Merge remote-tracking branch 'origin/main' into v2.2

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -15,7 +15,8 @@ assignees: ''
 A clear and concise description of what the bug is.
 
 **System information**
-* Froxlor version: $version/$gitSHA1
+* Froxlor version: \$version/\$gitSHA1
+* PHP sapi & version: php-fpm 8.3 / fcgid 8.0 / etc.
 * Web server: apache2/nginx/lighttpd
 * DNS server: Bind/PowerDNS (standalone)/PowerDNS (Bind-backend)
 * POP/IMAP server: Courier/Dovecot

.github/workflows/build-docs.yml

@@ -2,7 +2,8 @@ name: build-documentation
 
 on:
   release:
-    types: [published]
+    # only run for stable releases
+    types: [released]
 
 jobs:
   build_docs:

.github/workflows/build-mariadb.yml

@@ -8,18 +8,18 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: [ '7.4', '8.2' ]
+        php-versions: [ '7.4', '8.3' ]
         mariadb-version: [ 10.11, 10.5 ]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup PHP, with composer and extensions
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
           tools: composer:v2
-          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp, gnupg
+          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp
 
       - name: Install tools
         run: sudo apt-get install -y ant
@@ -53,11 +53,11 @@ jobs:
     name: Create nightly/testing tarball
     runs-on: ubuntu-latest
     needs: froxlor
-    if: ${{ github.event_name == 'push' }}
+    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup PHP with PECL extension
         uses: shivammathur/setup-php@v2
@@ -70,9 +70,9 @@ jobs:
         run: composer install --no-dev
 
       - name: Install Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: '20.x'
+          node-version: '22.x'
 
       - name: Install npm dependencies
         run: npm install
@@ -119,8 +119,8 @@ jobs:
           mv froxlor-nightly.${{steps.vars.outputs.sha_short}}.zip.sha256 dist/
 
       - name: Deploy nightly to server
-        uses: easingthemes/ssh-deploy@v3.4.3
-        env:
+        uses: easingthemes/ssh-deploy@main
+        with:
           ARGS: "-rltDzvO --chown=${{ secrets.WEB_USER }}:${{ secrets.WEB_USER }}"
           SOURCE: "dist/"
           SSH_PRIVATE_KEY: ${{ secrets.SERVER_SSH_KEY }}

.github/workflows/build-mysql.yml

@@ -8,18 +8,18 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: ['7.4', '8.2']
+        php-versions: ['7.4', '8.3']
         mysql-version: [8.0, 5.7]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup PHP, with composer and extensions
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
           tools: composer:v2
-          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp, gnupg
+          extensions: mbstring, xml, ctype, pdo_mysql, mysql, curl, json, zip, session, filter, posix, openssl, fileinfo, bcmath, gmp
 
       - name: Install tools
         run: sudo apt-get install -y ant
@@ -39,16 +39,7 @@ jobs:
       - name: Wait for database
         run: sleep 15
 
-      - name: Setup database (8.0)
-        if: matrix.mysql-version == '8.0'
-        run: |
-          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'%' IDENTIFIED WITH mysql_native_password BY 'fr0xl0r.TravisCI';"
-          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'%';"
-          php -r "echo include('install/froxlor.sql.php');" > /tmp/froxlor.sql
-          mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI froxlor010 < /tmp/froxlor.sql
-
-      - name: Setup database (5.7)
-        if: matrix.mysql-version == '5.7'
+      - name: Setup database
         run: |
           mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "CREATE USER 'froxlor010'@'%' IDENTIFIED BY 'fr0xl0r.TravisCI';"
           mysql -h 127.0.0.1 --protocol=TCP -u root -pfr0xl0r.TravisCI -e "GRANT ALL ON froxlor010.* TO 'froxlor010'@'%';"

.gitignore

@@ -10,6 +10,7 @@ logs/*
 .settings/
 .test/
 *.diff
+*.patch
 *~
 .well-known
 .idea
@@ -23,4 +24,5 @@ templates/*
 !templates/index.html
 !templates/Froxlor/
 templates/Froxlor/build/
+templates/Froxlor/hot
 !templates/misc/

2fa.php

@@ -33,6 +33,7 @@ use Froxlor\FroxlorLogger;
 use Froxlor\FroxlorTwoFactorAuth;
 use Froxlor\Settings;
 use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\PhpHelper;
 use Froxlor\User;
@@ -63,7 +64,7 @@ if ($action == 'delete') {
 	]);
 	Response::standardSuccess('2fa.2fa_removed');
 } elseif ($action == 'preadd') {
-	$type = isset($_POST['type_2fa']) ? $_POST['type_2fa'] : '0';
+	$type = Request::post('type_2fa', '0');
 
 	$data = "";
 	if ($type > 0) {
@@ -107,9 +108,9 @@ if ($action == 'delete') {
 		Response::dynamicError('Select one of the possible values for 2FA');
 	}
 } elseif ($action == 'add') {
-	$type = isset($_POST['type_2fa']) ? $_POST['type_2fa'] : '0';
-	$data = isset($_POST['data_2fa']) ? $_POST['data_2fa'] : '';
-	$code = isset($_POST['codevalidation']) ? $_POST['codevalidation'] : '';
+	$type = Request::post('type_2fa', '0');
+	$data = Request::post('data_2fa', '');
+	$code = Request::post('codevalidation', '');
 
 	// validate
 	$result = $tfa->verifyCode($data, $code, 3);

README.md

@@ -10,6 +10,7 @@ Developed by experienced server administrators, this panel simplifies the effort
 ## Installation
 
 ### Fast install
+
 1. Ensure that your webserver serves /var/www/html
 2. Extract froxlor into /var/www/html
 3. Point your browser to http://[ip-of-webserver]/froxlor
@@ -24,6 +25,7 @@ If you have chosen to do the configuration by hand during the installation, you
 3. Follow the steps for your services
 
 ### Detailed installation
+
 https://docs.froxlor.org/latest/general/installation/
 
 ## Help
@@ -49,6 +51,7 @@ May be found in [COPYING](COPYING)
 ## Downloads
 
 ### Tarball
+
 https://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.froxlor.org/releases/froxlor-latest.tar.gz.md5) [SHA1](https://files.froxlor.org/releases/froxlor-latest.tar.gz.sha1)
 
 ### Debian / Ubuntu repository
@@ -58,17 +61,17 @@ https://files.froxlor.org/releases/froxlor-latest.tar.gz [MD5](https://files.fro
 #### Debian
 
 ```
-apt-get -y install apt-transport-https lsb-release ca-certificates curl
+apt -y install apt-transport-https lsb-release ca-certificates curl gnupg
 curl -sSLo /usr/share/keyrings/deb.froxlor.org-froxlor.gpg https://deb.froxlor.org/froxlor.gpg
-echo sh -c '"deb [signed-by=/usr/share/keyrings/deb.froxlor.org-froxlor.gpg] https://deb.froxlor.org/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/froxlor.list'
+sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.froxlor.org-froxlor.gpg] https://deb.froxlor.org/debian $(lsb_release -sc) main" > /etc/apt/sources.list.d/froxlor.list'
 ```
 
 #### Ubuntu
 
 ```
-apt-get -y install apt-transport-https lsb-release ca-certificates curl
+apt -y install apt-transport-https lsb-release ca-certificates curl gnupg
 curl -sSLo /usr/share/keyrings/deb.froxlor.org-froxlor.gpg https://deb.froxlor.org/froxlor.gpg
-echo sh -c '"deb [signed-by=/usr/share/keyrings/deb.froxlor.org-froxlor.gpg] https://deb.froxlor.org/ubuntu $(lsb_release -sc) main" > /etc/apt/sources.list.d/froxlor.list'
+sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.froxlor.org-froxlor.gpg] https://deb.froxlor.org/ubuntu $(lsb_release -sc) main" > /etc/apt/sources.list.d/froxlor.list'
 ```
 
 ## Contributing

SECURITY.md

@@ -10,7 +10,8 @@ With that, good luck hacking us ;)
 
 ## Supported versions
 
-- ️✅ **2.1.x**  (`main` git-branch)
+- ️✅ **2.2.x**  (`main` git-branch)
+- ️✅ **2.1.x**  (`v2.1` git-branch)
 - ❌ 2.0.x (`2.0.x`-tags)
 - ❌ 0.10.x (`0.10.x`-tags)
 - ❌ other git-branches

actions/admin/settings/110.accounts.php

@@ -35,6 +35,7 @@ return [
 					'varname' => 'sessiontimeout',
 					'type' => 'number',
 					'min' => 60,
+					'max' => 31536000,
 					'default' => 600,
 					'save_method' => 'storeSettingField'
 				],

actions/admin/settings/120.system.php

@@ -180,18 +180,6 @@ return [
 					'default' => true,
 					'save_method' => 'storeSettingField'
 				],
-				'system_httpuser' => [
-					'settinggroup' => 'system',
-					'varname' => 'httpuser',
-					'type' => 'hidden',
-					'default' => 'www-data'
-				],
-				'system_httpgroup' => [
-					'settinggroup' => 'system',
-					'varname' => 'httpgroup',
-					'type' => 'hidden',
-					'default' => 'www-data'
-				],
 				'system_report_enable' => [
 					'label' => lng('serversettings.report.report'),
 					'settinggroup' => 'system',
@@ -269,7 +257,8 @@ return [
 					'varname' => 'mail_smtp_user',
 					'type' => 'text',
 					'default' => '',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
+					'autocomplete' => 'off'
 				],
 				'system_mail_smtp_passwd' => [
 					'label' => lng('serversettings.mail_smtp_passwd'),
@@ -277,7 +266,8 @@ return [
 					'varname' => 'mail_smtp_passwd',
 					'type' => 'password',
 					'default' => '',
-					'save_method' => 'storeSettingField'
+					'save_method' => 'storeSettingField',
+					'autocomplete' => 'new-password'
 				],
 				'system_apply_specialsettings_default' => [
 					'label' => lng('serversettings.apply_specialsettings_default'),

actions/admin/settings/122.froxlorvhost.php

@@ -176,6 +176,11 @@ return [
 					'varname' => 'mod_fcgid_httpuser',
 					'type' => 'text',
 					'default' => 'froxlorlocal',
+					'string_emptyallowed' => false,
+					'plausibility_check_method' => [
+						'\\Froxlor\\Validate\\Check',
+						'checkSystemUsername'
+					],
 					'save_method' => 'storeSettingWebserverFcgidFpmUser',
 					'websrv_avail' => [
 						'apache2'
@@ -193,6 +198,7 @@ return [
 					'type' => 'text',
 					'default' => 'froxlorlocal',
 					'save_method' => 'storeSettingField',
+					'string_emptyallowed' => false,
 					'websrv_avail' => [
 						'apache2'
 					],
@@ -243,6 +249,11 @@ return [
 					'varname' => 'vhost_httpuser',
 					'type' => 'text',
 					'default' => 'froxlorlocal',
+					'string_emptyallowed' => false,
+					'plausibility_check_method' => [
+						'\\Froxlor\\Validate\\Check',
+						'checkSystemUsername'
+					],
 					'save_method' => 'storeSettingWebserverFcgidFpmUser',
 					'visible' => Settings::Get('phpfpm.enabled') && call_user_func([
 						'\Froxlor\Settings\FroxlorVhostSettings',
@@ -256,6 +267,7 @@ return [
 					'varname' => 'vhost_httpgroup',
 					'type' => 'text',
 					'default' => 'froxlorlocal',
+					'string_emptyallowed' => false,
 					'save_method' => 'storeSettingField',
 					'visible' => Settings::Get('phpfpm.enabled') && call_user_func([
 						'\Froxlor\Settings\FroxlorVhostSettings',

actions/admin/settings/130.webserver.php

@@ -49,7 +49,7 @@ return [
 					],
 					'requires_reconf' => ['http']
 				],
-				'system_apache_24' => [
+				'system_apache24' => [
 					'label' => lng('serversettings.apache_24'),
 					'settinggroup' => 'system',
 					'varname' => 'apache24',
@@ -104,6 +104,10 @@ return [
 					'varname' => 'httpuser',
 					'type' => 'text',
 					'default' => 'www-data',
+					'plausibility_check_method' => [
+						'\\Froxlor\\Validate\\Check',
+						'checkSystemUsername'
+					],
 					'save_method' => 'storeSettingWebserverFcgidFpmUser'
 				],
 				'system_httpgroup' => [

actions/admin/settings/131.ssl.php

@@ -248,11 +248,40 @@ return [
 					'settinggroup' => 'system',
 					'varname' => 'le_domain_dnscheck_resolver',
 					'type' => 'text',
-					'string_regexp' => '/^(([0-9]+ [a-z0-9\-\._]+, ?)*[0-9]+ [a-z0-9\-\._]+)?$/i',
+					'string_type' => 'validate_ip',
 					'string_emptyallowed' => true,
 					'default' => '',
-					'save_method' => 'storeSettingField'
-				]
+					'save_method' => 'storeSettingField',
+					'advanced_mode' => true
+				],
+				'system_le_renew_services' => [
+					'label' => lng('serversettings.le_renew_services'),
+					'settinggroup' => 'system',
+					'varname' => 'le_renew_services',
+					'type' => 'select',
+					'default' => '',
+					'select_mode' => 'multiple',
+					'option_emptyallowed' => true,
+					'select_var' => [
+						'' => lng('panel.none_value'),
+						'postfix' => 'postfix (smtp)',
+						'dovecot' => 'dovecot (imap/pop3)',
+						'proftpd' => 'proftpd (ftp)',
+					],
+					'save_method' => 'storeSettingFieldInsertUpdateServicesTask',
+					'advanced_mode' => true
+				],
+				'system_le_renew_hook' => [
+					'label' => lng('serversettings.le_renew_hook'),
+					'settinggroup' => 'system',
+					'varname' => 'le_renew_hook',
+					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
+					'default' => 'systemctl restart postfix dovecot proftpd',
+					'save_method' => 'storeSettingFieldInsertUpdateServicesTask',
+					'advanced_mode' => true,
+					'required_otp' => true
+				],
 			]
 		]
 	]

actions/admin/settings/180.antispam.php

@@ -0,0 +1,156 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, you can also view it online at
+ * https://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  the authors
+ * @author     Froxlor team <team@froxlor.org>
+ * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
+ */
+
+return [
+	'groups' => [
+		'antispam' => [
+			'title' => lng('admin.antispam_settings'),
+			'icon' => 'fa-solid fa-clipboard-check',
+			'fields' => [
+				'antispam_activated' => [
+					'label' => lng('antispam.activated'),
+					'settinggroup' => 'antispam',
+					'varname' => 'activated',
+					'type' => 'checkbox',
+					'default' => true,
+					'overview_option' => true,
+					'save_method' => 'storeSettingFieldInsertAntispamTask',
+				],
+				'antispam_config_file' => [
+					'label' => lng('antispam.config_file'),
+					'settinggroup' => 'antispam',
+					'varname' => 'config_file',
+					'type' => 'text',
+					'string_type' => 'file',
+					'default' => '/etc/rspamd/local.d/froxlor_settings.conf',
+					'save_method' => 'storeSettingFieldInsertAntispamTask',
+					'requires_reconf' => ['antispam']
+				],
+				'antispam_reload_command' => [
+					'label' => lng('antispam.reload_command'),
+					'settinggroup' => 'antispam',
+					'varname' => 'reload_command',
+					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
+					'default' => 'service rspamd restart',
+					'save_method' => 'storeSettingField',
+					'required_otp' => true
+				],
+				'antispam_default_bypass_spam' => [
+					'label' => lng('antispam.default_bypass_spam'),
+					'settinggroup' => 'antispam',
+					'varname' => 'default_bypass_spam',
+					'type' => 'select',
+					'default' => 2,
+					'select_var' => [
+						1 => lng('antispam.default_select.on_changeable'),
+						2 => lng('antispam.default_select.off_changeable'),
+						3 => lng('antispam.default_select.on_unchangeable'),
+						4 => lng('antispam.default_select.off_unchangeable'),
+					],
+					'save_method' => 'storeSettingField',
+					'advanced_mode' => true
+				],
+				'antispam_default_spam_rewrite_subject' => [
+					'label' => lng('antispam.default_spam_rewrite_subject'),
+					'settinggroup' => 'antispam',
+					'varname' => 'default_spam_rewrite_subject',
+					'type' => 'select',
+					'default' => 1,
+					'select_var' => [
+						1 => lng('antispam.default_select.on_changeable'),
+						2 => lng('antispam.default_select.off_changeable'),
+						3 => lng('antispam.default_select.on_unchangeable'),
+						4 => lng('antispam.default_select.off_unchangeable'),
+					],
+					'save_method' => 'storeSettingField',
+					'advanced_mode' => true
+				],
+				'antispam_default_policy_greylist' => [
+					'label' => lng('antispam.default_policy_greylist'),
+					'settinggroup' => 'antispam',
+					'varname' => 'default_policy_greylist',
+					'type' => 'select',
+					'default' => 1,
+					'select_var' => [
+						1 => lng('antispam.default_select.on_changeable'),
+						2 => lng('antispam.default_select.off_changeable'),
+						3 => lng('antispam.default_select.on_unchangeable'),
+						4 => lng('antispam.default_select.off_unchangeable'),
+					],
+					'save_method' => 'storeSettingField',
+					'advanced_mode' => true
+				],
+				'antispam_dkim_keylength' => [
+					'label' => lng('antispam.dkim_keylength'),
+					'settinggroup' => 'antispam',
+					'varname' => 'dkim_keylength',
+					'type' => 'select',
+					'default' => '1024',
+					'select_var' => [
+						'1024' => '1024 Bit',
+						'2048' => '2048 Bit'
+					],
+					'save_method' => 'storeSettingFieldInsertBindTask',
+					'advanced_mode' => true,
+				],
+				'spf_use_spf' => [
+					'label' => lng('spf.use_spf'),
+					'settinggroup' => 'spf',
+					'varname' => 'use_spf',
+					'type' => 'checkbox',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+				],
+				'spf_spf_entry' => [
+					'label' => lng('spf.spf_entry'),
+					'settinggroup' => 'spf',
+					'varname' => 'spf_entry',
+					'type' => 'text',
+					'string_regexp' => '/^v=spf[a-z0-9:~?\s\.\-\/]+$/i',
+					'default' => 'v=spf1 a mx -all',
+					'save_method' => 'storeSettingField'
+				],
+				'dmarc_use_dmarc' => [
+					'label' => lng('dmarc.use_dmarc'),
+					'settinggroup' => 'dmarc',
+					'varname' => 'use_dmarc',
+					'type' => 'checkbox',
+					'default' => false,
+					'save_method' => 'storeSettingField',
+				],
+				'dmarc_dmarc_entry' => [
+					'label' => lng('dmarc.dmarc_entry'),
+					'settinggroup' => 'dmarc',
+					'varname' => 'dmarc_entry',
+					'type' => 'text',
+					'string_regexp' => '/^v=dmarc1(.+)$/i',
+					'default' => 'v=DMARC1; p=none;',
+					'save_method' => 'storeSettingField'
+				]
+			]
+		]
+	]
+];

actions/admin/settings/180.dkim.php

@@ -1,146 +0,0 @@
-<?php
-
-/**
- * This file is part of the Froxlor project.
- * Copyright (c) 2010 the Froxlor Team (see authors).
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, you can also view it online at
- * https://files.froxlor.org/misc/COPYING.txt
- *
- * @copyright  the authors
- * @author     Froxlor team <team@froxlor.org>
- * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
- */
-
-use Froxlor\Settings;
-
-return [
-	'groups' => [
-		'dkim' => [
-			'title' => lng('admin.dkimsettings'),
-			'icon' => 'fa-solid fa-fingerprint',
-			'fields' => [
-				'dkim_use_dkim' => [
-					'label' => lng('dkim.use_dkim'),
-					'settinggroup' => 'dkim',
-					'varname' => 'use_dkim',
-					'type' => 'checkbox',
-					'default' => false,
-					'save_method' => 'storeSettingFieldInsertBindTask',
-					'overview_option' => true
-				],
-				'dkim_dkim_prefix' => [
-					'label' => lng('dkim.dkim_prefix'),
-					'settinggroup' => 'dkim',
-					'varname' => 'dkim_prefix',
-					'type' => 'text',
-					'string_type' => 'dir',
-					'default' => '/etc/postfix/dkim/',
-					'save_method' => 'storeSettingField'
-				],
-				'dkim_privkeysuffix' => [
-					'label' => lng('dkim.privkeysuffix'),
-					'settinggroup' => 'dkim',
-					'varname' => 'privkeysuffix',
-					'type' => 'text',
-					'string_regexp' => '/^[a-z0-9\._]+$/i',
-					'default' => '.priv',
-					'save_method' => 'storeSettingField',
-					'advanced_mode' => true
-				],
-				'dkim_dkim_domains' => [
-					'label' => lng('dkim.dkim_domains'),
-					'settinggroup' => 'dkim',
-					'varname' => 'dkim_domains',
-					'type' => 'text',
-					'string_regexp' => '/^[a-z0-9\._]+$/i',
-					'default' => 'domains',
-					'save_method' => 'storeSettingField'
-				],
-				'dkim_dkim_dkimkeys' => [
-					'label' => lng('dkim.dkim_dkimkeys'),
-					'settinggroup' => 'dkim',
-					'varname' => 'dkim_dkimkeys',
-					'type' => 'text',
-					'string_regexp' => '/^[a-z0-9\._]+$/i',
-					'default' => 'dkim-keys.conf',
-					'save_method' => 'storeSettingField'
-				],
-				'dkim_dkim_algorithm' => [
-					'label' => lng('dkim.dkim_algorithm'),
-					'settinggroup' => 'dkim',
-					'varname' => 'dkim_algorithm',
-					'type' => 'select',
-					'default' => 'all',
-					'select_mode' => 'multiple',
-					'select_var' => [
-						'all' => 'All',
-						'sha1' => 'SHA1',
-						'sha256' => 'SHA256'
-					],
-					'save_method' => 'storeSettingFieldInsertBindTask',
-					'advanced_mode' => true
-				],
-				'dkim_dkim_servicetype' => [
-					'label' => lng('dkim.dkim_servicetype'),
-					'settinggroup' => 'dkim',
-					'varname' => 'dkim_servicetype',
-					'type' => 'select',
-					'default' => '0',
-					'select_var' => [
-						'0' => 'All',
-						'1' => 'E-Mail'
-					],
-					'save_method' => 'storeSettingFieldInsertBindTask',
-					'advanced_mode' => true
-				],
-				'dkim_dkim_keylength' => [
-					'label' => [
-						'title' => lng('dkim.dkim_keylength.title'),
-						'description' => lng('dkim.dkim_keylength.description', [Settings::Get('dkim.dkim_prefix')])
-					],
-					'settinggroup' => 'dkim',
-					'varname' => 'dkim_keylength',
-					'type' => 'select',
-					'default' => '1024',
-					'select_var' => [
-						'1024' => '1024 Bit',
-						'2048' => '2048 Bit'
-					],
-					'save_method' => 'storeSettingFieldInsertBindTask'
-				],
-				'dkim_dkim_notes' => [
-					'label' => lng('dkim.dkim_notes'),
-					'settinggroup' => 'dkim',
-					'varname' => 'dkim_notes',
-					'type' => 'text',
-					'string_regexp' => '/^[a-z0-9\._]+$/i',
-					'default' => '',
-					'save_method' => 'storeSettingFieldInsertBindTask',
-					'advanced_mode' => true
-				],
-				'dkim_dkimrestart_command' => [
-					'label' => lng('dkim.dkimrestart_command'),
-					'settinggroup' => 'dkim',
-					'varname' => 'dkimrestart_command',
-					'type' => 'text',
-					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
-					'default' => '/etc/init.d/dkim-filter restart',
-					'save_method' => 'storeSettingField',
-					'required_otp' => true
-				]
-			]
-		]
-	]
-];

admin_admins.php

@@ -106,7 +106,7 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
 				Response::standardError('youcantdeleteyourself');
 			}
 
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				Admins::getLocal($userinfo, [
 					'id' => $id
 				])->delete();
@@ -122,9 +122,9 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
 			}
 		}
 	} elseif ($action == 'add') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
-				Admins::getLocal($userinfo, $_POST)->add();
+				Admins::getLocal($userinfo, Request::postAll())->add();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -159,9 +159,9 @@ if (($page == 'admins' || $page == 'overview') && $userinfo['change_serversettin
 		$result = json_decode($json_result, true)['data'];
 
 		if ($result['loginname'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					Admins::getLocal($userinfo, $_POST)->update();
+					Admins::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}

admin_apcuinfo.php

@@ -33,6 +33,7 @@
 
 use Froxlor\FroxlorLogger;
 use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\UI\HTML;
 
@@ -42,7 +43,7 @@ require __DIR__ . '/lib/init.php';
 $horizontal_bar_size = 950; // 1280px window width
 
 if ($action == 'delete' && function_exists('apcu_clear_cache') && $userinfo['change_serversettings'] == '1') {
-	if ($_POST['send'] == 'send') {
+	if (Request::post('send') == 'send') {
 		apcu_clear_cache();
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "cleared APCu cache");
 		header('Location: ' . $linker->getLink([
@@ -117,7 +118,7 @@ if ($page == 'showinfo' && $userinfo['change_serversettings'] == '1') {
 		'uptime' => duration($cache['start_time'])
 	];
 
-	$overview['mem_used_percentage'] = number_format(($overview['mem_used'] / $overview['mem_avail']) * 100, 1);
+	$overview['mem_used_percentage'] = number_format(($overview['mem_used'] / $overview['mem_size']) * 100, 1);
 	$overview['num_hits_percentage'] = number_format(($overview['num_hits'] / $overview['num_hits_and_misses']) * 100,
 		1);
 	$overview['num_misses_percentage'] = number_format(($overview['num_misses'] / $overview['num_hits_and_misses']) * 100,

admin_autoupdate.php

@@ -32,6 +32,7 @@ use Froxlor\FileDir;
 use Froxlor\Install\AutoUpdate;
 use Froxlor\Settings;
 use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 
 if ($page != 'error') {
@@ -110,7 +111,7 @@ if ($page == 'overview') {
 } // download the new archive
 elseif ($page == 'getdownload') {
 	// retrieve the new version from the form
-	$newversion = isset($_POST['newversion']) ? $_POST['newversion'] : null;
+	$newversion = Request::post('newversion');
 
 	$result = 6;
 	// valid?
@@ -130,8 +131,8 @@ elseif ($page == 'getdownload') {
 	]);
 } // extract and install new version
 elseif ($page == 'extract') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
-		$toExtract = isset($_POST['archive']) ? $_POST['archive'] : null;
+	if (Request::post('send') == 'send') {
+		$toExtract = Request::post('archive');
 		$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "Extracting " . $localArchive . " to " . Froxlor::getInstallDir());
 		$result = AutoUpdate::extractZip($localArchive);
@@ -145,7 +146,7 @@ elseif ($page == 'extract') {
 		// redirect to update-page
 		Response::redirectTo('admin_updates.php');
 	} else {
-		$toExtract = isset($_GET['archive']) ? $_GET['archive'] : null;
+		$toExtract = Request::get('archive');
 		$localArchive = FileDir::makeCorrectFile(Froxlor::getInstallDir() . '/updates/' . $toExtract);
 	}
 
@@ -192,7 +193,7 @@ elseif ($page == 'extract') {
 } // display error
 elseif ($page == 'error') {
 	// retrieve error-number via url-parameter
-	$errno = isset($_GET['errno']) ? (int)$_GET['errno'] : 0;
+	$errno = Request::get('errno', 0);
 
 	// 2 = no Zlib
 	// 3 = custom version detected

admin_configfiles.php

@@ -60,7 +60,9 @@ if ($userinfo['change_serversettings'] == '1') {
 
 	if (!empty($distribution)) {
 		if (!file_exists($config_dir . '/' . $distribution . ".xml")) {
-			Response::dynamicError("Unknown distribution");
+			// unknown distribution -> redirect to select a valid distribution for config-templates
+			Settings::Set('system.distribution', '');
+			Response::redirectTo('admin_configfiles.php', ['reselect' => 1]);
 		}
 
 		// update setting if different
@@ -91,14 +93,14 @@ if ($userinfo['change_serversettings'] == '1') {
 		asort($distributions_select);
 	}
 
-	if ($distribution != "" && isset($_POST['finish'])) {
-		$valid_keys = ['http', 'dns', 'smtp', 'mail', 'ftp', 'system', 'distro'];
+	if ($distribution != "" && !empty(Request::post('finish'))) {
+		$valid_keys = ['http', 'dns', 'smtp', 'mail', 'antispam', 'ftp', 'system', 'distro'];
 		unset($_POST['finish']);
 		unset($_POST['csrf_token']);
-		$params = $_POST;
+		$params = Request::postAll();
 		$params['distro'] = $distribution;
 		$params['system'] = [];
-		foreach ($_POST['system'] as $sysdaemon) {
+		foreach (Request::post('system', []) as $sysdaemon) {
 			$params['system'][] = $sysdaemon;
 		}
 		// validate params

admin_cronjobs.php

@@ -68,9 +68,9 @@ if (($page == 'cronjobs' || $page == 'overview') && $userinfo['change_serversett
 		}
 		$result = json_decode($json_result, true)['data'];
 		if ($result['cronfile'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					Cronjobs::getLocal($userinfo, $_POST)->update();
+					Cronjobs::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}

admin_customers.php

@@ -98,7 +98,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
 
 			$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "switched user and is now '" . $destination_user . "'");
 
-			$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
+			$target = Request::get('target', 'index');
 			$redirect = "customer_" . $target . ".php";
 			if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) {
 				$redirect = "customer_index.php";
@@ -119,7 +119,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
 		}
 		$result = json_decode($json_result, true)['data'];
 
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
 				$json_result = Customers::getLocal($userinfo, [
 					'id' => $id
@@ -147,11 +147,11 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
 		}
 		$result = json_decode($json_result, true)['data'];
 
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
 				$json_result = Customers::getLocal($userinfo, [
 					'id' => $id,
-					'delete_userfiles' => (isset($_POST['delete_userfiles']) ? (int)$_POST['delete_userfiles'] : 0)
+					'delete_userfiles' => Request::post('delete_userfiles', 0)
 				])->delete();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
@@ -167,9 +167,9 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
 			], $result['loginname']);
 		}
 	} elseif ($action == 'add') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
-				Customers::getLocal($userinfo, $_POST)->add();
+				Customers::getLocal($userinfo, Request::postAll())->add();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -243,9 +243,9 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
 		$result = json_decode($json_result, true)['data'];
 
 		if ($result['loginname'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					Customers::getLocal($userinfo, $_POST)->update();
+					Customers::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -307,6 +307,8 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
 					$hosting_plans[$row['id']] = $row['name'];
 				}
 
+				$admin_select = [];
+				if ($userinfo['customers_see_all'] == '1') {
 					$available_admins_stmt = Database::prepare("
 						SELECT * FROM `" . TABLE_PANEL_ADMINS . "`
 						WHERE (`customers` = '-1' OR `customers` > `customers_used`)
@@ -319,6 +321,7 @@ if (($page == 'customers' || $page == 'overview') && $userinfo['customers'] != '
 					while ($available_admin = $available_admins_stmt->fetch()) {
 						$admin_select[$available_admin['adminid']] = $available_admin['name'] . " (" . $available_admin['loginname'] . ")";
 					}
+				}
 
 				$customer_edit_data = include_once dirname(__FILE__) . '/lib/formfields/admin/customer/formfield.customer_edit.php';
 

admin_domains.php

@@ -100,9 +100,9 @@ if ($page == 'domains' || $page == 'overview') {
 		]);
 
 		if ($result['domain'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send' && $alias_check['count'] == 0) {
+			if (Request::post('send') == 'send' && $alias_check['count'] == 0) {
 				try {
-					Domains::getLocal($userinfo, $_POST)->delete();
+					Domains::getLocal($userinfo, Request::postAll())->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -113,7 +113,7 @@ if ($page == 'domains' || $page == 'overview') {
 			} elseif ($alias_check['count'] > 0) {
 				Response::standardError('domains_cantdeletedomainwithaliases');
 			} else {
-				HTML::askYesNo('admin_domain_reallydelete', $filename, [
+				HTML::askYesNoWithCheckbox('admin_domain_reallydelete', 'admin_customer_alsoremovemail', $filename, [
 					'id' => $id,
 					'page' => $page,
 					'action' => $action
@@ -121,9 +121,9 @@ if ($page == 'domains' || $page == 'overview') {
 			}
 		}
 	} elseif ($action == 'add') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
-				Domains::getLocal($userinfo, $_POST)->add();
+				Domains::getLocal($userinfo, Request::postAll())->add();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -319,7 +319,7 @@ if ($page == 'domains' || $page == 'overview') {
 			$alias_check = $alias_check['count'];
 
 			$domain_emails_result_stmt = Database::prepare("
-				SELECT `email`, `email_full`, `destination`, `popaccountid` AS `number_email_forwarders`
+				SELECT `email`, `email_full`, `destination`, `popaccountid`
 				FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid` = :customerid AND `domainid` = :id
 			");
 			Database::pexecute($domain_emails_result_stmt, [
@@ -355,13 +355,13 @@ if ($page == 'domains' || $page == 'overview') {
 				$usedips[] = $ipsresultrow['id_ipandports'];
 			}
 
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
 					// remove ssl ip/ports if set is empty
-					if (!isset($_POST['ssl_ipandport']) || empty($_POST['ssl_ipandport'])) {
+					if (empty(Request::post('ssl_ipandport'))) {
 						$_POST['remove_ssl_ipandport'] = true;
 					}
-					Domains::getLocal($userinfo, $_POST)->update();
+					Domains::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -572,13 +572,13 @@ if ($page == 'domains' || $page == 'overview') {
 			}
 		}
 	} elseif ($action == 'jqGetCustomerPHPConfigs') {
-		$customerid = intval($_POST['customerid']);
+		$customerid = intval(Request::post('customerid'));
 		$allowed_phpconfigs = Customer::getCustomerDetail($customerid, 'allowed_phpconfigs');
 		echo !empty($allowed_phpconfigs) ? $allowed_phpconfigs : json_encode([]);
 		exit();
 	} elseif ($action == 'jqSpeciallogfileNote') {
-		$domainid = intval($_POST['id']);
-		$newval = intval($_POST['newval']);
+		$domainid = intval(Request::post('id'));
+		$newval = intval(Request::post('newval'));
 		try {
 			$json_result = Domains::getLocal($userinfo, [
 				'id' => $domainid
@@ -593,10 +593,27 @@ if ($page == 'domains' || $page == 'overview') {
 		}
 		echo 0;
 		exit();
+	} elseif ($action == 'jqEmaildomainNote') {
+		$domainid = intval(Request::post('id'));
+		$newval = intval(Request::post('newval'));
+		try {
+			$json_result = Domains::getLocal($userinfo, [
+				'id' => $domainid
+			])->get();
+		} catch (Exception $e) {
+			Response::dynamicError($e->getMessage());
+		}
+		$result = json_decode($json_result, true)['data'];
+		if ((int)$newval == 0 && $newval != $result['isemaildomain']) {
+			echo json_encode(['changed' => true, 'info' => lng('admin.emaildomainwarning')]);
+			exit();
+		}
+		echo 0;
+		exit();
 	} elseif ($action == 'import') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
-			$separator = Validate::validate($_POST['separator'], 'separator');
-			$offset = (int)Validate::validate($_POST['offset'], 'offset', "/[0-9]/i");
+		if (Request::post('send') == 'send') {
+			$separator = Validate::validate(Request::post('separator'), 'separator');
+			$offset = (int)Validate::validate(Request::post('offset'), 'offset', "/[0-9]/i");
 
 			$file_name = $_FILES['file']['tmp_name'];
 
@@ -636,9 +653,9 @@ if ($page == 'domains' || $page == 'overview') {
 			]);
 		}
 	} elseif ($action == 'duplicate') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
-				Domains::getLocal($userinfo, $_POST)->duplicate();
+				Domains::getLocal($userinfo, Request::postAll())->duplicate();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}

admin_index.php

@@ -55,7 +55,7 @@ if ($action == 'logout') {
 		$result = $result['switched_user'];
 		session_regenerate_id(true);
 		CurrentUser::setData($result);
-		$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
+		$target = Request::get('target', 'index');
 		$redirect = "admin_" . $target . ".php";
 		if (!file_exists(\Froxlor\Froxlor::getInstallDir() . "/" . $redirect)) {
 			$redirect = "admin_index.php";
@@ -111,7 +111,7 @@ if ($page == 'overview') {
 
 	$overview['number_domains'] = $number_domains['number_domains'];
 
-	if ((isset($_GET['lookfornewversion']) && $_GET['lookfornewversion'] == 'yes') || (isset($lookfornewversion) && $lookfornewversion == 'yes')) {
+	if (Request::get('lookfornewversion') == 'yes' || (isset($lookfornewversion) && $lookfornewversion == 'yes')) {
 		try {
 			$json_result = Froxlor::getLocal($userinfo)->checkUpdate();
 		} catch (Exception $e) {
@@ -201,16 +201,16 @@ if ($page == 'overview') {
 	$languages = Language::getLanguages();
 
 	if (!empty($_POST)) {
-		if ($_POST['send'] == 'changepassword') {
-			$old_password = Validate::validate($_POST['old_password'], 'old password');
+		if (Request::post('send') == 'changepassword') {
+			$old_password = Validate::validate(Request::post('old_password'), 'old password');
 
 			if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_ADMINS, 'adminid')) {
 				Response::standardError('oldpasswordnotcorrect');
 			}
 
 			try {
-				$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
-				$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
+				$new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');
+				$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -244,9 +244,9 @@ if ($page == 'overview') {
 				$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'changed password');
 				Response::redirectTo($filename);
 			}
-		} elseif ($_POST['send'] == 'changetheme') {
+		} elseif (Request::post('send') == 'changetheme') {
 			if (Settings::Get('panel.allow_theme_change_admin') == 1) {
-				$theme = Validate::validate($_POST['theme'], 'theme');
+				$theme = Validate::validate(Request::post('theme'), 'theme');
 				try {
 					Admins::getLocal($userinfo, [
 						'id' => $userinfo['adminid'],
@@ -259,8 +259,8 @@ if ($page == 'overview') {
 				$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, "changed his/her theme to '" . $theme . "'");
 			}
 			Response::redirectTo($filename);
-		} elseif ($_POST['send'] == 'changelanguage') {
-			$def_language = Validate::validate($_POST['def_language'], 'default language');
+		} elseif (Request::post('send') == 'changelanguage') {
+			$def_language = Validate::validate(Request::post('def_language'), 'default language');
 
 			if (isset($languages[$def_language])) {
 				try {

admin_ipsandports.php

@@ -70,7 +70,7 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['id']) && $result['id'] == $id) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
 					IpsAndPorts::getLocal($userinfo, [
 						'id' => $id
@@ -91,9 +91,9 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
 			}
 		}
 	} elseif ($action == 'add') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
-				IpsAndPorts::getLocal($userinfo, $_POST)->add();
+				IpsAndPorts::getLocal($userinfo, Request::postAll())->add();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -119,9 +119,9 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
 		$result = json_decode($json_result, true)['data'];
 
 		if ($result['ip'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					IpsAndPorts::getLocal($userinfo, $_POST)->update();
+					IpsAndPorts::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -141,9 +141,11 @@ if (($page == 'ipsandports' || $page == 'overview') && $userinfo['change_servers
 			}
 		}
 	} elseif ($action == 'jqCheckIP') {
-		$ip = $_POST['ip'] ?? "";
-		if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE) == false) {
-			// returns notice if private network detected so we can display it
+		$ip = Request::post('ip', '');
+		if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_IPV6)) {
+			echo json_encode('<div id="ipnote" class="invalid-feedback">'.lng('error.invalidip', [$ip]).'</div>');
+		} elseif (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
+			// returns notice if private network detected, so we can display it
 			echo json_encode(lng('admin.ipsandports.ipnote'));
 		} else {
 			echo 0;

admin_logger.php

@@ -31,6 +31,7 @@ use Froxlor\UI\Collection;
 use Froxlor\UI\HTML;
 use Froxlor\UI\Listing;
 use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 
 if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
@@ -55,7 +56,7 @@ if ($page == 'log' && $userinfo['change_serversettings'] == '1') {
 			]
 		]);
 	} elseif ($action == 'truncate') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
 				SysLog::getLocal($userinfo, [
 					'min_to_keep' => 10

admin_message.php

@@ -42,11 +42,11 @@ if ($page == 'message') {
 	if ($action == '') {
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'viewed panel_message');
 
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
-			if ($_POST['recipient'] == 0 && $userinfo['customers_see_all'] == '1') {
+		if (Request::post('send') == 'send') {
+			if (Request::post('recipient', -1) == 0 && $userinfo['customers_see_all'] == '1') {
 				$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to admins');
 				$result = Database::query('SELECT `name`, `email`  FROM `' . TABLE_PANEL_ADMINS . "`");
-			} elseif ($_POST['recipient'] == 1) {
+			} elseif (Request::post('recipient', -1) == 1) {
 				if ($userinfo['customers_see_all'] == '1') {
 					$log->logAction(FroxlorLogger::ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');
 					$result = Database::query('SELECT `firstname`, `name`, `company`, `email`  FROM `' . TABLE_PANEL_CUSTOMERS . "`");
@@ -63,8 +63,8 @@ if ($page == 'message') {
 				Response::standardError('norecipientsgiven');
 			}
 
