FileDir::makeCorrectFile($vhosts_folder . '/05_froxlor_default_errorhandler.conf');
 			if (!isset($this->nginx_data[$vhosts_filename])) {
 				$this->nginx_data[$vhosts_filename] = '';
--- a/lib/Froxlor/Cron/Http/Php/Fpm.php
+++ b/lib/Froxlor/Cron/Http/Php/Fpm.php
@@ -289,7 +289,7 @@ pm.max_children = 1
 				}
 			}
-			// now check if 'sendmail_path' has not beed set in the custom-php.ini
+			// now check if 'sendmail_path' has not been set in the custom-php.ini
 			// if not we use our fallback-default as usual
 			if (strpos($fpm_config, 'php_admin_value[sendmail_path]') === false) {
 				$fpm_config .= 'php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f ' . $this->domain['email'] . "\n";
--- a/lib/Froxlor/Cron/System/ExportCron.php
+++ b/lib/Froxlor/Cron/System/ExportCron.php
@@ -25,122 +25,84 @@
 namespace Froxlor\Cron\System;
 use Exception;
 use Froxlor\Cron\Forkable;
 use Froxlor\Cron\FroxlorCron;
 use Froxlor\Database\Database;
 use Froxlor\FileDir;
 use Froxlor\FroxlorLogger;
 use Froxlor\Settings;
-class BackupCron extends FroxlorCron
+class ExportCron extends FroxlorCron
 {
 	use Forkable;
 	public static function run()
 	{
-		// Check Traffic-Lock
+		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'ExportCron: started - creating customer data export');
 		if (function_exists('pcntl_fork')) {
 			$BackupLock = FileDir::makeCorrectFile(dirname(self::getLockfile()) . "/froxlor_cron_backup.lock");
 			if (file_exists($BackupLock) && is_numeric($BackupPid = file_get_contents($BackupLock))) {
 				if (function_exists('posix_kill')) {
 					$BackupPidStatus = @posix_kill($BackupPid, 0);
 				} else {
 					system("kill -CHLD " . $BackupPid . " 1> /dev/null 2> /dev/null", $BackupPidStatus);
 					$BackupPidStatus = !$BackupPidStatus;
 				}
 				if ($BackupPidStatus) {
 					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Backup run already in progress');
 					return 1;
 				}
 			}
 			// Create Backup Log and Fork
 			// We close the database - connection before we fork, so we don't share resources with the child
 			Database::needRoot(false); // this forces the connection to be set to null
 			$BackupPid = pcntl_fork();
 			// Parent
 			if ($BackupPid) {
 				file_put_contents($BackupLock, $BackupPid);
 				// unnecessary to recreate database connection here
 				return 0;
 			} elseif ($BackupPid == 0) {
 				// Child
 				posix_setsid();
 				// re-create db
 				Database::needRoot(false);
 			} else {
 				// Fork failed
 				return 1;
 			}
 		} else {
 			if (extension_loaded('pcntl')) {
 				$msg = "PHP compiled with pcntl but pcntl_fork function is not available.";
 			} else {
 				$msg = "PHP compiled without pcntl.";
 			}
 			FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, $msg . " Not forking backup-cron, this may take a long time!");
 		}
 		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'BackupCron: started - creating customer backup');
 		$result_tasks_stmt = Database::query("
 			SELECT * FROM `" . TABLE_PANEL_TASKS . "` WHERE `type` = '20' ORDER BY `id` ASC
 		");
 		$del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TASKS . "` WHERE `id` = :id");
 		$cronlog = FroxlorLogger::getInstanceOf();
 		$all_jobs = $result_tasks_stmt->fetchAll();
 		foreach ($all_jobs as $row) {
 			if ($row['data'] != '') {
 				$row['data'] = json_decode($row['data'], true);
 			}
-			if (is_array($row['data'])) {
+		if (!empty($all_jobs)) {
-				if (isset($row['data']['customerid']) && isset($row['data']['loginname']) && isset($row['data']['destdir'])) {
+			self::runFork([self::class, 'handle'], $all_jobs);
 					$row['data']['destdir'] = FileDir::makeCorrectDir($row['data']['destdir']);
 					$customerdocroot = FileDir::makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $row['data']['loginname'] . '/');
 					// create folder if not exists
 					if (!file_exists($row['data']['destdir']) && $row['data']['destdir'] != '/' && $row['data']['destdir'] != Settings::Get('system.documentroot_prefix') && $row['data']['destdir'] != $customerdocroot) {
 						FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Creating backup-destination path for customer: ' . escapeshellarg($row['data']['destdir']));
 						FileDir::safe_exec('mkdir -p ' . escapeshellarg($row['data']['destdir']));
 					}
 					self::createCustomerBackup($row['data'], $customerdocroot, $cronlog);
 				}
 			}
 			// remove entry
 			Database::pexecute($del_stmt, [
 				'id' => $row['id']
 			]);
