set version to 2.0.23 for upcoming bugfix release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

admin_admins.php

@@ -77,6 +77,7 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
 			$result['switched_user'] = CurrentUser::getData();
 			$result['adminsession'] = 1;
 			$result['userid'] = $result['adminid'];
+			session_regenerate_id(true);
 			CurrentUser::setData($result);
 
 			$log->logAction(

admin_customers.php

@@ -93,6 +93,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
 			$result['switched_user'] = CurrentUser::getData();
 			$result['adminsession'] = 0;
 			$result['userid'] = $result['customerid'];
+			session_regenerate_id(true);
 			CurrentUser::setData($result);
 
 			$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'");

admin_index.php

@@ -53,6 +53,7 @@ if ($action == 'logout') {
 	if (is_array(CurrentUser::getField('switched_user'))) {
 		$result = CurrentUser::getData();
 		$result = $result['switched_user'];
+		session_regenerate_id(true);
 		CurrentUser::setData($result);
 		$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
 		$redirect = "admin_" . $target . ".php";

bin/froxlor-cli

@@ -26,6 +26,7 @@
 
 declare(strict_types=1);
 
+use Froxlor\Cli\ConfigDiff;
 use Symfony\Component\Console\Application;
 use Froxlor\Cli\RunApiCommand;
 use Froxlor\Cli\ConfigServices;
@@ -61,4 +62,5 @@ $application->add(new InstallCommand());
 $application->add(new MasterCron());
 $application->add(new UserCommand());
 $application->add(new ValidateAcmeWebroot());
+$application->add(new ConfigDiff());
 $application->run();

customer_index.php

@@ -52,6 +52,7 @@ if ($action == 'logout') {
 	if (is_array(CurrentUser::getField('switched_user'))) {
 		$result = CurrentUser::getData();
 		$result = $result['switched_user'];
+		session_regenerate_id(true);
 		CurrentUser::setData($result);
 		$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
 		$redirect = "admin_" . $target . ".php";

index.php

@@ -40,7 +40,6 @@ use Froxlor\UI\Panel\UI;
 use Froxlor\UI\Response;
 use Froxlor\User;
 use Froxlor\Validate\Validate;
-use Froxlor\Language;
 
 if ($action == '') {
 	$action = 'login';
@@ -433,8 +432,13 @@ if ($action == '2fa_entercode') {
 		if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") {
 			$lastqrystr = urlencode($_REQUEST['qrystr']);
 		}
-		$_SESSION['lastscript'] = $lastscript;
-		$_SESSION['lastqrystr'] = $lastqrystr;
+
+		if (!empty($lastscript)) {
+			$_SESSION['lastscript'] = $lastscript;
+		}
+		if (!empty($lastqrystr)) {
+			$_SESSION['lastqrystr'] = $lastqrystr;
+		}
 
 		UI::view('login/login.html.twig', [
 			'pagetitle' => 'Login',
@@ -633,7 +637,7 @@ if ($action == 'forgotpwd') {
 
 	UI::view('login/fpwd.html.twig', [
 		'pagetitle' => lng('login.presend'),
-		'formaction' => 'index.php?action='.$action,
+		'formaction' => 'index.php?action=' . $action,
 		'message' => $message,
 	]);
 }
@@ -733,6 +737,7 @@ if ($action == 'resetpwd') {
 function finishLogin($userinfo)
 {
 	if (isset($userinfo['userid']) && $userinfo['userid'] != '') {
+		session_regenerate_id(true);
 		CurrentUser::setData($userinfo);
 
 		$language = $userinfo['def_language'] ?? Settings::Get('panel.standardlanguage');
@@ -746,7 +751,7 @@ function finishLogin($userinfo)
 		}
 
 		$qryparams = [];
-		if (isset($_SESSION['lastqrystr']) && !empty($_SESSION['lastqrystr'])) {
+		if (!empty($_SESSION['lastqrystr'])) {
 			parse_str(urldecode($_SESSION['lastqrystr']), $qryparams);
 			unset($_SESSION['lastqrystr']);
 		}
@@ -755,7 +760,7 @@ function finishLogin($userinfo)
 			if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
 				Response::redirectTo('admin_updates.php?page=overview');
 			} else {
-				if (isset($_SESSION['lastscript']) && !empty($_SESSION['lastscript'])) {
+				if (!empty($_SESSION['lastscript'])) {
 					$lastscript = $_SESSION['lastscript'];
 					unset($_SESSION['lastscript']);
 					if (preg_match("/customer\_/", $lastscript) === 1) {
@@ -770,7 +775,7 @@ function finishLogin($userinfo)
 				}
 			}
 		} else {
-			if (isset($_SESSION['lastscript']) && !empty($_SESSION['lastscript'])) {
+			if (!empty($_SESSION['lastscript'])) {
 				$lastscript = $_SESSION['lastscript'];
 				unset($_SESSION['lastscript']);
 				Response::redirectTo($lastscript, $qryparams);