-			$subject = $_POST['subject'];
-			$message = wordwrap($_POST['message'], 70);
+			$subject = Request::post('subject');
+			$message = wordwrap(Request::post('message'), 70);
 
 			if (!empty($message)) {
 				$mailcounter = 0;
@@ -107,14 +107,14 @@ if ($page == 'message') {
 			}
 		}
 	} elseif ($action == 'showsuccess') {
-		$sentitems = isset($_GET['sentitems']) ? (int)$_GET['sentitems'] : 0;
+		$sentitems = Request::get('sentitems', 0);
 
 		if ($sentitems == 0) {
 			$note_type = 'info';
 			$note_msg = lng('message.norecipients');
 		} else {
 			$note_type = 'success';
-			$note_msg = str_replace('%s', $sentitems, lng('message.success'));
+			$note_msg = lng('message.success', [$sentitems]);
 		}
 	}
 
@@ -128,7 +128,7 @@ if ($page == 'message') {
 	$messages_add_data = include_once dirname(__FILE__) . '/lib/formfields/admin/messages/formfield.messages_add.php';
 
 	UI::view('user/form-note.html.twig', [
-		'formaction' => $linker->getLink(['section' => 'message']),
+		'formaction' => $linker->getLink(['section' => 'message', 'action' => '']),
 		'formdata' => $messages_add_data['messages_add'],
 		'actions_links' => [
 			[

admin_mysqlserver.php

@@ -70,7 +70,7 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['id']) && $result['id'] == $id) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
 					MysqlServer::getLocal($userinfo, [
 						'id' => $id
@@ -91,9 +91,9 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
 			}
 		}
 	} elseif ($action == 'add') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
-				MysqlServer::getLocal($userinfo, $_POST)->add();
+				MysqlServer::getLocal($userinfo, Request::postAll())->add();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -119,9 +119,9 @@ if (($page == 'mysqlserver' || $page == 'overview') && $userinfo['change_servers
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['id']) && $result['id'] == $id) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					MysqlServer::getLocal($userinfo, $_POST)->update();
+					MysqlServer::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}

admin_opcacheinfo.php

@@ -35,10 +35,11 @@ require __DIR__ . '/lib/init.php';
 use Froxlor\FroxlorLogger;
 use Froxlor\UI\HTML;
 use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 
 if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {
-	if ($_POST['send'] == 'send') {
+	if (Request::post('send') == 'send') {
 		opcache_reset();
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "reset OPcache");
 		header('Location: ' . $linker->getLink([

admin_phpsettings.php

@@ -62,9 +62,9 @@ if ($page == 'overview') {
 
 	if ($action == 'add') {
 		if ((int)$userinfo['change_serversettings'] == 1) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					PhpSettings::getLocal($userinfo, $_POST)->add();
+					PhpSettings::getLocal($userinfo, Request::postAll())->add();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -114,7 +114,7 @@ if ($page == 'overview') {
 
 		if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
 		{
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
 					PhpSettings::getLocal($userinfo, [
 						'id' => $id
@@ -148,9 +148,9 @@ if ($page == 'overview') {
 		$result = json_decode($json_result, true)['data'];
 
 		if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					PhpSettings::getLocal($userinfo, $_POST)->update();
+					PhpSettings::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -200,9 +200,9 @@ if ($page == 'overview') {
 
 	if ($action == 'add') {
 		if ((int)$userinfo['change_serversettings'] == 1) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					FpmDaemons::getLocal($userinfo, $_POST)->add();
+					FpmDaemons::getLocal($userinfo, Request::postAll())->add();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -239,9 +239,9 @@ if ($page == 'overview') {
 
 		if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1 && $id != 1) // cannot delete the default php.config
 		{
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					FpmDaemons::getLocal($userinfo, $_POST)->delete();
+					FpmDaemons::getLocal($userinfo, Request::postAll())->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -271,9 +271,9 @@ if ($page == 'overview') {
 		$result = json_decode($json_result, true)['data'];
 
 		if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['change_serversettings'] == 1) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					FpmDaemons::getLocal($userinfo, $_POST)->update();
+					FpmDaemons::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}

admin_plans.php

@@ -73,7 +73,7 @@ if ($page == '' || $page == 'overview') {
 		$result = json_decode($json_result, true)['data'];
 
 		if ($result['id'] != 0 && $result['id'] == $id && (int)$userinfo['adminid'] == $result['adminid']) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
 					HostingPlans::getLocal($userinfo, [
 						'id' => $id
@@ -96,9 +96,9 @@ if ($page == '' || $page == 'overview') {
 			Response::standardError('nopermissionsorinvalidid');
 		}
 	} elseif ($action == 'add') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
-				HostingPlans::getLocal($userinfo, $_POST)->add();
+				HostingPlans::getLocal($userinfo, Request::postAll())->add();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -176,9 +176,9 @@ if ($page == '' || $page == 'overview') {
 			}
 			$result['allowed_phpconfigs'] = json_encode($result['allowed_phpconfigs']);
 
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					HostingPlans::getLocal($userinfo, $_POST)->update();
+					HostingPlans::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}

admin_settings.php

@@ -47,10 +47,10 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	$settings_data = PhpHelper::loadConfigArrayDir('./actions/admin/settings/');
 	Settings::loadSettingsInto($settings_data);
 
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
-		$_part = isset($_GET['part']) ? $_GET['part'] : '';
+	if (Request::post('send') == 'send') {
+		$_part = Request::get('part', '');
 		if ($_part == '') {
-			$_part = isset($_POST['part']) ? $_POST['part'] : '';
+			$_part = Request::post('part', '');
 		}
 
 		if ($_part != '') {
@@ -69,12 +69,12 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		}
 
 		// check if the session timeout is too low #815
-		if (isset($_POST['session_sessiontimeout']) && $_POST['session_sessiontimeout'] < 60) {
+		if (!empty(Request::post('session_sessiontimeout')) &&  intval(Request::post('session_sessiontimeout', 0)) < 60) {
 			Response::standardError(['session_timeout', 'session_timeout_desc']);
 		}
 
 		try {
-			if (Form::processForm($settings_data, $_POST, [
+			if (Form::processForm($settings_data, Request::postAll(), [
 				'filename' => $filename,
 				'action' => $action,
 				'page' => $page,
@@ -97,9 +97,9 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 			Response::dynamicError($e->getMessage(), $e->getCode());
 		}
 	} else {
-		$_part = isset($_GET['part']) ? $_GET['part'] : '';
+		$_part = Request::get('part', '');
 		if ($_part == '') {
-			$_part = isset($_POST['part']) ? $_POST['part'] : '';
+			$_part = Request::post('part', '');
 		}
 
 		$fields = Form::buildForm($settings_data, $_part);
@@ -140,7 +140,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		'phpinfo' => $phpinfo
 	]);
 } elseif ($page == 'rebuildconfigs' && $userinfo['change_serversettings'] == '1') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	if (Request::post('send') == 'send') {
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "rebuild configfiles");
 		Cronjob::inserttask(TaskId::REBUILD_VHOST);
 		Cronjob::inserttask(TaskId::CREATE_QUOTA);
@@ -158,7 +158,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		]);
 	}
 } elseif ($page == 'updatecounters' && $userinfo['change_serversettings'] == '1') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	if (Request::post('send') == 'send') {
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_INFO, "updated resource-counters");
 		$updatecounters = User::updateCounters(true);
 		UI::view('user/resource-counter.html.twig', [
@@ -170,7 +170,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		]);
 	}
 } elseif ($page == 'wipecleartextmailpws' && $userinfo['change_serversettings'] == '1') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	if (Request::post('send') == 'send') {
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all cleartext mail passwords");
 		Database::query("UPDATE `" . TABLE_MAIL_USERS . "` SET `password` = '';");
 		Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `value` = '0' WHERE `settinggroup` = 'system' AND `varname` = 'mailpwcleartext'");
@@ -181,7 +181,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		]);
 	}
 } elseif ($page == 'wipequotas' && $userinfo['change_serversettings'] == '1') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	if (Request::post('send') == 'send') {
 		$log->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "wiped all mailquotas");
 
 		// Set the quota to 0 which means unlimited
@@ -194,7 +194,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		]);
 	}
 } elseif ($page == 'enforcequotas' && $userinfo['change_serversettings'] == '1') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	if (Request::post('send') == 'send') {
 		// Fetch all accounts
 		$result_stmt = Database::query("SELECT `quota`, `customerid` FROM `" . TABLE_MAIL_USERS . "`");
 
@@ -233,9 +233,9 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	}
 } elseif ($page == 'integritycheck' && $userinfo['change_serversettings'] == '1') {
 	$integrity = new IntegrityCheck();
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	if (Request::post('send') == 'send') {
 		$integrity->fixAll();
-	} elseif (isset($_GET['action']) && $_GET['action'] == "fix") {
+	} elseif (Request::get('action') == "fix") {
 		HTML::askYesNo('admin_integritycheck_reallyfix', $filename, [
 			'page' => $page
 		]);
@@ -273,7 +273,7 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		Response::standardError('jsonextensionnotfound');
 	}
 
-	if (isset($_GET['action']) && $_GET['action'] == "export") {
+	if (Request::get('action') == "export") {
 		// export
 		try {
 			$json_result = Froxlor::getLocal($userinfo)->exportSettings();
@@ -285,9 +285,9 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 		header('Content-type: application/json');
 		echo $json_export;
 		exit();
-	} elseif (isset($_GET['action']) && $_GET['action'] == "import") {
+	} elseif (Request::get('action') == "import") {
 		// import
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			// get uploaded file
 			if (isset($_FILES["import_file"]["tmp_name"])) {
 				$imp_content = file_get_contents($_FILES["import_file"]["tmp_name"]);
@@ -330,8 +330,8 @@ if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
 	$note_type = 'info';
 	$note_msg = lng('admin.smtptestnote');
 
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
-		$test_addr = isset($_POST['test_addr']) ? $_POST['test_addr'] : null;
+	if (Request::post('send') == 'send') {
+		$test_addr = Request::post('test_addr');
 
 		// Initialize the mailingsystem
 		$testmail = new PHPMailer(true);

admin_templates.php

@@ -192,7 +192,7 @@ if ($action == '') {
 	$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 
 	if ($result['varname'] != '') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			$del_stmt = Database::prepare("
 				DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
 				WHERE `adminid` = :adminid
@@ -228,7 +228,7 @@ if ($action == '') {
 	if (Database::num_rows() > 0) {
 		$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
 
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			$del_stmt = Database::prepare("
 				DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
 				WHERE `adminid` = :adminid AND `id` = :id");
@@ -251,13 +251,13 @@ if ($action == '') {
 		Response::standardError('templatenotfound');
 	}
 } elseif ($action == 'add') {
-	if (isset($_POST['prepare']) && $_POST['prepare'] == 'prepare') {
+	if (Request::post('prepare') == 'prepare') {
 		// email templates
-		$language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
+		$language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
 		if (!array_key_exists($language, $languages)) {
 			Response::standardError('templatelanguageinvalid');
 		}
-		$template = Validate::validate($_POST['template'], 'template');
+		$template = Validate::validate(Request::post('template'), 'template');
 
 		$result_stmt = Database::prepare("
 			SELECT COUNT(*) as def FROM `" . TABLE_PANEL_TEMPLATES . "`
@@ -289,15 +289,15 @@ if ($action == '') {
 			'formdata' => $template_add_data['template_add'],
 			'replacers' => $template_add_data['template_replacers']
 		]);
-	} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && !isset($_POST['filesend'])) {
+	} elseif (Request::post('send') == 'send' && empty(Request::post('filesend'))) {
 		// email templates
-		$language = htmlentities(Validate::validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
+		$language = htmlentities(Validate::validate(Request::post('language'), 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'));
 		if (!array_key_exists($language, $languages)) {
 			Response::standardError('templatelanguageinvalid');
 		}
-		$template = Validate::validate($_POST['template'], 'template');
-		$subject = Validate::validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
-		$mailbody = Validate::validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
+		$template = Validate::validate(Request::post('template'), 'template');
+		$subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
+		$mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
 		$templates = [];
 		$result_stmt = Database::prepare("
 			SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
@@ -347,10 +347,10 @@ if ($action == '') {
 				'page' => $page
 			]);
 		}
-	} elseif (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
+	} elseif (Request::post('filesend') == 'filesend') {
 		// file templates
-		$template = Validate::validate($_POST['template'], 'template');
-		$filecontent = Validate::validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
+		$template = Validate::validate(Request::post('template'), 'template');
+		$filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
 
 		$ins_stmt = Database::prepare("
 			INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
@@ -371,7 +371,7 @@ if ($action == '') {
 		Response::redirectTo($filename, [
 			'page' => $page
 		]);
-	} elseif (!isset($_GET['files'])) {
+	} elseif (empty(Request::get('files'))) {
 		// email templates
 		$add = false;
 		$language_options = [];
@@ -483,9 +483,9 @@ if ($action == '') {
 	$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 
 	if ($result['varname'] != '') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
-			$subject = Validate::validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
-			$mailbody = Validate::validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
+		if (Request::post('send') == 'send') {
+			$subject = Validate::validate(Request::post('subject'), 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
+			$mailbody = Validate::validate(Request::post('mailbody'), 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
 
 			$upd_stmt = Database::prepare("
 				UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
@@ -551,8 +551,8 @@ if ($action == '') {
 		$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
 
 		// filetemplates
-		if (isset($_POST['filesend']) && $_POST['filesend'] == 'filesend') {
-			$filecontent = Validate::validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
+		if (Request::post('filesend') == 'filesend') {
+			$filecontent = Validate::validate(Request::post('filecontent'), 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
 			$upd_stmt = Database::prepare("
 				UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
 					`value` = :value

admin_updates.php

@@ -34,6 +34,7 @@ use Froxlor\Install\Update;
 use Froxlor\Settings;
 use Froxlor\System\Cronjob;
 use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\User;
 
@@ -48,8 +49,8 @@ if ($page == 'overview') {
 		$successful_update = false;
 		$message = '';
 
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
-			if ((isset($_POST['update_preconfig']) && isset($_POST['update_changesagreed']) && intval($_POST['update_changesagreed']) != 0) || !isset($_POST['update_preconfig'])) {
+		if (Request::post('send') == 'send') {
+			if ((!empty(Request::post('update_preconfig')) && intval(Request::post('update_changesagreed', 0)) != 0) || empty(Request::post('update_preconfig'))) {
 				include_once Froxlor::getInstallDir() . 'install/updatesql.php';
 
 				User::updateCounters();

api_keys.php

@@ -61,7 +61,7 @@ if ($action == 'delete' && $id > 0) {
 		'section' => 'index',
 		'page' => $page
 	]);
-} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && $id > 0) {
+} elseif (Request::post('send') == 'send' && $action == 'deletesure' && $id > 0) {
 	$chk = (AREA == 'admin' && $userinfo['customers_see_all'] == '1') ? true : false;
 	if (AREA == 'customer') {
 		$chk_stmt = Database::prepare("
@@ -94,7 +94,7 @@ if ($action == 'delete' && $id > 0) {
 		]);
 	}
 } elseif ($action == 'add') {
-	if (isset($_POST['send']) && $_POST['send'] == 'send') {
+	if (Request::post('send') == 'send') {
 		$ins_stmt = Database::prepare("
 			INSERT INTO `" . TABLE_API_KEYS . "` SET
 			`apikey` = :key, `secret` = :secret, `adminid` = :aid, `customerid` = :cid, `valid_until` = '-1', `allowed_from` = ''

bin/froxlor-cli

@@ -43,7 +43,12 @@ require dirname(__DIR__) . '/lib/tables.inc.php';
 $application = new Application('froxlor-cli', Froxlor::getFullVersion());
 
 // files that are no commands
-$fileIgnoreList = ['CliCommand.php', 'index.html', 'install.functions.php'];
+$fileIgnoreList = [
+	// Current non-command files
+	'CliCommand.php',
+	'index.html',
+	'install.functions.php',
+];
 // directory of commands to include
 $cmd_files = glob(Froxlor::getInstallDir() . '/lib/Froxlor/Cli/*.php');
 
@@ -56,7 +61,7 @@ foreach ($cmd_files as $cmdFile) {
 		// create class-name including namespace
 		$cmdClass = "\\Froxlor\\Cli\\" . substr(basename($cmdFile), 0, -4);
 		// check whether it exists
-		if (class_exists($cmdClass)) {
+		if (class_exists($cmdClass) && is_subclass_of($cmdClass, '\Symfony\Component\Console\Command\Command')) {
 			// add to cli application
 			$application->add(new $cmdClass());
 		}

composer.json

@@ -46,7 +46,6 @@
 		"ext-fileinfo": "*",
 		"ext-gmp": "*",
 		"ext-gd": "*",
-		"ext-gnupg": "*",
 		"phpmailer/phpmailer": "~6.0",
 		"monolog/monolog": "^1.24",
 		"robthree/twofactorauth": "^1.6",
@@ -73,9 +72,15 @@
 	"suggest": {
 		"ext-bcmath": "*",
 		"ext-zip": "*",
+		"ext-gnupg": "*",
 		"ext-apcu": "*",
 		"ext-readline": "*"
 	},
+	"config": {
+		"platform": {
+			"php": "7.4"
+		}
+	},
 	"autoload": {
 		"psr-4": {
 			"Froxlor\\": [
@@ -84,6 +89,10 @@
 		}
 	},
 	"scripts": {
+		"dev": [
+			"Composer\\Config::disableProcessTimeout",
+			"npx concurrently -c \"#93c5fd,#fdba74\" \"php -S 127.0.0.1:8000\" \"npm run dev\" --names=server,vite"
+		],
 		"post-install-cmd": "if [ -f ./vendor/bin/phpcs ]; then \"vendor/bin/phpcs\" --config-set installed_paths vendor/phpcompatibility/php-compatibility ; fi",
 		"post-update-cmd" : "if [ -f ./vendor/bin/phpcs ]; then \"vendor/bin/phpcs\" --config-set installed_paths vendor/phpcompatibility/php-compatibility ; fi"
 	}

customer_domains.php

@@ -26,7 +26,7 @@
 const AREA = 'customer';
 require __DIR__ . '/lib/init.php';
 
-use Froxlor\Api\Commands\SubDomains as SubDomains;
+use Froxlor\Api\Commands\SubDomains;
 use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
 use Froxlor\Domain\Domain;
@@ -72,7 +72,7 @@ if ($page == 'overview' || $page == 'domains') {
 		}
 
 		$actions_links[] = [
-			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/domains/',
+			'href' => \Froxlor\Froxlor::getDocsUrl() . 'user-guide/domains/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
@@ -106,9 +106,9 @@ if ($page == 'overview' || $page == 'domains') {
 		]);
 
 		if (isset($result['parentdomainid']) && $result['parentdomainid'] != '0' && $alias_check['count'] == 0) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					SubDomains::getLocal($userinfo, $_POST)->delete();
+					SubDomains::getLocal($userinfo, Request::postAll())->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -127,9 +127,9 @@ if ($page == 'overview' || $page == 'domains') {
 		}
 	} elseif ($action == 'add') {
 		if ($userinfo['subdomains_used'] < $userinfo['subdomains'] || $userinfo['subdomains'] == '-1') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					SubDomains::getLocal($userinfo, $_POST)->add();
+					SubDomains::getLocal($userinfo, Request::postAll())->add();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -141,7 +141,6 @@ if ($page == 'overview' || $page == 'domains') {
 					WHERE `customerid` = :customerid
 					AND `parentdomainid` = '0'
 					AND `email_only` = '0'
-					AND `caneditdomain` = '1'
 					AND `deactivated` = '0'
 					ORDER BY `domain` ASC");
 				Database::pexecute($stmt, [
@@ -248,9 +247,9 @@ if ($page == 'overview' || $page == 'domains') {
 				Response::standardError('domaincannotbeedited', $result['domain']);
 			}
 
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					SubDomains::getLocal($userinfo, $_POST)->update();
+					SubDomains::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -395,8 +394,8 @@ if ($page == 'overview' || $page == 'domains') {
 			Response::standardError('domains_canteditdomain');
 		}
 	} elseif ($action == 'jqSpeciallogfileNote') {
-		$domainid = intval($_POST['id']);
-		$newval = intval($_POST['newval']);
+		$domainid = intval(Request::post('id'));
+		$newval = intval(Request::post('newval'));
 		try {
 			$json_result = SubDomains::getLocal($userinfo, [
 				'id' => $domainid

customer_email.php

@@ -76,7 +76,7 @@ if ($page == 'overview' || $page == 'emails') {
 		}
 
 		$actions_links[] = [
-			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/emails/',
+			'href' => \Froxlor\Froxlor::getDocsUrl() . 'user-guide/emails/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
@@ -104,7 +104,7 @@ if ($page == 'email_domain') {
 			$email_list_data = include_once dirname(__FILE__) . '/lib/tablelisting/customer/tablelisting.emails.php';
 			$collection = (new Collection(Emails::class, $userinfo, $sql_search))
 				->withPagination($email_list_data['email_list']['columns'],
-					$email_list_data['email_list']['default_sorting']);
+					$email_list_data['email_list']['default_sorting'], ['domainid=' . $email_domainid]);
 		} catch (Exception $e) {
 			Response::dynamicError($e->getMessage());
 		}
@@ -138,7 +138,7 @@ if ($page == 'email_domain') {
 			];
 		}
 		$actions_links[] = [
-			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/emails/',
+			'href' => \Froxlor\Froxlor::getDocsUrl() . 'user-guide/emails/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
@@ -160,11 +160,11 @@ if ($page == 'email_domain') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['email']) && $result['email'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
 					Emails::getLocal($userinfo, [
 						'id' => $id,
-						'delete_userfiles' => ($_POST['delete_userfiles'] ?? 0)
+						'delete_userfiles' => Request::post('delete_userfiles', 0)
 					])->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
@@ -187,9 +187,9 @@ if ($page == 'email_domain') {
 		}
 	} elseif ($action == 'add') {
 		if ($userinfo['emails_used'] < $userinfo['emails'] || $userinfo['emails'] == '-1') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					$json_result = Emails::getLocal($userinfo, $_POST)->add();
+					$json_result = Emails::getLocal($userinfo, Request::postAll())->add();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -244,7 +244,12 @@ if ($page == 'email_domain') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['email']) && $result['email'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
+				try {
+					Emails::getLocal($userinfo, Request::postAll())->update();
+				} catch (Exception $e) {
+					Response::dynamicError($e->getMessage());
+				}
 				Response::redirectTo($filename, [
 					'page' => $page
 				]);
@@ -281,40 +286,12 @@ if ($page == 'email_domain') {
 
 			$email_edit_data = include_once dirname(__FILE__) . '/lib/formfields/customer/email/formfield.emails_edit.php';
 
-			if (Settings::Get('catchall.catchall_enabled') != '1') {
-				unset($email_edit_data['emails_edit']['sections']['section_a']['fields']['mail_catchall']);
-			}
-
 			UI::view('user/form.html.twig', [
 				'formaction' => $linker->getLink(['section' => 'email']),
 				'formdata' => $email_edit_data['emails_edit'],
 				'editid' => $id
 			]);
 		}
-	} elseif ($action == 'togglecatchall' && $id != 0) {
-		try {
-			$json_result = Emails::getLocal($userinfo, [
-				'id' => $id
-			])->get();
-		} catch (Exception $e) {
-			Response::dynamicError($e->getMessage());
-		}
-		$result = json_decode($json_result, true)['data'];
-
-		try {
-			Emails::getLocal($userinfo, [
-				'id' => $id,
-				'iscatchall' => ($result['iscatchall'] == '1' ? 0 : 1)
-			])->update();
-		} catch (Exception $e) {
-			Response::dynamicError($e->getMessage());
-		}
-		Response::redirectTo($filename, [
-			'page' => $page,
-			'domainid' => $email_domainid,
-			'action' => 'edit',
-			'id' => $id,
-		]);
 	}
 } elseif ($page == 'accounts') {
 	$email_domainid = Request::any('domainid', 0);
@@ -329,9 +306,9 @@ if ($page == 'email_domain') {
 			}
 			$result = json_decode($json_result, true)['data'];
 
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					EmailAccounts::getLocal($userinfo, $_POST)->add();
+					EmailAccounts::getLocal($userinfo, Request::postAll())->add();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -400,9 +377,9 @@ if ($page == 'email_domain') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					EmailAccounts::getLocal($userinfo, $_POST)->update();
+					EmailAccounts::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -459,9 +436,9 @@ if ($page == 'email_domain') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					EmailAccounts::getLocal($userinfo, $_POST)->update();
+					EmailAccounts::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -518,9 +495,9 @@ if ($page == 'email_domain') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['popaccountid']) && $result['popaccountid'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					EmailAccounts::getLocal($userinfo, $_POST)->delete();
+					EmailAccounts::getLocal($userinfo, Request::postAll())->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -554,9 +531,9 @@ if ($page == 'email_domain') {
 			$result = json_decode($json_result, true)['data'];
 
 			if (isset($result['email']) && $result['email'] != '') {
-				if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				if (Request::post('send') == 'send') {
 					try {
-						EmailForwarders::getLocal($userinfo, $_POST)->add();
+						EmailForwarders::getLocal($userinfo, Request::postAll())->add();
 					} catch (Exception $e) {
 						Response::dynamicError($e->getMessage());
 					}
@@ -616,22 +593,15 @@ if ($page == 'email_domain') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['destination']) && $result['destination'] != '') {
-			if (isset($_POST['forwarderid'])) {
-				$forwarderid = intval($_POST['forwarderid']);
-			} elseif (isset($_GET['forwarderid'])) {
-				$forwarderid = intval($_GET['forwarderid']);
-			} else {
-				$forwarderid = 0;
-			}
-
+			$forwarderid = Request::any('forwarderid', 0);
 			$result['destination'] = explode(' ', $result['destination']);
 
 			if (isset($result['destination'][$forwarderid]) && $result['email'] != $result['destination'][$forwarderid]) {
 				$forwarder = $result['destination'][$forwarderid];
 
-				if (isset($_POST['send']) && $_POST['send'] == 'send') {
+				if (Request::post('send') == 'send') {
 					try {
-						EmailForwarders::getLocal($userinfo, $_POST)->delete();
+						EmailForwarders::getLocal($userinfo, Request::postAll())->delete();
 					} catch (Exception $e) {
 						Response::dynamicError($e->getMessage());
 					}

customer_extras.php

@@ -75,7 +75,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 		];
 
 		$actions_links[] = [
-			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/extras/',
+			'href' => \Froxlor\Froxlor::getDocsUrl() . 'user-guide/extras/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
@@ -97,9 +97,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['username']) && $result['username'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					DirProtections::getLocal($userinfo, $_POST)->delete();
+					DirProtections::getLocal($userinfo, Request::postAll())->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -119,9 +119,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
 			}
 		}
 	} elseif ($action == 'add') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
-				DirProtections::getLocal($userinfo, $_POST)->add();
+				DirProtections::getLocal($userinfo, Request::postAll())->add();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -149,9 +149,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['username']) && $result['username'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					DirProtections::getLocal($userinfo, $_POST)->update();
+					DirProtections::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -200,7 +200,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 		];
 
 		$actions_links[] = [
-			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/extras/',
+			'href' => \Froxlor\Froxlor::getDocsUrl() . 'user-guide/extras/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
@@ -222,9 +222,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['customerid']) && $result['customerid'] != '' && $result['customerid'] == $userinfo['customerid']) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					DirOptions::getLocal($userinfo, $_POST)->delete();
+					DirOptions::getLocal($userinfo, Request::postAll())->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -240,9 +240,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
 			}
 		}
 	} elseif ($action == 'add') {
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			try {
-				DirOptions::getLocal($userinfo, $_POST)->add();
+				DirOptions::getLocal($userinfo, Request::postAll())->add();
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -271,9 +271,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
 		$result = json_decode($json_result, true)['data'];
 
 		if ((isset($result['customerid'])) && ($result['customerid'] != '') && ($result['customerid'] == $userinfo['customerid'])) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					DirOptions::getLocal($userinfo, $_POST)->update();
+					DirOptions::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -306,10 +306,10 @@ if ($page == 'overview' || $page == 'htpasswds') {
 
 	if (Settings::Get('system.exportenabled') == 1) {
 		if ($action == 'abort') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "customer_extras::export - aborted scheduled data export job");
 				try {
-					DataDump::getLocal($userinfo, $_POST)->delete();
+					DataDump::getLocal($userinfo, Request::postAll())->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -336,9 +336,9 @@ if ($page == 'overview' || $page == 'htpasswds') {
 				Response::dynamicError($e->getMessage());
 			}
 
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					DataDump::getLocal($userinfo, $_POST)->add();
+					DataDump::getLocal($userinfo, Request::postAll())->add();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -349,7 +349,7 @@ if ($page == 'overview' || $page == 'htpasswds') {
 
 				$actions_links = [
 					[
-						'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/extras/',
+						'href' => \Froxlor\Froxlor::getDocsUrl() . 'user-guide/extras/',
 						'target' => '_blank',
 						'icon' => 'fa-solid fa-circle-info',
 						'class' => 'btn-outline-secondary'

customer_ftp.php

@@ -65,7 +65,7 @@ if ($page == 'overview' || $page == 'accounts') {
 			];
 		}
 		$actions_links[] = [
-			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/ftp-accounts/',
+			'href' => \Froxlor\Froxlor::getDocsUrl() . 'user-guide/ftp-accounts/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
@@ -87,9 +87,9 @@ if ($page == 'overview' || $page == 'accounts') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['username']) && $result['username'] != $userinfo['loginname']) {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					Ftps::getLocal($userinfo, $_POST)->delete();
+					Ftps::getLocal($userinfo, Request::postAll())->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -108,9 +108,9 @@ if ($page == 'overview' || $page == 'accounts') {
 		}
 	} elseif ($action == 'add') {
 		if ($userinfo['ftps_used'] < $userinfo['ftps'] || $userinfo['ftps'] == '-1') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					Ftps::getLocal($userinfo, $_POST)->add();
+					Ftps::getLocal($userinfo, Request::postAll())->add();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -164,9 +164,9 @@ if ($page == 'overview' || $page == 'accounts') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['username']) && $result['username'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					Ftps::getLocal($userinfo, $_POST)->update();
+					Ftps::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}

customer_index.php

@@ -30,6 +30,7 @@ use Froxlor\Api\Commands\Customers as Customers;
 use Froxlor\Cron\TaskId;
 use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
+use Froxlor\Database\DbManager;
 use Froxlor\Froxlor;
 use Froxlor\FroxlorLogger;
 use Froxlor\Language;
@@ -37,6 +38,7 @@ use Froxlor\Settings;
 use Froxlor\System\Cronjob;
 use Froxlor\System\Crypt;
 use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 use Froxlor\Validate\Validate;
 
@@ -54,7 +56,7 @@ if ($action == 'logout') {
 		$result = $result['switched_user'];
 		session_regenerate_id(true);
 		CurrentUser::setData($result);
-		$target = (isset($_GET['target']) ? $_GET['target'] : 'index');
+		$target = Request::get('target', 'index');
 		$redirect = "admin_" . $target . ".php";
 		if (!file_exists(Froxlor::getInstallDir() . "/" . $redirect)) {
 			$redirect = "admin_index.php";
@@ -115,8 +117,8 @@ if ($page == 'overview') {
 	$userinfo['traffic_bytes_used'] = $userinfo['traffic_used'] * 1024;
 
 	if (Settings::Get('system.mail_quota_enabled')) {
-		$userinfo['email_quota_bytes'] = ($userinfo['email_quota'] > -1) ? $userinfo['email_quota'] * 1024 : -1;
-		$userinfo['email_quota_bytes_used'] = $userinfo['email_quota_used'] * 1024;
+		$userinfo['email_quota_bytes'] = ($userinfo['email_quota'] > -1) ? $userinfo['email_quota'] * 1024 * 1024 : -1;
+		$userinfo['email_quota_bytes_used'] = $userinfo['email_quota_used'] * 1024 * 1024;
 	}
 
 	if ($usages) {
@@ -140,16 +142,16 @@ if ($page == 'overview') {
 	$languages = Language::getLanguages();
 
 	if (!empty($_POST)) {
-		if ($_POST['send'] == 'changepassword') {
-			$old_password = Validate::validate($_POST['old_password'], 'old password');
+		if (Request::post('send') == 'changepassword') {
+			$old_password = Validate::validate(Request::post('old_password'), 'old password');
 
 			if (!Crypt::validatePasswordLogin($userinfo, $old_password, TABLE_PANEL_CUSTOMERS, 'customerid')) {
 				Response::standardError('oldpasswordnotcorrect');
 			}
 
 			try {
-				$new_password = Crypt::validatePassword($_POST['new_password'], 'new password');
-				$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], 'new password confirm');
+				$new_password = Crypt::validatePassword(Request::post('new_password'), 'new password');
+				$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), 'new password confirm');
 			} catch (Exception $e) {
 				Response::dynamicError($e->getMessage());
 			}
@@ -184,7 +186,7 @@ if ($page == 'overview') {
 				$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, 'changed password');
 
 				// Update ftp password
-				if (isset($_POST['change_main_ftp']) && $_POST['change_main_ftp'] == 'true') {
+				if (Request::post('change_main_ftp') == 'true') {
 					$cryptPassword = Crypt::makeCryptPassword($new_password);
 					$stmt = Database::prepare("UPDATE `" . TABLE_FTP_USERS . "`
 					SET `password` = :password
@@ -200,7 +202,7 @@ if ($page == 'overview') {
 				}
 
 				// Update statistics password
-				if (isset($_POST['change_stats']) && $_POST['change_stats'] == 'true') {
+				if (Request::post('change_stats') == 'true') {
 					$new_stats_password = Crypt::makeCryptPassword($new_password, true);
 
 					$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_HTPASSWDS . "`
@@ -216,11 +218,32 @@ if ($page == 'overview') {
 					Cronjob::inserttask(TaskId::REBUILD_VHOST);
 				}
 
+				// Update global myqsl user password
+				if ($userinfo['mysqls'] != 0 && Request::post('change_global_mysql') == 'true') {
+					$allowed_mysqlservers = json_decode($userinfo['allowed_mysqlserver'] ?? '[]', true);
+					foreach ($allowed_mysqlservers as $dbserver) {
+						// require privileged access for target db-server
+						Database::needRoot(true, $dbserver, false);
+						// get DbManager
+						$dbm = new DbManager($log);
+						// give permission to the user on every access-host we have
+						foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
+							if ($dbm->getManager()->userExistsOnHost($userinfo['loginname'], $mysql_access_host)) {
+								$dbm->getManager()->grantPrivilegesTo($userinfo['loginname'], $new_password, $mysql_access_host, false, true);
+							} else {
+								// create global mysql user if not exists
+								$dbm->getManager()->grantPrivilegesTo($userinfo['loginname'], $new_password, $mysql_access_host, false, false, true);
+							}
+						}
+						$dbm->getManager()->flushPrivileges();
+					}
+				}
+
 				Response::redirectTo($filename);
 			}
-		} elseif ($_POST['send'] == 'changetheme') {
+		} elseif (Request::post('send') == 'changetheme') {
 			if (Settings::Get('panel.allow_theme_change_customer') == 1) {
-				$theme = Validate::validate($_POST['theme'], 'theme');
+				$theme = Validate::validate(Request::post('theme'), 'theme');
 				try {
 					Customers::getLocal($userinfo, [
 						'id' => $userinfo['customerid'],
@@ -233,8 +256,8 @@ if ($page == 'overview') {
 				$log->logAction(FroxlorLogger::USR_ACTION, LOG_NOTICE, "changed default theme to '" . $theme . "'");
 			}
 			Response::redirectTo($filename);
-		} elseif ($_POST['send'] == 'changelanguage') {
-			$def_language = Validate::validate($_POST['def_language'], 'default language');
+		} elseif (Request::post('send') == 'changelanguage') {
+			$def_language = Validate::validate(Request::post('def_language'), 'default language');
 			if (isset($languages[$def_language])) {
 				try {
 					Customers::getLocal($userinfo, [

customer_mysql.php

@@ -30,8 +30,10 @@ use Froxlor\Api\Commands\Mysqls;
 use Froxlor\Api\Commands\MysqlServer;
 use Froxlor\CurrentUser;
 use Froxlor\Database\Database;
+use Froxlor\Database\DbManager;
 use Froxlor\FroxlorLogger;
 use Froxlor\Settings;
+use Froxlor\System\Crypt;
 use Froxlor\UI\Collection;
 use Froxlor\UI\HTML;
 use Froxlor\UI\Listing;
@@ -74,17 +76,32 @@ if ($page == 'overview' || $page == 'mysqls') {
 			];
 		}
 
+		$view = 'user/table.html.twig';
+		if ($collection->count() > 0) {
+			$view = 'user/table-note.html.twig';
+
 			$actions_links[] = [
-			'href' => \Froxlor\Froxlor::DOCS_URL . 'user-guide/databases/',
+				'href' => $linker->getLink(['section' => 'mysql', 'page' => 'mysqls', 'action' => 'global_user']),
+				'label' => lng('mysql.edit_global_user'),
+				'icon' => 'fa-solid fa-user-tie',
+				'class' => 'btn-outline-secondary'
+			];
+		}
+
+		$actions_links[] = [
+			'href' => \Froxlor\Froxlor::getDocsUrl() . 'user-guide/databases/',
 			'target' => '_blank',
 			'icon' => 'fa-solid fa-circle-info',
 			'class' => 'btn-outline-secondary'
 		];
 
-		UI::view('user/table.html.twig', [
+		UI::view($view, [
 			'listing' => Listing::format($collection, $mysql_list_data, 'mysql_list'),
 			'actions_links' => $actions_links,
-			'entity_info' => lng('mysql.description')
+			'entity_info' => lng('mysql.description'),
+			// alert-box
+			'type' => 'info',
+			'alert_msg' => lng('mysql.globaluserinfo', [$userinfo['loginname']]),
 		]);
 	} elseif ($action == 'delete' && $id != 0) {
 		try {
@@ -106,9 +123,9 @@ if ($page == 'overview' || $page == 'mysqls') {
 				$result['dbserver'] = 0;
 			}
 
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					Mysqls::getLocal($userinfo, $_POST)->delete();
+					Mysqls::getLocal($userinfo, Request::postAll())->delete();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -129,9 +146,9 @@ if ($page == 'overview' || $page == 'mysqls') {
 		}
 	} elseif ($action == 'add') {
 		if ($userinfo['mysqls_used'] < $userinfo['mysqls'] || $userinfo['mysqls'] == '-1') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					Mysqls::getLocal($userinfo, $_POST)->add();
+					Mysqls::getLocal($userinfo, Request::postAll())->add();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -169,9 +186,9 @@ if ($page == 'overview' || $page == 'mysqls') {
 		$result = json_decode($json_result, true)['data'];
 
 		if (isset($result['databasename']) && $result['databasename'] != '') {
-			if (isset($_POST['send']) && $_POST['send'] == 'send') {
+			if (Request::post('send') == 'send') {
 				try {
-					$json_result = Mysqls::getLocal($userinfo, $_POST)->update();
+					$json_result = Mysqls::getLocal($userinfo, Request::postAll())->update();
 				} catch (Exception $e) {
 					Response::dynamicError($e->getMessage());
 				}
@@ -199,5 +216,45 @@ if ($page == 'overview' || $page == 'mysqls') {
 				]);
 			}
 		}
+	} elseif ($action == 'global_user') {
+
+		$allowed_mysqlservers = json_decode($userinfo['allowed_mysqlserver'] ?? '[]', true);
+		if ($userinfo['mysqls'] == 0 || empty($allowed_mysqlservers)) {
+			Response::dynamicError('No permission');
+		}
+
+		if (Request::post('send') == 'send') {
+
+			$new_password = Crypt::validatePassword(Request::post('mysql_password'));
+			foreach ($allowed_mysqlservers as $dbserver) {
+				// require privileged access for target db-server
+				Database::needRoot(true, $dbserver, true);
+				// get DbManager
+				$dbm = new DbManager($log);
+				// give permission to the user on every access-host we have
+				foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
+					if ($dbm->getManager()->userExistsOnHost($userinfo['loginname'], $mysql_access_host)) {
+						// update password
+						$dbm->getManager()->grantPrivilegesTo($userinfo['loginname'], $new_password, $mysql_access_host, false, true, true);
+					} else {
+						// create missing user
+						$dbm->getManager()->grantPrivilegesTo($userinfo['loginname'], $new_password, $mysql_access_host, false, false, true);
+					}
+				}
+				$dbm->getManager()->flushPrivileges();
+			}
+
+			Response::redirectTo($filename, [
+				'page' => 'overview'
+			]);
+		} else {
+			$mysql_global_user_data = include_once dirname(__FILE__) . '/lib/formfields/customer/mysql/formfield.mysql_global_user.php';
+
+			UI::view('user/form.html.twig', [
+				'formaction' => $linker->getLink(['section' => 'mysql', 'page' => 'mysqls', 'action' => 'global_user']),
+				'formdata' => $mysql_global_user_data['mysql_global_user'],
+				'editid' => $id
+			]);
+		}
 	}
 }

dns_editor.php

@@ -30,6 +30,7 @@ if (!defined('AREA')) {
 
 use Froxlor\Api\Commands\DomainZones;
 use Froxlor\Dns\Dns;
+use Froxlor\Settings;
 use Froxlor\UI\Collection;
 use Froxlor\UI\HTML;
 use Froxlor\UI\Listing;
@@ -42,11 +43,11 @@ use Froxlor\UI\Response;
 
