set version to 2.2.1 for upcoming release

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

admin_opcacheinfo.php

@@ -35,6 +35,7 @@ require __DIR__ . '/lib/init.php';
 use Froxlor\FroxlorLogger;
 use Froxlor\UI\HTML;
 use Froxlor\UI\Panel\UI;
+use Froxlor\UI\Request;
 use Froxlor\UI\Response;
 
 if ($action == 'reset' && function_exists('opcache_reset') && $userinfo['change_serversettings'] == '1') {

composer.lock

@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "amnuts/opcache-gui",
-            "version": "3.5.4",
+            "version": "3.5.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amnuts/opcache-gui.git",
-                "reference": "f3a8fe44c0a4c69dd69b9999d68f9097ee362946"
+                "reference": "4ad9866c4bb5a96fd8a40353afb15f6934f4919b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amnuts/opcache-gui/zipball/f3a8fe44c0a4c69dd69b9999d68f9097ee362946",
-                "reference": "f3a8fe44c0a4c69dd69b9999d68f9097ee362946",
+                "url": "https://api.github.com/repos/amnuts/opcache-gui/zipball/4ad9866c4bb5a96fd8a40353afb15f6934f4919b",
+                "reference": "4ad9866c4bb5a96fd8a40353afb15f6934f4919b",
                 "shasum": ""
             },
             "require": {
@@ -58,7 +58,7 @@
             "support": {
                 "email": "andy@amnuts.com",
                 "issues": "https://github.com/amnuts/opcache-gui/issues",
-                "source": "https://github.com/amnuts/opcache-gui/tree/3.5.4"
+                "source": "https://github.com/amnuts/opcache-gui/tree/3.5.5"
             },
             "funding": [
                 {
@@ -66,20 +66,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-10-25T19:09:56+00:00"
+            "time": "2024-06-23T13:01:33+00:00"
         },
         {
             "name": "dflydev/dot-access-data",
-            "version": "v3.0.2",
+            "version": "v3.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/dflydev/dflydev-dot-access-data.git",
-                "reference": "f41715465d65213d644d3141a6a93081be5d3549"
+                "reference": "a23a2bf4f31d3518f3ecb38660c95715dfead60f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/dflydev/dflydev-dot-access-data/zipball/f41715465d65213d644d3141a6a93081be5d3549",
-                "reference": "f41715465d65213d644d3141a6a93081be5d3549",
+                "url": "https://api.github.com/repos/dflydev/dflydev-dot-access-data/zipball/a23a2bf4f31d3518f3ecb38660c95715dfead60f",
+                "reference": "a23a2bf4f31d3518f3ecb38660c95715dfead60f",
                 "shasum": ""
             },
             "require": {
@@ -139,9 +139,9 @@
             ],
             "support": {
                 "issues": "https://github.com/dflydev/dflydev-dot-access-data/issues",
-                "source": "https://github.com/dflydev/dflydev-dot-access-data/tree/v3.0.2"
+                "source": "https://github.com/dflydev/dflydev-dot-access-data/tree/v3.0.3"
             },
-            "time": "2022-10-27T11:44:00+00:00"
+            "time": "2024-07-08T12:26:09+00:00"
         },
         {
             "name": "froxlor/idna-convert-legacy",
@@ -201,16 +201,16 @@
         },
         {
             "name": "league/commonmark",
-            "version": "2.4.2",
+            "version": "2.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/commonmark.git",
-                "reference": "91c24291965bd6d7c46c46a12ba7492f83b1cadf"
+                "reference": "ac815920de0eff6de947eac0a6a94e5ed0fb147c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/commonmark/zipball/91c24291965bd6d7c46c46a12ba7492f83b1cadf",
-                "reference": "91c24291965bd6d7c46c46a12ba7492f83b1cadf",
+                "url": "https://api.github.com/repos/thephpleague/commonmark/zipball/ac815920de0eff6de947eac0a6a94e5ed0fb147c",
+                "reference": "ac815920de0eff6de947eac0a6a94e5ed0fb147c",
                 "shasum": ""
             },
             "require": {
@@ -223,8 +223,8 @@
             },
             "require-dev": {
                 "cebe/markdown": "^1.0",
-                "commonmark/cmark": "0.30.3",
-                "commonmark/commonmark.js": "0.30.0",