install/froxlor.sql.php

@@ -697,7 +697,7 @@ opcache.validate_timestamps'),
 	('system', 'distribution', ''),
 	('system', 'update_channel', 'stable'),
 	('system', 'updatecheck_data', ''),
-	('system', 'update_notify_last', '2.0.21'),
+	('system', 'update_notify_last', '2.0.23'),
 	('system', 'traffictool', 'goaccess'),
 	('system', 'req_limit_per_interval', 60),
 	('system', 'req_limit_interval', 60),
@@ -744,7 +744,7 @@ opcache.validate_timestamps'),
 	('panel', 'logo_overridetheme', '0'),
 	('panel', 'logo_overridecustom', '0'),
 	('panel', 'settings_mode', '0'),
-	('panel', 'version', '2.0.21'),
+	('panel', 'version', '2.0.23'),
 	('panel', 'db_version', '202304260');
 
 

install/updates/froxlor/update_2.x.inc.php

@@ -502,3 +502,13 @@ if (Froxlor::isFroxlorVersion('2.0.20')) {
 	Update::showUpdateStep("Updating from 2.0.20 to 2.0.21", false);
 	Froxlor::updateToVersion('2.0.21');
 }
+
+if (Froxlor::isFroxlorVersion('2.0.21')) {
+	Update::showUpdateStep("Updating from 2.0.21 to 2.0.22", false);
+	Froxlor::updateToVersion('2.0.22');
+}
+
+if (Froxlor::isFroxlorVersion('2.0.22')) {
+	Update::showUpdateStep("Updating from 2.0.22 to 2.0.23", false);
+	Froxlor::updateToVersion('2.0.23');
+}

lib/Froxlor/Api/ApiParameter.php

@@ -39,12 +39,12 @@ abstract class ApiParameter
 
 	/**
 	 *
-	 * @param array $params
+	 * @param array|null $params
 	 *            optional, array of parameters (var=>value) for the command
 	 *
 	 * @throws Exception
 	 */
-	public function __construct($params = null)
+	public function __construct(array $params = null)
 	{
 		if (!is_null($params)) {
 			$params = $this->trimArray($params);
@@ -57,7 +57,7 @@ abstract class ApiParameter
 	 *
 	 * @param array $input
 	 *
-	 * @return array
+	 * @return string|array
 	 */
 	private function trimArray($input)
 	{
@@ -79,9 +79,9 @@ abstract class ApiParameter
 	/**
 	 * get specific parameter which also has and unlimited-field
 	 *
-	 * @param string $param
+	 * @param string|null $param
 	 *            parameter to get out of the request-parameter list
-	 * @param string $ul_field
+	 * @param string|null $ul_field
 	 *            parameter to get out of the request-parameter list
 	 * @param bool $optional
 	 *            default: false
@@ -91,7 +91,7 @@ abstract class ApiParameter
 	 * @return mixed
 	 * @throws Exception
 	 */
-	protected function getUlParam($param = null, $ul_field = null, $optional = false, $default = 0)
+	protected function getUlParam(string $param = null, string $ul_field = null, bool $optional = false, $default = 0)
 	{
 		$param_value = (int)$this->getParam($param, $optional, $default);
 		$ul_field_value = $this->getBoolParam($ul_field, true, 0);
@@ -102,11 +102,11 @@ abstract class ApiParameter
 	}
 