 $domain_id = (int)Request::any('domain_id');
 
-$record = isset($_POST['dns_record']) ? trim($_POST['dns_record']) : null;
-$type = isset($_POST['dns_type']) ? $_POST['dns_type'] : 'A';
-$prio = isset($_POST['dns_mxp']) ? (int)$_POST['dns_mxp'] : null;
-$content = isset($_POST['dns_content']) ? trim($_POST['dns_content']) : null;
-$ttl = isset($_POST['dns_ttl']) ? (int)$_POST['dns_ttl'] : 18000;
+$record = Request::post('dns_record');
+$type = Request::post('dns_type', 'A');
+$prio = Request::post('dns_mxp');
+$content = Request::post('dns_content');
+$ttl = (int)Request::post('dns_ttl', Settings::get('system.defaultttl'));
 
 // get domain-name
 $domain = Dns::getAllowedDomainEntry($domain_id, AREA, $userinfo);
@@ -71,7 +72,7 @@ if ($action == 'add_record' && !empty($_POST)) {
 		$errors = str_replace("\n", "<br>", $e->getMessage());
 	}
 } elseif ($action == 'delete') {
-	$entry_id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
+	$entry_id = (int)Request::get('id', 0);
 	HTML::askYesNo('dnsentry_reallydelete', $filename, [
 		'id' => $entry_id,
 		'domain_id' => $domain_id,
@@ -82,9 +83,9 @@ if ($action == 'add_record' && !empty($_POST)) {
 		'page' => $page,
 		'domain_id' => $domain_id
 	]);
-} elseif (isset($_POST['send']) && $_POST['send'] == 'send' && $action == 'deletesure' && !empty($_POST)) {
-	$entry_id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
-	$domain_id = isset($_POST['domain_id']) ? (int)$_POST['domain_id'] : 0;
+} elseif (Request::post('send') == 'send' && $action == 'deletesure' && !empty($_POST)) {
+	$entry_id = (int)Request::post('id', 0);
+	$domain_id = (int)Request::post('domain_id', 0);
 	// remove entry
 	if ($entry_id > 0 && $domain_id > 0) {
 		try {

error_report.php

@@ -77,7 +77,7 @@ if (!empty($errid)) {
 		$mail_html = nl2br($mail_body);
 
 		// send actual report to dev-team
-		if (isset($_POST['send']) && $_POST['send'] == 'send') {
+		if (Request::post('send') == 'send') {
 			// send mail and say thanks
 			$_mailerror = false;
 			try {

index.php

@@ -54,7 +54,7 @@ if ($action == '2fa_entercode') {
 		Response::redirectTo('index.php');
 		exit();
 	}
-	$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0;
+	$smessage = (int)Request::get('showmessage', 0);
 	$message = "";
 	if ($smessage > 0) {
 		$message = lng('error.2fa_wrongcode');
@@ -62,6 +62,7 @@ if ($action == '2fa_entercode') {
 	// show template to enter code
 	UI::view('login/enter2fa.html.twig', [
 		'pagetitle' => lng('login.2fa'),
+		'remember_me' => (Settings::Get('panel.db_version') >= 202407200) ? true : false,
 		'message' => $message
 	]);
 } elseif ($action == '2fa_verify') {
@@ -71,30 +72,31 @@ if ($action == '2fa_entercode') {
 		Response::redirectTo('index.php');
 		exit();
 	}
-	$code = isset($_POST['2fa_code']) ? $_POST['2fa_code'] : null;
+	$code = Request::post('2fa_code');
+	$remember = Request::post('2fa_remember');
 	// verify entered code
 	$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
-	$result = ($_SESSION['secret_2fa'] == 'email' ? true : $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3));
 	// get user-data
 	$table = $_SESSION['uidtable_2fa'];
 	$field = $_SESSION['uidfield_2fa'];
 	$uid = $_SESSION['uid_2fa'];
 	$isadmin = $_SESSION['unfo_2fa'];
+	if ($_SESSION['secret_2fa'] == 'email') {
+		// verify code set to user's data_2fa field
+		$sel_stmt = Database::prepare("SELECT `data_2fa` FROM " . $table . " WHERE `" . $field . "` = :uid");
+		$userinfo_code = Database::pexecute_first($sel_stmt, ['uid' => $uid]);
+		// 60sec discrepancy (possible slow email delivery)
+		$result = $tfa->verifyCode($userinfo_code['data_2fa'], $code, 60);
+	} else {
+		$result = $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3);
+	}
 	// either the code is valid when using authenticator-app, or we will select userdata by id and entered code
 	// which is temporarily stored for the customer when using email-2fa
 	if ($result) {
 		$sel_param = [
 			'uid' => $uid
 		];
-		if ($_SESSION['secret_2fa'] == 'email') {
-			// verify code by selecting user by id and the temp. stored code,
-			// so only if it's the correct code, we get the user-data
-			$sel_stmt = Database::prepare("SELECT * FROM " . $table . " WHERE `" . $field . "` = :uid AND `data_2fa` = :code");
-			$sel_param['code'] = $code;
-		} else {
-			// Authenticator-verification has already happened at this point, so just get the user-data
 		$sel_stmt = Database::prepare("SELECT * FROM " . $table . " WHERE `" . $field . "` = :uid");
-		}
 		$userinfo = Database::pexecute_first($sel_stmt, $sel_param);
 		// whoops, no (valid) user? Start again
 		if (empty($userinfo)) {
@@ -106,20 +108,49 @@ if ($action == '2fa_entercode') {
 		$userinfo['adminsession'] = $isadmin;
 		$userinfo['userid'] = $uid;
 
+		// when using email-2fa, remove the one-time-code
+		if ($userinfo['type_2fa'] == '1') {
+			$del_stmt = Database::prepare("UPDATE " . $table . " SET `data_2fa` = '' WHERE `" . $field . "` = :uid");
+			Database::pexecute_first($del_stmt, [
+				'uid' => $uid
+			]);
+		}
+
+		// when remember is activated, set the cookie
+		if ($remember) {
+			$selector = base64_encode(Froxlor::genSessionId(9));
+			$authenticator = Froxlor::genSessionId(33);
+			$valid_until = time()+60*60*24*30;
+			$ins_stmt = Database::prepare("
+				INSERT INTO `".TABLE_PANEL_2FA_TOKENS."` SET
+				`selector` = :selector,
+				`token` = :authenticator,
+				`userid` = :userid,
+				`valid_until` = :valid_until
+			");
+			Database::pexecute($ins_stmt, [
+				'selector' => $selector,
+				'authenticator' => hash('sha256', $authenticator),
+				'userid' => $uid,
+				'valid_until' => $valid_until
+			]);
+			$cookie_params = [
+				'expires' => $valid_until, // 30 days
+				'path' => '/',
+				'domain' => UI::getCookieHost(),
+				'secure' => UI::requestIsHttps(),
+				'httponly' => true,
+				'samesite' => 'Strict'
+			];
+			setcookie('frx_2fa_remember', $selector.':'.base64_encode($authenticator), $cookie_params);
+		}
+
 		// if not successful somehow - start again
 		if (!finishLogin($userinfo)) {
 			Response::redirectTo('index.php', [
 				'showmessage' => '2'
 			]);
 		}
-
-		// when using email-2fa, remove the one-time-code
-		if ($userinfo['type_2fa'] == '1') {
-			$del_stmt = Database::prepare("UPDATE " . $table . " SET `data_2fa` = '' WHERE `" . $field . "` = :uid");
-			$userinfo = Database::pexecute_first($del_stmt, [
-				'uid' => $uid
-			]);
-		}
 		exit();
 	}
 	// wrong 2fa code - treat like "wrong password"
@@ -163,30 +194,41 @@ if ($action == '2fa_entercode') {
 	exit();
 } elseif ($action == 'login') {
 	if (!empty($_POST)) {
-		$loginname = Validate::validate($_POST['loginname'], 'loginname');
-		$password = Validate::validate($_POST['password'], 'password');
+		$loginname = Validate::validate(Request::post('loginname'), 'loginname');
+		$password = Validate::validate(Request::post('password'), 'password');
 
-		$stmt = Database::prepare("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "`
-			WHERE `loginname`= :loginname");
+		$select_additional = '';
+		if (Settings::Get('panel.db_version') >= 202312230) {
+			$select_additional = ' AND `gui_access` = 1';
+		}
+		$stmt = Database::prepare("
+			SELECT `loginname` AS `customer`
+			FROM `" . TABLE_PANEL_CUSTOMERS . "`
+			WHERE `loginname`= :loginname" .
+			$select_additional
+		);
 		Database::pexecute($stmt, [
 			"loginname" => $loginname
 		]);
 		$row = $stmt->fetch(PDO::FETCH_ASSOC);
 
+		$is_admin = false;
+		$table = "";
 		if ($row && $row['customer'] == $loginname) {
 			$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
 			$uid = 'customerid';
 			$adminsession = '0';
-			$is_admin = false;
 		} else {
-			$is_admin = true;
 			if ((int)Settings::Get('login.domain_login') == 1) {
 				$domainname = $idna_convert->encode(preg_replace([
 					'/\:(\d)+$/',
 					'/^https?\:\/\//'
 				], '', $loginname));
-				$stmt = Database::prepare("SELECT `customerid` FROM `" . TABLE_PANEL_DOMAINS . "`
-					WHERE `domain` = :domain");
+				$stmt = Database::prepare("
+					SELECT `customerid`
+					FROM `" . TABLE_PANEL_DOMAINS . "`
+					WHERE `domain` = :domain
+				");
 				Database::pexecute($stmt, [
 					"domain" => $domainname
 				]);
@@ -195,8 +237,11 @@ if ($action == '2fa_entercode') {
 				if (isset($row2['customerid']) && $row2['customerid'] > 0) {
 					$loginname = Customer::getCustomerDetail($row2['customerid'], 'loginname');
 					if ($loginname !== false) {
-						$stmt = Database::prepare("SELECT `loginname` AS `customer` FROM `" . TABLE_PANEL_CUSTOMERS . "`
-							WHERE `loginname`= :loginname");
+						$stmt = Database::prepare("
+							SELECT `loginname` AS `customer`
+							FROM `" . TABLE_PANEL_CUSTOMERS . "`
+							WHERE `loginname`= :loginname
+						");
 						Database::pexecute($stmt, [
 							"loginname" => $loginname
 						]);
@@ -205,13 +250,17 @@ if ($action == '2fa_entercode') {
 							$table = "`" . TABLE_PANEL_CUSTOMERS . "`";
 							$uid = 'customerid';
 							$adminsession = '0';
-							$is_admin = false;
 						}
 					}
 				}
 			}
 		}
 
+		if (empty($table)) {
+			// try login as admin of no customer-login method worked
+			$is_admin = true;
+		}
+
 		if ((Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) && $is_admin == false) {
 			Response::redirectTo('index.php');
 			exit();
@@ -219,9 +268,11 @@ if ($action == '2fa_entercode') {
 
 		if ($is_admin) {
 			if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
-				$stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
+				$stmt = Database::prepare("
+					SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
 					WHERE `loginname`= :loginname
-					AND `change_serversettings` = '1'");
+					AND `change_serversettings` = '1'
+				");
 				Database::pexecute($stmt, [
 					"loginname" => $loginname
 				]);
@@ -232,8 +283,16 @@ if ($action == '2fa_entercode') {
 					exit();
 				}
 			} else {
-				$stmt = Database::prepare("SELECT `loginname` AS `admin` FROM `" . TABLE_PANEL_ADMINS . "`
-					WHERE `loginname`= :loginname");
+				$select_additional = '';
+				if (Settings::Get('panel.db_version') >= 202312230) {
+					$select_additional = ' AND `gui_access` = 1';
+				}
+				$stmt = Database::prepare("
+					SELECT `loginname` AS `admin`
+					FROM `" . TABLE_PANEL_ADMINS . "`
+					WHERE `loginname`= :loginname" .
+					$select_additional
+				);
 				Database::pexecute($stmt, [
 					"loginname" => $loginname
 				]);
@@ -249,7 +308,7 @@ if ($action == '2fa_entercode') {
 				$rstlog = FroxlorLogger::getInstanceOf([
 					'loginname' => $_SERVER['REMOTE_ADDR']
 				]);
-				$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, "Unknown user '" . $loginname . "' tried to login.");
+				$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, "Unknown user tried to login.");
 
 				Response::redirectTo('index.php', [
 					'showmessage' => '2'
@@ -258,8 +317,9 @@ if ($action == '2fa_entercode') {
 			}
 		}
 
-		$userinfo_stmt = Database::prepare("SELECT * FROM $table
-			WHERE `loginname`= :loginname");
+		$userinfo_stmt = Database::prepare("
+			SELECT * FROM $table WHERE `loginname`= :loginname
+		");
 		Database::pexecute($userinfo_stmt, [
 			"loginname" => $loginname
 		]);
@@ -282,9 +342,11 @@ if ($action == '2fa_entercode') {
 			} else {
 				// login correct
 				// reset loginfail_counter, set lastlogin_succ
-				$stmt = Database::prepare("UPDATE $table
+				$stmt = Database::prepare("
+					UPDATE $table
 					SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
-					  WHERE `$uid`= :uid");
+					WHERE `$uid`= :uid
+				");
 				Database::pexecute($stmt, [
 					"lastlogin_succ" => time(),
 					"uid" => $userinfo[$uid]
@@ -294,9 +356,11 @@ if ($action == '2fa_entercode') {
 			}
 		} else {
 			// login incorrect
-			$stmt = Database::prepare("UPDATE $table
+			$stmt = Database::prepare("
+				UPDATE $table
 				SET `lastlogin_fail`= :lastlogin_fail, `loginfail_count`=`loginfail_count`+1
-				WHERE `$uid`= :uid");
+				WHERE `$uid`= :uid
+			");
 			Database::pexecute($stmt, [
 				"lastlogin_fail" => time(),
 				"uid" => $userinfo[$uid]
@@ -306,7 +370,7 @@ if ($action == '2fa_entercode') {
 			$rstlog = FroxlorLogger::getInstanceOf([
 				'loginname' => $_SERVER['REMOTE_ADDR']
 			]);
-			$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, "User '" . $loginname . "' tried to login with wrong password.");
+			$rstlog->logAction(FroxlorLogger::LOGIN_ACTION, LOG_WARNING, "User tried to login with wrong password.");
 
 			unset($userinfo);
 			Response::redirectTo('index.php', [
@@ -317,6 +381,25 @@ if ($action == '2fa_entercode') {
 
 		// 2FA activated
 		if (Settings::Get('2fa.enabled') == '1' && $userinfo['type_2fa'] > 0) {
+
+			// check for remember cookie
+			if (!empty($_COOKIE['frx_2fa_remember'])) {
+				list($selector, $authenticator) = explode(':', $_COOKIE['frx_2fa_remember']);
+				$sel_stmt = Database::prepare("SELECT `token` FROM `".TABLE_PANEL_2FA_TOKENS."` WHERE `selector` = :selector AND `userid` = :uid AND `valid_until` >= UNIX_TIMESTAMP()");
+				$token_check = Database::pexecute_first($sel_stmt, ['selector' => $selector, 'uid' => $userinfo[$uid]]);
+				if ($token_check && hash_equals($token_check['token'], hash('sha256', base64_decode($authenticator)))) {
+					if (!finishLogin($userinfo)) {
+						Response::redirectTo('index.php', [
+							'showmessage' => '2'
+						]);
+					}
+					exit();
+				}
+				// not found or invalid, this cookie is useless, get rid of it
+				unset($_COOKIE['frx_2fa_remember']);
+				setcookie('frx_2fa_remember', "", time()-3600);
+			}
+
 			// redirect to code-enter-page
 			$_SESSION['secret_2fa'] = ($userinfo['type_2fa'] == 2 ? $userinfo['data_2fa'] : 'email');
 			$_SESSION['uid_2fa'] = $userinfo[$uid];
@@ -384,7 +467,7 @@ if ($action == '2fa_entercode') {
 		}
 		exit();
 	} else {
-		$smessage = isset($_GET['showmessage']) ? (int)$_GET['showmessage'] : 0;
+		$smessage = (int)Request::get('showmessage', 0);
 		$message = '';
 		$successmessage = '';
 
@@ -421,25 +504,20 @@ if ($action == '2fa_entercode') {
 		}
 
 		// Pass the last used page if needed
-		$lastscript = "";
-		if (isset($_REQUEST['script']) && $_REQUEST['script'] != "") {
-			$lastscript = $_REQUEST['script'];
+		$lastscript = Request::any('script', '');
+		if (!empty($lastscript)) {
 			$lastscript = str_replace("..", "", $lastscript);
 			$lastscript = htmlspecialchars($lastscript, ENT_QUOTES);
 
-			if (!file_exists(__DIR__ . "/" . $lastscript)) {
+			if (file_exists(__DIR__ . "/" . $lastscript)) {
+				$_SESSION['lastscript'] = $lastscript;
+			} else {
 				$lastscript = "";
 			}
 		}
-		$lastqrystr = "";
-		if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") {
-			$lastqrystr = urlencode($_REQUEST['qrystr']);
-		}
-
-		if (!empty($lastscript)) {
-			$_SESSION['lastscript'] = $lastscript;
-		}
+		$lastqrystr = Request::any('qrystr', '');
 		if (!empty($lastqrystr)) {
+			$lastqrystr = urlencode($lastqrystr);
 			$_SESSION['lastqrystr'] = $lastqrystr;
 		}
 
@@ -457,8 +535,8 @@ if ($action == 'forgotpwd') {
 	$message = '';
 
 	if (!empty($_POST)) {
-		$loginname = Validate::validate($_POST['loginname'], 'loginname');
-		$email = Validate::validateEmail($_POST['loginemail']);
+		$loginname = Validate::validate(Request::post('loginname'), 'loginname');
+		$email = Validate::validateEmail(Request::post('loginemail'));
 		$result_stmt = Database::prepare("SELECT `adminid`, `customerid`, `customernumber`, `firstname`, `name`, `company`, `email`, `loginname`, `def_language`, `deactivated` FROM `" . TABLE_PANEL_CUSTOMERS . "`
 			WHERE `loginname`= :loginname
 			AND `email`= :email");
@@ -625,7 +703,7 @@ if ($action == 'forgotpwd') {
 							$rstlog = FroxlorLogger::getInstanceOf([
 								'loginname' => 'password_reset'
 							]);
-							$rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, "User '" . $loginname . "' requested to set a new password, but was not found in database!");
+							$rstlog->logAction(FroxlorLogger::USR_ACTION, LOG_WARNING, "Unknown user requested to set a new password, but was not found in database!");
 							$message = lng('login.usernotfound');
 						}
 
@@ -655,9 +733,9 @@ if ($action == 'resetpwd') {
 		"oldest" => time() - 86400
 	]);
 
-	if (isset($_GET['resetcode']) && strlen($_GET['resetcode']) == 50) {
+	$activationcode = Request::get('resetcode');
+	if (!empty($activationcode) && strlen($activationcode) == 50) {
 		// Check if activation code is valid
-		$activationcode = $_GET['resetcode'];
 		$timestamp = substr($activationcode, 15, 10);
 		$third = substr($activationcode, 25, 15);
 		$check = substr($activationcode, 40, 10);
@@ -672,8 +750,8 @@ if ($action == 'resetpwd') {
 
 				if ($result !== false) {
 					try {
-						$new_password = Crypt::validatePassword($_POST['new_password'], true);
-						$new_password_confirm = Crypt::validatePassword($_POST['new_password_confirm'], true);
+						$new_password = Crypt::validatePassword(Request::post('new_password'), true);
+						$new_password_confirm = Crypt::validatePassword(Request::post('new_password_confirm'), true);
 					} catch (Exception $e) {
 						$message = $e->getMessage();
 					}
@@ -802,8 +880,8 @@ function finishLogin($userinfo)
 			$theme = $userinfo['theme'];
 		} else {
 			$theme = Settings::Get('panel.default_theme');
-			CurrentUser::setField('theme', $theme);
 		}
+		CurrentUser::setField('theme', $theme);
 
 		$qryparams = [];
 		if (!empty($_SESSION['lastqrystr'])) {

install/froxlor.sql.php

@@ -94,6 +94,11 @@ CREATE TABLE `mail_virtual` (
   `popaccountid` int(11) NOT NULL default '0',
   `iscatchall` tinyint(1) unsigned NOT NULL default '0',
   `description` varchar(255) NOT NULL DEFAULT '',
+  `spam_tag_level` float(4,1) NOT NULL DEFAULT 7.0,
+  `rewrite_subject` tinyint(1) NOT NULL default '1',
+  `spam_kill_level` float(4,1) NOT NULL DEFAULT 14.0,
+  `bypass_spam` tinyint(1) NOT NULL default '0',
+  `policy_greylist` tinyint(1) NOT NULL default '1',
   PRIMARY KEY  (`id`),
   KEY `email` (`email`)
 ) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
@@ -155,9 +160,10 @@ CREATE TABLE `panel_admins` (
   `type_2fa` tinyint(1) NOT NULL default '0',
   `data_2fa` varchar(25) NOT NULL default '',
   `api_allowed` tinyint(1) NOT NULL default '1',
+  `gui_access` tinyint(1) NOT NULL default '1',
    PRIMARY KEY  (`adminid`),
    UNIQUE KEY `loginname` (`loginname`)
-) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
+) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;
 
 
 DROP TABLE IF EXISTS `panel_customers`;
@@ -223,6 +229,7 @@ CREATE TABLE `panel_customers` (
   `api_allowed` tinyint(1) NOT NULL default '1',
   `logviewenabled` tinyint(1) NOT NULL default '0',
   `allowed_mysqlserver` text NOT NULL,
+  `gui_access` tinyint(1) NOT NULL default '1',
    PRIMARY KEY  (`customerid`),
    UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;
@@ -299,7 +306,7 @@ CREATE TABLE `panel_domains` (
   KEY `customerid` (`customerid`),
   KEY `parentdomain` (`parentdomainid`),
   KEY `domain` (`domain`)
-) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci;
+) ENGINE=InnoDB CHARSET=utf8 COLLATE=utf8_general_ci ROW_FORMAT=DYNAMIC;
 
 
 DROP TABLE IF EXISTS `panel_ipsandports`;
@@ -380,22 +387,21 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('logger', 'logfile', ''),
 	('logger', 'logtypes', 'syslog,mysql'),
 	('logger', 'severity', '1'),
-	('dkim', 'use_dkim', '0'),
-	('dkim', 'dkim_prefix', '/etc/postfix/dkim/'),
-	('dkim', 'dkim_domains', 'domains'),
-	('dkim', 'dkim_dkimkeys', 'dkim-keys.conf'),
-	('dkim', 'dkimrestart_command', 'service dkim-filter restart'),
-	('dkim', 'privkeysuffix', '.priv'),
+	('antispam', 'activated', '0'),
+	('antispam', 'config_file', '/etc/rspamd/local.d/froxlor_settings.conf'),
+	('antispam', 'reload_command', 'service rspamd restart'),
+	('antispam', 'dkim_keylength', '1024'),
+	('antispam', 'default_bypass_spam', '2'),
+	('antispam', 'default_spam_rewrite_subject', '1'),
+	('antispam', 'default_policy_greylist', '1'),
 	('admin', 'show_news_feed', '0'),
 	('admin', 'show_version_login', '0'),
 	('admin', 'show_version_footer', '0'),
 	('caa', 'caa_entry', ''),
 	('spf', 'use_spf', '0'),
 	('spf', 'spf_entry', 'v=spf1 a mx -all'),
-	('dkim', 'dkim_algorithm', 'all'),
-	('dkim', 'dkim_keylength', '1024'),
-	('dkim', 'dkim_servicetype', '0'),
-	('dkim', 'dkim_notes', ''),
+	('dmarc', 'use_dmarc', '0'),
+	('dmarc', 'dmarc_entry', 'v=DMARC1; p=none;'),
 	('defaultwebsrverrhandler', 'enabled', '0'),
 	('defaultwebsrverrhandler', 'err401', ''),
 	('defaultwebsrverrhandler', 'err403', ''),
@@ -493,7 +499,6 @@ opcache.save_comments
 opcache.use_cwd
 opcache.fast_shutdown'),
 	('phpfpm', 'ini_admin_values', 'cgi.redirect_status_env
-date.timezone
 disable_classes
 disable_functions
 error_log
@@ -636,6 +641,8 @@ opcache.validate_timestamps'),
 	('system', 'available_shells', ''),
 	('system', 'le_froxlor_enabled', '0'),
 	('system', 'le_froxlor_redirect', '0'),
+	('system', 'le_renew_hook', 'systemctl restart postfix dovecot proftpd'),
+	('system', 'le_renew_services', ''),
 	('system', 'letsencryptacmeconf', '/etc/apache2/conf-enabled/acme.conf'),
 	('system', 'mail_use_smtp', '0'),
 	('system', 'mail_smtp_host', 'localhost'),
@@ -678,7 +685,7 @@ opcache.validate_timestamps'),
 	('system', 'distribution', ''),
 	('system', 'update_channel', 'stable'),
 	('system', 'updatecheck_data', ''),
-	('system', 'update_notify_last', '2.1.0-rc3'),
+	('system', 'update_notify_last', ''),
 	('system', 'traffictool', 'goaccess'),
 	('system', 'req_limit_per_interval', 60),
 	('system', 'req_limit_interval', 60),
@@ -686,7 +693,7 @@ opcache.validate_timestamps'),
 	('api', 'customer_default', '1'),
 	('2fa', 'enabled', '1'),
 	('panel', 'decimal_places', '4'),
-	('panel', 'adminmail', 'admin@SERVERNAME'),
+	('panel', 'adminmail', 'ADMIN_MAIL'),
 	('panel', 'phpmyadmin_url', ''),
 	('panel', 'webmail_url', ''),
 	('panel', 'webftp_url', ''),
@@ -726,8 +733,8 @@ opcache.validate_timestamps'),
 	('panel', 'logo_overridecustom', '0'),
 	('panel', 'settings_mode', '0'),
 	('panel', 'menu_collapsed', '1'),
-	('panel', 'version', '2.1.0-rc3'),
-	('panel', 'db_version', '202311260');
+	('panel', 'version', '2.2.8'),
+	('panel', 'db_version', '202412030');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -1045,4 +1052,15 @@ CREATE TABLE `panel_loginlinks` (
   `allowed_from` text NOT NULL,
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
+
+
+DROP TABLE IF EXISTS `panel_2fa_tokens`;
+CREATE TABLE `panel_2fa_tokens` (
+  `id` int(11) NOT NULL auto_increment,
+  `selector` varchar(200) NOT NULL,
+  `token` varchar(200) NOT NULL,
+  `userid` int(11) NOT NULL default '0',
+  `valid_until` int(15) NOT NULL,
+  PRIMARY KEY  (id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
 FROXLORSQL;

install/updates/froxlor/update_2.0.inc.php

@@ -99,7 +99,6 @@ if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 	}
 	Update::lastStepStatus(0);
 
-	Update::showUpdateStep("Cleaning up old files");
 	$to_clean = array(
 		"install/lib",
 		"install/lng",
@@ -121,30 +120,7 @@ if (Froxlor::isFroxlorVersion('0.10.38.3')) {
 		"lng/swedish.lng.php",
 		"scripts",
 	);
-	$disabled = explode(',', ini_get('disable_functions'));
-	$exec_allowed = !in_array('exec', $disabled);
-	$del_list = "";
-	foreach ($to_clean as $filedir) {
-		$complete_filedir = Froxlor::getInstallDir() . $filedir;
-		if (file_exists($complete_filedir)) {
-			if ($exec_allowed) {
-				FileDir::safe_exec("rm -rf " . escapeshellarg($complete_filedir));
-			} else {
-				$del_list .= "rm -rf " . escapeshellarg($complete_filedir) . PHP_EOL;
-			}
-		}
-	}
-	if ($exec_allowed) {
-		Update::lastStepStatus(0);
-	} else {
-		if (empty($del_list)) {
-			// none of the files existed
-			Update::lastStepStatus(0);
-		} else {
-			Update::lastStepStatus(1, 'manual commands needed',
-				'Please run the following commands manually:<br><pre>' . $del_list . '</pre>');
-		}
-	}
+	Update::cleanOldFiles($to_clean);
 
 	Update::showUpdateStep("Adding new settings");
 	$panel_settings_mode = isset($_POST['panel_settings_mode']) ? (int)$_POST['panel_settings_mode'] : 0;

install/updates/froxlor/update_2.1.inc.php

@@ -38,6 +38,7 @@ if (!defined('_CRON_UPDATE')) {
 
 if (Froxlor::isFroxlorVersion('2.0.24')) {
 	Update::showUpdateStep("Cleaning domains table");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ROW_FORMAT=DYNAMIC;");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` DROP COLUMN `ismainbutsubto`;");
 	Update::lastStepStatus(0);
 
@@ -67,15 +68,18 @@ if (Froxlor::isFroxlorVersion('2.0.24')) {
 	}
 
 	Update::showUpdateStep("Adjusting cronjobs");
-	Database::query("
+	$cfupd_stmt = Database::prepare("
         UPDATE `" . TABLE_PANEL_CRONRUNS . "` SET
         `module`= 'froxlor/export',
         `cronfile` = 'export',
-        `cronclass` = '\\Froxlor\\Cron\\System\\ExportCron',
+        `cronclass` = :cc,
         `interval` = '1 HOUR',
         `desc_lng_key` = 'cron_export'
         WHERE `module` = 'froxlor/backup'
     ");
+	Database::pexecute($cfupd_stmt, [
+		'cc' => '\\Froxlor\\Cron\\System\\ExportCron'
+	]);
 	Update::lastStepStatus(0);
 
 	Update::showUpdateStep("Adjusting system for data-export function");
@@ -130,8 +134,8 @@ if (Froxlor::isDatabaseVersion('202305240')) {
 	$current_fileextension = Settings::Get('system.index_file_extension');
 	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup`= 'system' AND `varname`= 'index_file_extension'");
 	Database::query("ALTER TABLE `" . TABLE_PANEL_TEMPLATES . "` ADD `file_extension` varchar(50) NOT NULL default 'html';");
-	if (strtolower(trim($current_fileextension)) != 'html') {
-		$stmt = Database::prepare("UPDATE TABLE `" . TABLE_PANEL_TEMPLATES . "` SET `file_extension` = :ext WHERE `templategroup` = 'files'");
+	if (!empty(trim($current_fileextension)) && strtolower(trim($current_fileextension)) != 'html') {
+		$stmt = Database::prepare("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `file_extension` = :ext WHERE `templategroup` = 'files'");
 		Database::pexecute($stmt, ['ext' => strtolower(trim($current_fileextension))]);
 	}
 	Update::lastStepStatus(0);
@@ -143,3 +147,108 @@ if (Froxlor::isFroxlorVersion('2.1.0-rc2')) {
 	Update::showUpdateStep("Updating from 2.1.0-rc2 to 2.1.0-rc3", false);
 	Froxlor::updateToVersion('2.1.0-rc3');
 }
+
+if (Froxlor::isDatabaseVersion('202311260')) {
+	$to_clean = array(
+		"install/updates/froxlor/update_2.x.inc.php",
+		"install/updates/preconfig/preconfig_2.x.inc.php",
+		"lib/Froxlor/Api/Commands/CustomerBackups.php",
+		"lib/Froxlor/Cli/Action",
+		"lib/Froxlor/Cli/Action.php",
+		"lib/Froxlor/Cli/CmdLineHandler.php",
+		"lib/Froxlor/Cli/ConfigServicesCmd.php",
+		"lib/Froxlor/Cli/PhpSessioncleanCmd.php",
+		"lib/Froxlor/Cli/SwitchServerIpCmd.php",
+		"lib/Froxlor/Cli/UpdateCliCmd.php",
+		"lib/Froxlor/Cron/System/BackupCron.php",
+		"lib/formfields/customer/extras/formfield.backup.php",
+		"lib/tablelisting/customer/tablelisting.backups.php",
+		"templates/Froxlor/assets/mix-manifest.json",
+		"templates/Froxlor/assets/css",
+		"templates/Froxlor/assets/webfonts",
+		"templates/Froxlor/assets/js/main.js",
+		"templates/Froxlor/assets/js/main.js.LICENSE.txt",
+		"templates/Froxlor/src",
+		"templates/Froxlor/user/change_language.html.twig",
+		"templates/Froxlor/user/change_password.html.twig",
+		"templates/Froxlor/user/change_theme.html.twig",
+		"tests/Backup/CustomerBackupsTest.php"
+	);
+	Update::cleanOldFiles($to_clean);
+
+	Froxlor::updateToDbVersion('202312050');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.0-rc3')) {
+	Update::showUpdateStep("Updating from 2.1.0-rc3 to 2.1.0 stable", false);
+	Froxlor::updateToVersion('2.1.0');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.0')) {
+	Update::showUpdateStep("Updating from 2.1.0 to 2.1.1", false);
+	Froxlor::updateToVersion('2.1.1');
+}
+
+if (Froxlor::isDatabaseVersion('202312050')) {
+	$to_clean = array(
+		"lib/configfiles/centos7.xml",
+		"lib/configfiles/centos8.xml",
+		"lib/configfiles/stretch.xml",
+		"lib/configfiles/xenial.xml",
+		"lib/configfiles/buster.xml",
+		"lib/configfiles/bionic.xml",
+	);
+	Update::cleanOldFiles($to_clean);
+
+	Froxlor::updateToDbVersion('202312100');
+}
+
+if (Froxlor::isDatabaseVersion('202312100')) {
+
+	Update::showUpdateStep("Adjusting table row format of larger tables");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_ADMINS . "` ROW_FORMAT=DYNAMIC;");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_DOMAINS . "` ROW_FORMAT=DYNAMIC;");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202312120');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.1')) {
+	Update::showUpdateStep("Updating from 2.1.1 to 2.1.2", false);
+	Froxlor::updateToVersion('2.1.2');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.2')) {
+	Update::showUpdateStep("Updating from 2.1.2 to 2.1.3", false);
+	Froxlor::updateToVersion('2.1.3');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.3')) {
+	Update::showUpdateStep("Updating from 2.1.3 to 2.1.4", false);
+	Froxlor::updateToVersion('2.1.4');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.4')) {
+	Update::showUpdateStep("Updating from 2.1.4 to 2.1.5", false);
+	Froxlor::updateToVersion('2.1.5');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.5')) {
+	Update::showUpdateStep("Updating from 2.1.5 to 2.1.6", false);
+	Froxlor::updateToVersion('2.1.6');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.6')) {
+	Update::showUpdateStep("Updating from 2.1.6 to 2.1.7", false);
+	Froxlor::updateToVersion('2.1.7');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.7')) {
+	Update::showUpdateStep("Updating from 2.1.7 to 2.1.8", false);
+	Froxlor::updateToVersion('2.1.8');
+}
+
+if (Froxlor::isFroxlorVersion('2.1.8')) {
+	Update::showUpdateStep("Updating from 2.1.8 to 2.1.9", false);
+	Froxlor::updateToVersion('2.1.9');
+}

install/updates/froxlor/update_2.2.inc.php

@@ -0,0 +1,262 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, you can also view it online at
+ * https://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  the authors
+ * @author     Froxlor team <team@froxlor.org>
+ * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
+ */
+
+use Froxlor\Database\Database;
+use Froxlor\Database\DbManager;
+use Froxlor\Froxlor;
+use Froxlor\FroxlorLogger;
+use Froxlor\Install\Update;
+use Froxlor\Settings;
+
+if (!defined('_CRON_UPDATE')) {
+	if (!defined('AREA') || (defined('AREA') && AREA != 'admin') || !isset($userinfo['loginname']) || (isset($userinfo['loginname']) && $userinfo['loginname'] == '')) {
+		header('Location: ../../../../index.php');
+		exit();
+	}
+}
+
+if (Froxlor::isFroxlorVersion('2.1.9')) {
+	Update::showUpdateStep("Enhancing virtual email table");
+	Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `spam_tag_level` float(4,1) NOT NULL DEFAULT 7.0;");
+	Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `spam_kill_level` float(4,1) NOT NULL DEFAULT 14.0;");
+	Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `bypass_spam` tinyint(1) NOT NULL default '0';");
+	Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `policy_greylist` tinyint(1) NOT NULL default '1';");
+	Update::lastStepStatus(0);
+
+	Update::showUpdateStep("Adjusting settings");
+	$antispam_activated = $_POST['antispam_activated'] ?? 0;
+	Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `settinggroup` = 'antispam', `varname` = 'activated', `value` = '" . (int)$antispam_activated . "' WHERE `settinggroup` = 'dkim' AND `varname` = 'use_dkim';");
+	Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `settinggroup` = 'antispam', `varname` = 'reload_command', `value` = 'service rspamd restart' WHERE `settinggroup` = 'dkim' AND `varname` = 'dkimrestart_command';");
+	Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `settinggroup` = 'antispam', `varname` = 'config_file', `value` = '/etc/rspamd/local.d/froxlor_settings.conf' WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_prefix';");
+	Database::query("UPDATE `" . TABLE_PANEL_SETTINGS . "` SET `settinggroup` = 'antispam' WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_keylength';");
+	Settings::AddNew("dmarc.use_dmarc", "0");
+	Settings::AddNew("dmarc.dmarc_entry", "v=DMARC1; p=none;");
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'dkim' AND `varname` = 'privkeysuffix';");
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_domains';");
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_algorithm';");
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_notes';");
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_add_adsp';");
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_dkimkeys';");
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_servicetype';");
+	Database::query("DELETE FROM `" . TABLE_PANEL_SETTINGS . "` WHERE `settinggroup` = 'dkim' AND `varname` = 'dkim_add_adsppolicy';");
+	Update::lastStepStatus(0);
+
+	if ($antispam_activated) {
+		Update::showUpdateStep("Converting existing domainkeys");
+		$sel_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `dkim` = '1' AND `dkim_pubkey` <> ''");
+		Database::pexecute($sel_stmt);
+		$upd_stmt = Database::prepare("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `dkim_pubkey` = :pkey WHERE `id` = :did");
+		while ($domain = $sel_stmt->fetch(\PDO::FETCH_ASSOC)) {
+			$pubkey = trim(preg_replace(
+				'/-----BEGIN PUBLIC KEY-----(.+)-----END PUBLIC KEY-----/s',
+				'$1',
+				str_replace("\n", '', $domain['dkim_pubkey'])
+			));
+			Database::pexecute($upd_stmt, ['pkey' => $pubkey, 'did' => $domain['id']]);
+		}
+		Update::lastStepStatus(0);
+
+		Update::showUpdateStep("Configure antispam services");
+		$froxlorCliBin = Froxlor::getInstallDir() . '/bin/froxlor-cli';
+		$currentDistro = Settings::Get('system.distribution');
+		$manual_command = <<<EOC
+{$froxlorCliBin} froxlor:config-services -a '{"http":"x","dns":"x","smtp":"x","mail":"x","antispam":"rspamd","ftp":"x","distro":"{$currentDistro}","system":[]}'
+EOC;
+		Update::lastStepStatus(
+			1,
+			'manual action needed',
+			"Please run the following command manually as root:<br><pre>" . $manual_command . "</pre>"
+		);
+	} else {
+		Update::showUpdateStep("Removing existing domainkeys because antispam is disabled");
+		Database::query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `dkim` = '0', `dkim_id` = '0', `dkim_privkey` = '', `dkim_pubkey` = '' WHERE `dkim` = '1';");
+		Update::lastStepStatus(1, '!!!');
+	}
+
+	Update::showUpdateStep("Enhancing admin and user table");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_ADMINS . "` ADD `gui_access` tinyint(1) NOT NULL default '1';");
+	Database::query("ALTER TABLE `" . TABLE_PANEL_CUSTOMERS . "` ADD `gui_access` tinyint(1) NOT NULL default '1';");
+	Update::lastStepStatus(0);
+
+	$to_clean = [
+		'actions/admin/settings/180.dkim.php',
+		'actions/admin/settings/185.spf.php',
+	];
+	Update::cleanOldFiles($to_clean);
+
+	Froxlor::updateToDbVersion('202312230');
+	Froxlor::updateToVersion('2.2.0-dev1');
+}
+
+if (Froxlor::isDatabaseVersion('202312230')) {
+
+	Update::showUpdateStep("Adding new settings");
+	Settings::AddNew("system.le_renew_services", "");
+	Settings::AddNew("system.le_renew_hook", "systemctl restart postfix dovecot proftpd");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202401090');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.0-dev1')) {
+	Update::showUpdateStep("Updating from 2.2.0-dev1 to 2.2.0-rc1", false);
+	Froxlor::updateToVersion('2.2.0-rc1');
+}
+
+if (Froxlor::isDatabaseVersion('202401090')) {
+
+	Update::showUpdateStep("Adding new table for 2fa tokens");
+	Database::query("DROP TABLE IF EXISTS `panel_2fa_tokens`;");
+	$sql = "CREATE TABLE `panel_2fa_tokens` (
+	  `id` int(11) NOT NULL auto_increment,
+	  `selector` varchar(20) NOT NULL,
+	  `token` varchar(200) NOT NULL,
+	  `userid` int(11) NOT NULL default '0',
+	  `valid_until` int(15) NOT NULL,
+	  PRIMARY KEY  (id)
+	) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;";
+	Database::query($sql);
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202407200');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.0-rc1')) {
+	Update::showUpdateStep("Updating from 2.2.0-rc1 to 2.2.0-rc2", false);
+	Froxlor::updateToVersion('2.2.0-rc2');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.0-rc2')) {
+	Update::showUpdateStep("Updating from 2.2.0-rc2 to 2.2.0-rc3", false);
+	Froxlor::updateToVersion('2.2.0-rc3');
+}
+
+if (Froxlor::isDatabaseVersion('202407200')) {
+
+	Update::showUpdateStep("Adjusting field in 2fa-token table");
+	Database::query("ALTER TABLE `panel_2fa_tokens` CHANGE COLUMN `selector` `selector` varchar(200) NOT NULL;");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202408140');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.0-rc3')) {
+	Update::showUpdateStep("Updating from 2.2.0-rc3 to 2.2.0 stable", false);
+	Froxlor::updateToVersion('2.2.0');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.0')) {
+	Update::showUpdateStep("Updating from 2.2.0 to 2.2.1", false);
+	Froxlor::updateToVersion('2.2.1');
+}
+
+if (Froxlor::isDatabaseVersion('202408140')) {
+
+	Update::showUpdateStep("Adding new rewrite-subject field to email table");
+	Database::query("ALTER TABLE `" . TABLE_MAIL_VIRTUAL . "` ADD `rewrite_subject` tinyint(1) NOT NULL default '1' AFTER `spam_tag_level`;");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202409280');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.1')) {
+	Update::showUpdateStep("Updating from 2.2.1 to 2.2.2", false);
+	Froxlor::updateToVersion('2.2.2');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.2')) {
+	Update::showUpdateStep("Updating from 2.2.2 to 2.2.3", false);
+	Froxlor::updateToVersion('2.2.3');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.3')) {
+	Update::showUpdateStep("Updating from 2.2.3 to 2.2.4", false);
+	Froxlor::updateToVersion('2.2.4');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.4')) {
+	Update::showUpdateStep("Updating from 2.2.4 to 2.2.5", false);
+	Froxlor::updateToVersion('2.2.5');
+}
+
+if (Froxlor::isDatabaseVersion('202409280')) {
+
+	Update::showUpdateStep("Adding new antispam settings");
+	Settings::AddNew("antispam.default_bypass_spam", "2");
+	Settings::AddNew("antispam.default_spam_rewrite_subject", "1");
+	Settings::AddNew("antispam.default_policy_greylist", "1");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202411200');
+}
+
+if (Froxlor::isDatabaseVersion('202411200')) {
+
+	Update::showUpdateStep("Adjusting customer mysql global user");
+	// get all customers that are not deactivated and that have at least one database (hence a global database-user)
+	$customers = Database::query("
+		SELECT DISTINCT c.loginname, c.allowed_mysqlserver
+		FROM `" . TABLE_PANEL_CUSTOMERS . "` c
+		LEFT JOIN `" . TABLE_PANEL_DATABASES . "` d ON c.customerid = d.customerid
+		WHERE c.deactivated = '0' AND d.id IS NOT NULL
+	");
+	while ($customer = $customers->fetch(\PDO::FETCH_ASSOC)) {
+		$current_allowed_mysqlserver = !empty($customer['allowed_mysqlserver']) ? json_decode($customer['allowed_mysqlserver'], true) : [];
+		foreach ($current_allowed_mysqlserver as $dbserver) {
+			// require privileged access for target db-server
+			Database::needRoot(true, $dbserver, false);
+			// get DbManager
+			$dbm = new DbManager(FroxlorLogger::getInstanceOf());
+			foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
+				if ($dbm->getManager()->userExistsOnHost($customer['loginname'], $mysql_access_host)) {
+					// deactivate temporarily
+					$dbm->getManager()->disableUser($customer['loginname'], $mysql_access_host);
+					// re-enable
+					$dbm->getManager()->enableUser($customer['loginname'], $mysql_access_host, true);
+				}
+			}
+			$dbm->getManager()->flushPrivileges();
+			Database::needRoot();
+		}
+	}
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202412030');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.5')) {
+	Update::showUpdateStep("Updating from 2.2.5 to 2.2.6", false);
+	Froxlor::updateToVersion('2.2.6');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.6')) {
+	Update::showUpdateStep("Updating from 2.2.6 to 2.2.7", false);
+	Froxlor::updateToVersion('2.2.7');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.7')) {
+	Update::showUpdateStep("Updating from 2.2.7 to 2.2.8", false);
+	Froxlor::updateToVersion('2.2.8');
+}

install/updates/preconfig/preconfig_0.10.inc.php

@@ -34,7 +34,7 @@ $return = [];
 if (Update::versionInUpdate($current_db_version, '202004140')) {
 	$has_preconfig = true;
 	$description = 'Froxlor can now optionally validate the dns entries of domains that request Lets Encrypt certificates to reduce dns-related problems (e.g. freshly registered domain or updated a-record).';
-	$question = '<strong>Validate DNS of domains when using Lets Encrypt&nbsp;';
+	$question = '<strong>Validate DNS of domains when using Lets Encrypt</strong>';
 	$return['system_le_domain_dnscheck'] = [
 		'type' => 'checkbox',
 		'value' => 1,

install/updates/preconfig/preconfig_2.2.inc.php

@@ -23,31 +23,26 @@
  * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
  */
 