+                "commonmark/cmark": "0.31.0",
+                "commonmark/commonmark.js": "0.31.0",
                 "composer/package-versions-deprecated": "^1.8",
                 "embed/embed": "^4.4",
                 "erusev/parsedown": "^1.0",
@@ -246,7 +246,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "2.5-dev"
+                    "dev-main": "2.6-dev"
                 }
             },
             "autoload": {
@@ -303,7 +303,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-02-02T11:59:32+00:00"
+            "time": "2024-07-24T12:52:09+00:00"
         },
         {
             "name": "league/config",
@@ -973,16 +973,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v5.4.40",
+            "version": "v5.4.42",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "aa73115c0c24220b523625bfcfa655d7d73662dd"
+                "reference": "cef62396a0477e94fc52e87a17c6e5c32e226b7f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/aa73115c0c24220b523625bfcfa655d7d73662dd",
-                "reference": "aa73115c0c24220b523625bfcfa655d7d73662dd",
+                "url": "https://api.github.com/repos/symfony/console/zipball/cef62396a0477e94fc52e87a17c6e5c32e226b7f",
+                "reference": "cef62396a0477e94fc52e87a17c6e5c32e226b7f",
                 "shasum": ""
             },
             "require": {
@@ -1052,7 +1052,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v5.4.40"
+                "source": "https://github.com/symfony/console/tree/v5.4.42"
             },
             "funding": [
                 {
@@ -1068,7 +1068,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-31T14:33:22+00:00"
+            "time": "2024-07-26T12:21:55+00:00"
         },
         {
             "name": "symfony/deprecation-contracts",
@@ -1849,16 +1849,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v5.4.40",
+            "version": "v5.4.42",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "142877285aa974a6f7685e292ab5ba9aae86b143"
+                "reference": "909cec913edea162a3b2836788228ad45fcab337"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/142877285aa974a6f7685e292ab5ba9aae86b143",
-                "reference": "142877285aa974a6f7685e292ab5ba9aae86b143",
+                "url": "https://api.github.com/repos/symfony/string/zipball/909cec913edea162a3b2836788228ad45fcab337",
+                "reference": "909cec913edea162a3b2836788228ad45fcab337",
                 "shasum": ""
             },
             "require": {
@@ -1915,7 +1915,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v5.4.40"
+                "source": "https://github.com/symfony/string/tree/v5.4.42"
             },
             "funding": [
                 {
@@ -1931,7 +1931,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-31T14:33:22+00:00"
+            "time": "2024-07-20T18:38:32+00:00"
         },
         {
             "name": "twig/twig",
@@ -2276,30 +2276,38 @@
     "packages-dev": [
         {
             "name": "composer/pcre",
-            "version": "3.1.4",
+            "version": "3.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/pcre.git",
-                "reference": "04229f163664973f68f38f6f73d917799168ef24"
+                "reference": "ea4ab6f9580a4fd221e0418f2c357cdd39102a90"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/pcre/zipball/04229f163664973f68f38f6f73d917799168ef24",
-                "reference": "04229f163664973f68f38f6f73d917799168ef24",
+                "url": "https://api.github.com/repos/composer/pcre/zipball/ea4ab6f9580a4fd221e0418f2c357cdd39102a90",
+                "reference": "ea4ab6f9580a4fd221e0418f2c357cdd39102a90",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.4 || ^8.0"
             },
+            "conflict": {
+                "phpstan/phpstan": "<1.11.8"
+            },
             "require-dev": {
-                "phpstan/phpstan": "^1.3",
+                "phpstan/phpstan": "^1.11.8",
                 "phpstan/phpstan-strict-rules": "^1.1",
-                "symfony/phpunit-bridge": "^5"
+                "phpunit/phpunit": "^8 || ^9"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