 	/**
-	 * get specific parameter from the parameterlist;
+	 * get specific parameter from the parameter list;
 	 * check for existence and != empty if needed.
 	 * Maybe more in the future
 	 *
-	 * @param string $param
+	 * @param string|null $param
 	 *            parameter to get out of the request-parameter list
 	 * @param bool $optional
 	 *            default: false
@@ -116,7 +116,7 @@ abstract class ApiParameter
 	 * @return mixed
 	 * @throws Exception
 	 */
-	protected function getParam($param = null, $optional = false, $default = '')
+	protected function getParam(string $param = null, bool $optional = false, $default = '')
 	{
 		// does it exist?
 		if (!isset($this->cmd_params[$param])) {
@@ -128,7 +128,7 @@ abstract class ApiParameter
 			return $default;
 		}
 		// is it empty? - test really on string, as value 0 is being seen as empty by php
-		if ($this->cmd_params[$param] === "") {
+		if (!is_array($this->cmd_params[$param]) && trim($this->cmd_params[$param]) === "") {
 			if ($optional === false) {
 				// get module + function for better error-messages
 				$inmod = $this->getModFunctionString();
@@ -142,7 +142,7 @@ abstract class ApiParameter
 
 	/**
 	 * returns "module::function()" for better error-messages (missing parameter etc.)
-	 * makes debugging a whole lot more comfortable
+	 * makes debugging a lot more comfortable
 	 *
 	 * @param int $level
 	 *            depth of backtrace, default 2
@@ -152,7 +152,7 @@ abstract class ApiParameter
 	 *
 	 * @return string
 	 */
-	private function getModFunctionString($level = 1, $max_level = 5, $trace = null)
+	private function getModFunctionString(int $level = 1, int $max_level = 5, $trace = null)
 	{
 		// which class called us
 		$_class = get_called_class();
@@ -174,7 +174,7 @@ abstract class ApiParameter
 	/**
 	 * getParam wrapper for boolean parameter
 	 *
-	 * @param string $param
+	 * @param string|null $param
 	 *            parameter to get out of the request-parameter list
 	 * @param bool $optional
 	 *            default: false
@@ -183,7 +183,7 @@ abstract class ApiParameter
 	 *
 	 * @return string
 	 */
-	protected function getBoolParam($param = null, $optional = false, $default = false)
+	protected function getBoolParam(string $param = null, bool $optional = false, $default = false)
 	{
 		$_default = '0';
 		if ($default) {

lib/Froxlor/Api/Commands/Admins.php

@@ -584,6 +584,18 @@ class Admins extends ApiCommand implements ResourceEntity
 					$theme = Settings::Get('panel.default_theme');
 				}
 
+				if (empty(trim($name))) {
+					Response::standardError([
+						'stringisempty',
+						'admin.name'
+					], '', true);
+				}
+				if (empty(trim($email))) {
+					Response::standardError([
+						'stringisempty',
+						'admin.email'
+					], '', true);
+				}
 				if (!Validate::validateEmail($email)) {
 					Response::standardError('emailiswrong', $email, true);
 				} else {

lib/Froxlor/Api/Commands/HostingPlans.php

@@ -200,8 +200,8 @@ class HostingPlans extends ApiCommand implements ResourceEntity
 			$value_arr['logviewenabled'] = $this->getBoolParam('logviewenabled', true, 0);
 
 			// validation
-			$name = Validate::validate(trim($name), 'name', '', '', [], true);
-			$description = Validate::validate(str_replace("\r\n", "\n", $description), 'description', Validate::REGEX_DESC_TEXT);
+			$name = Validate::validate(trim($name), 'name', Validate::REGEX_DESC_TEXT, '', [], true);
+			$description = Validate::validate(str_replace("\r\n", "\n", $description), 'description', Validate::REGEX_CONF_TEXT);
 
 			if (Settings::Get('system.mail_quota_enabled') != '1') {
 				$value_arr['email_quota'] = -1;
@@ -382,8 +382,8 @@ class HostingPlans extends ApiCommand implements ResourceEntity
 			$value_arr['logviewenabled'] = $this->getBoolParam('logviewenabled', true, $result['logviewenabled']);
 
 			// validation
-			$name = Validate::validate(trim($name), 'name', '', '', [], true);
-			$description = Validate::validate(str_replace("\r\n", "\n", $description), 'description', Validate::REGEX_DESC_TEXT);
+			$name = Validate::validate(trim($name), 'name', Validate::REGEX_DESC_TEXT, '', [], true);
+			$description = Validate::validate(str_replace("\r\n", "\n", $description), 'description', Validate::REGEX_CONF_TEXT);
 
 			if (Settings::Get('system.mail_quota_enabled') != '1') {
 				$value_arr['email_quota'] = -1;

lib/Froxlor/Api/Commands/IpsAndPorts.php

@@ -175,9 +175,9 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 			$docroot = Validate::validate($this->getParam('docroot', true, ''), 'docroot', Validate::REGEX_DIR, '', [], true);
 