-return [
-	'groups' => [
-		'spf' => [
-			'title' => lng('admin.spfsettings'),
-			'icon' => 'fa-solid fa-clipboard-check',
-			'fields' => [
-				'spf_use_spf' => [
-					'label' => lng('spf.use_spf'),
-					'settinggroup' => 'spf',
-					'varname' => 'use_spf',
-					'type' => 'checkbox',
-					'default' => false,
-					'save_method' => 'storeSettingField',
-					'overview_option' => true
-				],
-				'spf_spf_entry' => [
-					'label' => lng('spf.spf_entry'),
-					'settinggroup' => 'spf',
-					'varname' => 'spf_entry',
-					'type' => 'text',
-					'string_regexp' => '/^v=spf[a-z0-9:~?\s.-]+$/i',
-					'default' => 'v=spf1 a mx -all',
-					'save_method' => 'storeSettingField'
-				]
-			]
-		]
-	]
+use Froxlor\Install\Update;
+
+$preconfig = [
+	'title' => '2.2.x updates',
+	'fields' => []
 ];
+$return = [];
+
+if (Update::versionInUpdate($current_version, '2.2.0-dev1')) {
+	$has_preconfig = true;
+	$description = 'Froxlor now features antispam configurations using rspamd. Would you like to enable the antispam feature (required re-configuration of services)?<br><strong>ATTENTION:</strong> When not enabled and the former DomainKey feature was used, keep in mind that all existing domainkeys for all domain are being removed and the dkim-flag disabled for the domains.';
+	$question = '<strong>Enable antispam (recommended)</strong>&nbsp;';
+	$return['antispam_activated'] = [
+		'type' => 'checkbox',
+		'value' => 1,
+		'checked' => 0,
+		'label' => $question,
+		'prior_infotext' => $description
+	];
+}
+
+$preconfig['fields'] = $return;
+return $preconfig;

install/updatesql.php

@@ -55,6 +55,7 @@ if (Froxlor::isFroxlor()) {
 	include_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_0.10.inc.php'));
 	include_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.0.inc.php'));
 	include_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.1.inc.php'));
+	include_once(FileDir::makeCorrectFile(dirname(__FILE__) . '/updates/froxlor/update_2.2.inc.php'));
 
 	// Check Froxlor - database integrity (only happens after all updates are done, so we know the db-layout is okay)
 	Update::showUpdateStep("Checking database integrity");

lib/Froxlor/Ajax/Ajax.php

@@ -193,7 +193,8 @@ class Ajax
 		UI::initTwig();
 
 		try {
-			$json_result = \Froxlor\Api\Commands\Froxlor::getLocal($this->userinfo)->checkUpdate();
+			$force = Request::get('force', 0);
+			$json_result = \Froxlor\Api\Commands\Froxlor::getLocal($this->userinfo, ['force' => $force])->checkUpdate();
 			$result = json_decode($json_result, true)['data'];
 			$result['full_version'] = Froxlor::getFullVersion();
 			$result['dbversion'] = Froxlor::DBVERSION;

lib/Froxlor/Ajax/GlobalSearch.php

@@ -156,7 +156,7 @@ class GlobalSearch
 							],
 							'result_key' => 'domain_ace',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'domain_ace',
 								'href' => 'admin_domains.php?page=domains&searchfield=d.domain_ace&searchtext='
 							]
@@ -172,7 +172,7 @@ class GlobalSearch
 							'result_key' => 'ip',
 							'result_groupkey' => 'ip',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'ip',
 								'href' => 'admin_ipsandports.php?page=ipsandports&searchfield=ip&searchtext='
 							]
@@ -186,7 +186,7 @@ class GlobalSearch
 							],
 							'result_key' => 'id',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'name',
 								'href' => 'admin_plans.php?page=overview&searchfield=id&searchtext='
 							]
@@ -201,7 +201,7 @@ class GlobalSearch
 							],
 							'result_key' => 'id',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'description',
 								'href' => 'admin_phpsettings.php?page=overview&searchfield=id&searchtext='
 							]
@@ -215,7 +215,7 @@ class GlobalSearch
 							],
 							'result_key' => 'id',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'description',
 								'href' => 'admin_phpsettings.php?page=fpmdaemons&searchfield=id&searchtext='
 							]
@@ -234,7 +234,7 @@ class GlobalSearch
 							],
 							'result_key' => 'loginname',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'name',
 								'href' => 'admin_admins.php?page=admins&searchfield=loginname&searchtext='
 							]
@@ -252,7 +252,7 @@ class GlobalSearch
 							],
 							'result_key' => 'domain_ace',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'domain_ace',
 								'href' => 'customer_domains.php?page=domains&searchfield=d.domain_ace&searchtext='
 							]
@@ -266,7 +266,7 @@ class GlobalSearch
 							],
 							'result_key' => 'email',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'email',
 								'href' => 'customer_email.php?page=email_domain&domainid={domainid}&searchfield=m.email&searchtext='
 							]
@@ -279,7 +279,7 @@ class GlobalSearch
 							],
 							'result_key' => 'domain',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'domain',
 								'href' => 'customer_email.php?page=emails&searchfield=d.domain&searchtext='
 							]
@@ -293,7 +293,7 @@ class GlobalSearch
 							],
 							'result_key' => 'databasename',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'databasename',
 								'href' => 'customer_mysql.php?page=mysqls&searchfield=databasename&searchtext='
 							]
@@ -307,7 +307,7 @@ class GlobalSearch
 							],
 							'result_key' => 'username',
 							'result_format' => [
-								'title' => ['self', 'getFieldFromResult'],
+								'title' => ['\\Froxlor\\Ajax\\GlobalSearch', 'getFieldFromResult'],
 								'title_args' => 'username',
 								'href' => 'customer_ftp.php?page=accounts&searchfield=username&searchtext='
 							]

lib/Froxlor/Api/ApiParameter.php

@@ -44,7 +44,7 @@ abstract class ApiParameter
 	 *
 	 * @throws Exception
 	 */
-	public function __construct(array $params = null)
+	public function __construct(?array $params = null)
 	{
 		if (!is_null($params)) {
 			$params = $this->trimArray($params);
@@ -91,7 +91,7 @@ abstract class ApiParameter
 	 * @return mixed
 	 * @throws Exception
 	 */
-	protected function getUlParam(string $param = null, string $ul_field = null, bool $optional = false, $default = 0)
+	protected function getUlParam(?string $param = null, ?string $ul_field = null, bool $optional = false, $default = 0)
 	{
 		$param_value = (int)$this->getParam($param, $optional, $default);
 		$ul_field_value = $this->getBoolParam($ul_field, true, 0);
@@ -116,7 +116,7 @@ abstract class ApiParameter
 	 * @return mixed
 	 * @throws Exception
 	 */
-	protected function getParam(string $param = null, bool $optional = false, $default = '')
+	protected function getParam(?string $param = null, bool $optional = false, $default = '')
 	{
 		// does it exist?
 		if (!isset($this->cmd_params[$param])) {
@@ -183,7 +183,7 @@ abstract class ApiParameter
 	 *
 	 * @return string
 	 */
-	protected function getBoolParam(string $param = null, bool $optional = false, $default = false)
+	protected function getBoolParam(?string $param = null, bool $optional = false, $default = false)
 	{
 		$_default = '0';
 		if ($default) {

lib/Froxlor/Api/Commands/Admins.php

@@ -140,12 +140,18 @@ class Admins extends ApiCommand implements ResourceEntity
 	 * create a new admin user
 	 *
 	 * @param string $name
+	 *            required, name of the adminstrator
 	 * @param string $email
+	 *            required, email address of the administrator
 	 * @param string $new_loginname
+	 *            required, loginname/username of the administrator
 	 * @param string $admin_password
 	 *            optional, default auto-generated
 	 * @param string $def_language
-	 *            optional, default is system-default language
+	 * *          optional, ISO 639-1 language code (e.g. 'en', 'de', see lng-folder for supported languages),
+	 * *          default is system-default language
+	 * @param bool $gui_access
+	 *            optional, allow login via webui, if false ONLY the login via webui is disallowed; default true
 	 * @param bool $api_allowed
 	 *            optional, default is true if system setting api.enabled is true, else false
 	 * @param string $custom_notes
@@ -219,6 +225,7 @@ class Admins extends ApiCommand implements ResourceEntity
 
 			// parameters
 			$def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
+			$gui_access = $this->getBoolParam('gui_access', true, true);
 			$api_allowed = $this->getBoolParam('api_allowed', true, Settings::Get('api.enabled'));
 			$custom_notes = $this->getParam('custom_notes', true, '');
 			$custom_notes_show = $this->getBoolParam('custom_notes_show', true, 0);
@@ -280,6 +287,15 @@ class Admins extends ApiCommand implements ResourceEntity
 				'login' => $loginname
 			], true, true);
 
+			// Check for existing email address
+			// do not check via api as we skip any permission checks for this task
+			$email_check_admin_stmt = Database::prepare("
+				SELECT `email` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `email` = :email
+			");
+			$email_check_admin = Database::pexecute_first($email_check_admin_stmt, [
+				'email' => $email
+			], true, true);
+
 			if (($loginname_check && strtolower($loginname_check['loginname']) == strtolower($loginname)) || ($loginname_check_admin && strtolower($loginname_check_admin['loginname']) == strtolower($loginname))) {
 				Response::standardError('loginnameexists', $loginname, true);
 			} elseif (preg_match('/^' . preg_quote(Settings::Get('customer.accountprefix'), '/') . '([0-9]+)/', $loginname)) {
@@ -291,6 +307,8 @@ class Admins extends ApiCommand implements ResourceEntity
 				Response::standardError('loginnameiswrong', $loginname, true);
 			} elseif (!Validate::validateEmail($email)) {
 				Response::standardError('emailiswrong', $email, true);
+			} elseif ($email_check_admin && strtolower($email_check_admin['email']) == strtolower($email)) {
+				Response::standardError('emailexists', $email, true);
 			} else {
 				if ($customers_see_all != '1') {
 					$customers_see_all = '0';
@@ -316,6 +334,7 @@ class Admins extends ApiCommand implements ResourceEntity
 					'name' => $name,
 					'email' => $email,
 					'lang' => $def_language,
+					'gui_access' => $gui_access,
 					'api_allowed' => $api_allowed,
 					'change_serversettings' => $change_serversettings,
 					'customers' => $customers,
@@ -344,6 +363,7 @@ class Admins extends ApiCommand implements ResourceEntity
 					`name` = :name,
 					`email` = :email,
 					`def_language` = :lang,
+					`gui_access` = :gui_access,
 					`api_allowed` = :api_allowed,
 					`change_serversettings` = :change_serversettings,
 					`customers` = :customers,
@@ -430,7 +450,10 @@ class Admins extends ApiCommand implements ResourceEntity
 	 * @param string $admin_password
 	 *            optional, default auto-generated
 	 * @param string $def_language
-	 *            optional, default is system-default language
+	 * *          optional, ISO 639-1 language code (e.g. 'en', 'de', see lng-folder for supported languages),
+	 * *          default is system-default language
+	 * @param bool $gui_access
+	 * *          optional, allow login via webui, if false ONLY the login via webui is disallowed; default true
 	 * @param bool $api_allowed
 	 *            optional, default is true if system setting api.enabled is true, else false
 	 * @param string $custom_notes
@@ -524,6 +547,7 @@ class Admins extends ApiCommand implements ResourceEntity
 
 				// you cannot edit some of the details of yourself
 				if ($result['adminid'] == $this->getUserDetail('adminid')) {
+					$gui_access = $result['gui_access'];
 					$api_allowed = $result['api_allowed'];
 					$deactivated = $result['deactivated'];
 					$customers = $result['customers'];
@@ -542,6 +566,7 @@ class Admins extends ApiCommand implements ResourceEntity
 					$traffic = $result['traffic'];
 					$ipaddress = ($result['ip'] != -1 ? json_decode($result['ip'], true) : -1);
 				} else {
+					$gui_access = $this->getBoolParam('gui_access', true, $result['gui_access']);
 					$api_allowed = $this->getBoolParam('api_allowed', true, $result['api_allowed']);
 					$deactivated = $this->getBoolParam('deactivated', true, $result['deactivated']);
 
@@ -596,8 +621,20 @@ class Admins extends ApiCommand implements ResourceEntity
 						'admin.email'
 					], '', true);
 				}
+				// Check for existing email address
+				// do not check via api as we skip any permission checks for this task
+				$email_check_admin_stmt = Database::prepare("
+					SELECT `email` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `email` = :email and `adminid` <> :adminid
+				");
+				$email_check_admin = Database::pexecute_first($email_check_admin_stmt, [
+					'email' => $email,
+					'adminid' => $id,
+				], true, true);
+
 				if (!Validate::validateEmail($email)) {
 					Response::standardError('emailiswrong', $email, true);
+				} elseif ($email_check_admin && strtolower($email_check_admin['email']) == strtolower($email)) {
+					Response::standardError('emailexists', $email, true);
 				} else {
 					if ($deactivated != '1') {
 						$deactivated = '0';
@@ -665,6 +702,7 @@ class Admins extends ApiCommand implements ResourceEntity
 						'name' => $name,
 						'email' => $email,
 						'lang' => $def_language,
+						'gui_access' => $gui_access,
 						'api_allowed' => $api_allowed,
 						'change_serversettings' => $change_serversettings,
 						'customers' => $customers,
@@ -694,6 +732,7 @@ class Admins extends ApiCommand implements ResourceEntity
 						`name` = :name,
 						`email` = :email,
 						`def_language` = :lang,
+						`gui_access` = :gui_access,
 						`api_allowed` = :api_allowed,
 						`change_serversettings` = :change_serversettings,
 						`customers` = :customers,

lib/Froxlor/Api/Commands/Customers.php

@@ -171,6 +171,7 @@ class Customers extends ApiCommand implements ResourceEntity
 	 * create a new customer with default ftp-user and standard-subdomain (if wanted)
 	 *
 	 * @param string $email
+	 *                             required, email address of new customer
 	 * @param string $name
 	 *                             optional if company is set, else required
 	 * @param string $firstname
@@ -189,8 +190,11 @@ class Customers extends ApiCommand implements ResourceEntity
 	 *                             optional
 	 * @param int $customernumber
 	 *                             optional
-	 * @param string $def_language ,
-	 *                             optional, default is system-default language
+	 * @param string $def_language
+	 *                             optional, ISO 639-1 language code (e.g. 'en', 'de', see lng-folder for supported languages),
+	 *                             default is system-default language
+	 * @param bool $gui_access
+	 *                             optional, allow login via webui, if false ONLY the login via webui is disallowed; default true
 	 * @param bool $api_allowed
 	 *                             optional, default is true if system setting api.enabled is true, else false
 	 * @param int $gender
@@ -297,6 +301,7 @@ class Customers extends ApiCommand implements ResourceEntity
 				$fax = $this->getParam('fax', true, '');
 				$customernumber = $this->getParam('customernumber', true, '');
 				$def_language = $this->getParam('def_language', true, Settings::Get('panel.standardlanguage'));
+				$gui_access = $this->getBoolParam('gui_access', true, 1);
 				$api_allowed = $this->getBoolParam('api_allowed', true, (Settings::Get('api.enabled') && Settings::Get('api.customer_default')));
 				$gender = (int)$this->getParam('gender', true, 0);
 				$custom_notes = $this->getParam('custom_notes', true, '');
@@ -400,8 +405,11 @@ class Customers extends ApiCommand implements ResourceEntity
 				$allowed_phpconfigs = array_map('intval', $allowed_phpconfigs);
 
 				if (empty($allowed_phpconfigs) && $phpenabled == 1) {
+					// only required if not using mod_php
+					if ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
 						Response::standardError('customerphpenabledbutnoconfig', '', true);
 					}
+				}
 
 				$allowed_mysqlserver = array();
 				if (!empty($p_allowed_mysqlserver) && is_array($p_allowed_mysqlserver)) {
@@ -452,6 +460,28 @@ class Customers extends ApiCommand implements ResourceEntity
 						if (function_exists('posix_getpwnam') && !in_array("posix_getpwnam", explode(",", ini_get('disable_functions'))) && posix_getpwnam($loginname)) {
 							Response::standardError('loginnameissystemaccount', $loginname, true);
 						}
+
+						// blacklist some system-internal names that might lead to issues
+						Database::needSqlData();
+						$sqldata = Database::getSqlData();
+						Database::needRoot(true);
+						Database::needSqlData();
+						$sqlrdata = Database::getSqlData();
+						$login_blacklist = [
+							'root',
+							'admin',
+							'froxroot',
+							'froxlor',
+							$sqldata['user'],
+							$sqldata['db'],
+							$sqlrdata['user'],
+						];
+						unset($sqldata);
+						unset($sqlrdata);
+						$login_blacklist = array_unique($login_blacklist);
+						if (in_array($loginname, $login_blacklist)) {
+							Response::standardError('loginnameisreservedname', $loginname, true);
+						}
 					} else {
 						$accountnumber = intval(Settings::Get('system.lastaccountnumber')) + 1;
 						$loginname = Settings::Get('customer.accountprefix') . $accountnumber;
@@ -475,6 +505,15 @@ class Customers extends ApiCommand implements ResourceEntity
 						'login' => $loginname
 					], true, true);
 
+					// Check for existing email address
+					// do not check via api as we skip any permission checks for this task
+					$email_check_admin_stmt = Database::prepare("
+						SELECT `email` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `email` = :email
+					");
+					$email_check_admin = Database::pexecute_first($email_check_admin_stmt, [
+						'email' => $email
+					], true, true);
+
 					$mysql_maxlen = Database::getSqlUsernameLength() - strlen(Settings::Get('customer.mysqlprefix'));
 					if (($loginname_check && strtolower($loginname_check['loginname']) == strtolower($loginname)) || ($loginname_check_admin && strtolower($loginname_check_admin['loginname']) == strtolower($loginname))) {
 						Response::standardError('loginnameexists', $loginname, true);
@@ -484,6 +523,8 @@ class Customers extends ApiCommand implements ResourceEntity
 						} else {
 							Response::standardError('loginnameiswrong', $loginname, true);
 						}
+					} elseif ($email_check_admin && strtolower($email_check_admin['email']) == strtolower($email)) {
+						Response::standardError('emailexistsanon', $email, true);
 					}
 
 					$guid = intval(Settings::Get('system.lastguid')) + 1;
@@ -515,6 +556,7 @@ class Customers extends ApiCommand implements ResourceEntity
 						'email' => $email,
 						'customerno' => $customernumber,
 						'lang' => $def_language,
+						'gui_access' => $gui_access,
 						'api_allowed' => $api_allowed,
 						'docroot' => $documentroot,
 						'guid' => $guid,
@@ -557,6 +599,7 @@ class Customers extends ApiCommand implements ResourceEntity
 						`email` = :email,
 						`customernumber` = :customerno,
 						`def_language` = :lang,
+						`gui_access` = :gui_access,
 						`api_allowed` = :api_allowed,
 						`documentroot` = :docroot,
 						`guid` = :guid,
@@ -706,11 +749,12 @@ class Customers extends ApiCommand implements ResourceEntity
 							'adminid' => $this->getUserDetail('adminid'),
 							'docroot' => $documentroot,
 							'phpenabled' => $phpenabled,
-							'openbasedir' => '1'
+							'openbasedir' => '1',
+							'is_stdsubdomain' => 1
 						];
 						$domainid = -1;
 						try {
-							$std_domain = $this->apiCall('Domains.add', $ins_data);
+							$std_domain = $this->apiCall('Domains.add', $ins_data, true);
 							$domainid = $std_domain['id'];
 						} catch (Exception $e) {
 							$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_ERR, "[API] Unable to add standard-subdomain: " . $e->getMessage());
@@ -729,6 +773,22 @@ class Customers extends ApiCommand implements ResourceEntity
 						}
 					}
 
+					// Create default mysql-user if enabled
+					if ($mysqls != 0) {
+						foreach ($allowed_mysqlserver as $dbserver) {
+							// require privileged access for target db-server
+							Database::needRoot(true, $dbserver, false);
+							// get DbManager
+							$dbm = new DbManager($this->logger());
+							// give permission to the user on every access-host we have
+							foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
+								$dbm->getManager()->grantPrivilegesTo($loginname, $password, $mysql_access_host, false, false, true);
+							}
+							$dbm->getManager()->flushPrivileges();
+							Database::needRoot(false);
+						}
+					}
+
 					if ($sendpassword == '1') {
 						$srv_hostname = Settings::Get('system.hostname');
 						if (Settings::Get('system.froxlordirectlyviahostname') == '0') {
@@ -779,7 +839,7 @@ class Customers extends ApiCommand implements ResourceEntity
 						try {
 							$this->mailer()->Subject = $mail_subject;
 							$this->mailer()->AltBody = $mail_body;
-							$this->mailer()->msgHTML(str_replace("\n", "<br />", $mail_body));
+							$this->mailer()->Body = str_replace("\n", "<br />", $mail_body);
 							$this->mailer()->addAddress($email, User::getCorrectUserSalutation([
 								'firstname' => $firstname,
 								'name' => $name,
@@ -928,6 +988,7 @@ class Customers extends ApiCommand implements ResourceEntity
 	 * @param string $loginname
 	 *                             optional, the loginname
 	 * @param string $email
+	 *                             optional
 	 * @param string $name
 	 *                             optional if company is set, else required
 	 * @param string $firstname
@@ -946,8 +1007,11 @@ class Customers extends ApiCommand implements ResourceEntity
 	 *                             optional
 	 * @param int $customernumber
 	 *                             optional
-	 * @param string $def_language ,
-	 *                             optional, default is system-default language
+	 * @param string $def_language
+	 * *                           optional, ISO 639-1 language code (e.g. 'en', 'de', see lng-folder for supported languages),
+	 * *                           default is system-default language
+	 * @param bool $gui_access
+	 *                             optional, allow login via webui, if false ONLY the login via webui is disallowed; default true
 	 * @param bool $api_allowed
 	 *                             optional, default is true if system setting api.enabled is true, else false
 	 * @param int $gender
@@ -958,7 +1022,7 @@ class Customers extends ApiCommand implements ResourceEntity
 	 *                             optional, whether to show the content of custom_notes to the customer, default 0
 	 *                             (false)
 	 * @param string $new_customer_password
-	 *                             optional, iset new password
+	 *                             optional, set new password
 	 * @param bool $sendpassword
 	 *                             optional, whether to send the password to the customer after creation, default 0
 	 *                             (false)
@@ -1053,7 +1117,7 @@ class Customers extends ApiCommand implements ResourceEntity
 			$email = $this->getParam('email', true, $idna_convert->decode($result['email']));
 			$name = $this->getParam('name', true, $result['name']);
 			$firstname = $this->getParam('firstname', true, $result['firstname']);
-			$company_required = empty($result['company']) && ((!empty($name) && empty($firstname)) || (empty($name) && !empty($firstname)) || (empty($name) && empty($firstname)));
+			$company_required = ((!empty($name) && empty($firstname)) || (empty($name) && !empty($firstname)) || (empty($name) && empty($firstname))) && empty($result['company']);
 			$company = $this->getParam('company', !$company_required, $result['company']);
 			$street = $this->getParam('street', true, $result['street']);
 			$zipcode = $this->getParam('zipcode', true, $result['zipcode']);
@@ -1062,6 +1126,7 @@ class Customers extends ApiCommand implements ResourceEntity
 			$fax = $this->getParam('fax', true, $result['fax']);
 			$customernumber = $this->getParam('customernumber', true, $result['customernumber']);
 			$def_language = $this->getParam('def_language', true, $result['def_language']);
+			$gui_access = $this->getBoolParam('gui_access', true, $result['gui_access']);
 			$api_allowed = $this->getBoolParam('api_allowed', true, $result['api_allowed']);
 			$gender = (int)$this->getParam('gender', true, $result['gender']);
 			$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
@@ -1114,8 +1179,11 @@ class Customers extends ApiCommand implements ResourceEntity
 				$allowed_phpconfigs = array_map('intval', $allowed_phpconfigs);
 			}
 			if (empty($allowed_phpconfigs) && $phpenabled == 1) {
+				// only required if not using mod_php
+				if ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
 					Response::standardError('customerphpenabledbutnoconfig', '', true);
 				}
+			}
 
 			// add permission for allowed mysql usage if customer was not allowed to use mysql prior
 			if ($result['mysqls'] == 0 && ($mysqls == -1 || $mysqls > 0)) {
@@ -1186,6 +1254,18 @@ class Customers extends ApiCommand implements ResourceEntity
 				], '', true);
 			} elseif (!Validate::validateEmail($email)) {
 				Response::standardError('emailiswrong', $email, true);
+			} else {
+				// Check for existing email address
+				// do not check via api as we skip any permission checks for this task
+				$email_check_admin_stmt = Database::prepare("
+						SELECT `email` FROM `" . TABLE_PANEL_ADMINS . "` WHERE `email` = :email
+					");
+				$email_check_admin = Database::pexecute_first($email_check_admin_stmt, [
+					'email' => $email
+				], true, true);
+				if ($email_check_admin && strtolower($email_check_admin['email']) == strtolower($email)) {
+					Response::standardError('emailexistsanon', $email, true);
+				}
 			}
 		}
 
@@ -1279,12 +1359,34 @@ class Customers extends ApiCommand implements ResourceEntity
 				]);
 
 				$upd_stmt = Database::prepare("
-							UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `deactivated`= :deactivated WHERE `customerid` = :customerid");
+					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `deactivated`= :deactivated WHERE `customerid` = :customerid
+				");
 				Database::pexecute($upd_stmt, [
 					'deactivated' => $deactivated,
 					'customerid' => $id
 				]);
 
+				// enable/disable global mysql-user (loginname)
+				$current_allowed_mysqlserver =  isset($result['allowed_mysqlserver']) && !empty($result['allowed_mysqlserver']) ? json_decode($result['allowed_mysqlserver'], true) : [];
+				foreach ($current_allowed_mysqlserver as $dbserver) {
+					// require privileged access for target db-server
+					Database::needRoot(true, $dbserver, true);
+					// get DbManager
+					$dbm = new DbManager($this->logger());
+					foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
+						// Prevent access, if deactivated
+						if ($deactivated) {
+							// failsafe if user has been deleted manually (requires MySQL 4.1.2+)
+							$dbm->getManager()->disableUser($result['loginname'], $mysql_access_host);
+						} else {
+							// Otherwise grant access
+							$dbm->getManager()->enableUser($result['loginname'], $mysql_access_host, true);
+						}
+					}
+					$dbm->getManager()->flushPrivileges();
+					Database::needRoot(false);
+				}
+
 				// Retrieve customer's databases
 				$databases_stmt = Database::prepare("SELECT * FROM " . TABLE_PANEL_DATABASES . " WHERE customerid = :customerid ORDER BY `dbserver`");
 				Database::pexecute($databases_stmt, [
@@ -1305,9 +1407,7 @@ class Customers extends ApiCommand implements ResourceEntity
 						$last_dbserver = $row_database['dbserver'];
 					}
 
-					foreach (array_unique(explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
-						$mysql_access_host = trim($mysql_access_host);
-
+					foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
 						// Prevent access, if deactivated
 						if ($deactivated) {
 							// failsafe if user has been deleted manually (requires MySQL 4.1.2+)
@@ -1396,6 +1496,7 @@ class Customers extends ApiCommand implements ResourceEntity
 				'logviewenabled' => $logviewenabled,
 				'custom_notes' => $custom_notes,
 				'custom_notes_show' => $custom_notes_show,
+				'gui_access' => $gui_access,
 				'api_allowed' => $api_allowed,
 				'allowed_mysqlserver' => empty($allowed_mysqlserver) ? "" : json_encode($allowed_mysqlserver)
 			];
@@ -1439,6 +1540,7 @@ class Customers extends ApiCommand implements ResourceEntity
 				`logviewenabled` = :logviewenabled,
 				`custom_notes` = :custom_notes,
 				`custom_notes_show` = :custom_notes_show,
+				`gui_access` = :gui_access,
 				`api_allowed` = :api_allowed,
 				`allowed_mysqlserver` = :allowed_mysqlserver";
 			$upd_query .= $admin_upd_query;
@@ -1596,6 +1698,21 @@ class Customers extends ApiCommand implements ResourceEntity
 			]);
 			$id = $result['customerid'];
 
+			// remove global mysql-user (loginname)
+			$current_allowed_mysqlserver =  isset($result['allowed_mysqlserver']) && !empty($result['allowed_mysqlserver']) ? json_decode($result['allowed_mysqlserver'], true) : [];
+			foreach ($current_allowed_mysqlserver as $dbserver) {
+				// require privileged access for target db-server
+				Database::needRoot(true, $dbserver, false);
+				// get DbManager
+				$dbm = new DbManager($this->logger());
+				foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
+					$dbm->getManager()->deleteUser($result['loginname'], $mysql_access_host);
+				}
+				$dbm->getManager()->flushPrivileges();
+				Database::needRoot(false);
+			}
+
+			// remove all databases
 			$databases_stmt = Database::prepare("
 				SELECT * FROM `" . TABLE_PANEL_DATABASES . "`
 				WHERE `customerid` = :id ORDER BY `dbserver`
@@ -1611,8 +1728,8 @@ class Customers extends ApiCommand implements ResourceEntity
 			$priv_changed = false;
 			while ($row_database = $databases_stmt->fetch(PDO::FETCH_ASSOC)) {
 				if ($last_dbserver != $row_database['dbserver']) {
-					Database::needRoot(true, $row_database['dbserver']);
 					$dbm->getManager()->flushPrivileges();
+					Database::needRoot(true, $row_database['dbserver']);
 					$last_dbserver = $row_database['dbserver'];
 				}
 				$dbm->getManager()->deleteDatabase($row_database['databasename']);

lib/Froxlor/Api/Commands/DomainZones.php

@@ -115,7 +115,7 @@ class DomainZones extends ApiCommand implements ResourceEntity
 
 		// validation
 		$errors = [];
-		if (empty($record)) {
+		if (empty(trim($record))) {
 			$record = "@";
 		}
 
@@ -178,7 +178,7 @@ class DomainZones extends ApiCommand implements ResourceEntity
 				}
 			}
 		} elseif ($type == 'CAA' && !empty($content)) {
-			$re = '/(?\'critical\'\d)\h*(?\'type\'iodef|issue|issuewild)\h*(?\'value\'(?\'issuevalue\'"(?\'domain\'(?=.{3,128}$)(?>(?>[a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]+|[a-zA-Z0-9]+)\.)*(?>[a-zA-Z]{2,}|[a-zA-Z0-9]{2,}\.[a-zA-Z]{2,}))[;\h]*(?\'parameters\'(?>[a-zA-Z0-9]{1,60}=[a-zA-Z0-9]{1,60}\h*)+)?")|(?\'iodefvalue\'"(?\'url\'(mailto:.*|http:\/\/.*|https:\/\/.*))"))/';
+			$re = '/(?\'critical\'\d+)\h*(?\'type\'iodef|issue|issuewild)\h*(?\'value\'(?\'issuevalue\'"(?\'domain\'(?=.{3,128}$)(?>(?>[a-zA-Z0-9]+[a-zA-Z0-9-]*[a-zA-Z0-9]+|[a-zA-Z0-9]+)\.)*(?>[a-zA-Z]{2,}|[a-zA-Z0-9]{2,}\.[a-zA-Z]{2,}))[;\h]*(?\'parameters\'(?>[a-zA-Z0-9]{1,60}=[a-zA-Z0-9:\.\/\-]{1,60}\h*)+)?")|(?\'iodefvalue\'"(?\'url\'(mailto:.*|http:\/\/.*|https:\/\/.*))"))/';
 			preg_match($re, $content, $matches);
 
 			if (empty($matches)) {
@@ -227,7 +227,7 @@ class DomainZones extends ApiCommand implements ResourceEntity
 				// remove it for checks
 				$content = substr($content, 0, -1);
 			}
-			if (!Validate::validateDomain($content)) {
+			if (!empty($content) && !Validate::validateDomain($content)) {
 				$errors[] = lng('error.dns_mx_needdom');
 			} else {
 				// check whether there is a CNAME-record for the same resource
@@ -244,6 +244,10 @@ class DomainZones extends ApiCommand implements ResourceEntity
 			}
 			// append trailing dot (again)
 			$content .= '.';
+			// if content is only ".", the prio needs to be 0 which results in a "null mx" entry
+			if ($content == '.' && $prio != 0) {
+				$prio = 0;
+			}
 		} elseif ($type == 'NS') {
 			// check for trailing dot
 			if (substr($content, -1) == '.') {

lib/Froxlor/Api/Commands/Domains.php

@@ -201,7 +201,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 * @param string $zonefile
 	 *            optional, custom dns zone filename (only of nameserver is activated), default empty (auto-generated)
 	 * @param bool $dkim
-	 *            optional, currently not in use, default 0 (false)
+	 *            optional, whether this domain should use dkim if antispam is activated, default 0 (false)
 	 * @param string $specialsettings
 	 *            optional, custom webserver vhost-content which is added to the generated vhost, default empty
 	 * @param string $ssl_specialsettings
@@ -274,7 +274,8 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            $override_tls is true
 	 * @param string $description
 	 *            optional custom description (currently not used/shown in the frontend), default empty
-	 *
+	 * @param bool $is_stdsubdomain (internally)
+	 *            optional whether this is a standard subdomain for a customer which is being added so no usage is decreased
 	 * @access admin
 	 * @return string json-encoded array
 	 * @throws Exception
@@ -282,7 +283,8 @@ class Domains extends ApiCommand implements ResourceEntity
 	public function add()
 	{
 		if ($this->isAdmin()) {
-			if ($this->getUserDetail('domains_used') < $this->getUserDetail('domains') || $this->getUserDetail('domains') == '-1') {
+			$is_stdsubdomain = $this->isInternal() ? $this->getBoolParam('is_stdsubdomain', true, 0) : false;
+			if ($is_stdsubdomain || $this->getUserDetail('domains_used') < $this->getUserDetail('domains') || $this->getUserDetail('domains') == '-1') {
 				// parameters
 				$p_domain = $this->getParam('domain');
 
@@ -472,7 +474,6 @@ class Domains extends ApiCommand implements ResourceEntity
 					}
 					$caneditdomain = '1';
 					$zonefile = '';
-					$dkim = '0';
 					$specialsettings = '';
 					$ssl_specialsettings = '';
 					$include_specialsettings = 0;
@@ -519,7 +520,8 @@ class Domains extends ApiCommand implements ResourceEntity
 						$mod_fcgid_maxrequests = '-1';
 					}
 				} else {
-					$phpenabled = '1';
+					// set default to whether the customer has php enabled or not
+					$phpenabled = $customer['phpenabled'];
 					$openbasedir = '1';
 
 					if ((int)Settings::Get('phpfpm.enabled') == 1) {
@@ -547,9 +549,12 @@ class Domains extends ApiCommand implements ResourceEntity
 					}
 				}
 				if (Settings::Get('system.use_ssl') == "1" && $sslenabled == 1 && empty($ssl_ipandports)) {
+					// if this is a customer standard-subdomain, we simply ignore this and disable ssl-related settings (see if-statement below)
+					if (!$is_stdsubdomain) {
 						// enabled ssl for the domain but no ssl ip/port is selected
 						Response::standardError('nosslippportgiven', '', true);
 					}
+				}
 				if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports)) {
 					$ssl_redirect = 0;
 					$letsencrypt = 0;
@@ -590,12 +595,18 @@ class Domains extends ApiCommand implements ResourceEntity
 					$ssl_redirect = 2;
 				}
 
-				if (!preg_match('/^https?\:\/\//', $documentroot)) {
-					if (strstr($documentroot, ":") !== false) {
-						Response::standardError('pathmaynotcontaincolon', '', true);
-					} else {
-						$documentroot = FileDir::makeCorrectDir($documentroot);
+				// Check if given documentroot is either a valid URL or a valid path
+				if (preg_match('/^https?\:\/\//', $documentroot)) {
+					$encoded = $idna_convert->encode($documentroot);
+					if (!Validate::validateUrl($encoded, true)) {
+						Response::standardError('invaliddocumentrooturl', '', true);
 					}
+					$documentroot = $encoded;
+				} else {
+					if (strpos($documentroot, ':') !== false) {
+						Response::standardError('pathmaynotcontaincolon', '', true);
+					}
+					$documentroot = FileDir::makeCorrectDir($documentroot);
 				}
 