                     "dev-main": "3.x-dev"
+                },
+                "phpstan": {
+                    "includes": [
+                        "extension.neon"
+                    ]
                 }
             },
             "autoload": {
@@ -2327,7 +2335,7 @@
             ],
             "support": {
                 "issues": "https://github.com/composer/pcre/issues",
-                "source": "https://github.com/composer/pcre/tree/3.1.4"
+                "source": "https://github.com/composer/pcre/tree/3.2.0"
             },
             "funding": [
                 {
@@ -2343,7 +2351,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-27T13:40:54+00:00"
+            "time": "2024-07-25T09:36:02+00:00"
         },
         {
             "name": "composer/xdebug-handler",
@@ -2543,16 +2551,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.0.2",
+            "version": "v5.1.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "139676794dc1e9231bf7bcd123cfc0c99182cb13"
+                "reference": "683130c2ff8c2739f4822ff7ac5c873ec529abd1"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/139676794dc1e9231bf7bcd123cfc0c99182cb13",
-                "reference": "139676794dc1e9231bf7bcd123cfc0c99182cb13",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/683130c2ff8c2739f4822ff7ac5c873ec529abd1",
+                "reference": "683130c2ff8c2739f4822ff7ac5c873ec529abd1",
                 "shasum": ""
             },
             "require": {
@@ -2563,7 +2571,7 @@
             },
             "require-dev": {
                 "ircmaxell/php-yacc": "^0.0.7",
-                "phpunit/phpunit": "^7.0 || ^8.0 || ^9.0"
+                "phpunit/phpunit": "^9.0"
             },
             "bin": [
                 "bin/php-parse"
@@ -2595,9 +2603,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.0.2"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.1.0"
             },
-            "time": "2024-03-05T20:51:40+00:00"
+            "time": "2024-07-01T20:03:41+00:00"
         },
         {
             "name": "pdepend/pdepend",
@@ -2988,16 +2996,16 @@
         },
         {
             "name": "phpstan/phpstan",
-            "version": "1.11.5",
+            "version": "1.11.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpstan/phpstan.git",
-                "reference": "490f0ae1c92b082f154681d7849aee776a7c1443"
+                "reference": "e370bcddadaede0c1716338b262346f40d296f82"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpstan/phpstan/zipball/490f0ae1c92b082f154681d7849aee776a7c1443",
-                "reference": "490f0ae1c92b082f154681d7849aee776a7c1443",
+                "url": "https://api.github.com/repos/phpstan/phpstan/zipball/e370bcddadaede0c1716338b262346f40d296f82",
+                "reference": "e370bcddadaede0c1716338b262346f40d296f82",
                 "shasum": ""
             },
             "require": {
@@ -3042,7 +3050,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2024-06-17T15:10:54+00:00"
+            "time": "2024-08-01T16:25:18+00:00"
         },
         {
             "name": "phpunit/php-code-coverage",
@@ -3365,45 +3373,45 @@
         },
         {
             "name": "phpunit/phpunit",
-            "version": "9.6.19",
+            "version": "9.6.20",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/phpunit.git",
-                "reference": "a1a54a473501ef4cdeaae4e06891674114d79db8"
+                "reference": "49d7820565836236411f5dc002d16dd689cde42f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/a1a54a473501ef4cdeaae4e06891674114d79db8",
-                "reference": "a1a54a473501ef4cdeaae4e06891674114d79db8",
+                "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/49d7820565836236411f5dc002d16dd689cde42f",
+                "reference": "49d7820565836236411f5dc002d16dd689cde42f",
                 "shasum": ""
             },
             "require": {
-                "doctrine/instantiator": "^1.3.1 || ^2",
+                "doctrine/instantiator": "^1.5.0 || ^2",
                 "ext-dom": "*",
                 "ext-json": "*",
                 "ext-libxml": "*",
                 "ext-mbstring": "*",