 		}
 		if (function_exists('pcntl_fork')) {
 			@unlink($BackupLock);
 			die();
 		}
 	}
 	public static function handle(array $row)
 	{
 		$del_stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_TASKS . "` WHERE `id` = :id");
 		$cronlog = FroxlorLogger::getInstanceOf();
 		if ($row['data'] != '') {
 			$row['data'] = json_decode($row['data'], true);
 		}
 		if (is_array($row['data'])) {
 			if (isset($row['data']['customerid']) && isset($row['data']['loginname']) && isset($row['data']['destdir'])) {
 				$row['data']['destdir'] = FileDir::makeCorrectDir($row['data']['destdir']);
 				$customerdocroot = FileDir::makeCorrectDir(Settings::Get('system.documentroot_prefix') . '/' . $row['data']['loginname'] . '/');
 				// create folder if not exists
 				if (!file_exists($row['data']['destdir']) && $row['data']['destdir'] != '/' && $row['data']['destdir'] != Settings::Get('system.documentroot_prefix') && $row['data']['destdir'] != $customerdocroot) {
 					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating data export destination path for customer: ' . escapeshellarg($row['data']['destdir']));
 					FileDir::safe_exec('mkdir -p ' . escapeshellarg($row['data']['destdir']));
 				}
 				self::createCustomerExport($row['data'], $customerdocroot, $cronlog);
 			}
 		}
 		// remove entry
 		Database::pexecute($del_stmt, [
 			'id' => $row['id']
 		]);
 	}
 	/**
-	 * depending on the give choice, the customers web-data, email-data and databases are being backup'ed
+	 * depending on the give choice, the customers web-data, email-data and databases are being exported
 	 *
 	 * @param array $data
 	 *
 	 * @return void
 	 *
 	 * @throws Exception
 	 */
-	private static function createCustomerBackup($data = null, $customerdocroot = null, &$cronlog = null)
+	private static function createCustomerExport($data = null, $customerdocroot = null, &$cronlog = null)
 	{
-		$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Creating Backup for user "' . $data['loginname'] . '"');
+		$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Creating data export for user "' . $data['loginname'] . '"');
 		// create tmp folder
 		$tmpdir = FileDir::makeCorrectDir($data['destdir'] . '/.tmp/');
 		$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating tmp-folder "' . $tmpdir . '"');
 		$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> mkdir -p ' . escapeshellarg($tmpdir));
 		FileDir::safe_exec('mkdir -p ' . escapeshellarg($tmpdir));
-		$create_backup_tar_data = "";
+		$create_export_tar_data = "";
 		// MySQL databases
-		if ($data['backup_dbs'] == 1) {
+		if ($data['dump_dbs'] == 1) {
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating mysql-folder "' . FileDir::makeCorrectDir($tmpdir . '/mysql') . '"');
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/mysql')));
 			FileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/mysql')));
@@ -152,7 +114,7 @@ class BackupCron extends FroxlorCron
 			]);
 			$has_dbs = false;
-			$current_dbserver = null;
+			$current_dbserver = -1;
 			while ($row = $sel_stmt->fetch()) {
 				// Get sql_root data for the specific database-server the database resides on
 				if ($current_dbserver != $row['dbserver']) {
@@ -180,16 +142,18 @@ class BackupCron extends FroxlorCron
 			}
 			if ($has_dbs) {
-				$create_backup_tar_data .= './mysql ';
+				$create_export_tar_data .= './mysql ';
 			}
-			unlink($mysqlcnf_file);
+			if (file_exists($mysqlcnf_file)) {
 				unlink($mysqlcnf_file);
 			}
 			unset($sql_root);
 		}
 		// E-mail data
-		if ($data['backup_mail'] == 1) {
+		if ($data['dump_mail'] == 1) {
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating mail-folder "' . FileDir::makeCorrectDir($tmpdir . '/mail') . '"');
 			FileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/mail')));
@@ -209,28 +173,41 @@ class BackupCron extends FroxlorCron
 			if (!empty($tar_file_list)) {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> tar cfvz ' . escapeshellarg(FileDir::makeCorrectFile($tmpdir . '/mail/' . $data['loginname'] . '-mail.tar.gz')) . ' -C ' . escapeshellarg($mail_homedir) . ' ' . trim($tar_file_list));
 				FileDir::safe_exec('tar cfz ' . escapeshellarg(FileDir::makeCorrectFile($tmpdir . '/mail/' . $data['loginname'] . '-mail.tar.gz')) . ' -C ' . escapeshellarg($mail_homedir) . ' ' . trim($tar_file_list));
-				$create_backup_tar_data .= './mail ';
+				$create_export_tar_data .= './mail ';
 			}
 		}
 		// Web data
-		if ($data['backup_web'] == 1) {