 				$domain_check_stmt = Database::prepare("
@@ -794,12 +805,15 @@ class Domains extends ApiCommand implements ResourceEntity
 					$ins_data['id'] = $domainid;
 					unset($ins_data);
 
+					if (!$is_stdsubdomain) {
 						$upd_stmt = Database::prepare("
 							UPDATE `" . TABLE_PANEL_ADMINS . "` SET `domains_used` = `domains_used` + 1
-						WHERE `adminid` = :adminid");
+							WHERE `adminid` = :adminid
+						");
 						Database::pexecute($upd_stmt, [
 							'adminid' => $adminid
 						], true, true);
+					}
 
 					$ins_stmt = Database::prepare("
 						INSERT INTO `" . TABLE_DOMAINTOIP . "` SET
@@ -830,6 +844,9 @@ class Domains extends ApiCommand implements ResourceEntity
 					Cronjob::inserttask(TaskId::REBUILD_VHOST);
 					// Using nameserver, insert a task which rebuilds the server config
 					Cronjob::inserttask(TaskId::REBUILD_DNS);
+					if ($dkim == '1') {
+						Cronjob::inserttask(TaskId::REBUILD_RSPAMD);
+					}
 
 					$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] added domain '" . $domain . "'");
 
@@ -1054,6 +1071,9 @@ class Domains extends ApiCommand implements ResourceEntity
 	 *            (default yes), 3 = always, default 0 (never)
 	 * @param bool $isemaildomain
 	 *            optional, allow email usage with this domain, default 0 (false)
+	 * @param bool $emaildomainverified
+	 *            optional, when setting $isemaildomain to false, this needs to be set to true to confirm the action in case email addresses exist for this domain,
+	 *            default 0 (false)
 	 * @param bool $email_only
 	 *            optional, restrict domain to email usage, default 0 (false)
 	 * @param int $selectserveralias
@@ -1076,7 +1096,7 @@ class Domains extends ApiCommand implements ResourceEntity
 	 * @param string $zonefile
 	 *            optional, custom dns zone filename (only of nameserver is activated), default empty (auto-generated)
 	 * @param bool $dkim
-	 *            optional, currently not in use, default 0 (false)
+	 *            optional, whether this domain should use dkim if antispam is activated, default 0 (false)
 	 * @param string $specialsettings
 	 *            optional, custom webserver vhost-content which is added to the generated vhost, default empty
 	 * @param string $ssl_specialsettings
@@ -1181,6 +1201,7 @@ class Domains extends ApiCommand implements ResourceEntity
 
 			$subcanemaildomain = $this->getParam('subcanemaildomain', true, $result['subcanemaildomain']);
 			$isemaildomain = $this->getBoolParam('isemaildomain', true, $result['isemaildomain']);
+			$emaildomainverified = $this->getBoolParam('emaildomainverified', true, 0);
 			$email_only = $this->getBoolParam('email_only', true, $result['email_only']);
 			$p_serveraliasoption = $this->getParam('selectserveralias', true, -1);
 			$speciallogfile = $this->getBoolParam('speciallogfile', true, $result['speciallogfile']);
@@ -1264,7 +1285,7 @@ class Domains extends ApiCommand implements ResourceEntity
 
 			// count where we are used in email-accounts
 			$domain_emails_result_stmt = Database::prepare("
-				SELECT `email`, `email_full`, `destination`, `popaccountid` AS `number_email_forwarders`
+				SELECT `email`, `email_full`, `destination`, `popaccountid`
 				FROM `" . TABLE_MAIL_VIRTUAL . "` WHERE `customerid` = :customerid AND `domainid` = :id
 			");
 			Database::pexecute($domain_emails_result_stmt, [
@@ -1287,6 +1308,10 @@ class Domains extends ApiCommand implements ResourceEntity
 				}
 			}
 
+			if ($emails > 0 && (int)$isemaildomain == 0 && (int)$result['isemaildomain'] == 1 && (int)$emaildomainverified == 0) {
+				Response::standardError('emaildomainstillhasaddresses', '', true);
+			}
+
 			// handle change of customer (move domain from customer to customer)
 			if ($customerid > 0 && $customerid != $result['customerid'] && Settings::Get('panel.allow_domain_change_customer') == '1') {
 				// check whether target customer has enough resources
@@ -1395,10 +1420,6 @@ class Domains extends ApiCommand implements ResourceEntity
 				}
 			}
 
-			if (!preg_match('/^https?\:\/\//', $documentroot) && strstr($documentroot, ":") !== false) {
-				Response::standardError('pathmaynotcontaincolon', '', true);
-			}
-
 			if ($this->getUserDetail('change_serversettings') == '1') {
 				if (Settings::Get('system.bind_enable') == '1') {
 					$zonefile = Validate::validate($zonefile, 'zonefile', '', '', [], true);
@@ -1407,7 +1428,7 @@ class Domains extends ApiCommand implements ResourceEntity
 					$zonefile = $result['zonefile'];
 				}
 
-				if (Settings::Get('dkim.use_dkim') != '1') {
+				if (Settings::Get('antispam.activated') != '1') {
 					$dkim = $result['dkim'];
 				}
 
@@ -1443,7 +1464,6 @@ class Domains extends ApiCommand implements ResourceEntity
 			} else {
 				$isbinddomain = $result['isbinddomain'];
 				$zonefile = $result['zonefile'];
-				$dkim = $result['dkim'];
 				$specialsettings = $result['specialsettings'];
 				$ssl_specialsettings = $result['ssl_specialsettings'];
 				$include_specialsettings = $result['include_specialsettings'];
@@ -1527,13 +1547,12 @@ class Domains extends ApiCommand implements ResourceEntity
 				// enabled ssl for the domain but no ssl ip/port is selected
 				Response::standardError('nosslippportgiven', '', true);
 			}
-			if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports)) {
+			if (Settings::Get('system.use_ssl') == "0" || empty($ssl_ipandports) || !$sslenabled) {
 				$ssl_redirect = 0;
 				$letsencrypt = 0;
 				$http2 = 0;
-				// we need this for the json_encode
-				// if ssl is disabled or no ssl-ip/port exists
-				$ssl_ipandports[] = -1;
+				// act like $remove_ssl_ipandport
+				$ssl_ipandports = [];
 
 				// HSTS
 				$hsts_maxage = 0;
@@ -1563,15 +1582,25 @@ class Domains extends ApiCommand implements ResourceEntity
 			}
 
 			// Temporarily deactivate ssl_redirect until Let's Encrypt certificate was generated
-			if (($result['letsencrypt'] != $letsencrypt || $result['ssl_redirect'] != $ssl_redirect) && $ssl_redirect > 0 && $letsencrypt == 1) {
+			if ($result['letsencrypt'] != $letsencrypt && $ssl_redirect > 0 && $letsencrypt == 1) {
 				$ssl_redirect = 2;
 			}
 
-			if (!preg_match('/^https?\:\/\//', $documentroot)) {
+			$idna_convert = new IdnaWrapper();
 			if ($documentroot != $result['documentroot']) {
+				if (preg_match('/^https?\:\/\//', $documentroot)) {
+					$encoded = $idna_convert->encode($documentroot);
+					if (!Validate::validateUrl($encoded, true)) {
+						Response::standardError('invaliddocumentrooturl', '', true);
+					}
+					$documentroot = $encoded;
+				} else {
 					if (substr($documentroot, 0, 1) != "/") {
 						$documentroot = $customer['documentroot'] . '/' . $documentroot;
 					}
+					if (strpos($documentroot, ':') !== false) {
+						Response::standardError('pathmaynotcontaincolon', '', true);
+					}
 					$documentroot = FileDir::makeCorrectDir($documentroot);
 				}
 			}
@@ -1675,6 +1704,10 @@ class Domains extends ApiCommand implements ResourceEntity
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
 
+			if ($dkim != $result['dkim']) {
+				Cronjob::inserttask(TaskId::REBUILD_RSPAMD);
+			}
+
 			if ($speciallogfile != $result['speciallogfile'] && $speciallogverified != '1') {
 				$speciallogfile = $result['speciallogfile'];
 			}
@@ -2078,7 +2111,6 @@ class Domains extends ApiCommand implements ResourceEntity
 				}
 			}
 
-			$idna_convert = new IdnaWrapper();
 			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] updated domain '" . $idna_convert->decode($result['domain']) . "'");
 			$result = $this->apiCall('Domains.get', [
 				'domainname' => $result['domain']
@@ -2098,6 +2130,8 @@ class Domains extends ApiCommand implements ResourceEntity
 	 * @param bool $is_stdsubdomain
 	 *            optional, default false, specify whether it's a std-subdomain you are deleting as it does not count
 	 *            as subdomain-resource
+	 * @param bool $delete_userfiles
+	 *            optional, delete email account files on filesystem (if any), default false
 	 *
 	 * @access admin
 	 * @return string json-encoded array
@@ -2109,7 +2143,8 @@ class Domains extends ApiCommand implements ResourceEntity
 			$id = $this->getParam('id', true, 0);
 			$dn_optional = $id > 0;
 			$domainname = $this->getParam('domainname', $dn_optional, '');
-			$is_stdsubdomain = $this->getParam('is_stdsubdomain', true, 0);
+			$is_stdsubdomain = $this->getBoolParam('is_stdsubdomain', true, 0);
+			$delete_user_emailfiles = $this->getBoolParam('delete_userfiles', true, 0);
 
 			$result = $this->apiCall('Domains.get', [
 				'id' => $id,
@@ -2133,6 +2168,14 @@ class Domains extends ApiCommand implements ResourceEntity
 			$idString = implode(' OR ', $idString);
 
 			if ($idString != '') {
+				if ($delete_user_emailfiles) {
+					// determine all connected email-accounts
+					$emailaccount_sel = Database::prepare("SELECT `email`, `homedir`, `maildir` FROM `" . TABLE_MAIL_USERS . "` WHERE " . $idString);
+					Database::pexecute($emailaccount_sel, $paramString, true, true);
+					while ($emailacc_row = $emailaccount_sel->fetch(PDO::FETCH_ASSOC)) {
+						Cronjob::inserttask(TaskId::DELETE_EMAIL_DATA, $emailacc_row['email'], FileDir::makeCorrectDir($emailacc_row['homedir'] . '/' . $emailacc_row['maildir']));
+					}
+				}
 				$del_stmt = Database::prepare("
 						DELETE FROM `" . TABLE_MAIL_USERS . "` WHERE " . $idString);
 				Database::pexecute($del_stmt, $paramString, true, true);

lib/Froxlor/Api/Commands/EmailAccounts.php

@@ -157,10 +157,10 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 
 			// prefix hash-algo
 			switch (Settings::Get('system.passwordcryptfunc')) {
-				case PASSWORD_ARGON2I:
+				case 'argon2i':
 					$cpPrefix = '{ARGON2I}';
 					break;
-				case PASSWORD_ARGON2ID:
+				case 'argon2id':
 					$cpPrefix = '{ARGON2ID}';
 					break;
 				default:
@@ -260,10 +260,12 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 				$_mailerror = false;
 				$mailerr_msg = "";
 				try {
-					$this->mailer()->setFrom($admin['email'], User::getCorrectUserSalutation($admin));
+					$this->mailer()->setFrom(Settings::Get('panel.adminmail'), User::getCorrectUserSalutation($admin));
+					$this->mailer()->clearReplyTos();
+					$this->mailer()->addReplyTo($admin['email'], User::getCorrectUserSalutation($admin));
 					$this->mailer()->Subject = $mail_subject;
 					$this->mailer()->AltBody = $mail_body;
-					$this->mailer()->msgHTML(str_replace("\n", "<br />", $mail_body));
+					$this->mailer()->Body = str_replace("\n", "<br />", $mail_body);
 					$this->mailer()->addAddress($email_full);
 					$this->mailer()->send();
 				} catch (\PHPMailer\PHPMailer\Exception $e) {
@@ -290,7 +292,9 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 
 					$_mailerror = false;
 					try {
-						$this->mailer()->setFrom($admin['email'], User::getCorrectUserSalutation($admin));
+						$this->mailer()->setFrom(Settings::Get('panel.adminmail'), User::getCorrectUserSalutation($admin));
+						$this->mailer()->clearReplyTos();
+						$this->mailer()->addReplyTo($admin['email'], User::getCorrectUserSalutation($admin));
 						$this->mailer()->Subject = $mail_subject;
 						$this->mailer()->AltBody = $mail_body;
 						$this->mailer()->msgHTML(str_replace("\n", "<br />", $mail_body));
@@ -404,10 +408,10 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 			$password = Crypt::validatePassword($password, true);
 			// prefix hash-algo
 			switch (Settings::Get('system.passwordcryptfunc')) {
-				case PASSWORD_ARGON2I:
+				case 'argon2i':
 					$cpPrefix = '{ARGON2I}';
 					break;
-				case PASSWORD_ARGON2ID:
+				case 'argon2id':
 					$cpPrefix = '{ARGON2ID}';
 					break;
 				default:
@@ -523,7 +527,7 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 		$result = $this->apiCall('Emails.get', [
 			'id' => $id,
 			'emailaddr' => $emailaddr
-		]);
+		], true);
 		$id = $result['id'];
 
 		if (empty($result['popaccountid']) || $result['popaccountid'] == 0) {
@@ -563,7 +567,7 @@ class EmailAccounts extends ApiCommand implements ResourceEntity
 		}
 
 		if ($delete_userfiles) {
-			Cronjob::inserttask(TaskId::DELETE_EMAIL_DATA, $customer['loginname'], $result['email_full']);
+			Cronjob::inserttask(TaskId::DELETE_EMAIL_DATA, $customer['loginname'], FileDir::makeCorrectDir($result['homedir'] . '/' . $result['maildir']));
 		}
 
 		// decrease usage for customer

lib/Froxlor/Api/Commands/EmailDomains.php

@@ -69,7 +69,7 @@ class EmailDomains extends ApiCommand implements ResourceEntity
 		$result = [];
 		$query_fields = [];
 		$result_stmt = Database::prepare("
-		SELECT DISTINCT d.domain, e.domainid,
+		SELECT DISTINCT d.domain, d.domain_ace, e.domainid,
 		COUNT(e.email) as addresses,
 		IFNULL(SUM(CASE WHEN e.popaccountid > 0 THEN 1 ELSE 0 END), 0) as accounts,
 		IFNULL(SUM(

lib/Froxlor/Api/Commands/Emails.php

@@ -28,10 +28,12 @@ namespace Froxlor\Api\Commands;
 use Exception;
 use Froxlor\Api\ApiCommand;
 use Froxlor\Api\ResourceEntity;
+use Froxlor\Cron\TaskId;
 use Froxlor\Database\Database;
 use Froxlor\FroxlorLogger;
 use Froxlor\Idna\IdnaWrapper;
 use Froxlor\Settings;
+use Froxlor\System\Cronjob;
 use Froxlor\UI\Response;
 use Froxlor\Validate\Validate;
 use PDO;
@@ -49,6 +51,16 @@ class Emails extends ApiCommand implements ResourceEntity
 	 *            name of the address before @
 	 * @param string $domain
 	 *            domain-name for the email-address
+	 * @param float $spam_tag_level
+	 *            optional, score which is required to tag emails as spam, default: 7.0
+	 * @param bool $rewrite_subject
+	 *            optional, whether to add ***SPAM*** to the email's subject if applicable, default: [antispam.default_spam_rewrite_subject]
+	 * @param float $spam_kill_level
+	 *            optional, score which is required to discard emails, default: 14.0
+	 * @param boolean $bypass_spam
+	 *            optional, disable spam-filter entirely, default: [antispam.default_bypass_spam]
+	 * @param boolean $policy_greylist
+	 *            optional, enable grey-listing, default: [antispam.default_policy_greylist]
 	 * @param boolean $iscatchall
 	 *            optional, make this address a catchall address, default: no
 	 * @param int $customerid
@@ -74,14 +86,33 @@ class Emails extends ApiCommand implements ResourceEntity
 			$domain = $this->getParam('domain');
 
 			// parameters
+			$spam_tag_level = $this->getParam('spam_tag_level', true, '7.0');
+			$spam_kill_level = $this->getUlParam('spam_kill_level', 'spam_kill_level_ul', true, '14.0');
 			$iscatchall = $this->getBoolParam('iscatchall', true, 0);
 			$description = $this->getParam('description', true, '');
 
+			if ((int)Settings::Get('antispam.default_spam_rewrite_subject') <= 2) {
+				$rewrite_subject = $this->getBoolParam('rewrite_subject', true, (int)Settings::Get('antispam.default_spam_rewrite_subject') == 1 ? 1 : 0);
+			} else {
+				$rewrite_subject = (int)Settings::Get('antispam.default_spam_rewrite_subject') == 3 ? 1 : 0;
+			}
+			if ((int)Settings::Get('antispam.default_bypass_spam') <= 2) {
+				$bypass_spam = $this->getBoolParam('bypass_spam', true, (int)Settings::Get('antispam.default_bypass_spam') == 1 ? 1 : 0);
+			} else {
+				$bypass_spam = (int)Settings::Get('antispam.default_bypass_spam') == 3 ? 1 : 0;
+			}
+			if ((int)Settings::Get('antispam.default_policy_greylist') <= 2) {
+				$policy_greylist = $this->getBoolParam('policy_greylist', true, (int)Settings::Get('antispam.default_policy_greylist') == 1 ? 1 : 0);
+			} else {
+				$policy_greylist = (int)Settings::Get('antispam.default_policy_greylist') == 3 ? 1 : 0;
+			}
+
 			// validation
-			if (substr($domain, 0, 4) != 'xn--') {
 			$idna_convert = new IdnaWrapper();
+			if (substr($domain, 0, 4) != 'xn--') {
 				$domain = $idna_convert->encode(Validate::validate($domain, 'domain', '', '', [], true));
 			}
+			$email_part = $idna_convert->encode($email_part);
 
 			// check domain and whether it's an email-enabled domain
 			// use internal call because the customer might have 'domains' in customer_hide_options
@@ -89,10 +120,10 @@ class Emails extends ApiCommand implements ResourceEntity
 				'domainname' => $domain
 			], true);
 			if ((int)$domain_check['isemaildomain'] == 0) {
-				Response::standardError('maindomainnonexist', $domain, true);
+				Response::standardError('maindomainnonexist', $idna_convert->decode($domain), true);
 			}
 			if ((int)$domain_check['deactivated'] == 1) {
-				Response::standardError('maindomaindeactivated', $domain, true);
+				Response::standardError('maindomaindeactivated', $idna_convert->decode($domain), true);
 			}
 
 			if (Settings::Get('catchall.catchall_enabled') != '1') {
@@ -113,7 +144,7 @@ class Emails extends ApiCommand implements ResourceEntity
 
 			// validate it
 			if (!Validate::validateEmail($email_full)) {
-				Response::standardError('emailiswrong', $email_full, true);
+				Response::standardError('emailiswrong', $idna_convert->decode($email_full), true);
 			}
 
 			// get needed customer info to reduce the email-address-counter by one
@@ -134,17 +165,28 @@ class Emails extends ApiCommand implements ResourceEntity
 
 			if ($email_check) {
 				if (strtolower($email_check['email_full']) == strtolower($email_full)) {
-					Response::standardError('emailexistalready', $email_full, true);
+					Response::standardError('emailexistalready', $idna_convert->decode($email_full), true);
 				} elseif ($email_check['email'] == $email) {
 					Response::standardError('youhavealreadyacatchallforthisdomain', '', true);
 				}
 			}
 
+			$spam_tag_level = Validate::validate($spam_tag_level, 'spam_tag_level', '/^\d{1,}(\.\d{1})?$/', '', [7.0], true);
+			if ($spam_kill_level > -1) {
+				$spam_kill_level = Validate::validate($spam_kill_level, 'spam_kill_level', '/^\d{1,}(\.\d{1})?$/', '', [14.0], true);
+			}
+			$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);
+
 			$stmt = Database::prepare("
 				INSERT INTO `" . TABLE_MAIL_VIRTUAL . "` SET
 				`customerid` = :cid,
 				`email` = :email,
 				`email_full` = :email_full,
+				`spam_tag_level` = :spam_tag_level,
+				`rewrite_subject` = :rewrite_subject,
+				`spam_kill_level` = :spam_kill_level,
+				`bypass_spam` = :bypass_spam,
+				`policy_greylist` = :policy_greylist,
 				`iscatchall` = :iscatchall,
 				`domainid` = :domainid,
 				`description` = :description
@@ -153,6 +195,11 @@ class Emails extends ApiCommand implements ResourceEntity
 				"cid" => $customer['customerid'],
 				"email" => $email,
 				"email_full" => $email_full,
+				"spam_tag_level" => $spam_tag_level,
+				"rewrite_subject" => $rewrite_subject,
+				"spam_kill_level" => $spam_kill_level,
+				"bypass_spam" => $bypass_spam,
+				"policy_greylist" => $policy_greylist,
 				"iscatchall" => $iscatchall,
 				"domainid" => $domain_check['id'],
 				"description" => $description
@@ -162,6 +209,7 @@ class Emails extends ApiCommand implements ResourceEntity
 			// update customer usage
 			Customers::increaseUsage($customer['customerid'], 'emails_used');
 
+			Cronjob::inserttask(TaskId::REBUILD_RSPAMD);
 			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] added email address '" . $email_full . "'");
 
 			$result = $this->apiCall('Emails.get', [
@@ -194,12 +242,12 @@ class Emails extends ApiCommand implements ResourceEntity
 		$customer_ids = $this->getAllowedCustomerIds('email');
 		$params['idea'] = ($id <= 0 ? $emailaddr : $id);
 
-		$result_stmt = Database::prepare("SELECT v.`id`, v.`email`, v.`email_full`, v.`iscatchall`, v.`destination`, v.`customerid`, v.`popaccountid`, v.`domainid`, v.`description`, u.`quota`, u.`imap`, u.`pop3`, u.`postfix`, u.`mboxsize`
+		$result_stmt = Database::prepare("SELECT v.*, u.`quota`, u.`imap`, u.`pop3`, u.`postfix`, u.`mboxsize` " . ($this->isInternal() ? ", `u`.`homedir`, `u`.`maildir`" : "") . "
 			FROM `" . TABLE_MAIL_VIRTUAL . "` v
 			LEFT JOIN `" . TABLE_MAIL_USERS . "` u ON v.`popaccountid` = u.`id`
 			WHERE v.`customerid` IN (" . implode(", ", $customer_ids) . ")
-			AND " . (is_numeric($params['idea']) ? "v.`id`= :idea" : "(v.`email` = :idea OR v.`email_full` = :idea)")
-		);
+			AND " . (is_numeric($params['idea']) ? "v.`id`= :idea" : "(v.`email` = :idea OR v.`email_full` = :idea)"
+			));
 		$result = Database::pexecute_first($result_stmt, $params, true, true);
 		if ($result) {
 			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get email address '" . $result['email_full'] . "'");
@@ -220,6 +268,16 @@ class Emails extends ApiCommand implements ResourceEntity
 	 *            optional, required when called as admin (if $loginname is not specified)
 	 * @param string $loginname
 	 *            optional, required when called as admin (if $customerid is not specified)
+	 * @param float $spam_tag_level
+	 *            optional, score which is required to tag emails as spam, default: 7.0
+	 * @param bool $rewrite_subject
+	 *              optional, whether to add ***SPAM*** to the email's subject if applicable, default: [antispam.default_spam_rewrite_subject]
+	 * @param float $spam_kill_level
+	 *            optional, score which is required to discard emails, default: 14.0
+	 * @param boolean $bypass_spam
+	 *            optional, disable spam-filter entirely, default: [antispam.default_bypass_spam]
+	 * @param boolean $policy_greylist
+	 *            optional, enable grey-listing, default: [antispam.default_policy_greylist]
 	 * @param boolean $iscatchall
 	 *            optional
 	 * @param string $description
@@ -235,15 +293,6 @@ class Emails extends ApiCommand implements ResourceEntity
 			throw new Exception("You cannot access this resource", 405);
 		}
 
-		// if enabling catchall is not allowed by settings, we do not need
-		// to run update()
-		if (Settings::Get('catchall.catchall_enabled') != '1') {
-			Response::standardError([
-				'operationnotpermitted',
-				'featureisdisabled'
-			], 'catchall', true);
-		}
-
 		$id = $this->getParam('id', true, 0);
 		$ea_optional = $id > 0;
 		$emailaddr = $this->getParam('emailaddr', $ea_optional, '');
@@ -255,15 +304,46 @@ class Emails extends ApiCommand implements ResourceEntity
 		$id = $result['id'];
 
 		// parameters
+		$spam_tag_level = $this->getParam('spam_tag_level', true, $result['spam_tag_level']);
+		$spam_kill_level = $this->getUlParam('spam_kill_level', 'spam_kill_level_ul', true, $result['spam_kill_level']);
 		$iscatchall = $this->getBoolParam('iscatchall', true, $result['iscatchall']);
 		$description = $this->getParam('description', true, $result['description']);
 
+		if ((int)Settings::Get('antispam.default_spam_rewrite_subject') <= 2) {
+			$rewrite_subject = $this->getBoolParam('rewrite_subject', true, $result['rewrite_subject']);
+		} else {
+			$rewrite_subject = (int)Settings::Get('antispam.default_spam_rewrite_subject') == 3 ? 1 : 0;
+		}
+		if ((int)Settings::Get('antispam.default_bypass_spam') <= 2) {
+			$bypass_spam = $this->getBoolParam('bypass_spam', true, $result['bypass_spam']);
+		} else {
+			$bypass_spam = (int)Settings::Get('antispam.default_bypass_spam') == 3 ? 1 : 0;
+		}
+		if ((int)Settings::Get('antispam.default_policy_greylist') <= 2) {
+			$policy_greylist = $this->getBoolParam('policy_greylist', true, $result['policy_greylist']);
+		} else {
+			$policy_greylist = (int)Settings::Get('antispam.default_policy_greylist') == 3 ? 1 : 0;
+		}
+
+		// if enabling catchall is not allowed by settings, we do not need
+		// to run update()
+		if ($iscatchall && $result['iscatchall'] == 0 && Settings::Get('catchall.catchall_enabled') != '1') {
+			Response::standardError([
+				'operationnotpermitted',
+				'featureisdisabled'
+			], 'catchall', true);
+		}
+
 		// get needed customer info to reduce the email-address-counter by one
 		$customer = $this->getCustomerData();
 
 		// check for catchall-flag
+		$email = $result['email_full'];
 		if ($iscatchall) {
 			$iscatchall = '1';
+			$email = $result['email'];
+			// update only required if it was not a catchall before
+			if ($result['iscatchall'] == 0) {
 				$email_parts = explode('@', $result['email_full']);
 				$email = '@' . $email_parts[1];
 				// catchall check
@@ -279,24 +359,41 @@ class Emails extends ApiCommand implements ResourceEntity
 				if ($email_check) {
 					Response::standardError('youhavealreadyacatchallforthisdomain', '', true);
 				}
-		} else {
-			$iscatchall = '0';
-			$email = $result['email_full'];
+			}
 		}
 
+		$spam_tag_level = Validate::validate($spam_tag_level, 'spam_tag_level', '/^\d{1,}(\.\d{1,2})?$/', '', [7.0], true);
+		if ($spam_kill_level > -1) {
+			$spam_kill_level = Validate::validate($spam_kill_level, 'spam_kill_level', '/^\d{1,}(\.\d{1,2})?$/', '', [14.0], true);
+		}
+		$description = Validate::validate(trim($description), 'description', Validate::REGEX_DESC_TEXT, '', [], true);
+
 		$stmt = Database::prepare("
-			UPDATE `" . TABLE_MAIL_VIRTUAL . "`
-			SET `email` = :email , `iscatchall` = :caflag, `description` = :description
+			UPDATE `" . TABLE_MAIL_VIRTUAL . "` SET
+			`email` = :email ,
+			`spam_tag_level` = :spam_tag_level,
+			`rewrite_subject` = :rewrite_subject,
+			`spam_kill_level` = :spam_kill_level,
+			`bypass_spam` = :bypass_spam,
+			`policy_greylist` = :policy_greylist,
+			`iscatchall` = :caflag,
+			`description` = :description
 			WHERE `customerid`= :cid AND `id`= :id
 		");
 		$params = [
 			"email" => $email,
+			"spam_tag_level" => $spam_tag_level,
+			"rewrite_subject" => $rewrite_subject,
+			"spam_kill_level" => $spam_kill_level,
+			"bypass_spam" => $bypass_spam,
+			"policy_greylist" => $policy_greylist,
 			"caflag" => $iscatchall,
 			"description" => $description,
 			"cid" => $customer['customerid'],
 			"id" => $id
 		];
 		Database::pexecute($stmt, $params, true, true);
+		Cronjob::inserttask(TaskId::REBUILD_RSPAMD);
 		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_NOTICE, "[API] toggled catchall-flag for email address '" . $result['email_full'] . "'");
 
 		$result = $this->apiCall('Emails.get', [
@@ -334,13 +431,16 @@ class Emails extends ApiCommand implements ResourceEntity
 		$result = [];
 		$query_fields = [];
 		$result_stmt = Database::prepare("
-			SELECT m.`id`, m.`domainid`, m.`email`, m.`email_full`, m.`iscatchall`, m.`destination`, m.`popaccountid`, d.`domain`, u.`quota`, u.`imap`, u.`pop3`, u.`postfix`, u.`mboxsize`
+			SELECT m.*, d.`domain`, u.`quota`, u.`imap`, u.`pop3`, u.`postfix`, u.`mboxsize`
 			FROM `" . TABLE_MAIL_VIRTUAL . "` m
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` d ON (m.`domainid` = d.`id`)
 			LEFT JOIN `" . TABLE_MAIL_USERS . "` u ON (m.`popaccountid` = u.`id`)
 			WHERE m.`customerid` IN (" . implode(", ", $customer_ids) . ")" . $this->getSearchWhere($query_fields, true) . $this->getOrderBy() . $this->getLimit());
 		Database::pexecute($result_stmt, $query_fields, true, true);
+		$idna_convert = new IdnaWrapper();
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			$row['email'] = $idna_convert->decode($row['email']);
+			$row['email_full'] = $idna_convert->decode($row['email_full']);
 			$result[] = $row;
 		}
 		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] list email-addresses");

lib/Froxlor/Api/Commands/Froxlor.php

@@ -259,14 +259,15 @@ class Froxlor extends ApiCommand
 	 * returns a random password based on froxlor settings for min-length, included characters, etc.
 	 *
 	 * @param int $length
-	 *            optional length of password, defaults to 10
+	 *            optional length of password, defaults to 0 (panel.password_min_length)
 	 *
 	 * @access admin, customer
 	 * @return string
+	 * @throws Exception
 	 */
-	public function generatePassword()
+	public function generatePassword(): string
 	{
-		$length = $this->getParam('length', true, 10);
+		$length = $this->getParam('length', true, 0);
 		return $this->response(Crypt::generatePassword($length));
 	}
 

lib/Froxlor/Api/Commands/Ftps.php

@@ -288,7 +288,7 @@ class Ftps extends ApiCommand implements ResourceEntity
 					try {
 						$this->mailer()->Subject = $mail_subject;
 						$this->mailer()->AltBody = $mail_body;
-						$this->mailer()->msgHTML(str_replace("\n", "<br />", $mail_body));
+						$this->mailer()->Body = str_replace("\n", "<br />", $mail_body);
 						$this->mailer()->addAddress($customer['email'], User::getCorrectUserSalutation($customer));
 						$this->mailer()->send();
 					} catch (\PHPMailer\PHPMailer\Exception $e) {

lib/Froxlor/Api/Commands/Mysqls.php

@@ -54,7 +54,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 	 * @param string $description
 	 *            optional, description for database
 	 * @param string $custom_suffix
-	 *            optional, name for database
+	 *            optional, name for database if customer.mysqlprefix setting is set to "DBNAME"
 	 * @param bool $sendinfomail
 	 *            optional, send created resource-information to customer, default: false
 	 * @param int $customerid
@@ -110,9 +110,12 @@ class Mysqls extends ApiCommand implements ResourceEntity
 			$dbm = new DbManager($this->logger());
 
 			if (strtoupper(Settings::Get('customer.mysqlprefix')) == 'DBNAME' && !empty($databasename)) {
-				$username = $dbm->createDatabase($newdb_params['loginname'] . '_' . $databasename, $password, $dbserver);
+				if (strlen($newdb_params['loginname'] . '_' . $databasename) > Database::getSqlUsernameLength()) {
+					throw new Exception("Database name cannot be longer than " . (Database::getSqlUsernameLength() - strlen($newdb_params['loginname'] . '_')) . " characters.", 406);
+				}
+				$username = $dbm->createDatabase($newdb_params['loginname'] . '_' . $databasename, $password, $dbserver, 0, $newdb_params['loginname']);
 			} else {
-				$username = $dbm->createDatabase($newdb_params['loginname'], $password, $dbserver, $newdb_params['mysql_lastaccountnumber']);
+				$username = $dbm->createDatabase($newdb_params['loginname'], $password, $dbserver, $newdb_params['mysql_lastaccountnumber'], $newdb_params['loginname']);
 			}
 
 			// we've checked against the password in dbm->createDatabase
@@ -181,7 +184,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 				try {
 					$this->mailer()->Subject = $mail_subject;
 					$this->mailer()->AltBody = $mail_body;
-					$this->mailer()->msgHTML(str_replace("\n", "<br />", $mail_body));
+					$this->mailer()->Body = str_replace("\n", "<br />", $mail_body);
 					$this->mailer()->addAddress($userinfo['email'], User::getCorrectUserSalutation($userinfo));
 					$this->mailer()->send();
 				} catch (\PHPMailer\PHPMailer\Exception $e) {
@@ -538,7 +541,7 @@ class Mysqls extends ApiCommand implements ResourceEntity
 		// Begin root-session
 		Database::needRoot(true, $result['dbserver'], false);
 		$dbm = new DbManager($this->logger());
-		$dbm->getManager()->deleteDatabase($result['databasename']);
+		$dbm->getManager()->deleteDatabase($result['databasename'], $customer['loginname']);
 		Database::needRoot(false);
 		// End root-session
 

lib/Froxlor/Api/Commands/PhpSettings.php

@@ -222,8 +222,8 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 	 *            optional request terminate timeout if FPM is used, default is '60s'
 	 * @param string $phpfpm_reqslowtimeout
 	 *            optional request slowlog timeout if FPM is used, default is '5s'
-	 * @param bool $phpfpm_pass_authorizationheader
-	 *            optional whether to pass authorization header to webserver if FPM is used, default is 0 (false)
+	 * @param bool $pass_authorizationheader
+	 *            optional whether to pass authorization header to webserver if FPM/FCGID is used, default is 0 (false)
 	 * @param bool $override_fpmconfig
 	 *            optional whether to override fpm-daemon-config value for the following settings if FPM is used,
 	 *            default is 0 (false)
@@ -276,7 +276,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 			$fpm_enableslowlog = $this->getBoolParam('phpfpm_enable_slowlog', true, 0);
 			$fpm_reqtermtimeout = $this->getParam('phpfpm_reqtermtimeout', true, "60s");
 			$fpm_reqslowtimeout = $this->getParam('phpfpm_reqslowtimeout', true, "5s");
-			$fpm_pass_authorizationheader = $this->getBoolParam('phpfpm_pass_authorizationheader', true, 0);
+			$pass_authorizationheader = $this->getBoolParam('pass_authorizationheader', true, 0);
 
 			$override_fpmconfig = $this->getBoolParam('override_fpmconfig', true, 0);
 			$def_fpmconfig = $this->apiCall('FpmDaemons.get', [
@@ -312,7 +312,6 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 				$fpm_enableslowlog = 0;
 				$fpm_reqtermtimeout = 0;
 				$fpm_reqslowtimeout = 0;
-				$fpm_pass_authorizationheader = 0;
 				$override_fpmconfig = 0;
 			} elseif (Settings::Get('phpfpm.enabled') == 1) {
 				$fpm_reqtermtimeout = Validate::validate($fpm_reqtermtimeout, 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/', '', [], true);
@@ -377,7 +376,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 				'fpmreqslow' => $fpm_reqslowtimeout,
 				'phpsettings' => $phpsettings,
 				'fpmsettingid' => $fpm_config_id,
-				'fpmpassauth' => $fpm_pass_authorizationheader,
+				'fpmpassauth' => $pass_authorizationheader,
 				'ofc' => $override_fpmconfig,
 				'pm' => $pmanager,
 				'max_children' => $max_children,
@@ -464,7 +463,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 	 *            optional request terminate timeout if FPM is used, default is '60s'
 	 * @param string $phpfpm_reqslowtimeout
 	 *            optional request slowlog timeout if FPM is used, default is '5s'
-	 * @param bool $phpfpm_pass_authorizationheader
+	 * @param bool $pass_authorizationheader
 	 *            optional whether to pass authorization header to webserver if FPM is used, default is 0 (false)
 	 * @param bool $override_fpmconfig
 	 *            optional whether to override fpm-daemon-config value for the following settings if FPM is used,
@@ -516,7 +515,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 			$fpm_enableslowlog = $this->getBoolParam('phpfpm_enable_slowlog', true, $result['fpm_slowlog']);
 			$fpm_reqtermtimeout = $this->getParam('phpfpm_reqtermtimeout', true, $result['fpm_reqterm']);
 			$fpm_reqslowtimeout = $this->getParam('phpfpm_reqslowtimeout', true, $result['fpm_reqslow']);
-			$fpm_pass_authorizationheader = $this->getBoolParam('phpfpm_pass_authorizationheader', true, $result['pass_authorizationheader']);
+			$pass_authorizationheader = $this->getBoolParam('pass_authorizationheader', true, $result['pass_authorizationheader']);
 			$override_fpmconfig = $this->getBoolParam('override_fpmconfig', true, $result['override_fpmconfig']);
 			$pmanager = $this->getParam('pm', true, $result['pm']);
 			$max_children = $this->getParam('max_children', true, $result['max_children']);
@@ -548,7 +547,6 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 				$fpm_enableslowlog = 0;
 				$fpm_reqtermtimeout = 0;
 				$fpm_reqslowtimeout = 0;
-				$fpm_pass_authorizationheader = 0;
 				$override_fpmconfig = 0;
 			} elseif (Settings::Get('phpfpm.enabled') == 1) {
 				$fpm_reqtermtimeout = Validate::validate($fpm_reqtermtimeout, 'phpfpm_reqtermtimeout', '/^([0-9]+)(|s|m|h|d)$/', '', [], true);
@@ -614,7 +612,7 @@ class PhpSettings extends ApiCommand implements ResourceEntity
 				'fpmreqslow' => $fpm_reqslowtimeout,
 				'phpsettings' => $phpsettings,
 				'fpmsettingid' => $fpm_config_id,
-				'fpmpassauth' => $fpm_pass_authorizationheader,
+				'fpmpassauth' => $pass_authorizationheader,
 				'ofc' => $override_fpmconfig,
 				'pm' => $pmanager,
 				'max_children' => $max_children,

lib/Froxlor/Api/Commands/SubDomains.php

@@ -296,6 +296,8 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				// assign default config
 				$phpsid_result['phpsettingid'] = 1;
 			}
+
+			if ($domain_check['phpenabled'] == 1) {
 				// check whether the customer has chosen its own php-config
 				if ($phpsettingid > 0 && $phpsettingid != $phpsid_result['phpsettingid']) {
 					$phpsid_result['phpsettingid'] = intval($phpsettingid);
@@ -313,6 +315,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 						Response::standardError('notallowedphpconfigused', '', true);
 					}
 				}
+			}
 
 			// actually insert domain
 			$stmt = Database::prepare("
@@ -500,8 +503,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] get subdomain '" . $result['domain'] . "'");
 			return $this->response($result);
 		}
-		$key = ($id > 0 ? "id #" . $id : "domainname '" . $domainname . "'");
-		throw new Exception("Subdomain with " . $key . " could not be found", 404);
+		throw new Exception("Requested subdomain could not be found", 404);
 	}
 
 	private function getHasCertValueForDomain(int $domainid, int $parentdomainid): int
@@ -547,32 +549,33 @@ class SubDomains extends ApiCommand implements ResourceEntity
 	 */
 	private function validateDomainDocumentRoot($path = null, $url = null, $customer = null, $completedomain = null, &$_doredirect = false)
 	{
-		// check whether an URL was specified
 		$_doredirect = false;
-		if (!empty($url) && Validate::validateUrl($url, true)) {
-			$path = $url;
+		$idna = new IdnaWrapper();
+
+		// url mode: either $url or $path begins with http:// or https://
+		$maybeUrl = !empty($url) ? $url : (preg_match('/^https?\:\/\//', $path) ? $path : '');
+		if ($maybeUrl !== '') {
+			$encoded = $idna->encode($maybeUrl);
+			if (!Validate::validateUrl($encoded, true)) {
+				Response::standardError('invaliddocumentrooturl', '', true);
+			}
 			$_doredirect = true;
-		} else {
-			$path = Validate::validate($path, 'path', '', '', [], true);
+			return $encoded;
 		}
 