 			if ((int)Settings::Get('system.use_ssl') == 1) {
-				$ssl = !empty($this->getBoolParam('ssl', true, 0)) ? intval($this->getBoolParam('ssl', true, 0)) : 0;
-				$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', $ssl, ''), 'ssl_cert_file', '', '', [], true);
-				$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', $ssl, ''), 'ssl_key_file', '', '', [], true);
+				$ssl = (bool)$this->getBoolParam('ssl', true, 0);
+				$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', !$ssl, ''), 'ssl_cert_file', '', '', [], true);
+				$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', !$ssl, ''), 'ssl_key_file', '', '', [], true);
 				$ssl_ca_file = Validate::validate($this->getParam('ssl_ca_file', true, ''), 'ssl_ca_file', '', '', [], true);
 				$ssl_cert_chainfile = Validate::validate($this->getParam('ssl_cert_chainfile', true, ''), 'ssl_cert_chainfile', '', '', [], true);
 				$sslss = $this->getParam('ssl_specialsettings', true, '');
@@ -414,9 +414,9 @@ class IpsAndPorts extends ApiCommand implements ResourceEntity
 			$docroot = Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', Validate::REGEX_DIR, '', [], true);
 
 			if ((int)Settings::Get('system.use_ssl') == 1) {
-				$ssl = $this->getBoolParam('ssl', true, $result['ssl']);
-				$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', $ssl, $result['ssl_cert_file']), 'ssl_cert_file', '', '', [], true);
-				$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', $ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', [], true);
+				$ssl = (bool)$this->getBoolParam('ssl', true, $result['ssl']);
+				$ssl_cert_file = Validate::validate($this->getParam('ssl_cert_file', !$ssl, $result['ssl_cert_file']), 'ssl_cert_file', '', '', [], true);
+				$ssl_key_file = Validate::validate($this->getParam('ssl_key_file', !$ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', [], true);
 				$ssl_ca_file = Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', [], true);
 				$ssl_cert_chainfile = Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', [], true);
 				$sslss = $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings']);