+		if ($data['dump_web'] == 1) {
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Creating web-folder "' . FileDir::makeCorrectDir($tmpdir . '/web') . '"');
 			FileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir($tmpdir . '/web')));
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> tar cfz ' . escapeshellarg(FileDir::makeCorrectFile($tmpdir . '/web/' . $data['loginname'] . '-web.tar.gz')) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, "./", FileDir::makeCorrectFile($tmpdir . '/*'))) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, "./", substr(FileDir::makeCorrectDir($tmpdir), 0, -1))) . ' -C ' . escapeshellarg($customerdocroot) . ' .');
 			FileDir::safe_exec('tar cfz ' . escapeshellarg(FileDir::makeCorrectFile($tmpdir . '/web/' . $data['loginname'] . '-web.tar.gz')) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, "./", FileDir::makeCorrectFile($tmpdir . '/*'))) . ' --exclude=' . escapeshellarg(str_replace($customerdocroot, "./", substr(FileDir::makeCorrectFile($tmpdir), 0, -1))) . ' -C ' . escapeshellarg($customerdocroot) . ' .');
-			$create_backup_tar_data .= './web ';
+			$create_export_tar_data .= './web ';
 		}
-		if (!empty($create_backup_tar_data)) {
+		if (!empty($create_export_tar_data)) {
-			$backup_file = FileDir::makeCorrectFile($tmpdir . '/' . $data['loginname'] . '-backup_' . date('YmdHi', time()) . '.tar.gz');
+			// set owner to customer
-			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Creating backup-file "' . $backup_file . '"');
+			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($tmpdir));
-			// pack all archives in tmp-dir to one
+			FileDir::safe_exec('chown -R ' . (int)$data['uid'] . ':' . (int)$data['gid'] . ' ' . escapeshellarg($tmpdir));
-			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> tar cfz ' . escapeshellarg($backup_file) . ' -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_backup_tar_data));
+			// create tar-file
-			FileDir::safe_exec('tar cfz ' . escapeshellarg($backup_file) . ' -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_backup_tar_data));
+			$export_file = FileDir::makeCorrectFile($tmpdir . '/' . $data['loginname'] . '-export_' . date('YmdHi', time()) . '.tar.gz' . (!empty($data['pgp_public_key']) ? '.gpg' : ''));
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Creating export-file "' . $export_file . '"');
 			if (!empty($data['pgp_public_key'])) {
 				// pack all archives in tmp-dir to one archive and encrypt it with gpg
 				$recipient_file = FileDir::makeCorrectFile($tmpdir . '/' . $data['loginname'] . '-recipients.gpg');
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Creating recipient-file "' . $recipient_file . '"');
 				file_put_contents($recipient_file, $data['pgp_public_key']);
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> tar cfz - -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_export_tar_data) . ' | gpg --encrypt --recipient-file ' . escapeshellarg($recipient_file) . ' --output ' . escapeshellarg($export_file) . ' --trust-model always --batch --yes');
 				FileDir::safe_exec('tar cfz - -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_export_tar_data) . ' | gpg --encrypt --recipient-file ' . escapeshellarg($recipient_file) . ' --output ' . escapeshellarg($export_file) . ' --trust-model always --batch --yes', $return_value, ['|']);
 			} else {
 				// pack all archives in tmp-dir to one archive
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> tar cfz ' . escapeshellarg($export_file) . ' -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_export_tar_data));
 				FileDir::safe_exec('tar cfz ' . escapeshellarg($export_file) . ' -C ' . escapeshellarg($tmpdir) . ' ' . trim($create_export_tar_data));
 			}
 			// move to destination directory
-			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> mv ' . escapeshellarg($backup_file) . ' ' . escapeshellarg($data['destdir']));
+			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> mv ' . escapeshellarg($export_file) . ' ' . escapeshellarg($data['destdir']));
-			FileDir::safe_exec('mv ' . escapeshellarg($backup_file) . ' ' . escapeshellarg($data['destdir']));
+			FileDir::safe_exec('mv ' . escapeshellarg($export_file) . ' ' . escapeshellarg($data['destdir']));
 			// remove tmp-files
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> rm -rf ' . escapeshellarg($tmpdir));
 			FileDir::safe_exec('rm -rf ' . escapeshellarg($tmpdir));
--- a/Show More
+++ b/Show More