-		// check whether path is a real path
-		if (!preg_match('/^https?\:\/\//', $path) || !Validate::validateUrl($path, true)) {
-			if (strstr($path, ":") !== false) {
+		// path mode: regular directory path
+		$path = Validate::validate($path, 'path', Validate::REGEX_DIR, '', [], true);
+
+		// default path if empty and setting active
+		if (($path === '' || $path === '/') && Settings::Get('system.documentroot_use_default_value') == 1) {
+			return FileDir::makeCorrectDir($customer['documentroot'] . '/' . $completedomain, $customer['documentroot']);
+		}
+		// check if path does not contain a colon
+		if (strpos($path, ':') !== false) {
 			Response::standardError('pathmaynotcontaincolon', '', true);
 		}
-			// If path is empty or '/' and 'Use domain name as default value for DocumentRoot path' is enabled in settings,
-			// set default path to subdomain or domain name
-			if ((($path == '') || ($path == '/')) && Settings::Get('system.documentroot_use_default_value') == 1) {
-				$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $completedomain, $customer['documentroot']);
-			} else {
-				$path = FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);
-			}
-		} else {
-			// no it's not, create a redirect
-			$_doredirect = true;
-		}
-		return $path;
+
+		return FileDir::makeCorrectDir($customer['documentroot'] . '/' . $path, $customer['documentroot']);
 	}
 
 	/**
@@ -797,7 +800,7 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			$allowed_phpconfigs = [];
 		}
 		// only with fcgid/fpm enabled will it be possible to select a php-setting
-		if ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) {
+		if ((int)$result['phpenabled'] == 1 && ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1)) {
 			if (!in_array($phpsettingid, $allowed_phpconfigs)) {
 				Response::standardError('notallowedphpconfigused', '', true);
 			}
@@ -980,9 +983,11 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				'`d`.`letsencrypt`',
 				'`d`.`registration_date`',
 				'`d`.`termination_date`',
-				'`d`.`deactivated`'
+				'`d`.`deactivated`',
+				'`d`.`email_only`',
 			];
 		}
+
 		$query_fields = [];
 
 		// prepare select statement
@@ -993,7 +998,6 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `pd` ON `pd`.`id`=`d`.`parentdomainid`
 			WHERE `d`.`customerid` IN (" . implode(', ', $customer_ids) . ")
-			AND `d`.`email_only` = '0'
 			" . $this->getSearchWhere($query_fields, true) . " GROUP BY `d`.`id` ORDER BY `parentdomainname` ASC, `d`.`parentdomainid` ASC " . $this->getOrderBy(true) . $this->getLimit());
 
 		$result = [];
@@ -1089,13 +1093,13 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				$this->getUserDetail('customerid')
 			];
 		}
+
 		if (!empty($customer_ids)) {
 			// prepare select statement
 			$domains_stmt = Database::prepare("
 				SELECT COUNT(*) as num_subdom
 				FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 				WHERE `d`.`customerid` IN (" . implode(', ', $customer_ids) . ")
-				AND `d`.`email_only` = '0'
 			");
 			$result = Database::pexecute_first($domains_stmt, null, true, true);
 			if ($result) {

lib/Froxlor/Api/Commands/SysLog.php

@@ -90,6 +90,8 @@ class SysLog extends ApiCommand implements ResourceEntity
 		}
 		Database::pexecute($result_stmt, $query_fields, true, true);
 		while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
+			// clean log-text
+			$row['text'] = preg_replace("/[^\w @#\"':.,()\[\]+\-_\/\\\!]/i", "_", $row['text']);
 			$result[] = $row;
 		}
 		$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_INFO, "[API] list log-entries");
@@ -223,7 +225,7 @@ class SysLog extends ApiCommand implements ResourceEntity
 			}
 			$params['trunc'] = $truncatedate;
 			Database::pexecute($result_stmt, $params, true, true);
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] truncated the froxlor syslog");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] truncated the froxlor syslog");
 			return $this->response(true);
 		}
 		throw new Exception("Not allowed to execute given command.", 403);

lib/Froxlor/Api/Response.php

@@ -34,7 +34,9 @@ class Response
 
 	public static function jsonResponse($data = null, int $response_code = 200)
 	{
+		if (!defined('TRAVIS_CI') || TRAVIS_CI == 0) {
 			http_response_code($response_code);
+		}
 
 		return json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT);
 	}

lib/Froxlor/Cli/ConfigServices.php

@@ -43,11 +43,10 @@ final class ConfigServices extends CliCommand
 {
 	private $yes_to_all_supported = [
 		'bookworm',
-		'bionic',
 		'bullseye',
-		'buster',
 		'focal',
 		'jammy',
+		'noble',
 	];
 
 	protected function configure()
@@ -172,8 +171,8 @@ final class ConfigServices extends CliCommand
 		$distributions_select_data = [];
 
 		//set default os.
-		$os_dist = ['ID' => 'bullseye'];
-		$os_version = ['0' => '11'];
+		$os_dist = ['ID' => 'bookworm'];
+		$os_version = ['0' => '12'];
 		$os_default = $os_dist['ID'];
 
 		//read os-release
@@ -218,6 +217,10 @@ final class ConfigServices extends CliCommand
 		$_daemons_config['distro'] = $io->choice('Choose distribution', $valid_dists, $os_default);
 
 		// go through all services and let user check whether to include it or not
+		if (empty($_daemons_config['distro']) || !file_exists($config_dir . '/' . $_daemons_config['distro']. ".xml")) {
+			$output->writeln('<error>Empty or non-existing distribution given.</>');
+			return self::INVALID;
+		}
 		$configfiles = new ConfigParser($config_dir . '/' . $_daemons_config['distro'] . ".xml");
 		$services = $configfiles->getServices();
 
@@ -353,7 +356,12 @@ final class ConfigServices extends CliCommand
 		}
 
 		if (!empty($decoded_config)) {
+
 			$config_dir = Froxlor::getInstallDir() . 'lib/configfiles/';
+			if (empty($decoded_config['distro']) || !file_exists($config_dir . '/' . $decoded_config['distro']. ".xml")) {
+				$output->writeln('<error>Empty or non-existing distribution given. Please login with an admin, go to "System -> Configuration" and select your correct distribution in the top-right corner or specify valid distribution name for "distro" parameter.</>');
+				return self::INVALID;
+			}
 			$configfiles = new ConfigParser($config_dir . '/' . $decoded_config['distro']. ".xml");
 			$services = $configfiles->getServices();
 			$replace_arr = $this->getReplacerArray();
@@ -402,7 +410,7 @@ final class ConfigServices extends CliCommand
 							case "file":
 								if (array_key_exists('content', $action)) {
 									$output->writeln('<comment>Creating file "' . $action['name'] . '"</>');
-									file_put_contents($action['name'], trim(strtr($action['content'], $replace_arr)));
+									file_put_contents($action['name'], trim(strtr($action['content'], $replace_arr)) . PHP_EOL);
 								} elseif (array_key_exists('subcommands', $action)) {
 									foreach ($action['subcommands'] as $fileaction) {
 										if (array_key_exists('execute', $fileaction) && $fileaction['execute'] == "pre") {
@@ -411,7 +419,7 @@ final class ConfigServices extends CliCommand
 											exec(strtr($fileaction['content'], $replace_arr));
 										} elseif ($fileaction['type'] == 'file') {
 											$output->writeln('<comment>Creating file "' . $fileaction['name'] . '"</>');
-											file_put_contents($fileaction['name'], trim(strtr($fileaction['content'], $replace_arr)));
+											file_put_contents($fileaction['name'], trim(strtr($fileaction['content'], $replace_arr)) . PHP_EOL);
 										}
 									}
 								}
@@ -514,6 +522,7 @@ final class ConfigServices extends CliCommand
 			'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup'),
 			'<SSL_CERT_FILE>' => Settings::Get('system.ssl_cert_file'),
 			'<SSL_KEY_FILE>' => Settings::Get('system.ssl_key_file'),
+			'<ADMIN_MAIL>' => Settings::Get('panel.adminmail'),
 		];
 	}
 }

lib/Froxlor/Cli/InstallCommand.php

@@ -27,10 +27,13 @@ namespace Froxlor\Cli;
 
 use Exception;
 use Froxlor\Config\ConfigParser;
+use Froxlor\Database\Database;
 use Froxlor\Froxlor;
 use Froxlor\Install\Install;
 use Froxlor\Install\Install\Core;
+use Froxlor\Settings;
 use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Helper\Table;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
@@ -50,7 +53,8 @@ final class InstallCommand extends Command
 		$this->setDescription('Installation process to use instead of web-ui');
 		$this->addArgument('input-file', InputArgument::OPTIONAL, 'Optional JSON array file to use for unattended installations');
 		$this->addOption('print-example-file', 'p', InputOption::VALUE_NONE, 'Outputs an example JSON content to be used with the input file parameter')
-			->addOption('create-userdata-from-str', 'c', InputOption::VALUE_REQUIRED, 'Creates lib/userdata.inc.php file from string created by web-install process');
+			->addOption('create-userdata-from-str', 'c', InputOption::VALUE_REQUIRED, 'Creates lib/userdata.inc.php file from string created by web-install process')
+			->addOption('show-sysinfo', 's', InputOption::VALUE_NONE, 'Outputs system information about your froxlor installation');
 	}
 
 	/**
@@ -72,6 +76,15 @@ final class InstallCommand extends Command
 			return self::INVALID;
 		}
 
+		if ($input->getOption('show-sysinfo') !== false) {
+			if (!file_exists(Froxlor::getInstallDir() . '/lib/userdata.inc.php')) {
+				$output->writeln("<error>Could not find froxlor's userdata.inc.php file. You can use this parameter only with an installed froxlor system.</>");
+				return self::INVALID;
+			}
+			$this->printSysInfo($output);
+			return self::SUCCESS;
+		}
+
 		session_start();
 
 		require __DIR__ . '/install.functions.php';
@@ -211,7 +224,7 @@ final class InstallCommand extends Command
 						$ask_field = false;
 					}
 					$fielddata['value'] = $this->formfielddata[$fieldname] ?? ($fielddata['value'] ?? null);
-					$fielddata['label'] = strip_tags(str_replace("<br>", " ", $fielddata['label']));
+					$fielddata['label'] = $this->cliTextFormat($fielddata['label'], " ");
 					if ($ask_field) {
 						if ($fielddata['type'] == 'password') {
 							$this->formfielddata[$fieldname] = $this->io->askHidden($fielddata['label'], function ($value) use ($fielddata) {
@@ -267,15 +280,17 @@ final class InstallCommand extends Command
 			case 4:
 				$section = $inst->formfield['install']['sections']['step' . $step] ?? [];
 				$this->io->section($section['title']);
-				$this->io->note($section['description']);
+				$this->io->note($this->cliTextFormat($section['description']));
 				$cmdfield = $section['fields']['system'];
 				$this->io->success([
 					$cmdfield['label'],
 					$cmdfield['value']
 				]);
+				if (!isset($decoded_input['manual_config']) || (bool)$decoded_input['manual_config'] === false) {
 					if (!empty($decoded_input) || $this->io->confirm('Execute command now?', false)) {
 						passthru($cmdfield['value']);
 					}
+				}
 				break;
 		}
 		return $result;
@@ -305,7 +320,7 @@ final class InstallCommand extends Command
 		$json_output = [];
 		foreach ($fields['install']['sections'] as $section => $section_fields) {
 			foreach ($section_fields['fields'] as $name => $field) {
-				if ($name == 'system' || $name == 'manual_config' || $name == 'target_servername') {
+				if ($name == 'system' || $name == 'target_servername') {
 					continue;
 				}
 				if ($field['type'] == 'text' || $field['type'] == 'email') {
@@ -346,4 +361,61 @@ final class InstallCommand extends Command
 		curl_close($ch);
 		fclose($fp);
 	}
+
+	private function printSysInfo(OutputInterface $output)
+	{
+
+		$php_sapi = 'mod_php';
+		$php_version = phpversion();
+		if (Settings::Get('system.mod_fcgid') == '1') {
+			$php_sapi = 'FCGID';
+			if (Settings::Get('system.mod_fcgid_ownvhost') == '1') {
+				$php_sapi .= ' (+ froxlor)';
+			}
+		} elseif (Settings::Get('phpfpm.enabled') == '1') {
+			$php_sapi = 'PHP-FPM';
+			if (Settings::Get('phpfpm.enabled_ownvhost') == '1') {
+				$php_sapi .= ' (+ froxlor)';
+			}
+		}
+
+		$kernel = 'unknown';
+		if (function_exists('posix_uname')) {
+			$kernel_nfo = posix_uname();
+			$kernel = $kernel_nfo['release'] . ' (' . $kernel_nfo['machine'] . ')';
+		}
+
+		$ips = [];
+		$ips_stmt = Database::query("SELECT CONCAT(`ip`, ' (', `port`, ')') as ipaddr FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `id`");
+		while ($ip = $ips_stmt->fetch(\PDO::FETCH_ASSOC)) {
+			$ips[] = $ip['ipaddr'];
+		}
+
+		$table = new Table($output);
+		$table
+			->setHeaders([
+				'Key', 'Value'
+			])
+			->setRows([
+				['Froxlor', Froxlor::getVersionString()],
+				['Update-channel', Settings::Get('system.update_channel')],
+				['Hostname', Settings::Get('system.hostname')],
+				['Install-dir', Froxlor::getInstallDir()],
+				['PHP CLI', $php_version],
+				['PHP SAPI', $php_sapi],
+				['Webserver', Settings::Get('system.webserver')],
+				['Kernel', $kernel],
+				['Database', Database::getAttribute(\PDO::ATTR_SERVER_VERSION)],
+				['Distro config', Settings::Get('system.distribution')],
+				['IP addresses', implode("\n", $ips)],
+			]);
+		$table->setStyle('box');
+		$table->render();
+	}
+
+	private function cliTextFormat(string $text, string $nl_char = "\n"): string
+	{
+		$text = str_replace(['<br>', '<br/>', '<br />'], [$nl_char, $nl_char, $nl_char], $text);
+		return strip_tags($text);
+	}
 }

lib/Froxlor/Cli/MasterCron.php

@@ -52,7 +52,7 @@ final class MasterCron extends CliCommand
 		$this->setName('froxlor:cron');
 		$this->setDescription('Regulary perform tasks created by froxlor');
 		$this->addArgument('job', InputArgument::IS_ARRAY, 'Job(s) to run');
-		$this->addOption('run-task', 'r', InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Run a specific task [1 = re-generate configs, 4 = re-generate dns zones, 10 = re-set quotas, 99 = re-create cron.d-file]')
+		$this->addOption('run-task', 'r', InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'Run a specific task [1 = re-generate configs, 4 = re-generate dns zones, 9 = re-generate rspamd configs, 10 = re-set quotas, 99 = re-create cron.d-file]')
 			->addOption('force', 'f', InputOption::VALUE_NONE, 'Forces given job or, if none given, forces re-generating of config-files (webserver, nameserver, etc.)')
 			->addOption('debug', 'd', InputOption::VALUE_NONE, 'Output debug information about what is going on to STDOUT.')
 			->addOption('no-fork', 'N', InputOption::VALUE_NONE, 'Do not fork to background (traffic cron only).');
@@ -77,8 +77,10 @@ final class MasterCron extends CliCommand
 			if (empty($jobs) || in_array('tasks', $jobs)) {
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 				Cronjob::inserttask(TaskId::REBUILD_DNS);
+				Cronjob::inserttask(TaskId::REBUILD_RSPAMD);
 				Cronjob::inserttask(TaskId::CREATE_QUOTA);
 				Cronjob::inserttask(TaskId::REBUILD_CRON);
+				Cronjob::inserttask(TaskId::UPDATE_LE_SERVICES);
 				$jobs[] = 'tasks';
 			}
 			define('CRON_IS_FORCED', 1);
@@ -95,7 +97,7 @@ final class MasterCron extends CliCommand
 		if ($input->getOption('run-task')) {
 			$tasks_to_run = $input->getOption('run-task');
 			foreach ($tasks_to_run as $ttr) {
-				if (in_array($ttr, [TaskId::REBUILD_VHOST, TaskId::REBUILD_DNS, TaskId::CREATE_QUOTA, TaskId::REBUILD_CRON])) {
+				if (in_array($ttr, [TaskId::REBUILD_VHOST, TaskId::REBUILD_DNS, TaskId::REBUILD_RSPAMD, TaskId::CREATE_QUOTA, TaskId::REBUILD_CRON])) {
 					Cronjob::inserttask($ttr);
 					$jobs[] = 'tasks';
 				} else {
@@ -170,8 +172,9 @@ final class MasterCron extends CliCommand
 			FroxlorLogger::getInstanceOf()->setCronLog(0);
 		}
 
-		// clean up possible old login-links
+		// clean up possible old login-links and 2fa tokens
 		Database::query("DELETE FROM `" . TABLE_PANEL_LOGINLINKS . "` WHERE `valid_until` < UNIX_TIMESTAMP()");
+		Database::query("DELETE FROM `" . TABLE_PANEL_2FA_TOKENS . "` WHERE `valid_until` < UNIX_TIMESTAMP()");
 
 		return $result;
 	}
@@ -212,9 +215,14 @@ final class MasterCron extends CliCommand
 
 		if (file_exists($this->lockFile)) {
 			$jobinfo = json_decode(file_get_contents($this->lockFile), true);
+			if ($jobinfo === false || !is_array($jobinfo)) {
+				// looks like an invalid lockfile
+				$check_pid_return = 1;
+			} else {
 				$check_pid_return = null;
 				// get status of process
 				system("kill -CHLD " . (int)$jobinfo['pid'] . " 1> /dev/null 2> /dev/null", $check_pid_return);
+			}
 			if ($check_pid_return == 1) {
 				// Process does not seem to run, most likely it has died
 				$this->unlockJob();
@@ -263,6 +271,8 @@ final class MasterCron extends CliCommand
 		if ($jobcount > 0) {
 			if (Settings::Get('system.nssextrausers') == 1) {
 				Extrausers::generateFiles($this->cronLog);
+				// reload crond as shell users might use crontab and the user is only known to crond if reloaded
+				FileDir::safe_exec(escapeshellcmd(Settings::Get('system.crondreload')));
 				return;
 			}
 
@@ -275,6 +285,8 @@ final class MasterCron extends CliCommand
 				FileDir::safe_exec('nscd -i group 1> /dev/null', $false_val, [
 					'>'
 				]);
+				// reload crond as shell users might use crontab and the user is only known to crond if reloaded
+				FileDir::safe_exec(escapeshellcmd(Settings::Get('system.crondreload')));
 			}
 		}
 	}

lib/Froxlor/Cli/RunApiCommand.php

@@ -42,7 +42,7 @@ final class RunApiCommand extends CliCommand
 		$this->setDescription('Run an API command as given user');
 		$this->addArgument('user', InputArgument::REQUIRED, 'Loginname of the user you want to run the command as')
 			->addArgument('api-command', InputArgument::REQUIRED, 'The command to execute in the form "Module.function"')
-			->addArgument('parameters', InputArgument::OPTIONAL, 'Paramaters to pass to the command as JSON array');
+			->addArgument('parameters', InputArgument::OPTIONAL, 'Parameters to pass to the command as JSON array');
 		$this->addOption('show-params', 's', InputOption::VALUE_NONE, 'Show possible parameters for given api-command (given command will *not* be called)');
 	}
 

lib/Froxlor/Cli/UpdateCommand.php

@@ -28,13 +28,17 @@ namespace Froxlor\Cli;
 use Exception;
 use Froxlor\Froxlor;
 use Froxlor\Install\AutoUpdate;
+use Froxlor\Install\Preconfig;
 use Froxlor\Install\Update;
 use Froxlor\Settings;
 use Froxlor\System\Mailer;
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\ChoiceQuestion;
 use Symfony\Component\Console\Question\ConfirmationQuestion;
+use Symfony\Component\Console\Question\Question;
+use Symfony\Component\Console\Style\SymfonyStyle;
 
 final class UpdateCommand extends CliCommand
 {
@@ -44,6 +48,8 @@ final class UpdateCommand extends CliCommand
 		$this->setName('froxlor:update');
 		$this->setDescription('Check for newer version and update froxlor');
 		$this->addOption('check-only', 'c', InputOption::VALUE_NONE, 'Only check for newer version and exit')
+			->addOption('show-update-options', 'o', InputOption::VALUE_NONE, 'Show possible update option parameter for the update if any. Only usable in combination with "check-only".')
+			->addOption('update-options', 'O', InputOption::VALUE_IS_ARRAY | InputOption::VALUE_REQUIRED, 'Parameter list of update options.')
 			->addOption('database', 'd', InputOption::VALUE_NONE, 'Only run database updates in case updates are done via apt or manually.')
 			->addOption('mail-notify', 'm', InputOption::VALUE_NONE, 'Additionally inform administrator via email if a newer version was found')
 			->addOption('yes-to-all', 'A', InputOption::VALUE_NONE, 'Do not ask for download, extract and database-update, just do it (if not --check-only is set)')
@@ -58,13 +64,18 @@ final class UpdateCommand extends CliCommand
 		if ($input->getOption('database')) {
 			$result = $this->validateRequirements($output, true);
 			if ($result == self::SUCCESS) {
+				require Froxlor::getInstallDir() . '/lib/functions.php';
 				if (Froxlor::hasUpdates() || Froxlor::hasDbUpdates()) {
-					$output->writeln('<info>' . lng('updates.dbupdate_required') . '</>');
+					$output->writeln('<info>' . lng('update.dbupdate_required') . '</>');
 					if ($input->getOption('check-only')) {
 						$output->writeln('<comment>Doing nothing because of "check-only" flag.</>');
+						$this->askUpdateOptions($input, $output, null, false);
 					} else {
 						$yestoall = $input->getOption('yes-to-all') !== false;
 						$helper = $this->getHelper('question');
+
+						$this->askUpdateOptions($input, $output, $helper, $yestoall);
+
 						$question = new ConfirmationQuestion('Update database? [no] ', false, '/^(y|j)/i');
 						if ($yestoall || $helper->ask($input, $output, $question)) {
 							$result = $this->runUpdate($output, true);
@@ -72,7 +83,7 @@ final class UpdateCommand extends CliCommand
 					}
 					return $result;
 				}
-				$output->writeln('<info>' . lng('update.noupdatesavail', (Settings::Get('system.update_channel') == 'testing' ? lng('serversettings.uc_testing') . ' ' : '')) . '</>');
+				$output->writeln('<info>' . lng('update.noupdatesavail', [(Settings::Get('system.update_channel') == 'testing' ? lng('serversettings.uc_testing') . ' ' : '')]) . '</>');
 			}
 			return $result;
 		}
@@ -151,6 +162,7 @@ final class UpdateCommand extends CliCommand
 			// check whether we only wanted to check
 			if ($input->getOption('check-only')) {
 				//$output->writeln('<comment>Not proceeding as "check-only" is specified</>');
+				$this->askUpdateOptions($input, $output, null, false);
 				return $result;
 			} else {
 				$yestoall = $input->getOption('yes-to-all') !== false;
@@ -173,9 +185,13 @@ final class UpdateCommand extends CliCommand
 							if ($auex == 0) {
 								$output->writeln("<info>Froxlor files updated successfully.</>");
 								$result = self::SUCCESS;
+
+								$this->askUpdateOptions($input, $output, $helper, $yestoall);
+
 								$question = new ConfirmationQuestion('Update database? [no] ', false, '/^(y|j)/i');
 								if ($yestoall || $helper->ask($input, $output, $question)) {
-									$result = $this->runUpdate($output, true);
+									// run in separate process to ensure the use of newly unpacked files
+									passthru(Froxlor::getInstallDir() . '/bin/froxlor-cli froxlor:update -dA', $result);
 								}
 							} else {
 								$errmsg = 'error.autoupdate_' . $auex;
@@ -194,6 +210,135 @@ final class UpdateCommand extends CliCommand
 		return $result;
 	}
 
+	/**
+	 * @param InputInterface $input
+	 * @param OutputInterface $output
+	 * @param $helper
+	 * @param bool $yestoall
+	 * @return void
+	 */
+	private function askUpdateOptions(InputInterface $input, OutputInterface $output, $helper, bool $yestoall = false)
+	{
+		// check for preconfigs
+		$preconfig = Preconfig::getPreConfig(true);
+		$show_options_only = $input->getOption('show-update-options') !== false;
+		if (!is_null($helper) && $show_options_only) {
+			$output->writeln('<comment>Unsetting "show-update-options" due to not being called with "check-only".</>');
+			$show_options_only = false;
+		}
+		$update_options = [];
+		// set parameters
+		$uOptions = $input->getOption('update-options');
+		if (!empty($uOptions)) {
+			$options_value = [];
+			foreach ($uOptions as $givenOption) {
+				$optVal = explode("=", $givenOption);
+				if (count($optVal) == 2) {
+					$options_value[$optVal[0]] = $optVal[1];
+				}
+			}
+		}
+		if (!empty($preconfig)) {
+			krsort($preconfig);
+			foreach ($preconfig as $section) {
+				if (!$show_options_only) {
+					$output->writeln("<info>Updater questions for " . $section['title'] . "</>");
+				}
+				foreach ($section['fields'] as $update_field => $metainfo) {
+					if (isset($options_value[$update_field])) {
+						$output->writeln('Setting given parameter "' . $update_field . '" to "' . $options_value[$update_field] . '"');
+						$_POST[$update_field] = $options_value[$update_field];
+						continue;
+					}
+					$default = null;
+					$question_text = html_entity_decode(strip_tags($metainfo['label']), ENT_QUOTES | ENT_IGNORE, "UTF-8");
+					if ($metainfo['type'] == 'checkbox') {
+						$default = (int)$metainfo['checked'];
+						if ($show_options_only) {
+							$update_options[] = [
+								'name' => $update_field,
+								'question' => $question_text,
+								'default' => $default,
+								'choices' => '0: No' . PHP_EOL . '1: Yes' . PHP_EOL
+							];
+						} else {
+							$question = new ConfirmationQuestion($question_text . ' [' . ($metainfo['checked'] ? 'yes' : 'no') . '] ', (bool)$metainfo['checked'], '/^(y|j)/i');
+						}
+					} elseif ($metainfo['type'] == 'select') {
+						$default = $metainfo['selected'];
+						$choices = "";
+						foreach (array_values($metainfo['select_var'] ?? []) as $index => $choice) {
+							$choices .= $index . ': ' . $choice . PHP_EOL;
+						}
+						if ($show_options_only) {
+							$update_options[] = [
+								'name' => $update_field,
+								'question' => $question_text,
+								'default' => !empty($default) ? $default : '-',
+								'choices' => $choices
+							];
+						} else {
+							$question = new ChoiceQuestion(
+								$question_text,
+								array_values($metainfo['select_var'] ?? []),
+								$metainfo['selected']
+							);
+							$question->setValidator(function ($answer) use ($metainfo): string {
+								$key = array_keys($metainfo['select_var'])[(int)$answer] ?? false; // Find the key based on the selected value
+								if ($key === false) {
+									throw new \RuntimeException('Invalid selection.');
+								}
+								return $key;
+							});
+						}
+					} elseif ($metainfo['type'] == 'text') {
+						$default = $metainfo['value'] ?? '';
+						if ($show_options_only) {
+							$update_options[] = [
+								'name' => $update_field,
+								'question' => $question_text,
+								'default' => $default,
+								'choices' => PHP_EOL
+							];
+						} else {
+							$question = new Question($question_text . (!empty($metainfo['value']) ? ' [' . $metainfo['value'] . ']' : ''), $default);
+							$question->setValidator(function (string $answer) use ($metainfo): string {
+								if (($metainfo['mandatory'] ?? false) && empty($answer)) {
+									throw new \RuntimeException(
+										'Answer cannot be empty'
+									);
+								}
+								if (!empty($metainfo['pattern'] ?? "") && !preg_match("/" . $metainfo['pattern'] . "/", $answer)) {
+									throw new \RuntimeException('Answer does not seem to be in valid format');
+								}
+								return $answer;
+							});
+						}
+					} else {
+						$output->writeln("<error>Unknown type " . $metainfo['type'] . "</error>");
+						continue;
+					}
+
+					if (!$show_options_only) {
+						if ($yestoall) {
+							$_POST[$update_field] = $default;
+						} else {
+							$_POST[$update_field] = $helper->ask($input, $output, $question);
+						}
+					}
+				}
+			}
+
+			if ($show_options_only) {
+				$io = new SymfonyStyle($input, $output);
+				$io->table(
+					['Parameter', 'Description', 'Default', 'Choices'],
+					$update_options
+				);
+			}
+		}
+	}
+
 	private function mailNotify(InputInterface $input, OutputInterface $output)
 	{
 		if ($input->getOption('mail-notify')) {

lib/Froxlor/Config/ConfigDaemon.php

@@ -91,6 +91,9 @@ class ConfigDaemon
 		$this->fullxml = $xml;
 		$this->xpath = $xpath;
 		$this->daemon = $this->fullxml->xpath($this->xpath);
+		if (count($this->daemon) !== 1) {
+			throw new Exception('XPath "' . $this->xpath . '" didn\'t return exactly one element');
+		}
 		$attributes = $this->daemon[0]->attributes();
 		if ($attributes['title'] != '') {
 			$this->title = $this->parseContent((string)$attributes['title']);
@@ -409,7 +412,7 @@ class ConfigDaemon
 			}
 			$return[] = [
 				'type' => 'command',
-				'content' => $cmd . ' "' . $this->parseContent($attributes['name']) . '" "' . $this->parseContent($attributes['name']) . '.frx.bak"',
+				'content' => '[ -f ' . $this->parseContent($attributes['name']) . ' ] && ' . $cmd . ' "' . $this->parseContent($attributes['name']) . '" "' . $this->parseContent($attributes['name']) . '.frx.bak"',
 				'execute' => "pre"
 			];
 		}

lib/Froxlor/Config/ConfigDisplay.php

@@ -117,7 +117,7 @@ class ConfigDisplay
 			'<SQL_UNPRIVILEGED_PASSWORD>' => 'FROXLOR_MYSQL_PASSWORD',
 			'<SQL_DB>' => $sql['db'],
 			'<SQL_HOST>' => $sql['host'],
-			'<SQL_SOCKET>' => isset($sql['socket']) ? $sql['socket'] : null,
+			'<SQL_SOCKET>' => $sql['socket'] ?? null,
 			'<SERVERNAME>' => Settings::Get('system.hostname'),
 			'<SERVERIP>' => Settings::Get('system.ipaddress'),
 			'<NAMESERVERS>' => Settings::Get('system.nameservers'),
@@ -127,12 +127,15 @@ class ConfigDisplay
 			'<VIRTUAL_GID_MAPS>' => Settings::Get('system.vmail_gid'),
 			'<SSLPROTOCOLS>' => (Settings::Get('system.use_ssl') == '1') ? 'imaps pop3s' : '',
 			'<CUSTOMER_TMP>' => FileDir::makeCorrectDir($customer_tmpdir),
-			'<BASE_PATH>' => FileDir::makeCorrectDir(Froxlor::getInstallDir()),
+			'<BASE_PATH>' => Froxlor::getInstallDir(),
 			'<BIND_CONFIG_PATH>' => FileDir::makeCorrectDir(Settings::Get('system.bindconf_directory')),
 			'<WEBSERVER_RELOAD_CMD>' => Settings::Get('system.apachereload_command'),
 			'<CUSTOMER_LOGS>' => FileDir::makeCorrectDir(Settings::Get('system.logfiles_directory')),
 			'<FPM_IPCDIR>' => FileDir::makeCorrectDir(Settings::Get('phpfpm.fastcgi_ipcdir')),
-			'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup')
+			'<WEBSERVER_GROUP>' => Settings::Get('system.httpgroup'),
+			'<SSL_CERT_FILE>' => Settings::Get('system.ssl_cert_file'),
+			'<SSL_KEY_FILE>' => Settings::Get('system.ssl_key_file'),
+			'<ADMIN_MAIL>' => Settings::Get('panel.adminmail'),
 		];
 
 		$commands_pre = "";

lib/Froxlor/Cron/Dns/Bind.php

@@ -55,12 +55,10 @@ class Bind extends DnsBase
 		$domains = $this->getDomainList();
 
 		if (empty($domains)) {
-			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, skipping...');
-			return;
-		}
-
+			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, not creating any zones...');
+			$this->bindconf_file = '';
+		} else {
 			$this->bindconf_file = '# ' . Settings::Get('system.bindconf_directory') . 'froxlor_bind.conf' . "\n" . '# Created ' . date('d.m.Y H:i') . "\n" . '# Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel.' . "\n\n";
-
 			foreach ($domains as $domain) {
 				if ($domain['is_child']) {
 					// domains that are subdomains to other main domains are handled by recursion within walkDomainList()
@@ -68,6 +66,7 @@ class Bind extends DnsBase
 				}
 				$this->walkDomainList($domain, $domains);
 			}
+		}
 
 		$bindconf_file_handler = fopen(FileDir::makeCorrectFile(Settings::Get('system.bindconf_directory') . '/froxlor_bind.conf'), 'w');
 		fwrite($bindconf_file_handler, $this->bindconf_file);

lib/Froxlor/Cron/Dns/DnsBase.php

@@ -117,85 +117,6 @@ abstract class DnsBase
 		}
 	}
 
-	public function writeDKIMconfigs()
-	{
-		if (Settings::Get('dkim.use_dkim') == '1') {
-			if (!file_exists(FileDir::makeCorrectDir(Settings::Get('dkim.dkim_prefix')))) {
-				$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('dkim.dkim_prefix'))));
-				FileDir::safe_exec('mkdir -p ' . escapeshellarg(FileDir::makeCorrectDir(Settings::Get('dkim.dkim_prefix'))));
-			}
-
-			$dkimdomains = '';
-			$dkimkeys = '';
-			$result_domains_stmt = Database::query("
-				SELECT `id`, `domain`, `dkim`, `dkim_id`, `dkim_pubkey`, `dkim_privkey`
-				FROM `" . TABLE_PANEL_DOMAINS . "` WHERE `dkim` = '1' ORDER BY `id` ASC
-			");
-
-			while ($domain = $result_domains_stmt->fetch(PDO::FETCH_ASSOC)) {
-				$privkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . Settings::Get('dkim.privkeysuffix'));
-				$pubkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . '.public');
-
-				if ($domain['dkim_privkey'] == '' || $domain['dkim_pubkey'] == '') {
-					$max_dkim_id_stmt = Database::query("SELECT MAX(`dkim_id`) as `max_dkim_id` FROM `" . TABLE_PANEL_DOMAINS . "`");
-					$max_dkim_id = $max_dkim_id_stmt->fetch(PDO::FETCH_ASSOC);
-					$domain['dkim_id'] = (int)$max_dkim_id['max_dkim_id'] + 1;
-					$privkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . Settings::Get('dkim.privkeysuffix'));
-					FileDir::safe_exec('openssl genrsa -out ' . escapeshellarg($privkey_filename) . ' ' . Settings::Get('dkim.dkim_keylength'));
-					$domain['dkim_privkey'] = file_get_contents($privkey_filename);
-					FileDir::safe_exec("chmod 0640 " . escapeshellarg($privkey_filename));
-					$pubkey_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/dkim' . $domain['dkim_id'] . '.public');
-					FileDir::safe_exec('openssl rsa -in ' . escapeshellarg($privkey_filename) . ' -pubout -outform pem -out ' . escapeshellarg($pubkey_filename));
-					$domain['dkim_pubkey'] = file_get_contents($pubkey_filename);
-					FileDir::safe_exec("chmod 0664 " . escapeshellarg($pubkey_filename));
-					$upd_stmt = Database::prepare("
-						UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
-						`dkim_id` = :dkimid,
-						`dkim_privkey` = :privkey,
-						`dkim_pubkey` = :pubkey
-						WHERE `id` = :id
-					");
-					$upd_data = [
-						'dkimid' => $domain['dkim_id'],
-						'privkey' => $domain['dkim_privkey'],
-						'pubkey' => $domain['dkim_pubkey'],
-						'id' => $domain['id']
-					];
-					Database::pexecute($upd_stmt, $upd_data);
-				}
-
-				if (!file_exists($privkey_filename) && $domain['dkim_privkey'] != '') {
-					$privkey_file_handler = fopen($privkey_filename, "w");
-					fwrite($privkey_file_handler, $domain['dkim_privkey']);
-					fclose($privkey_file_handler);
-					FileDir::safe_exec("chmod 0640 " . escapeshellarg($privkey_filename));
-				}
-
-				if (!file_exists($pubkey_filename) && $domain['dkim_pubkey'] != '') {
-					$pubkey_file_handler = fopen($pubkey_filename, "w");
-					fwrite($pubkey_file_handler, $domain['dkim_pubkey']);
-					fclose($pubkey_file_handler);
-					FileDir::safe_exec("chmod 0644 " . escapeshellarg($pubkey_filename));
-				}
-
-				$dkimdomains .= $domain['domain'] . "\n";
-				$dkimkeys .= "*@" . $domain['domain'] . ":" . $domain['domain'] . ":" . $privkey_filename . "\n";
-			}
-
-			$dkimdomains_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/' . Settings::Get('dkim.dkim_domains'));
-			$dkimdomains_file_handler = fopen($dkimdomains_filename, "w");
-			fwrite($dkimdomains_file_handler, $dkimdomains);
-			fclose($dkimdomains_file_handler);
-			$dkimkeys_filename = FileDir::makeCorrectFile(Settings::Get('dkim.dkim_prefix') . '/' . Settings::Get('dkim.dkim_dkimkeys'));
-			$dkimkeys_file_handler = fopen($dkimkeys_filename, "w");
-			fwrite($dkimkeys_file_handler, $dkimkeys);
-			fclose($dkimkeys_file_handler);
-
-			FileDir::safe_exec(escapeshellcmd(Settings::Get('dkim.dkimrestart_command')));
-			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Dkim-milter reloaded');
-		}
-	}
-
 	protected function getDomainList()
 	{
 		$result_domains_stmt = Database::query("
@@ -244,7 +165,7 @@ abstract class DnsBase
 				'zonefile' => '',
 				'froxlorhost' => '1'
 			];
-			$domains['none'] = $hostname_arr;
+			$domains[0] = $hostname_arr;
 		}
 
 		if (empty($domains)) {

lib/Froxlor/Cron/Dns/PowerDNS.php

@@ -45,10 +45,8 @@ class PowerDNS extends DnsBase
 		$this->clearZoneTables($domains);
 
 		if (empty($domains)) {
-			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, skipping...');
-			return;
-		}
-
+			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'No domains found for nameserver-config, not creating any zones...');
+		} else {
 			foreach ($domains as $domain) {
 				if ($domain['is_child']) {
 					// domains that are subdomains to other main domains are handled by recursion within walkDomainList()
@@ -56,7 +54,7 @@ class PowerDNS extends DnsBase
 				}
 				$this->walkDomainList($domain, $domains);
 			}
-
+		}
 		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'PowerDNS database updated');
 		$this->reloadDaemon();
 		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task4 finished');

lib/Froxlor/Cron/Http/Apache.php

@@ -25,19 +25,21 @@
 
 namespace Froxlor\Cron\Http;
 
-use Froxlor\Froxlor;
 use Froxlor\Cron\Http\Php\PhpInterface;
+use Froxlor\Cron\TaskId;
 use Froxlor\Customer\Customer;
 use Froxlor\Database\Database;
 use Froxlor\Domain\Domain;
 use Froxlor\FileDir;
+use Froxlor\Froxlor;
 use Froxlor\FroxlorLogger;
 use Froxlor\Http\Directory;
 use Froxlor\Http\Statistics;
 use Froxlor\PhpHelper;
 use Froxlor\Settings;
-use Froxlor\Validate\Validate;
+use Froxlor\System\Cronjob;
 use Froxlor\System\Crypt;
+use Froxlor\Validate\Validate;
 use PDO;
 
 class Apache extends HttpConfigBase
@@ -133,6 +135,7 @@ class Apache extends HttpConfigBase
 					if (Settings::Get('system.le_froxlor_enabled') && ($this->froxlorVhostHasLetsEncryptCert() == false || $this->froxlorVhostLetsEncryptNeedsRenew())) {
 						$this->virtualhosts_data[$vhosts_filename] .= '# temp. disabled ssl-redirect due to Let\'s Encrypt certificate generation.' . PHP_EOL;
 						$is_redirect = false;
+						Cronjob::inserttask(TaskId::REBUILD_VHOST);
 					} else {
 						$_sslport = $this->checkAlternativeSslPort();
 