lib/Froxlor/Cli/ConfigDiff.php

@@ -0,0 +1,178 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, you can also view it online at
+ * https://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  the authors
+ * @author     Froxlor team <team@froxlor.org>
+ * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
+ */
+
+namespace Froxlor\Cli;
+
+use Froxlor\Config\ConfigParser;
+use Froxlor\FileDir;
+use Froxlor\Froxlor;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+
+final class ConfigDiff extends CliCommand
+{
+	protected function configure(): void
+	{
+		$this->setName('froxlor:config-diff')
+			->setDescription('Shows differences in config templates between OS versions')
+			->addArgument('from', InputArgument::OPTIONAL, 'OS version to compare against')
+			->addArgument('to', InputArgument::OPTIONAL, 'OS version to compare from')
+			->addOption('list', 'l', InputOption::VALUE_NONE, 'List all possible OS versions')
+			->addOption('diff-params', '', InputOption::VALUE_REQUIRED, 'Additional parameters for `diff`, e.g. --diff-params="--color=always"');
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output): int
+	{
+		require Froxlor::getInstallDir() . '/lib/functions.php';
+
+		$parsers = $versions = [];
+		foreach (glob(Froxlor::getInstallDir() . '/lib/configfiles/*.xml') as $config) {
+			$name = str_replace(".xml", "", strtolower(basename($config)));
+			$parser = new ConfigParser($config);
+			$versions[$name] = $parser->getCompleteDistroName();
+			$parsers[$name] = $parser;
+		}
+		asort($versions);
+
+		if ($input->getOption('list') === true) {
+			$output->writeln('The following OS version templates are available:');
+			foreach ($versions as $k => $v) {
+				$output->writeln(str_pad($k, 20) . $v);
+			}
+			return self::SUCCESS;
+		}
+
+		if (!$input->hasArgument('from') || !array_key_exists($input->getArgument('from'), $versions)) {
+			$output->writeln('<error>Missing or invalid "from" argument.</error>');
+			$output->writeln('Available versions: ' . implode(', ', array_keys($versions)));
+			return self::INVALID;
+		}
+
+		if (!$input->hasArgument('to') || !array_key_exists($input->getArgument('to'), $versions)) {
+			$output->writeln('<error>Missing or invalid "to" argument.</error>');
+			$output->writeln('Available versions: ' . implode(', ', array_keys($versions)));
+			return self::INVALID;
+		}
+
+		// Make sure diff is installed
+		$check_diff_installed = FileDir::safe_exec('which diff');
+		if (count($check_diff_installed) === 0) {
+			$output->writeln('<error>Unable to find "diff" installation on your system.</error>');
+			return self::INVALID;
+		}
+
+		$parser_from = $parsers[$input->getArgument('from')];
+		$parser_to = $parsers[$input->getArgument('to')];
+		$tmp_from = tempnam(sys_get_temp_dir(), 'froxlor_config_diff_from');
+		$tmp_to = tempnam(sys_get_temp_dir(), 'froxlor_config_diff_to');
+		$files = [];
+		$titles_by_key = [];
+
+		// Aggregate content for each config file
+		foreach ([[$parser_from, 'from'], [$parser_to, 'to']] as $todo) {
+			foreach ($todo[0]->getServices() as $service_type => $service) {
+				foreach ($service->getDaemons() as $daemon_name => $daemon) {
+					foreach ($daemon->getConfig() as $instruction) {
+						if ($instruction['type'] !== 'file') {
+							continue;
+						}
+
+						if (isset($instruction['subcommands'])) {
+							foreach ($instruction['subcommands'] as $subinstruction) {
+								if ($subinstruction['type'] !== 'file') {
+									continue;
+								}
+
+								$content = $subinstruction['content'];
+							}
+						} else {
+							$content = $instruction['content'];
+						}
+
+						if (!isset($content)) {
+							throw new \Exception("Cannot find content for {$instruction['name']}");
+						}
+
+						$key = "{$service_type}_{$daemon_name}_{$instruction['name']}";
+						$titles_by_key[$key] = "{$service->title} : {$daemon->title} : {$instruction['name']}";
+						if (!isset($files[$key])) {
+							$files[$key] = ['from' => '', 'to' => ''];
+						}
+						$files[$key][$todo[1]] = $this->filterContent($content);
+					}
+				}
+			}
+		}
+		ksort($files);
+
+		$diff_params = '';
+		if ($input->hasOption('diff-params') && trim($input->getOption('diff-params')) !== '') {
+			$diff_params = trim($input->getOption('diff-params'));
+		}
+
+		// Run diff on each file and output, if anything changed
+		foreach ($files as $file_key => $content) {
+			file_put_contents($tmp_from, $content['from']);
+			file_put_contents($tmp_to, $content['to']);
+			$diff_output = FileDir::safe_exec("{$check_diff_installed[0]} {$diff_params} {$tmp_from} {$tmp_to}");
+
+			if (count($diff_output) === 0) {
+				continue;
+			}
+
+			$output->writeln('<info># ' . $titles_by_key[$file_key] . '</info>');
+			$output->writeln(implode("\n", $diff_output) . "\n");
+			unset($diff_output);
+		}
+
+		// Remove tmp files again
+		unlink($tmp_from);
+		unlink($tmp_to);
+
+		return self::SUCCESS;
+	}
+
+	private function filterContent(string $content): string
+	{
+		$new_content = '';
+
+		foreach (explode("\n", $content) as $n) {
+			$n = trim($n);
+			if (!$n) {
+				continue;
+			}
+
+			if (str_starts_with($n, '#')) {
+				continue;
+			}
+
+			$new_content .= $n . "\n";
+		}
+
+		return $new_content;
+	}
+}

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -236,9 +236,12 @@ class AcmeSh extends FroxlorCron
 		return false;
 	}
 
-	private static function checkFsFilesAreNewer($domain, $cert_date = 0)
+	private static function checkFsFilesAreNewer($domain, $cert_date = 0): bool
 	{
-		$certificate_folder = self::getWorkingDirFromEnv(strtolower($domain));
+		$certificate_folder = self::getCertificateFolder(strtolower($domain));
+		if (empty($certificate_folder)) {
+			return false;
+		}
 		$ssl_file = FileDir::makeCorrectFile($certificate_folder . '/' . strtolower($domain) . '.cer');
 
 		if (is_dir($certificate_folder) && file_exists($ssl_file) && is_readable($ssl_file)) {
@@ -250,9 +253,13 @@ class AcmeSh extends FroxlorCron
 		return false;
 	}
 
-	public static function getWorkingDirFromEnv($domain = "", $forced_noecc = false)
+	public static function getWorkingDirFromEnv($domain = "", $forced_ecc = false): string
 	{
-		if (Settings::Get('system.leecc') > 0 && !$forced_noecc) {
+		// first try without _ecc either if it's enabled currently or not as
+		// it might have been at some point so there is a chance we have certificates
+		// with and without _ecc - the method getCertificateFolder() will check both
+		// possibilities
+		if ($forced_ecc) {
 			$domain .= "_ecc";
 		}
 		$env_file = FileDir::makeCorrectFile(dirname(self::getAcmeSh()) . '/acme.sh.env');
@@ -262,7 +269,7 @@ class AcmeSh extends FroxlorCron
 cut -d'"' -f2
 EOC;
 			exec('grep "LE_WORKING_DIR" ' . escapeshellarg($env_file) . ' | ' . $cut, $output);
-			if (is_array($output) && !empty($output) && isset($output[0]) && !empty($output[0])) {
+			if (is_array($output) && !empty($output) && !empty($output[0])) {
 				return FileDir::makeCorrectDir($output[0] . "/" . $domain);
 			}
 		}
@@ -635,35 +642,21 @@ EOC;
 	 */
 	private static function readCertificateToVar($domain, &$return, &$cronlog)
 	{
-		$certificate_folder = self::getWorkingDirFromEnv($domain);
-		$certificate_folder_noecc = null;
-		if (Settings::Get('system.leecc') > 0) {
-			$certificate_folder_noecc = self::getWorkingDirFromEnv($domain, true);
-		}
-		$certificate_folder = FileDir::makeCorrectDir($certificate_folder);
+		$certificate_folder = self::getCertificateFolder($domain);
 
-		if (is_dir($certificate_folder) || is_dir($certificate_folder_noecc)) {
-			foreach (
-				[
-					'crt' => $domain . '.cer',
-					'key' => $domain . '.key',
-					'chain' => 'ca.cer',
-					'fullchain' => 'fullchain.cer',
-					'csr' => $domain . '.csr'
-				] as $index => $sslfile
-			) {
+		if (!empty($certificate_folder)) {
+			$certificate_files = [
+				'crt' => $domain . '.cer',
+				'key' => $domain . '.key',
+				'chain' => 'ca.cer',
+				'fullchain' => 'fullchain.cer',
+				'csr' => $domain . '.csr'
+			];
+			foreach ($certificate_files as $index => $sslfile) {
 				$ssl_file = FileDir::makeCorrectFile($certificate_folder . '/' . $sslfile);
 				if (file_exists($ssl_file)) {
 					$return[$index] = file_get_contents($ssl_file);
 				} else {
-					if (!empty($certificate_folder_noecc)) {
-						$ssl_file_fb = FileDir::makeCorrectFile($certificate_folder_noecc . '/' . $sslfile);
-						if (file_exists($ssl_file_fb)) {
-							$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "ECC certificates activated but found only non-ecc file");
-							$return[$index] = file_get_contents($ssl_file_fb);
-							continue;
-						}
-					}
 					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find file '" . $sslfile . "' in '" . $certificate_folder . "'");
 					$return[$index] = null;
 				}
@@ -672,4 +665,18 @@ EOC;
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find certificate-folder '" . $certificate_folder . "'");
 		}
 	}
+
+	private static function getCertificateFolder(string $domain): string
+	{
+		$certificate_folder = self::getWorkingDirFromEnv(strtolower($domain));
+		if (file_exists($certificate_folder)) {
+			return $certificate_folder;
+		}
+		$certificate_folder_ecc = self::getWorkingDirFromEnv($domain, true);
+		if (file_exists($certificate_folder_ecc)) {
+			return $certificate_folder_ecc;
+		}
+		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not find certificate-folder for domain '" . $domain . "'");
+		return "";
+	}
 }

lib/Froxlor/Cron/Http/Nginx.php

@@ -883,13 +883,7 @@ class Nginx extends HttpConfigBase
 		// remove comments
 		$vhost = implode("\n", preg_replace('/^(\s+)?#(.*)$/', '', explode("\n", $vhost)));
 		// Break blocks into lines
-		$vhost = str_replace([
-			"{",
-			"}"
-		], [
-			" {\n",
-			"\n}"
-		], $vhost);
+		$vhost = preg_replace("/^(\s+)location(.+)\{(.+)\}$/misU", "location $2 {\n $3 \n}", $vhost);
 		// Break into array items
 		$vhost = explode("\n", preg_replace('/[ \t]+/', ' ', trim(preg_replace('/\t+/', '', $vhost))));
 		// Remove empty lines

lib/Froxlor/CurrentUser.php

@@ -25,10 +25,10 @@
 
 namespace Froxlor;
 