@@ -205,7 +208,9 @@ class Apache extends HttpConfigBase
 							];
 							$php = new PhpInterface($domain);
 							$phpconfig = $php->getPhpConfig(Settings::Get('system.mod_fcgid_defaultini_ownvhost'));
-
+							if ($phpconfig['pass_authorizationheader'] == '1') {
+								$this->virtualhosts_data[$vhosts_filename] .= '  FcgidPassHeader     Authorization' . "\n";
+							}
 							$starter_filename = FileDir::makeCorrectFile($configdir . '/php-fcgi-starter');
 							$this->virtualhosts_data[$vhosts_filename] .= '  SuexecUserGroup "' . Settings::Get('system.mod_fcgid_httpuser') . '" "' . Settings::Get('system.mod_fcgid_httpgroup') . '"' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
@@ -276,7 +281,9 @@ class Apache extends HttpConfigBase
 							// start block, cut off last pipe and close block
 							$filesmatch = '(' . str_replace(".", "\.", substr($filesmatch, 0, -1)) . ')';
 							$this->virtualhosts_data[$vhosts_filename] .= '  <FilesMatch \.' . $filesmatch . '$>' . "\n";
+							$this->virtualhosts_data[$vhosts_filename] .= '    <If "-f %{SCRIPT_FILENAME}">' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  	SetHandler proxy:unix:' . $php->getInterface()->getSocketFile() . '|fcgi://localhost' . "\n";
+							$this->virtualhosts_data[$vhosts_filename] .= '    </If>' . "\n";
 							$this->virtualhosts_data[$vhosts_filename] .= '  </FilesMatch>' . "\n";
 							if ($phpconfig['pass_authorizationheader'] == '1') {
 								$this->virtualhosts_data[$vhosts_filename] .= '  <Directory "' . $mypath . '">' . "\n";
@@ -434,7 +441,7 @@ class Apache extends HttpConfigBase
 								if (!empty(Settings::Get('system.dhparams_file'))) {
 									$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 									if (!file_exists($dhparams)) {
-										FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+										file_put_contents($dhparams, self::FFDHE4096);
 									}
 									$this->virtualhosts_data[$vhosts_filename] .= ' SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
 								}
@@ -747,7 +754,7 @@ class Apache extends HttpConfigBase
 					if (!empty(Settings::Get('system.dhparams_file'))) {
 						$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 						if (!file_exists($dhparams)) {
-							FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+							file_put_contents($dhparams, self::FFDHE4096);
 						}
 						$vhost_content .= '  SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
 					}
@@ -816,6 +823,7 @@ class Apache extends HttpConfigBase
 					$modrew_red = ' [R=' . $code . ';L,NE]';
 				}
 
+				$vhost_content .= $this->getLogfiles($domain);
 				// redirect everything, not only root-directory, #541
 				$vhost_content .= '  <IfModule mod_rewrite.c>' . "\n";
 				$vhost_content .= '    RewriteEngine On' . "\n";
@@ -842,6 +850,7 @@ class Apache extends HttpConfigBase
 			}
 			$vhost_content .= $this->getLogfiles($domain);
 
+			if ($this->deactivated == false) {
 				if ($domain['specialsettings'] != '' && ($ssl_vhost == false || ($ssl_vhost == true && $domain['include_specialsettings'] == 1))) {
 					$vhost_content .= $this->processSpecialConfigTemplate($domain['specialsettings'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 				}
@@ -862,6 +871,7 @@ class Apache extends HttpConfigBase
 					$vhost_content .= $this->processSpecialConfigTemplate(Settings::Get('system.default_sslvhostconf'), $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
 				}
 			}
+		}
 
 		$vhost_content .= '</VirtualHost>' . "\n";
 

lib/Froxlor/Cron/Http/DomainSSL.php

@@ -43,23 +43,29 @@ class DomainSSL
 	 *            domain-array as reference so we can set the corresponding array-indices
 	 *
 	 * @return null
+	 * @throws \Exception
 	 */
 	public function setDomainSSLFilesArray(array &$domain = null)
 	{
 		// check if the domain itself has a certificate defined
 		$dom_certs_stmt = Database::prepare("
-			SELECT * FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` WHERE `domainid` = :domid
+			SELECT s.*, d.domain
+			FROM `" . TABLE_PANEL_DOMAIN_SSL_SETTINGS . "` s
+			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` d ON d.id = s.domainid
+			WHERE s.`domainid` = :domid
 		");
 		$dom_certs = Database::pexecute_first($dom_certs_stmt, [
 			'domid' => $domain['id']
 		]);
 
+		$parent_certificate = false;
 		if (!is_array($dom_certs) || !isset($dom_certs['ssl_cert_file']) || $dom_certs['ssl_cert_file'] == '') {
 			// maybe its parent?
 			if (isset($domain['parentdomainid']) && $domain['parentdomainid'] != 0) {
 				$dom_certs = Database::pexecute_first($dom_certs_stmt, [
 					'domid' => $domain['parentdomainid']
 				]);
+				$parent_certificate = true;
 			}
 		}
 
@@ -73,8 +79,8 @@ class DomainSSL
 			}
 			// make correct files for the certificates
 			$ssl_files = [
-				'ssl_cert_file' => FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '.crt'),
-				'ssl_key_file' => FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '.key')
+				'ssl_cert_file' => FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '.crt'),
+				'ssl_key_file' => FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '.key')
 			];
 
 			if (!$this->validateCertificate($dom_certs)) {
@@ -93,19 +99,19 @@ class DomainSSL
 			$ssl_files['ssl_cert_chainfile'] = '';
 			// set them if they are != empty
 			if ($dom_certs['ssl_ca_file'] != '') {
-				$ssl_files['ssl_ca_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '_CA.pem');
+				$ssl_files['ssl_ca_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '_CA.pem');
 			}
 			if ($dom_certs['ssl_cert_chainfile'] != '') {
 				if (Settings::Get('system.webserver') == 'nginx') {
 					// put ca.crt in my.crt, as nginx does not support a separate chain file.
 					$dom_certs['ssl_cert_file'] = trim($dom_certs['ssl_cert_file']) . "\n" . trim($dom_certs['ssl_cert_chainfile']) . "\n";
 				} else {
-					$ssl_files['ssl_cert_chainfile'] = FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '_chain.pem');
+					$ssl_files['ssl_cert_chainfile'] = FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '_chain.pem');
 				}
 			}
 			// will only be generated to be used externally, froxlor does not need this
 			if ($dom_certs['ssl_fullchain_file'] != '') {
-				$ssl_files['ssl_fullchain_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . $domain['domain'] . '_fullchain.pem');
+				$ssl_files['ssl_fullchain_file'] = FileDir::makeCorrectFile($sslcertpath . '/' . ($parent_certificate ? $dom_certs['domain'] : $domain['domain']) . '_fullchain.pem');
 			}
 			// create them on the filesystem
 			foreach ($ssl_files as $type => $filename) {
@@ -131,7 +137,7 @@ class DomainSSL
 		return;
 	}
 
-	private function validateCertificate($dom_certs = [])
+	private function validateCertificate($dom_certs = []): bool
 	{
 		return openssl_x509_check_private_key($dom_certs['ssl_cert_file'], $dom_certs['ssl_key_file']);
 	}

lib/Froxlor/Cron/Http/HttpConfigBase.php

@@ -45,6 +45,26 @@ use PDO;
 class HttpConfigBase
 {
 
+	/**
+	 * Pre-defined DHE groups to use as fallback if dhparams_file
+	 * is given, but non-existent, see also https://github.com/froxlor/Froxlor/issues/1270
+	 */
+	const FFDHE4096 = <<<EOC
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
+-----END DH PARAMETERS-----
+EOC;
+
 	public function init()
 	{
 		// if Let's Encrypt is activated, run it before regeneration of webserver configfiles

lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php

@@ -69,7 +69,8 @@ class AcmeSh extends FroxlorCron
 	 * run the task
 	 *
 	 * @param bool $internal
-	 * @return number
+	 * @return int
+	 * @throws \Exception
 	 */
 	public static function run(bool $internal = false)
 	{
@@ -85,6 +86,9 @@ class AcmeSh extends FroxlorCron
 			if ($issue_froxlor || !empty($issue_domains) || !empty($renew_froxlor) || $renew_domains) {
 				// insert task to generate certificates and vhost-configs
 				Cronjob::inserttask(TaskId::REBUILD_VHOST);
+				if ($renew_froxlor) {
+					Cronjob::inserttask(TaskId::UPDATE_LE_SERVICES);
+				}
 			}
 			return 0;
 		}
@@ -217,6 +221,7 @@ class AcmeSh extends FroxlorCron
 	 * check whether we need to issue a new certificate for froxlor itself
 	 *
 	 * @return boolean
+	 * @throws \Exception
 	 */
 	private static function issueFroxlorVhost()
 	{
@@ -228,9 +233,7 @@ class AcmeSh extends FroxlorCron
 			");
 			$froxlor_ssl = Database::pexecute_first($froxlor_ssl_settings_stmt);
 			// also check for possible existing certificate
-			if (($froxlor_ssl && empty($froxlor_ssl['validtodate']))
-				|| (!$froxlor_ssl && !self::checkFsFilesAreNewer(Settings::Get('system.hostname'), date('Y-m-d H:i:s')))
-			) {
+			if (!$froxlor_ssl || empty($froxlor_ssl['validtodate'])) {
 				return true;
 			}
 		}
@@ -321,9 +324,12 @@ EOC;
 			WHERE
 				dom.`customerid` = cust.`customerid`
 				AND cust.deactivated = 0
+				AND dom.deactivated = 0
+				AND dom.`ssl_enabled` = 1
 				AND dom.`letsencrypt` = 1
 				AND dom.`aliasdomain` IS NULL
 				AND dom.`iswildcarddomain` = 0
+				AND dom.`email_only` = 0
 				AND domssl.`validtodate` IS NULL
 		");
 		$customer_ssl = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
@@ -337,6 +343,7 @@ EOC;
 	 * check whether we need to renew-check the certificate for froxlor itself
 	 *
 	 * @return boolean
+	 * @throws \Exception
 	 */
 	private static function renewFroxlorVhost()
 	{
@@ -382,9 +389,13 @@ EOC;
 			WHERE
 				dom.`customerid` = cust.`customerid`
 				AND cust.deactivated = 0
+				AND dom.deactivated = 0
+				AND dom.`ssl_enabled` = 1
 				AND dom.`letsencrypt` = 1
 				AND dom.`aliasdomain` IS NULL
 				AND dom.`iswildcarddomain` = 0
+				AND dom.`email_only` = 0
+				AND dom.`ssl_redirect` != 2
 		");
 		$renew_certs = $certificates_stmt->fetchAll(PDO::FETCH_ASSOC);
 		if ($renew_certs) {
@@ -518,9 +529,11 @@ EOC;
 
 				self::validateDns($domains, $certrow['domainid'], $cronlog);
 
-				self::runAcmeSh($certrow, $domains, $cronlog, $do_force);
+				self::runAcmeSh($certrow, $domains, $cronlog, $do_force, $certrow['domainid'] == 0);
 			} else {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Skipping Let's Encrypt generation for " . $certrow['domain'] . " due to an enabled ssl_redirect");
+				// we need another reconfigure in order to get the certificate
+				Cronjob::inserttask(TaskId::REBUILD_VHOST);
 			}
 		}
 	}
@@ -531,6 +544,7 @@ EOC;
 	 * @param array $domains
 	 * @param int $domain_id
 	 * @param FroxlorLogger $cronlog
+	 * @throws \Exception
 	 */
 	private static function validateDns(array &$domains, $domain_id, &$cronlog)
 	{
@@ -566,7 +580,7 @@ EOC;
 		}
 	}
 
-	private static function runAcmeSh(array $certrow, array $domains, &$cronlog = null, $force = false)
+	private static function runAcmeSh(array $certrow, array $domains, &$cronlog = null, bool $force = false, bool $renew_hook = false)
 	{
 		if (!empty($domains)) {
 			$acmesh_cmd = self::getAcmeSh() . " --server " . self::$apiserver . " --issue -d " . implode(" -d ", $domains);
@@ -587,6 +601,12 @@ EOC;
 			if ($force) {
 				$acmesh_cmd .= " --force";
 			}
+			if ($renew_hook
+				&& !empty(trim(Settings::Get('system.le_renew_services') ?? ""))
+				&& !empty(trim(Settings::Get('system.le_renew_hook') ?? ""))
+			) {
+				$acmesh_cmd .= " --renew-hook '" . Settings::Get('system.le_renew_hook') . "'";
+			}
 			if (defined('CRON_DEBUG_FLAG')) {
 				$acmesh_cmd .= " --debug";
 			}
@@ -603,12 +623,89 @@ EOC;
 				}
 			} else {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, "Successful exit-code returned - storing certificate");
-				self::certToDb($certrow, $cronlog, $acme_result);
+				$cert_stored = self::certToDb($certrow, $cronlog, $acme_result);
+
+				if ($cert_stored && $renew_hook) {
+					self::renewHookConfigs($cronlog);
+				}
 			}
 		}
 	}
 
-	private static function certToDb($certrow, &$cronlog, $acme_result)
+	public static function renewHookConfigs($cronlog)
+	{
+		if (!empty(trim(Settings::Get('system.le_renew_services') ?? ""))
+			&& !empty(trim(Settings::Get('system.le_renew_hook') ?? ""))
+		) {
+
+			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, "Renew-hook is enabled - adjusting configurations");
+
+			$certificate_folder = self::getCertificateFolder(strtolower(Settings::Get('system.hostname')));
+
+			if (empty($certificate_folder)) {
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "No certificate folder for '" . Settings::Get('system.hostname') . "' found");
+				return;
+			}
+
+			$fullchain = FileDir::makeCorrectFile($certificate_folder . '/fullchain.cer');
+			$keyfile = FileDir::makeCorrectFile($certificate_folder . '/' . strtolower(Settings::Get('system.hostname')) . '.key');
+			$ca_file = FileDir::makeCorrectFile($certificate_folder . '/ca.cer');
+
+			if (!file_exists($fullchain) || !file_exists($keyfile) || !file_exists($ca_file)) {
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "At least one of the required certificate files for '" . Settings::Get('system.hostname') . "' could not be found");
+				return;
+			}
+
+			$dovecot_conf = '/etc/dovecot/conf.d/99-froxlor.ssl.conf'; // @fixme setting?
+
+			if (Settings::IsInList('system.le_renew_services', 'postfix')) {
+				// "postconf -e" for postfix
+				FileDir::safe_exec('postconf -e smtpd_tls_cert_file=' . escapeshellarg($fullchain));
+				FileDir::safe_exec('postconf -e smtpd_tls_key_file=' . escapeshellarg($keyfile));
+			}
+			if (Settings::IsInList('system.le_renew_services', 'dovecot')) {
+				// custom config for dovecot
+				$ssl_content = <<<EOSSL
+# Autogenerated configuration by froxlor.
+# Do not manually edit this file as it will be overwritten.
+
+ssl = yes
+ssl_cert = <{$fullchain}
+ssl_key = <{$keyfile}
+EOSSL;
+				file_put_contents($dovecot_conf, $ssl_content);
+			} elseif (file_exists($dovecot_conf)) {
+				// safely remove the autogenerated config file
+				unlink($dovecot_conf);
+			}
+			if (Settings::IsInList('system.le_renew_services', 'proftpd')) {
+				$proftpd_conf = '/etc/proftpd/tls.conf'; // @fixme setting?
+				$rval = false;
+				// ECC certificate or not?
+				if (strpos($certificate_folder, '_ecc') === false) {
+					// comment out ECC related settings
+					FileDir::safe_exec("sed -i.bak 's|^TLSECCertificateFile|# TLSECCertificateFile|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+					FileDir::safe_exec("sed -i.bak 's|^TLSECCertificateKeyFile|# TLSECCertificateKeyFile|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+					// add RSA directives
+					FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSRSACertificateFile.*|TLSRSACertificateFile " . $fullchain . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+					FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSRSACertificateKeyFile.*|TLSRSACertificateKeyFile " . $keyfile . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+				} else {
+					// comment out RSA related settings
+					FileDir::safe_exec("sed -i.bak 's|^TLSRSACertificateFile|# TLSRSACertificateFile|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+					FileDir::safe_exec("sed -i.bak 's|^TLSRSACertificateKeyFile|# TLSRSACertificateKeyFile|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+					// add ECC directives
+					FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSECCertificateFile.*|TLSECCertificateFile " . $fullchain . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+					FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSECCertificateKeyFile.*|TLSECCertificateKeyFile " . $keyfile . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+				}
+				FileDir::safe_exec("sed -i.bak 's|^#\?\s\?TLSCACertificateFile.*|TLSCACertificateFile " . $ca_file . "|' " . escapeshellarg($proftpd_conf), $rval, ['|', '?']);
+			}
+
+			// reload the services
+			FileDir::safe_exec(Settings::Get('system.le_renew_hook'));
+		}
+	}
+
+	private static function certToDb($certrow, &$cronlog, $acme_result): bool
 	{
 		$return = [];
 		self::readCertificateToVar(strtolower($certrow['domain']), $return, $cronlog);
@@ -639,12 +736,14 @@ EOC;
 				}
 
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, "Updated Let's Encrypt certificate for " . $certrow['domain']);
+				return true;
 			} else {
 				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Got non-successful Let's Encrypt response for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
 			}
 		} else {
 			$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, "Could not get Let's Encrypt certificate for " . $certrow['domain'] . ":\n" . implode("\n", $acme_result));
 		}
+		return false;
 	}
 
 	/**

lib/Froxlor/Cron/Http/Lighttpd.php

@@ -273,7 +273,7 @@ class Lighttpd extends HttpConfigBase
 						if (!empty(Settings::Get('system.dhparams_file'))) {
 							$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 							if (!file_exists($dhparams)) {
-								FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+								file_put_contents($dhparams, self::FFDHE4096);
 							}
 							$this->lighttpd_data[$vhost_filename] .= 'ssl.dh-file = "' . $dhparams . '"' . "\n";
 							$this->lighttpd_data[$vhost_filename] .= 'ssl.ec-curve = "secp384r1"' . "\n";
@@ -406,6 +406,7 @@ class Lighttpd extends HttpConfigBase
 				// Get domain's redirect code
 				$code = Domain::getDomainRedirectCode($domain['id']);
 
+				$vhost_content .= $this->getLogFiles($domain);
 				$vhost_content .= '  url.redirect-code = ' . $code . "\n";
 				$vhost_content .= '  url.redirect = (' . "\n";
 				$vhost_content .= '     "^/(.*)$" => "' . $uri . '$1"' . "\n";
@@ -755,7 +756,7 @@ class Lighttpd extends HttpConfigBase
 				if (!empty(Settings::Get('system.dhparams_file'))) {
 					$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 					if (!file_exists($dhparams)) {
-						FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+						file_put_contents($dhparams, self::FFDHE4096);
 					}
 					$ssl_settings .= 'ssl.dh-file = "' . $dhparams . '"' . "\n";
 					$ssl_settings .= 'ssl.ec-curve = "secp384r1"' . "\n";

lib/Froxlor/Cron/Http/Nginx.php

@@ -46,10 +46,9 @@ class Nginx extends HttpConfigBase
 
 	// protected
 	protected $needed_htpasswds = [];
-	protected $auth_backend_loaded = false;
+	protected $http2_on_directive = false;
 	protected $htpasswds_data = [];
 	protected $known_htpasswdsfilenames = [];
-	protected $mod_accesslog_loaded = '0';
 	protected $vhost_root_autoindex = false;
 
 	/**
@@ -60,6 +59,18 @@ class Nginx extends HttpConfigBase
 	 */
 	private $deactivated = false;
 
+	public function __construct()
+	{
+		$nores = false;
+		$res = FileDir::safe_exec('nginx -v 2>&1', $nores, ['>', '&']);
+		$ver_str = array_shift($res);
+		$cNginxVer = substr($ver_str, strrpos($ver_str, "/") + 1);
+		if (version_compare($cNginxVer, '1.25.1', '>=')) {
+			// at least 1.25.1
+			$this->http2_on_directive = true;
+		}
+	}
+
 	public function createVirtualHosts()
 	{
 		return;
@@ -162,8 +173,10 @@ class Nginx extends HttpConfigBase
 				/**
 				 * this HAS to be set for the default host in nginx or else no vhost will work
 				 */
-				$this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
-
+				$this->nginx_data[$vhost_filename] .= "\t" . 'listen    ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . "\n";
+				if ($http2 && $this->http2_on_directive) {
+					$this->nginx_data[$vhost_filename] .= "\t" . 'http2 on;' . "\n";
+				}
 				$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
 
 				$aliases = "";
@@ -386,7 +399,7 @@ class Nginx extends HttpConfigBase
 				if (!empty(Settings::Get('system.dhparams_file'))) {
 					$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 					if (!file_exists($dhparams)) {
-						FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+						file_put_contents($dhparams, self::FFDHE4096);
 					}
 					$sslsettings .= "\t" . 'ssl_dhparam ' . $dhparams . ';' . "\n";
 				}
@@ -422,7 +435,7 @@ class Nginx extends HttpConfigBase
 					$sslsettings .= '";' . "\n";
 				}
 
-				if ((isset($domain_or_ip['ocsp_stapling']) && $domain_or_ip['ocsp_stapling'] == "1") || (isset($domain_or_ip['letsencrypt']) && $domain_or_ip['letsencrypt'] == "1")) {
+				if ((isset($domain_or_ip['ocsp_stapling']) && $domain_or_ip['ocsp_stapling'] == "1")) {
 					$sslsettings .= "\t" . 'ssl_stapling on;' . "\n";
 					$sslsettings .= "\t" . 'ssl_stapling_verify on;' . "\n";
 					$sslsettings .= "\t" . 'ssl_trusted_certificate ' . FileDir::makeCorrectFile($domain_or_ip['ssl_cert_file']) . ';' . "\n";
@@ -481,6 +494,7 @@ class Nginx extends HttpConfigBase
 
 		$vhost_content = '';
 		$_vhost_content = '';
+		$has_http2_on = false;
 
 		$query = "SELECT * FROM `" . TABLE_PANEL_IPSANDPORTS . "` `i`, `" . TABLE_DOMAINTOIP . "` `dip`
 			WHERE dip.id_domain = :domainid AND i.id = dip.id_ipandports ";
@@ -531,7 +545,11 @@ class Nginx extends HttpConfigBase
 			}
 			$http2 = $ssl_vhost == true && (isset($domain['http2']) && $domain['http2'] == '1' && Settings::Get('system.http2_support') == '1');
 
-			$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
+			$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 && !$this->http2_on_directive ? ' http2' : '') . ';' . "\n";
+			if ($http2 && $this->http2_on_directive && !$has_http2_on) {
+				$vhost_content .= "\t" . 'http2 on;' . "\n";
+				$has_http2_on = true;
+			}
 		}
 
 		// get all server-names
@@ -586,6 +604,7 @@ class Nginx extends HttpConfigBase
 				// Get domain's redirect code
 				$code = Domain::getDomainRedirectCode($domain['id']);
 
+				$vhost_content .= $this->getLogFiles($domain);
 				$vhost_content .= "\t" . 'location / {' . "\n";
 				$vhost_content .= "\t\t" . 'return ' . $code . ' ' . $uri . '$request_uri;' . "\n";
 				$vhost_content .= "\t" . '}' . "\n";

lib/Froxlor/Cron/Http/Php/Fpm.php

@@ -274,8 +274,8 @@ pm.max_children = 1
 
 			$fpm_config .= "\n\n";
 			foreach ($phpini_array as $inisection) {
-				$is = explode("=", trim($inisection));
-				if (count($is) !== 2 || empty($is[0])) {
+				$is = explode("=", trim($inisection), 2);
+				if (empty($is[0])) {
 					continue;
 				}
 				foreach ($this->ini as $sec => $possibles) {

lib/Froxlor/Cron/Mail/Rspamd.php

@@ -0,0 +1,218 @@
+<?php
+
+/**
+ * This file is part of the Froxlor project.
+ * Copyright (c) 2010 the Froxlor Team (see authors).
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, you can also view it online at
+ * https://files.froxlor.org/misc/COPYING.txt
+ *
+ * @copyright  the authors
+ * @author     Froxlor team <team@froxlor.org>
+ * @license    https://files.froxlor.org/misc/COPYING.txt GPLv2
+ */
+
+namespace Froxlor\Cron\Mail;
+
+use Exception;
+use Froxlor\Database\Database;
+use Froxlor\FileDir;
+use Froxlor\FroxlorLogger;
+use Froxlor\Settings;
+
+class Rspamd
+{
+	const DEFAULT_MARK_LVL = 7.0;
+	const DEFAULT_REJECT_LVL = 14.0;
+
+	private string $frx_settings_file = "";
+
+	protected FroxlorLogger $logger;
+
+	public function __construct(FroxlorLogger $logger)
+	{
+		$this->logger = $logger;
+	}
+
+	/**
+	 * @throws Exception
+	 */
+	public function writeConfigs()
+	{
+		// tell the world what we are doing
+		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task9 started - Rebuilding antispam configuration');
+
+		// get all email addresses
+		$antispam_stmt = Database::prepare("
+			SELECT email, spam_tag_level, rewrite_subject, spam_kill_level, bypass_spam, policy_greylist, iscatchall
+			FROM `" . TABLE_MAIL_VIRTUAL . "`
+			ORDER BY email
+		");
+		Database::pexecute($antispam_stmt);
+
+		$this->frx_settings_file = "#\n# Automatically generated file by froxlor. DO NOT EDIT manually as it will be overwritten!\n# Generated: " . date('d.m.Y H:i') . "\n#\n\n";
+		while ($email = $antispam_stmt->fetch(\PDO::FETCH_ASSOC)) {
+			$this->generateEmailAddrConfig($email);
+		}
+
+		$antispam_cfg_file = FileDir::makeCorrectFile(Settings::Get('antispam.config_file'));
+		file_put_contents($antispam_cfg_file, $this->frx_settings_file);
+		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, $antispam_cfg_file . ' written');
+		$this->writeDkimConfigs();
+		$this->reloadDaemon();
+		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Task9 finished');
+	}
+
+	/**
+	 * # local.d/dkim_signing.conf
+	 * try_fallback = true;
+	 * path = "/var/lib/rspamd/dkim/$domain.$selector.key";
+	 * selector_map = "/etc/rspamd/dkim_selectors.map";
+	 *
+	 * @return void
+	 * @throws Exception
+	 */
+	public function writeDkimConfigs()
+	{
+		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Writing DKIM key-pairs');
+
+		$dkim_selector_map = "";
+		$result_domains_stmt = Database::query("
+				SELECT `id`, `domain`, `dkim`, `dkim_id`, `dkim_pubkey`, `dkim_privkey`
+				FROM `" . TABLE_PANEL_DOMAINS . "`
+				WHERE `dkim` = '1'
+				ORDER BY `id` ASC
+			");
+
+		while ($domain = $result_domains_stmt->fetch(\PDO::FETCH_ASSOC)) {
+
+			if ($domain['dkim_privkey'] == '' || $domain['dkim_pubkey'] == '') {
+				$max_dkim_id_stmt = Database::query("SELECT MAX(`dkim_id`) as `max_dkim_id` FROM `" . TABLE_PANEL_DOMAINS . "`");
+				$max_dkim_id = $max_dkim_id_stmt->fetch(\PDO::FETCH_ASSOC);
+				$domain['dkim_id'] = (int)$max_dkim_id['max_dkim_id'] + 1;
+
+				$privkey_filename = FileDir::makeCorrectFile('/var/lib/rspamd/dkim/' . $domain['domain'] . '.dkim' . $domain['dkim_id'] . '.key');
+				$pubkey_filename = FileDir::makeCorrectFile('/var/lib/rspamd/dkim/' . $domain['domain'] . '.dkim' . $domain['dkim_id'] . '.txt');
+
+				$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Generating DKIM keys for "' . $domain['domain'] . '"');
+				$rsret = [];
+				FileDir::safe_exec(
+					'rspamadm dkim_keygen -d ' . escapeshellarg($domain['domain']) . ' -k ' . $privkey_filename . ' -s dkim' . $domain['dkim_id'] . ' -b ' . Settings::Get('antispam.dkim_keylength') . ' -o plain > ' . escapeshellarg($pubkey_filename),
+					$rsret,
+					['>']
+				);
+				if (!file_exists($privkey_filename) || !file_exists($pubkey_filename)) {
+					$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'DKIM Keypair for domain "' . $domain['domain'] . '" was not generated successfully.');
+					continue;
+				}
+				$domain['dkim_privkey'] = file_get_contents($privkey_filename);
+				FileDir::safe_exec("chmod 0640 " . escapeshellarg($privkey_filename));
+				FileDir::safe_exec("chown _rspamd:_rspamd " . escapeshellarg($privkey_filename));
+				$domain['dkim_pubkey'] = file_get_contents($pubkey_filename);
+				FileDir::safe_exec("chmod 0664 " . escapeshellarg($pubkey_filename));
+				FileDir::safe_exec("chown _rspamd:_rspamd " . escapeshellarg($pubkey_filename));
+				$upd_stmt = Database::prepare("
+						UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
+						`dkim_id` = :dkimid,
+						`dkim_privkey` = :privkey,
+						`dkim_pubkey` = :pubkey
+						WHERE `id` = :id
+					");
+				$upd_data = [
+					'dkimid' => $domain['dkim_id'],
+					'privkey' => $domain['dkim_privkey'],
+					'pubkey' => $domain['dkim_pubkey'],
+					'id' => $domain['id']
+				];
+				Database::pexecute($upd_stmt, $upd_data);
+			} else {
+				$privkey_filename = FileDir::makeCorrectFile('/var/lib/rspamd/dkim/' . $domain['domain'] . '.dkim' . $domain['dkim_id'] . '.key');
+				$pubkey_filename = FileDir::makeCorrectFile('/var/lib/rspamd/dkim/' . $domain['domain'] . '.dkim' . $domain['dkim_id'] . '.txt');
+			}
+
+			if (!file_exists($privkey_filename) && $domain['dkim_privkey'] != '') {
+				file_put_contents($privkey_filename, $domain['dkim_privkey']);
+				FileDir::safe_exec("chmod 0640 " . escapeshellarg($privkey_filename));
+				FileDir::safe_exec("chown _rspamd:_rspamd " . escapeshellarg($privkey_filename));
+			}
+
+			if (!file_exists($pubkey_filename) && $domain['dkim_pubkey'] != '') {
+				file_put_contents($pubkey_filename, $domain['dkim_pubkey']);
+				FileDir::safe_exec("chmod 0644 " . escapeshellarg($pubkey_filename));
+				FileDir::safe_exec("chown _rspamd:_rspamd " . escapeshellarg($pubkey_filename));
+			}
+
+			$dkim_selector_map .= $domain['domain'] . " dkim" . $domain['dkim_id'] . "\n";
+		}
+
+		$dkim_selector_file = FileDir::makeCorrectFile('/etc/rspamd/dkim_selectors.map');
+		file_put_contents($dkim_selector_file, $dkim_selector_map);
+	}
+
+	private function generateEmailAddrConfig(array $email): void
+	{
+		$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'Generating antispam config for ' . $email['email']);
+
+		$email['spam_tag_level'] = floatval($email['spam_tag_level']);
+		$email['spam_kill_level'] = $email['spam_kill_level'] == -1 ? "null" : floatval($email['spam_kill_level']);
+		$email_id = md5($email['email']);
+
+		$this->frx_settings_file .= '# Email: ' . $email['email'] . "\n";
+		foreach (['rcpt', 'from'] as $type) {
+			$this->frx_settings_file .= 'frx_' . $email_id . '_' . $type . ' {' . "\n";
+			$this->frx_settings_file .= '	id = "frx_' . $email_id . '_' . $type . '";' . "\n";
+			if ($email['iscatchall']) {
+				$this->frx_settings_file .= '	priority = low;' . "\n";
+				$this->frx_settings_file .= '	' . $type . ' = "' . substr($email['email'], strpos($email['email'], '@')) . '";' . "\n";
+			} else {
+				$this->frx_settings_file .= '	priority = medium;' . "\n";
+				$this->frx_settings_file .= '	' . $type . ' = "' . $email['email'] . '";' . "\n";
+			}
+			if ((int)$email['bypass_spam'] == 1) {
+				$this->frx_settings_file .= '	want_spam = yes;' . "\n";
+			} else {
+				$this->frx_settings_file .= '	apply {' . "\n";
+				$this->frx_settings_file .= '		actions {' . "\n";
+				$this->frx_settings_file .= '			"add header" = ' . $email['spam_tag_level'] . ';' . "\n";
+				if ((int)$email['rewrite_subject'] == 1) {
+					$this->frx_settings_file .= '			rewrite_subject = ' . ($email['spam_tag_level'] + 0.01) . ';' . "\n";
+				}
+				$this->frx_settings_file .= '			reject = ' . $email['spam_kill_level'] . ';' . "\n";
+				if ($type == 'rcpt' && (int)$email['policy_greylist'] == 0) {
+					$this->frx_settings_file .= '			greylist = null;' . "\n";
+				}
+				$this->frx_settings_file .= '		}' . "\n";
+				$this->frx_settings_file .= '	}' . "\n";
+				if ($type == 'rcpt' && (int)$email['policy_greylist'] == 0) {
+					$this->frx_settings_file .= '	symbols [ "DONT_GREYLIST" ]' . "\n";
+				}
+			}
+			$this->frx_settings_file .= '}' . "\n";
+		}
+		$this->frx_settings_file .= "\n";
+	}
+
+	public function reloadDaemon()
+	{
+		// reload DNS daemon
+		$cmd = Settings::Get('antispam.reload_command');
+		$cmdStatus = 1;
+		FileDir::safe_exec(escapeshellcmd($cmd), $cmdStatus);
+		if ($cmdStatus === 0) {
+			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'Antispam daemon reloaded');
+		} else {
+			$this->logger->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'Error while running `' . $cmd . '`: exit code (' . $cmdStatus . ') - please check your system logs');
+		}
+	}
+}

lib/Froxlor/Cron/System/ExportCron.php

@@ -115,6 +115,21 @@ class ExportCron extends FroxlorCron
 
 			$has_dbs = false;
 			$current_dbserver = -1;
+
+			// look for mysqldump
+			$section = 'mysqldump';
+			if (file_exists("/usr/bin/mysqldump")) {
+				$mysql_dump = '/usr/bin/mysqldump';
+			} elseif (file_exists("/usr/local/bin/mysqldump")) {
+				$mysql_dump = '/usr/local/bin/mysqldump';
+			} elseif (file_exists("/usr/bin/mariadb-dump")) {
+				$mysql_dump = '/usr/bin/mariadb-dump';
+				$section = 'mariadb-dump';
+			}
+			if (!isset($mysql_dump)) {
+				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'mysqldump/mariadb-dump executable could not be found. Please install mysql-client/mariadb-client package.');
+			} else {
+
 				while ($row = $sel_stmt->fetch()) {
 					// Get sql_root data for the specific database-server the database resides on
 					if ($current_dbserver != $row['dbserver']) {
@@ -124,7 +139,7 @@ class ExportCron extends FroxlorCron
 						Database::needRoot(false);
 						// create temporary mysql-defaults file for the connection-credentials/details
 						$mysqlcnf_file = tempnam("/tmp", "frx");
-					$mysqlcnf = "[mysqldump]\npassword=" . $sql_root['passwd'] . "\nhost=" . $sql_root['host'] . "\n";
+						$mysqlcnf = "[".$section."]\npassword=" . $sql_root['passwd'] . "\nhost=" . $sql_root['host'] . "\n";
 						if (!empty($sql_root['port'])) {
 							$mysqlcnf .= "port=" . $sql_root['port'] . "\n";
 						} elseif (!empty($sql_root['socket'])) {
@@ -132,14 +147,15 @@ class ExportCron extends FroxlorCron
 						}
 						file_put_contents($mysqlcnf_file, $mysqlcnf);
 					}
-				$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> mysqldump -u ' . escapeshellarg($sql_root['user']) . ' -pXXXXX ' . $row['databasename'] . ' > ' . FileDir::makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'));
+					$cronlog->logAction(FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'shell> '.basename($mysql_dump) . ' -u ' . escapeshellarg($sql_root['user']) . ' -pXXXXX ' . $row['databasename'] . ' > ' . FileDir::makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'));
 					$bool_false = false;
-				FileDir::safe_exec('mysqldump --defaults-file=' . escapeshellarg($mysqlcnf_file) . ' -u ' . escapeshellarg($sql_root['user']) . ' ' . $row['databasename'] . ' > ' . FileDir::makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'), $bool_false, [
+					FileDir::safe_exec($mysql_dump . ' --defaults-file=' . escapeshellarg($mysqlcnf_file) . ' -u ' . escapeshellarg($sql_root['user']) . ' ' . $row['databasename'] . ' > ' . FileDir::makeCorrectFile($tmpdir . '/mysql/' . $row['databasename'] . '_' . date('YmdHi', time()) . '.sql'), $bool_false, [
 						'>'
 					]);
 					$has_dbs = true;
 					$current_dbserver = $row['dbserver'];
 				}
+			}
 
 			if ($has_dbs) {
 				$create_export_tar_data .= './mysql ';

lib/Froxlor/Cron/System/TasksCron.php

@@ -25,9 +25,12 @@
 
 namespace Froxlor\Cron\System;
 
+use Exception;
 use Froxlor\Cron\FroxlorCron;
 use Froxlor\Cron\Http\ConfigIO;
 use Froxlor\Cron\Http\HttpConfigBase;
+use Froxlor\Cron\Http\LetsEncrypt\AcmeSh;
+use Froxlor\Cron\Mail\Rspamd;
 use Froxlor\Cron\TaskId;
 use Froxlor\Database\Database;
 use Froxlor\Dns\PowerDNS;
@@ -40,6 +43,9 @@ use PDO;
 class TasksCron extends FroxlorCron
 {
 
+	/**
+	 * @throws Exception
+	 */
 	public static function run()
 	{
 		/**
@@ -98,6 +104,11 @@ class TasksCron extends FroxlorCron
 				 * refs #293
 				 */
 				self::deleteFtpData($row);
+			} elseif ($row['type'] == TaskId::REBUILD_RSPAMD && (int)Settings::Get('antispam.activated') != 0) {
+				/**
+				 * TYPE=9 Rebuild antispam config
+				 */
+				self::rebuildAntiSpamConfigs();
 			} elseif ($row['type'] == TaskId::CREATE_QUOTA && (int)Settings::Get('system.diskquota_enabled') != 0) {
 				/**
 				 * TYPE=10 Set the filesystem - quota
@@ -115,6 +126,12 @@ class TasksCron extends FroxlorCron
 				 */
 				FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, "Removing Let's Encrypt entries for domain " . $row['data']['domain']);
 				Domain::doLetsEncryptCleanUp($row['data']['domain']);
+			} elseif ($row['type'] == TaskId::UPDATE_LE_SERVICES) {
+				/**
+				 * TYPE=13 set configuration for selected services regarding the use of Let's Encrypt certificate
+				 */
+				FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, "Updating Let's Encrypt configuration for selected services");
+				AcmeSh::renewHookConfigs(FroxlorLogger::getInstanceOf());
 			}
 		}
 
@@ -266,13 +283,7 @@ class TasksCron extends FroxlorCron
 	private static function rebuildDnsConfigs()
 	{
 		$dnssrv = '\\Froxlor\\Cron\\Dns\\' . Settings::Get('system.dns_server');
-
 		$nameserver = new $dnssrv(FroxlorLogger::getInstanceOf());
-
-		if (Settings::Get('dkim.use_dkim') == '1') {
-			$nameserver->writeDKIMconfigs();
-		}
-
 		$nameserver->writeConfigs();
 	}
 
@@ -330,10 +341,11 @@ class TasksCron extends FroxlorCron
 				// webserver logs
 				$logsdir = FileDir::makeCorrectFile(Settings::Get('system.logfiles_directory') . '/' . $row['data']['loginname']);
 
-				if (file_exists($logsdir) && $logsdir != '/' && $logsdir != FileDir::makeCorrectDir(Settings::Get('system.logfiles_directory')) && substr($logsdir, 0, strlen(Settings::Get('system.logfiles_directory'))) == Settings::Get('system.logfiles_directory')) {
+				if (file_exists(dirname($logsdir)) && $logsdir != '/' && $logsdir != FileDir::makeCorrectDir(Settings::Get('system.logfiles_directory')) && substr($logsdir, 0, strlen(Settings::Get('system.logfiles_directory'))) == Settings::Get('system.logfiles_directory')) {
 					// build up wildcard for webX-{access,error}.log{*}
-					$logsdir .= '-*';
-					FileDir::safe_exec('rm -f ' . escapeshellarg($logsdir));
+					$logsdir .= '-*.log';
+					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: rm -rf ' .FileDir::makeCorrectFile($logsdir));
+					FileDir::safe_exec('rm -f ' . FileDir::makeCorrectFile($logsdir));
 				}
 			}
 		}
@@ -344,24 +356,16 @@ class TasksCron extends FroxlorCron
 		FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_INFO, 'TasksCron: Task7 started - deleting customer e-mail data');
 
 		if (is_array($row['data'])) {
-			if (isset($row['data']['loginname']) && isset($row['data']['email'])) {
+			if (isset($row['data']['loginname']) && isset($row['data']['emailpath'])) {
 				// remove specific maildir
-				$email_full = $row['data']['email'];
+				$email_full = $row['data']['emailpath'];
 				if (empty($email_full)) {
-					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'FATAL: Task7 asks to delete a email account but email field is empty!');
-				}
-				$email_user = substr($email_full, 0, strrpos($email_full, "@"));
-				$email_domain = substr($email_full, strrpos($email_full, "@") + 1);
-				$maildirname = trim(Settings::Get('system.vmail_maildirname'));
-				// Add trailing slash to Maildir if needed
-				$maildirpath = $maildirname;
-				if (!empty($maildirname) and substr($maildirname, -1) != "/") {
-					$maildirpath .= "/";
+					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_ERR, 'FATAL: Task7 asks to delete a email account but emailpath field is empty!');
 				}
 