-use Froxlor\Database\Database;
-use Froxlor\UI\Collection;
 use Froxlor\Api\Commands\Customers;
 use Froxlor\Api\Commands\SubDomains;
+use Froxlor\Database\Database;
+use Froxlor\UI\Collection;
 
 /**
  * Class to manage the current user / session
@@ -153,7 +153,7 @@ class CurrentUser
 		} elseif ($resource == 'subdomains') {
 			$parentDomainCollection = (new Collection(SubDomains::class, $_SESSION['userinfo'],
 				['sql_search' => ['d.parentdomainid' => 0]]));
-			$addition = $parentDomainCollection != 0;
+			$addition = $parentDomainCollection->count() != 0;
 		} elseif ($resource == 'domains') {
 			$customerCollection = (new Collection(Customers::class, $_SESSION['userinfo']));
 			$addition = $customerCollection != 0;

lib/Froxlor/Domain/IpAddr.php

@@ -55,6 +55,7 @@ class IpAddr
 
 	/**
 	 * @return array
+	 * @throws \Exception
 	 */
 	public static function getSslIpPortCombinations(): array
 	{
@@ -75,7 +76,7 @@ class IpAddr
 		$additional_conditions_params = [];
 		$additional_conditions_array = [];
 
-		if ($userinfo['ip'] != '-1') {
+		if (!empty($userinfo) && $userinfo['ip'] != '-1') {
 			$admin_ip_stmt = Database::prepare("
 				SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `id` = IN (:ipid)
 			");

lib/Froxlor/Froxlor.php

@@ -31,7 +31,7 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '2.0.21';
+	const VERSION = '2.0.23';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
 	const DBVERSION = '202304260';

lib/Froxlor/Install/Install/Core.php

@@ -448,7 +448,11 @@ class Core
 				$reload = "service php" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "-fpm restart";
 				$config_dir = "/etc/php/" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "/fpm/pool.d/";
 				// fcgid
-				$binary = "/usr/bin/php" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "-cgi";
+				if ($this->validatedData['distribution'] == 'bookworm') {
+					$binary = "/usr/bin/php-cgi" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;
+				} else {
+					$binary = "/usr/bin/php" . PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION . "-cgi";
+				}
 			}
 			$db_user->query("UPDATE `" . TABLE_PANEL_FPMDAEMONS . "` SET `reload_cmd` = '" . $reload . "', `config_dir` = '" . $config_dir . "' WHERE `id` ='1';");
 			$db_user->query("UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET `binary` = '" . $binary . "';");

lib/Froxlor/UI/Panel/UI.php

@@ -290,7 +290,8 @@ class UI
 		];
 	}
 
-	public static function validateThemeTemplate(string $name, string $theme = "") {
+	public static function validateThemeTemplate(string $name, string $theme = "")
+	{
 		if (empty(trim($theme))) {
 			$theme = self::getTheme();
 		}

lib/Froxlor/Validate/Validate.php

@@ -260,7 +260,7 @@ class Validate
 	}
 
 	/**
-	 * Returns if an emailaddress is in correct format or not
+	 * Returns if an email-address is in correct format or not
 	 *
 	 * @param string $email The email address to check
 	 *

lib/configfiles/bookworm.xml

@@ -2600,7 +2600,6 @@ ServerName                     "<SERVERNAME> FTP Server"
 ServerType			standalone
 DeferWelcome			off
 
-MultilineRFC2228		on
 DefaultServer			on
 ShowSymlinks			on
 
@@ -2939,7 +2938,6 @@ SQLNamedQuery get-quota-limit SELECT "ftp_users.username AS name, ftp_quotalimit
 SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used,bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM ftp_quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
 SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used= files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name= '%{6}' AND quota_type = '%{7}'" ftp_quotatallies
 SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4},%{5}, %{6}, %{7}" ftp_quotatallies
-
 </IfModule>
 ]]>
 						</content>
@@ -2955,7 +2953,7 @@ TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
 TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
 TLSECCertificateFile                    /etc/ssl/certs/proftpd_ec.crt
 TLSECCertificateKeyFile                 /etc/ssl/private/proftpd_ec.key
-TLSOptions                              NoCertRequest NoSessionReuseRequired
+TLSOptions                              NoSessionReuseRequired
 TLSVerifyClient                         off
 
 # Are clients required to use FTP over TLS when talking to this server?
@@ -3317,7 +3315,7 @@ aliases:     files
 						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_configdir}}]]></command>
 						<command><![CDATA[mkdir -p {{settings.system.mod_fcgid_tmpdir}}]]></command>
 						<command><![CDATA[chmod 1777 {{settings.system.mod_fcgid_tmpdir}}]]></command>
-						<command><![CDATA[a2dismod php8.1]]></command>
+						<command><![CDATA[a2dismod php8.2]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->
@@ -3350,7 +3348,7 @@ aliases:     files
 						</visibility>
 						<visibility mode="true">{{settings.phpfpm.enabled_ownvhost}}
 						</visibility>
-						<command><![CDATA[a2dismod php8.1]]></command>
+						<command><![CDATA[a2dismod php8.2]]></command>
 					</commands>
 					<!-- instead of just restarting apache, we let the cronjob do all the
 						dirty work -->

lib/init.php

@@ -181,8 +181,10 @@ if (@file_exists('templates/' . $theme . '/config.json')) {
 }
 
 // check for existence of variant in theme
-if (is_array($_themeoptions) && (!array_key_exists('variants', $_themeoptions) || !array_key_exists($themevariant,
-			$_themeoptions['variants']))) {
+if (is_array($_themeoptions) && (!array_key_exists('variants', $_themeoptions) || !array_key_exists(
+    $themevariant,
+    $_themeoptions['variants']
+))) {
 	$themevariant = "default";
 }
 
@@ -216,12 +218,11 @@ UI::twig()->addGlobal('header_logo', $header_logo);
 if (!CurrentUser::hasSession() && AREA != 'login') {
 	unset($_SESSION['userinfo']);
 	CurrentUser::setData();
-	session_destroy();
-	$params = [
-		"script" => basename($_SERVER["SCRIPT_NAME"]),
-		"qrystr" => $_SERVER["QUERY_STRING"]
+	$_SESSION = [
+		"lastscript" => basename($_SERVER["SCRIPT_NAME"]),
+		"lastqrystr" => $_SERVER["QUERY_STRING"]
 	];
-	Response::redirectTo('index.php', $params);
+	Response::redirectTo('index.php');
 	exit();
 }
 

lib/navigation/00.froxlor.main.php

@@ -38,7 +38,7 @@ return [
 					'url' => 'customer_email.php?page=emails',
 					'label' => lng('menue.email.emails'),
 					'required_resources' => 'emails',
-					'add_shortlink' => CurrentUser::canAddResource('emails') ? 'customer_email.php?page=emails&action=add' : null,
+					'add_shortlink' => !CurrentUser::isAdmin() && CurrentUser::canAddResource('emails') ? 'customer_email.php?page=email_domain&action=add' : null,
 				],
 				[
 					'url' => Settings::Get('panel.webmail_url'),
@@ -60,7 +60,7 @@ return [
 					'url' => 'customer_mysql.php?page=mysqls',
 					'label' => lng('menue.mysql.databases'),
 					'required_resources' => 'mysqls',
-					'add_shortlink' => CurrentUser::canAddResource('mysqls')? 'customer_mysql.php?page=mysqls&action=add' : null,
+					'add_shortlink' => !CurrentUser::isAdmin() && CurrentUser::canAddResource('mysqls')? 'customer_mysql.php?page=mysqls&action=add' : null,
 				],
 				[
 					'url' => Settings::Get('panel.phpmyadmin_url'),
@@ -81,7 +81,7 @@ return [
 				[
 					'url' => 'customer_domains.php?page=domains',
 					'label' => lng('menue.domains.settings'),
-					'add_shortlink' => CurrentUser::canAddResource('subdomains') ? 'customer_domains.php?page=domains&action=add' : null,
+					'add_shortlink' => !CurrentUser::isAdmin() && CurrentUser::canAddResource('subdomains') ? 'customer_domains.php?page=domains&action=add' : null,
 				],
 				[
 					'url' => 'customer_domains.php?page=sslcertificates',
@@ -98,7 +98,7 @@ return [
 				[
 					'url' => 'customer_ftp.php?page=accounts',
 					'label' => lng('menue.ftp.accounts'),
-					'add_shortlink' => CurrentUser::canAddResource('ftps') ? 'customer_ftp.php?page=accounts&action=add' : null,
+					'add_shortlink' => !CurrentUser::isAdmin() && CurrentUser::canAddResource('ftps') ? 'customer_ftp.php?page=accounts&action=add' : null,
 				],
 				[
 					'url' => Settings::Get('panel.webftp_url'),