-				$maildir = FileDir::makeCorrectDir(Settings::Get('system.vmail_homedir') . '/' . $row['data']['loginname'] . '/' . $email_domain . '/' . $email_user);
+				$maildir = FileDir::makeCorrectDir($email_full);
 
-				if ($maildir != '/' && !empty($maildir) && !empty($email_full) && $maildir != Settings::Get('system.vmail_homedir') && substr($maildir, 0, strlen(Settings::Get('system.vmail_homedir'))) == Settings::Get('system.vmail_homedir') && is_dir($maildir) && is_dir(FileDir::makeCorrectDir($maildir . '/' . $maildirpath)) && fileowner($maildir) == Settings::Get('system.vmail_uid') && filegroup($maildir) == Settings::Get('system.vmail_gid')) {
+				if ($maildir != '/' && !empty($maildir) && $maildir != Settings::Get('system.vmail_homedir') && substr($maildir, 0, strlen(Settings::Get('system.vmail_homedir'))) == Settings::Get('system.vmail_homedir') && is_dir($maildir) && fileowner($maildir) == Settings::Get('system.vmail_uid') && filegroup($maildir) == Settings::Get('system.vmail_gid')) {
 					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: rm -rf ' . escapeshellarg($maildir));
 					// mail-address allows many special characters, see http://en.wikipedia.org/wiki/Email_address#Local_part
 					$return = false;
@@ -373,23 +377,6 @@ class TasksCron extends FroxlorCron
 						'~',
 						'?'
 					]);
-				} else {
-					// backward-compatibility for old folder-structure
-					$maildir_old = FileDir::makeCorrectDir(Settings::Get('system.vmail_homedir') . '/' . $row['data']['loginname'] . '/' . $row['data']['email']);
-
-					if ($maildir_old != '/' && !empty($maildir_old) && $maildir_old != Settings::Get('system.vmail_homedir') && substr($maildir_old, 0, strlen(Settings::Get('system.vmail_homedir'))) == Settings::Get('system.vmail_homedir') && is_dir($maildir_old) && fileowner($maildir_old) == Settings::Get('system.vmail_uid') && filegroup($maildir_old) == Settings::Get('system.vmail_gid')) {
-						FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, 'Running: rm -rf ' . escapeshellarg($maildir_old));
-						// mail-address allows many special characters, see http://en.wikipedia.org/wiki/Email_address#Local_part
-						$return = false;
-						FileDir::safe_exec('rm -rf ' . escapeshellarg($maildir_old), $return, [
-							'|',
-							'&',
-							'`',
-							'$',
-							'~',
-							'?'
-						]);
-					}
 				}
 			}
 		}
@@ -448,4 +435,13 @@ class TasksCron extends FroxlorCron
 			}
 		}
 	}
+
+	/**
+	 * @throws Exception
+	 */
+	private static function rebuildAntiSpamConfigs()
+	{
+		$antispam = new Rspamd(FroxlorLogger::getInstanceOf());
+		$antispam->writeConfigs();
+	}
 }

lib/Froxlor/Cron/TaskId.php

@@ -66,6 +66,12 @@ final class TaskId
 	 */
 	const DELETE_FTP_DATA = 8;
 
+	/**
+	 * TYPE=9 MEANS THAT SOMETHING ANTISPAM RELATED HAS CHANGED.
+	 * REBUILD froxlor_settings.conf IF ANTISPAM IS ENABLED
+	 */
+	const REBUILD_RSPAMD = 9;
+
 	/**
 	 * TYPE=10 Set the filesystem - quota
 	 */
@@ -81,6 +87,11 @@ final class TaskId
 	 */
 	const DELETE_DOMAIN_SSL = 12;
 
+	/**
+	 * TYPE=13 set configuration for selected services regarding the use of Let's Encrypt certificate
+	 */
+	const UPDATE_LE_SERVICES = 13;
+
 	/**
 	 * TYPE=20 CUSTUMER DATA DUMP
 	 */

lib/Froxlor/Cron/Traffic/ReportsCron.php

@@ -70,7 +70,7 @@ class ReportsCron extends FroxlorCron
 				) as `traffic_used`
 				FROM `" . TABLE_PANEL_CUSTOMERS . "` AS `c`
 				LEFT JOIN `" . TABLE_PANEL_ADMINS . "` AS `a`
-				ON `a`.`adminid` = `c`.`adminid` WHERE `c`.`reportsent` <> '1'
+				ON `a`.`adminid` = `c`.`adminid` WHERE `c`.`reportsent` & 1 = 0
 			");
 
 			$result_data = [
@@ -79,6 +79,11 @@ class ReportsCron extends FroxlorCron
 			];
 			Database::pexecute($result_stmt, $result_data);
 
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `reportsent` = `reportsent` + 1
+				WHERE `customerid` = :customerid
+			");
+
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$row['traffic'] *= 1024;
 				$row['traffic_used'] *= 1024;
@@ -128,7 +133,9 @@ class ReportsCron extends FroxlorCron
 					$_mailerror = false;
 					$mailerr_msg = "";
 					try {
-						$mail->SetFrom($row['adminmail'], $row['adminname']);
+						$mail->setFrom(Settings::Get('panel.adminmail'), $row['adminname']);
+						$mail->clearReplyTos();
+						$mail->addReplyTo($row['adminmail'], $row['adminname']);
 						$mail->Subject = $mail_subject;
 						$mail->AltBody = $mail_body;
 						$mail->MsgHTML(nl2br($mail_body));
@@ -148,10 +155,6 @@ class ReportsCron extends FroxlorCron
 					}
 
 					$mail->ClearAddresses();
-					$upd_stmt = Database::prepare("
-						UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `reportsent` = '1'
-						WHERE `customerid` = :customerid
-					");
 					Database::pexecute($upd_stmt, [
 						'customerid' => $row['customerid']
 					]);
@@ -165,7 +168,7 @@ class ReportsCron extends FroxlorCron
 				FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` `t`
 				WHERE `t`.`adminid` = `a`.`adminid` AND `t`.`year` = :year AND `t`.`month` = :month
 				) as `traffic_used_total`
-				FROM `" . TABLE_PANEL_ADMINS . "` `a` WHERE `a`.`reportsent` = '0'
+				FROM `" . TABLE_PANEL_ADMINS . "` `a` WHERE `a`.`reportsent` & 1 = 0
 			");
 
 			$result_data = [
@@ -174,6 +177,11 @@ class ReportsCron extends FroxlorCron
 			];
 			Database::pexecute($result_stmt, $result_data);
 
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_ADMINS . "` SET `reportsent` = `reportsent` + 1
+				WHERE `adminid` = :adminid
+			");
+
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$row['traffic'] *= 1024;
 				$row['traffic_used_total'] *= 1024;
@@ -211,7 +219,7 @@ class ReportsCron extends FroxlorCron
 					$_mailerror = false;
 					$mailerr_msg = "";
 					try {
-						$mail->SetFrom($row['email'], $row['name']);
+						$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
 						$mail->Subject = $mail_subject;
 						$mail->AltBody = $mail_body;
 						$mail->MsgHTML(nl2br($mail_body));
@@ -231,10 +239,6 @@ class ReportsCron extends FroxlorCron
 					}
 
 					$mail->ClearAddresses();
-					$upd_stmt = Database::prepare("
-						UPDATE `" . TABLE_PANEL_ADMINS . "` SET `reportsent` = '1'
-						WHERE `adminid` = :adminid
-					");
 					Database::pexecute($upd_stmt, [
 						'adminid' => $row['adminid']
 					]);
@@ -297,7 +301,7 @@ class ReportsCron extends FroxlorCron
 					$_mailerror = false;
 					$mailerr_msg = "";
 					try {
-						$mail->SetFrom($row['email'], $row['name']);
+						$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
 						$mail->Subject = $mail_subject;
 						$mail->Body = $mail_body;
 						$mail->MsgHTML(nl2br($mail_body));
@@ -344,11 +348,16 @@ class ReportsCron extends FroxlorCron
 				FROM `" . TABLE_PANEL_CUSTOMERS . "` AS `c`
 			    LEFT JOIN `" . TABLE_PANEL_ADMINS . "` AS `a`
 			    ON `a`.`adminid` = `c`.`adminid`
-			    WHERE `c`.`diskspace` > '0' AND `c`.`reportsent` <> '2'
+			    WHERE `c`.`diskspace` > '0' AND `c`.`reportsent` & 2 = 0
 			");
 
 			$mail = new Mailer(true);
 
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `reportsent` = `reportsent` + 2
+				WHERE `customerid` = :customerid
+			");
+
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$row['diskspace'] *= 1024;
 				$row['diskspace_used'] *= 1024;
@@ -398,7 +407,9 @@ class ReportsCron extends FroxlorCron
 					$_mailerror = false;
 					$mailerr_msg = "";
 					try {
-						$mail->SetFrom($row['adminmail'], $row['adminname']);
+						$mail->setFrom(Settings::Get('panel.adminmail'), $row['adminname']);
+						$mail->clearReplyTos();
+						$mail->addReplyTo($row['adminmail'], $row['adminname']);
 						$mail->Subject = $mail_subject;
 						$mail->AltBody = $mail_body;
 						$mail->MsgHTML(nl2br($mail_body));
@@ -418,10 +429,6 @@ class ReportsCron extends FroxlorCron
 					}
 
 					$mail->ClearAddresses();
-					$upd_stmt = Database::prepare("
-						UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `reportsent` = '2'
-						WHERE `customerid` = :customerid
-					");
 					Database::pexecute($upd_stmt, [
 						'customerid' => $row['customerid']
 					]);
@@ -432,7 +439,12 @@ class ReportsCron extends FroxlorCron
 			 * report about diskusage for admins/reseller
 			 */
 			$result_stmt = Database::query("
-				SELECT `a`.* FROM `" . TABLE_PANEL_ADMINS . "` `a` WHERE `a`.`reportsent` <> '2'
+				SELECT `a`.* FROM `" . TABLE_PANEL_ADMINS . "` `a` WHERE `a`.`reportsent` & 2 = 0
+			");
+
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_ADMINS . "` SET `reportsent` = `reportsent` + 2
+				WHERE `adminid` = :adminid
 			");
 
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -472,7 +484,7 @@ class ReportsCron extends FroxlorCron
 					$_mailerror = false;
 					$mailerr_msg = "";
 					try {
-						$mail->SetFrom($row['email'], $row['name']);
+						$mail->SetFrom(Settings::Get('panel.adminmail'), Settings::Get('panel.adminmail_defname'));
 						$mail->Subject = $mail_subject;
 						$mail->AltBody = $mail_body;
 						$mail->MsgHTML(nl2br($mail_body));
@@ -492,10 +504,6 @@ class ReportsCron extends FroxlorCron
 					}
 
 					$mail->ClearAddresses();
-					$upd_stmt = Database::prepare("
-						UPDATE `" . TABLE_PANEL_ADMINS . "` SET `reportsent` = '2'
-						WHERE `adminid` = :adminid
-					");
 					Database::pexecute($upd_stmt, [
 						'adminid' => $row['adminid']
 					]);

lib/Froxlor/Cron/Traffic/TrafficCron.php

@@ -47,7 +47,7 @@ class TrafficCron extends FroxlorCron
 
 	public static function run()
 	{
-		self::runFork([self::class, 'handle']);
+		self::runFork([self::class, 'handle'], [true]);
 	}
 
 	public static function handle()
@@ -122,7 +122,7 @@ class TrafficCron extends FroxlorCron
 				if ($mysql_usage_row) {
 					$mysqlusage_all[$row_database['customerid']] += floatval($mysql_usage_row['customerusage']);
 				} else {
-					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Cannot get usage for database " . $row_database['databasename'] . ".");
+					FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_NOTICE, "Cannot get usage for database " . $row_database['databasename'] . ".");
 				}
 			} else {
 				FroxlorLogger::getInstanceOf()->logAction(FroxlorLogger::CRON_ACTION, LOG_WARNING, "Seems like the database " . $row_database['databasename'] . " had been removed manually.");
@@ -163,14 +163,14 @@ class TrafficCron extends FroxlorCron
 
 			if (isset($domainlist[$row['customerid']]) && is_array($domainlist[$row['customerid']]) && count($domainlist[$row['customerid']]) != 0) {
 				// Examining which caption to use for default webalizer stats...
-				if ($row['standardsubdomain'] != '0') {
+				if ($row['standardsubdomain'] != '0' && isset($domainlist[$row['customerid']][$row['standardsubdomain']])) {
 					// ... of course we'd prefer to use the standardsubdomain ...
 					$caption = $domainlist[$row['customerid']][$row['standardsubdomain']];
 				} else {
 					// ... but if there is no standardsubdomain, we have to use the loginname ...
 					$caption = $row['loginname'];
 
-					// ... which results in non-usable links to files in the stats, so lets have a look if we find a domain which is not speciallogfiledomain
+					// ... which results in non-usable links to files in the stats, so let's have a look if we find a domain which is not speciallogfiledomain
 					foreach ($domainlist[$row['customerid']] as $domainid => $domain) {
 						if (!isset($speciallogfile_domainlist[$row['customerid']]) || !isset($speciallogfile_domainlist[$row['customerid']][$domainid])) {
 							$caption = $domain;
@@ -193,6 +193,8 @@ class TrafficCron extends FroxlorCron
 							} else {
 								$httptraffic += floatval(self::callWebalizerGetTraffic($row['loginname'] . '-' . $domain, $row['documentroot'] . '/webalizer/' . $domain . '/', $domain, $domainlist[$row['customerid']]));
 							}
+							// kind of a keep-alive-call as this unsets the link which leads to a new connection to the database
+							Database::needRoot();
 						}
 					}
 				}
@@ -210,6 +212,8 @@ class TrafficCron extends FroxlorCron
 				} else {
 					$httptraffic += floatval(self::callWebalizerGetTraffic($row['loginname'], $row['documentroot'] . '/webalizer/', $caption, $domainlist[$row['customerid']]));
 				}
+				// kind of a keep-alive-call as this unsets the link which leads to a new connection to the database
+				Database::needRoot();
 
 				// make the stuff readable for the customer, #258
 				Statistics::makeChownWithNewStats($row);
@@ -618,7 +622,7 @@ class TrafficCron extends FroxlorCron
 			$format = Settings::Get('system.logfiles_type') == '2' ? 'VCOMBINED' : 'COMBINED';
 			$monthyear = $monthyear_arr['month'] . '/' . $monthyear_arr['year'];
 			$return_value = false;
-			FileDir::safe_exec("grep '" . $monthyear . "' " . escapeshellarg($logfile) . " | goaccess " . $keep_params . " --db-path=" . escapeshellarg($outputdir) . " -o " . escapeshellarg($outputdir . '.tmp.json') . " -o " . escapeshellarg($outputdir . 'index.html') . " --html-report-title=" . escapeshellarg($caption) . " --log-format=" . $format . " - ", $return_value, ['|']);
+			FileDir::safe_exec("grep '" . $monthyear . "' " . escapeshellarg($logfile) . " | goaccess " . $keep_params . " --db-path=" . escapeshellarg($outputdir) . " -o " . escapeshellarg($outputdir . '.tmp.json') . " -o " . escapeshellarg($outputdir . 'index.html') . " --html-report-title=" . escapeshellarg($caption) . " --log-format=" . $format . " --no-parsing-spinner --no-progress - ", $return_value, ['|']);
 
 			if (file_exists($outputdir . '.tmp.json')) {
 				// need jq here because of potentially LARGE json files
@@ -787,6 +791,8 @@ class TrafficCron extends FroxlorCron
 			// 'real' domains and no subdomains which are aliases in the
 			// model-config-file.
 			$returnval += self::awstatsDoSingleDomain($singledomain, $outputdir, $current_stamp);
+			// kind of a keep-alive-call as this unsets the link which leads to a new connection to the database
+			Database::needRoot();
 		}
 
 		/**

lib/Froxlor/CurrentUser.php

@@ -46,7 +46,7 @@ class CurrentUser
 	 */
 	public static function hasSession(): bool
 	{
-		return !empty($_SESSION) && isset($_SESSION['userinfo']) && !empty($_SESSION['userinfo']);
+		return !empty($_SESSION) && !empty($_SESSION['userinfo']);
 	}
 
 	/**

lib/Froxlor/Customer/Customer.php

@@ -32,7 +32,7 @@ class Customer
 {
 
 	/**
-	 * Get value of a a specific field from a given customer
+	 * Get value of a specific field from a given customer
 	 *
 	 * @param int $customerid
 	 * @param string $varname

lib/Froxlor/Database/Database.php

@@ -133,7 +133,7 @@ class Database
 	 *            if set to false, the error will be logged, but we go on
 	 * @throws Exception
 	 */
-	private static function showerror(Exception $error, bool $showerror = true, bool $json_response = false, PDOStatement $stmt = null)
+	private static function showerror(Exception $error, bool $showerror = true, bool $json_response = false, ?PDOStatement $stmt = null)
 	{
 		global $userinfo, $theme, $linker;
 
@@ -377,6 +377,14 @@ class Database
 		self::$link = null;
 	}
 
+	/**
+	 * get the currently used database-server (relevant for root-connection)
+	 */
+	public static function getServer()
+	{
+		return self::$dbserver;
+	}
+
 	/**
 	 * enable the temporary access to sql-access data
 	 * note: if you want root-sqldata you need to

lib/Froxlor/Database/DbManager.php

@@ -25,6 +25,7 @@
 
 namespace Froxlor\Database;
 
+use Exception;
 use Froxlor\Database\Manager\DbManagerMySQL;
 use Froxlor\Froxlor;
 use Froxlor\FroxlorLogger;
@@ -83,7 +84,7 @@ class DbManager
 	 * @param array $mysql_access_host_array
 	 *
 	 * @return void
-	 * @throws \Exception
+	 * @throws Exception
 	 */
 	public static function correctMysqlUsers(array $mysql_access_host_array)
 	{
@@ -101,8 +102,26 @@ class DbManager
 			$databases[$databases_row['dbserver']][] = $databases_row['databasename'];
 		}
 
+		$customers_sel = Database::query("
+			SELECT DISTINCT c.loginname
+			FROM `" . TABLE_PANEL_CUSTOMERS . "` c
+			LEFT JOIN `" . TABLE_PANEL_DATABASES . "` d ON c.customerid = d.customerid
+			WHERE c.deactivated = '0' AND d.id IS NOT NULL
+		");
+		$customers = [];
+		while ($customer = $customers_sel->fetch(\PDO::FETCH_ASSOC)) {
+			$customers[] = $customer['loginname'];
+		}
+
 		$dbservers_stmt = Database::query("SELECT DISTINCT `dbserver` FROM `" . TABLE_PANEL_DATABASES . "`");
 		while ($dbserver = $dbservers_stmt->fetch(PDO::FETCH_ASSOC)) {
+
+			// add all customer loginnames to the $databases array for this database-server to correct
+			// a possible existing global mysql-user for that customer
+			foreach ($customers as $customer) {
+				$databases[$dbserver['dbserver']][] = $customer;
+			}
+
 			// require privileged access for target db-server
 			Database::needRoot(true, $dbserver['dbserver'], false);
 
@@ -110,7 +129,7 @@ class DbManager
 			$users = $dbm->getManager()->getAllSqlUsers(false);
 
 			foreach ($databases[$dbserver['dbserver']] as $username) {
-				if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) {
+				if (isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) {
 
 					$password = [
 						'password' => $users[$username]['password'],
@@ -135,6 +154,8 @@ class DbManager
 
 			$dbm->getManager()->flushPrivileges();
 			Database::needRoot(false);
+
+			unset($databases[$dbserver['dbserver']]);
 		}
 	}
 
@@ -148,10 +169,12 @@ class DbManager
 	 * @param ?string $password
 	 * @param int $dbserver
 	 * @param int $last_accnumber
+	 * @param ?string $global_user
 	 *
 	 * @return string|bool $username if successful or false of username is equal to the password
+	 * @throws Exception
 	 */
-	public function createDatabase(string $loginname = null, string $password = null, int $dbserver = 0, int $last_accnumber = 0)
+	public function createDatabase(string $loginname = null, string $password = null, int $dbserver = 0, int $last_accnumber = 0, string $global_user = "")
 	{
 		Database::needRoot(true, $dbserver, false);
 
@@ -182,10 +205,13 @@ class DbManager
 		// and give permission to the user on every access-host we have
 		foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {
 			$this->getManager()->grantPrivilegesTo($username, $password, $mysql_access_host);
+			if (!empty($global_user)) {
+				$this->getManager()->grantCreateToDb($global_user, $username, $mysql_access_host);
+			}
 		}
 
 		$this->getManager()->flushPrivileges();
-		Database::needRoot(false);
+		Database::needRoot();
 
 		$this->log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "created database '" . $username . "'");
 

lib/Froxlor/Database/Manager/DbManagerMySQL.php

@@ -76,11 +76,14 @@ class DbManagerMySQL
 	 *            optional, whether the password is encrypted or not, default false
 	 * @param bool $update
 	 *            optional, whether to update the password only (not create user)
+	 * @param bool $grant_access_prefix
+	 *            optional, whether the given user will have access to all databases starting with the username, default false
 	 * @throws \Exception
 	 */
-	public function grantPrivilegesTo(string $username, $password, string $access_host = null, bool $p_encrypted = false, bool $update = false)
+	public function grantPrivilegesTo(string $username, $password, string $access_host = null, bool $p_encrypted = false, bool $update = false, bool $grant_access_prefix = false)
 	{
-		$pwd_plugin = 'mysql_native_password';
+		// this is required for mysql8
+		$pwd_plugin = 'caching_sha2_password';
 		if (is_array($password) && count($password) == 2) {
 			$pwd_plugin = $password['plugin'];
 			$password = $password['password'];
@@ -107,13 +110,18 @@ class DbManagerMySQL
 				"password" => $password
 			]);
 			// grant privileges
+			$grants = "ALL";
+			if ($grant_access_prefix) {
+				$grants = "SELECT, INSERT, UPDATE, DELETE, DROP, INDEX, ALTER";
+			}
 			$stmt = Database::prepare("
-				GRANT ALL ON `" . $username . "`.* TO :username@:host
+				GRANT " . $grants . " ON `" . $username . ($grant_access_prefix ? '%' : '') . "`.* TO `" . $username . "`@`" . $access_host . "`
 			");
-			Database::pexecute($stmt, [
-				"username" => $username,
-				"host" => $access_host
-			]);
+			Database::pexecute($stmt);
+
+			if ($grant_access_prefix) {
+				$this->grantCreateToCustomerDbs($username, $access_host);
+			}
 		} else {
 			// set password
 			if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.6', '<') || version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '10.0.0', '>=')) {
@@ -142,9 +150,10 @@ class DbManagerMySQL
 	 * takes away any privileges from a user to that db
 	 *
 	 * @param string $dbname
+	 * @param ?string $global_user
 	 * @throws \Exception
 	 */
-	public function deleteDatabase(string $dbname)
+	public function deleteDatabase(string $dbname, string $global_user = "")
 	{
 		if (version_compare(Database::getAttribute(PDO::ATTR_SERVER_VERSION), '5.0.2', '<')) {
 			// failsafe if user has been deleted manually (requires MySQL 4.1.2+)
@@ -164,11 +173,19 @@ class DbManagerMySQL
 		} else {
 			$drop_stmt = Database::prepare("DROP USER IF EXISTS :dbname@:host");
 		}
+		$rev_stmt = Database::prepare("REVOKE ALL PRIVILEGES ON `" . $dbname . "`.* FROM :guser@:host;");
 		while ($host = $host_res_stmt->fetch(PDO::FETCH_ASSOC)) {
 			Database::pexecute($drop_stmt, [
 				'dbname' => $dbname,
 				'host' => $host['Host']
 			], false);
+
+			if (!empty($global_user)) {
+				Database::pexecute($rev_stmt, [
+					'guser' => $global_user,
+					'host' => $host['Host']
+				], false);
+			}
 		}
 
 		$drop_stmt = Database::prepare("DROP DATABASE IF EXISTS `" . $dbname . "`");
@@ -184,7 +201,8 @@ class DbManagerMySQL
 	 */
 	public function deleteUser(string $username, string $host)
 	{
-		if (Database::getAttribute(PDO::ATTR_SERVER_VERSION) < '5.0.2') {
+		if ($this->userExistsOnHost($username, $host)) {
+			if (version_compare(Database::getAttribute(PDO::ATTR_SERVER_VERSION), '5.0.2', '<')) {
 				// Revoke privileges (only required for MySQL 4.1.2 - 5.0.1)
 				$stmt = Database::prepare("REVOKE ALL PRIVILEGES ON * . * FROM `" . $username . "`@`" . $host . "`");
 				Database::pexecute($stmt);
@@ -200,6 +218,7 @@ class DbManagerMySQL
 				"host" => $host
 			]);
 		}
+	}
 
 	/**
 	 * removes permissions from a user
@@ -219,17 +238,38 @@ class DbManagerMySQL
 	 *
 	 * @param string $username
 	 * @param string $host
+	 * @param bool $grant_access_prefix
 	 * @throws \Exception
 	 */
-	public function enableUser(string $username, string $host)
+	public function enableUser(string $username, string $host, bool $grant_access_prefix = false)
 	{
 		// check whether user exists to avoid errors
+		if ($this->userExistsOnHost($username, $host)) {
+			$grants = "ALL PRIVILEGES";
+			if ($grant_access_prefix) {
+				$grants = "SELECT, INSERT, UPDATE, DELETE, DROP, INDEX, ALTER";
+			}
+			Database::query('GRANT ' . $grants . ' ON `' . $username . ($grant_access_prefix ? '%' : '') . '`.* TO `' . $username . '`@`' . $host . '`');
+			Database::query('GRANT ' . $grants . ' ON `' . str_replace('_', '\_', $username) . ($grant_access_prefix ? '%' : '') . '` . * TO `' . $username . '`@`' . $host . '`');
+			if ($grant_access_prefix) {
+				$this->grantCreateToCustomerDbs($username, $host);
+			}
+		}
+	}
+
+	/**
+	 * Check whether a given username exists for the given host
+	 *
+	 * @param string $username
+	 * @param string $host
+	 * @return bool
+	 * @throws \Exception
+	 */
+	public function userExistsOnHost(string $username, string $host): bool
+	{
 		$exist_check_stmt = Database::prepare("SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '" . $username . "' AND host = '" . $host . "')");
 		$exist_check = Database::pexecute_first($exist_check_stmt);
-		if ($exist_check && array_pop($exist_check) == '1') {
-			Database::query('GRANT ALL PRIVILEGES ON `' . $username . '`.* TO `' . $username . '`@`' . $host . '`');
-			Database::query('GRANT ALL PRIVILEGES ON `' . str_replace('_', '\_', $username) . '` . * TO `' . $username . '`@`' . $host . '`');
-		}
+		return ($exist_check && array_pop($exist_check) == '1');
 	}
 
 	/**
@@ -262,7 +302,7 @@ class DbManagerMySQL
 				if (!isset($allsqlusers[$row['User']]) || !is_array($allsqlusers[$row['User']])) {
 					$allsqlusers[$row['User']] = [
 						'password' => $row['Password'] ?? $row['authentication_string'],
-						'plugin' => $row['plugin'] ?? 'mysql_native_password',
+						'plugin' => $row['plugin'] ?? 'caching_sha2_password',
 						'hosts' => []
 					];
 				}
@@ -273,4 +313,54 @@ class DbManagerMySQL
 		}
 		return $allsqlusers;
 	}
+
+	/**
+	 * grant "CREATE" for prefix user to all existing databases of that customer
+	 *
+	 * @param string $username
+	 * @param string $access_host
+	 * @return void
+	 * @throws \Exception
+	 */
+	private function grantCreateToCustomerDbs(string $username, string $access_host)
+	{
+		// remember what (possible remote) db-server we're on
+		$currentDbServer = Database::getServer();
+		// use "unprivileged" connection
+		Database::needRoot();
+		$cus_stmt = Database::prepare("SELECT customerid FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE loginname = :username");
+		$cust = Database::pexecute_first($cus_stmt, ['username' => $username]);
+		if ($cust) {
+			$sel_stmt = Database::prepare("SELECT databasename FROM `" . TABLE_PANEL_DATABASES . "` WHERE `customerid` = :cid AND `dbserver` = :dbserver");
+			Database::pexecute($sel_stmt, ['cid' => $cust['customerid'], 'dbserver' => $currentDbServer]);
+			// reset to root-connection for used dbserver
+			Database::needRoot(true, $currentDbServer, false);
+			while ($dbdata = $sel_stmt->fetch(\PDO::FETCH_ASSOC)) {
+				$stmt = Database::prepare("
+					GRANT ALL ON `" . $dbdata['databasename'] . "`.* TO `" . $username . "`@`" . $access_host . "`
+				");
+				Database::pexecute($stmt);
+			}
+		}
+	}
+
+	/**
+	 * grant "CREATE" for prefix user to all existing databases of that customer
+	 *
+	 * @param string $username
+	 * @param string $database
+	 * @param string $access_host
+	 * @return void
+	 * @throws \Exception
+	 */
+	public function grantCreateToDb(string $username, string $database, string $access_host)
+	{
+		// only grant permission if the user exists
+		if ($this->userExistsOnHost($username, $access_host)) {
+			$stmt = Database::prepare("
+				GRANT ALL ON `" . $database . "`.* TO `" . $username . "`@`" . $access_host . "`
+			");
+			Database::pexecute($stmt);
+		}
+	}
 }

lib/Froxlor/Dns/Dns.php

@@ -54,7 +54,7 @@ class Dns
 				$dom_data['uid'] = $userinfo['userid'];
 			}
 		} else {
-			$where_clause = '`customerid` = :uid AND ';
+			$where_clause = '`customerid` = :uid AND `email_only` = "0" AND ';
 			$dom_data['uid'] = $userinfo['userid'];
 		}
 
@@ -120,20 +120,8 @@ class Dns
 		if ($domain['isemaildomain'] == '1') {
 			self::addRequiredEntry('@', 'MX', $required_entries);
 			if (Settings::Get('system.dns_createmailentry')) {
-				foreach (
-					[
-						'imap',
-						'pop3',
-						'mail',
-						'smtp'
-					] as $record
-				) {
-					foreach (
-						[
-							'AAAA',
-							'A'
-						] as $type
-					) {
+				foreach (['imap', 'pop3', 'mail', 'smtp' ] as $record ) {
+					foreach (['AAAA', 'A' ] as $type ) {
 						self::addRequiredEntry($record, $type, $required_entries);
 					}
 				}
@@ -181,7 +169,11 @@ class Dns
 						// check for SPF content later
 						self::addRequiredEntry('@SPF@.' . $sub_record, 'TXT', $required_entries);
 					}
-					if (Settings::Get('dkim.use_dkim') == '1') {
+					if (Settings::Get('dmarc.use_dmarc') == '1') {
+						// check for DMARC content later
+						self::addRequiredEntry('@DMARC@.' . $sub_record, 'TXT', $required_entries);
+					}
+					if (Settings::Get('antispam.activated') == '1' && $domain['dkim'] == '1') {
 						// check for DKIM content later
 						self::addRequiredEntry('dkim' . $domain['dkim_id'] . '._domainkey.' . $sub_record, 'TXT', $required_entries);
 					}
@@ -218,7 +210,11 @@ class Dns
 				// check for SPF content later
 				self::addRequiredEntry('@SPF@', 'TXT', $required_entries);
 			}
-			if (Settings::Get('dkim.use_dkim') == '1') {
+			if (Settings::Get('dmarc.use_dmarc') == '1') {
+				// check for DMARC content later
+				self::addRequiredEntry('@DMARC@', 'TXT', $required_entries);
+			}
+			if (Settings::Get('antispam.activated') == '1' && $domain['dkim'] == '1') {
 				// check for DKIM content later
 				self::addRequiredEntry('dkim' . $domain['dkim_id'] . '._domainkey', 'TXT', $required_entries);
 			}
@@ -229,51 +225,64 @@ class Dns
 
 		// now generate all records and unset the required entries we have
 		foreach ($dom_entries as $entry) {
-			if (array_key_exists($entry['type'], $required_entries) && array_key_exists(md5($entry['record']),
-					$required_entries[$entry['type']])) {
+			if (array_key_exists($entry['type'], $required_entries)
+				&& array_key_exists( md5($entry['record']), $required_entries[$entry['type']])
+			) {
 				unset($required_entries[$entry['type']][md5($entry['record'])]);
 			}
-			if (Settings::Get('system.dns_createcaaentry') == '1' && $entry['type'] == 'CAA' && strtolower(substr($entry['content'],
-					0, 7)) == '"v=caa1') {
+			if (Settings::Get('system.dns_createcaaentry') == '1'
+				&& $entry['type'] == 'CAA'
+				&& strtolower(substr($entry['content'], 0, 7 )) == '"v=caa1'
+			) {
 				// unset special CAA required-entry
 				unset($required_entries[$entry['type']][md5("@CAA@")]);
 			}
-			if (Settings::Get('spf.use_spf') == '1' && $entry['type'] == 'TXT' && $entry['record'] == '@' && (strtolower(substr($entry['content'],
-						0, 7)) == '"v=spf1' || strtolower(substr($entry['content'], 0, 6)) == 'v=spf1')) {
+			if (Settings::Get('spf.use_spf') == '1'
+				&& $entry['type'] == 'TXT'
+				&& (strtolower(substr($entry['content'], 0, 7)) == '"v=spf1' || strtolower(substr($entry['content'], 0, 6)) == 'v=spf1')
+			) {
 				// unset special spf required-entry
+				if ($entry['record'] == '@') {
 					unset($required_entries[$entry['type']][md5("@SPF@")]);
+				} else {
+					// subdomain
+					unset($required_entries[$entry['type']][md5("@SPF@." . $entry['record'])]);
+				}
+			}
+			if (Settings::Get('dmarc.use_dmarc') == '1'
+				&& $entry['type'] == 'TXT'
+				&& ($entry['record'] == '_dmarc' || substr($entry['record'], 0, 7) == '_dmarc.')
+				&& (strtolower(substr($entry['content'], 0, 9)) == '"v=dmarc1' || strtolower(substr($entry['content'], 0, 8)) == 'v=dmarc1')
+			) {
+				// unset special dmarc required-entry
+				if ($entry['record'] == '_dmarc') {
+					unset($required_entries[$entry['type']][md5("@DMARC@")]);
+				} else {
+					// subdomain
+					unset($required_entries[$entry['type']][md5("@DMARC@" . substr($entry['record'], 6))]);
+				}
 			}
 			if (empty($primary_ns) && $entry['record'] == '@' && $entry['type'] == 'NS') {
 				// use the first NS entry pertaining to the current domain as primary ns
 				$primary_ns = $entry['content'];
 			}
 			// check for CNAME on @, www- or wildcard-Alias and remove A/AAAA record accordingly
-			foreach (
-				[
-					'@',
-					'www',
-					'*'
-				] as $crecord
+			foreach (['@', 'www', '*'] as $crecord) {
+				if ($entry['type'] == 'CNAME'
+					&& $entry['record'] == '@'
+					&& (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))
 				) {
-				if ($entry['type'] == 'CNAME' && $entry['record'] == '@' && (array_key_exists(md5($crecord),
-							$required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))) {
 					unset($required_entries['A'][md5($crecord)]);
 					unset($required_entries['AAAA'][md5($crecord)]);
 				}
 			}
 			// also allow overriding of auto-generated values (imap,pop3,mail,smtp) if enabled in the settings
 			if (Settings::Get('system.dns_createmailentry')) {
-				foreach (
-					[
-						'imap',
-						'pop3',
-						'mail',
-						'smtp'
-					] as $crecord
+				foreach (['imap', 'pop3', 'mail', 'smtp'] as $crecord) {
+					if ($entry['type'] == 'CNAME'
+						&& $entry['record'] == $crecord
+						&& (array_key_exists(md5($crecord), $required_entries['A']) || array_key_exists(md5($crecord), $required_entries['AAAA']))
 					) {
-					if ($entry['type'] == 'CNAME' && $entry['record'] == $crecord && (array_key_exists(md5($crecord),
-								$required_entries['A']) || array_key_exists(md5($crecord),
-								$required_entries['AAAA']))) {
 						unset($required_entries['A'][md5($crecord)]);
 						unset($required_entries['AAAA'][md5($crecord)]);
 					}
@@ -310,8 +319,7 @@ class Dns
 						foreach ($records as $record) {
 							if ($type == 'A' && filter_var($ip['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false) {
 								$zonerecords[] = new DnsEntry($record, 'A', $ip['ip']);
-							} elseif ($type == 'AAAA' && filter_var($ip['ip'], FILTER_VALIDATE_IP,
-									FILTER_FLAG_IPV6) !== false) {
+							} elseif ($type == 'AAAA' && filter_var($ip['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) !== false) {
 								$zonerecords[] = new DnsEntry($record, 'AAAA', $ip['ip']);
 							}
 						}
@@ -376,9 +384,7 @@ class Dns
 
 			// TXT (SPF and DKIM)
 			if (array_key_exists("TXT", $required_entries)) {
-				if (Settings::Get('dkim.use_dkim') == '1') {
 				$dkim_entries = self::generateDkimEntries($domain);
-				}
 
 				foreach ($required_entries as $type => $records) {
 					if ($type == 'TXT') {
@@ -392,6 +398,15 @@ class Dns
 								$txt_content = Settings::Get('spf.spf_entry');
 								$sub_record = substr($record, 6);
 								$zonerecords[] = new DnsEntry($sub_record, 'TXT', self::encloseTXTContent($txt_content));
+							} elseif ($record == '@DMARC@') {
+								// dmarc for main-domain
+								$txt_content = Settings::Get('dmarc.dmarc_entry');
+								$zonerecords[] = new DnsEntry('_dmarc', 'TXT', self::encloseTXTContent($txt_content));
+							} elseif (strlen($record) > 8 && substr($record, 0, 8) == '@DMARC@.') {
+								// dmarc for subdomain
+								$txt_content = Settings::Get('dmarc.dmarc_entry');
+								$sub_record = substr($record, 8);
+								$zonerecords[] = new DnsEntry('_dmarc.' . $sub_record, 'TXT', self::encloseTXTContent($txt_content));
 							} elseif (!empty($dkim_entries)) {
 								// DKIM entries
 								$dkim_record = 'dkim' . $domain['dkim_id'] . '._domainkey';
@@ -471,8 +486,7 @@ class Dns
 
 		if (!$isMainButSubTo) {
 			$date = date('Ymd');
-			$domain['bindserial'] = (preg_match('/^' . $date . '/',
-				$domain['bindserial']) ? $domain['bindserial'] + 1 : $date . '00');
+			$domain['bindserial'] = (preg_match('/^' . $date . '/', $domain['bindserial']) ? $domain['bindserial'] + 1 : $date . '00');
 			if (!$froxlorhostname) {
 				$upd_stmt = Database::prepare("
 					UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
@@ -499,8 +513,12 @@ class Dns
 			array_unshift($zonerecords, $soa_record);
 		}
 
-		$zone = new DnsZone((int)Settings::Get('system.defaultttl'), $domain['domain'], $domain['bindserial'],
-			$zonerecords);
+		$zone = new DnsZone(
+			(int)Settings::Get('system.defaultttl'),
+			$domain['domain'],
+			$domain['bindserial'],
+			$zonerecords
+		);
 
 		return $zone;
 	}
@@ -527,43 +545,11 @@ class Dns
 	{
 		$zone_dkim = [];
 
-		if (Settings::Get('dkim.use_dkim') == '1' && $domain['dkim'] == '1' && $domain['dkim_pubkey'] != '') {
+		if (Settings::Get('antispam.activated') == '1' && $domain['dkim'] == '1' && $domain['dkim_pubkey'] != '') {
 			// start
 			$dkim_txt = 'v=DKIM1;';
-
-			// algorithm
-			$algorithm = explode(',', Settings::Get('dkim.dkim_algorithm'));
-			$alg = '';
-			foreach ($algorithm as $a) {
-				if ($a == 'all') {
-					break;
-				} else {
-					$alg .= $a . ':';
-				}
-			}
-
-			if ($alg != '') {
-				$alg = substr($alg, 0, -1);
-				$dkim_txt .= 'h=' . $alg . ';';
-			}
-
-			// notes
-			if (trim(Settings::Get('dkim.dkim_notes') != '')) {
-				$dkim_txt .= 'n=' . trim(Settings::Get('dkim.dkim_notes')) . ';';
-			}
-
 			// key
-			$dkim_txt .= 'k=rsa;p=' . trim(preg_replace('/-----BEGIN PUBLIC KEY-----(.+)-----END PUBLIC KEY-----/s',
-					'$1', str_replace("\n", '', $domain['dkim_pubkey']))) . ';';
-
-			// service-type
-			if (Settings::Get('dkim.dkim_servicetype') == '1') {
-				$dkim_txt .= 's=email;';
-			}
-
-			// end-part
-			$dkim_txt .= 't=s';
-
+			$dkim_txt .= 'k=rsa;p=' . trim($domain['dkim_pubkey']) . ';';
 			// dkim-entry
 			$zone_dkim[] = $dkim_txt;
 		}

lib/Froxlor/Domain/Domain.php

@@ -256,7 +256,7 @@ class Domain
 		]);
 		$result = [];
 		while ($entry = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
-			$result = $entry['id'];
+			$result[] = $entry['id'];
 		}
 		return $result;
 	}