                 "ext-xml": "*",
                 "ext-xmlwriter": "*",
-                "myclabs/deep-copy": "^1.10.1",
-                "phar-io/manifest": "^2.0.3",
-                "phar-io/version": "^3.0.2",
+                "myclabs/deep-copy": "^1.12.0",
+                "phar-io/manifest": "^2.0.4",
+                "phar-io/version": "^3.2.1",
                 "php": ">=7.3",
-                "phpunit/php-code-coverage": "^9.2.28",
-                "phpunit/php-file-iterator": "^3.0.5",
+                "phpunit/php-code-coverage": "^9.2.31",
+                "phpunit/php-file-iterator": "^3.0.6",
                 "phpunit/php-invoker": "^3.1.1",
-                "phpunit/php-text-template": "^2.0.3",
-                "phpunit/php-timer": "^5.0.2",
-                "sebastian/cli-parser": "^1.0.1",
-                "sebastian/code-unit": "^1.0.6",
+                "phpunit/php-text-template": "^2.0.4",
+                "phpunit/php-timer": "^5.0.3",
+                "sebastian/cli-parser": "^1.0.2",
+                "sebastian/code-unit": "^1.0.8",
                 "sebastian/comparator": "^4.0.8",
-                "sebastian/diff": "^4.0.3",
-                "sebastian/environment": "^5.1.3",
-                "sebastian/exporter": "^4.0.5",
-                "sebastian/global-state": "^5.0.1",
-                "sebastian/object-enumerator": "^4.0.3",
-                "sebastian/resource-operations": "^3.0.3",
-                "sebastian/type": "^3.2",
+                "sebastian/diff": "^4.0.6",
+                "sebastian/environment": "^5.1.5",
+                "sebastian/exporter": "^4.0.6",
+                "sebastian/global-state": "^5.0.7",
+                "sebastian/object-enumerator": "^4.0.4",
+                "sebastian/resource-operations": "^3.0.4",
+                "sebastian/type": "^3.2.1",
                 "sebastian/version": "^3.0.2"
             },
             "suggest": {
@@ -3448,7 +3456,7 @@
             "support": {
                 "issues": "https://github.com/sebastianbergmann/phpunit/issues",
                 "security": "https://github.com/sebastianbergmann/phpunit/security/policy",
-                "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.19"
+                "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.20"
             },
             "funding": [
                 {
@@ -3464,7 +3472,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-04-05T04:35:58+00:00"
+            "time": "2024-07-10T11:45:39+00:00"
         },
         {
             "name": "sebastian/cli-parser",
@@ -4493,16 +4501,16 @@
         },
         {
             "name": "squizlabs/php_codesniffer",
-            "version": "3.10.1",
+            "version": "3.10.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHPCSStandards/PHP_CodeSniffer.git",
-                "reference": "8f90f7a53ce271935282967f53d0894f8f1ff877"
+                "reference": "86e5f5dd9a840c46810ebe5ff1885581c42a3017"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/8f90f7a53ce271935282967f53d0894f8f1ff877",
-                "reference": "8f90f7a53ce271935282967f53d0894f8f1ff877",
+                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/86e5f5dd9a840c46810ebe5ff1885581c42a3017",
+                "reference": "86e5f5dd9a840c46810ebe5ff1885581c42a3017",
                 "shasum": ""
             },
             "require": {
@@ -4569,7 +4577,7 @@
                     "type": "open_collective"
                 }
             ],
-            "time": "2024-05-22T21:24:41+00:00"
+            "time": "2024-07-21T23:26:44+00:00"
         },
         {
             "name": "symfony/config",
@@ -4652,16 +4660,16 @@
         },
         {
             "name": "symfony/dependency-injection",
-            "version": "v5.4.40",
+            "version": "v5.4.42",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/dependency-injection.git",
-                "reference": "408b33326496030c201b8051b003e9e8cdb2efc9"
+                "reference": "c8409889fdbf48b99271930ea0ebcf3ee5e1ceae"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/408b33326496030c201b8051b003e9e8cdb2efc9",
-                "reference": "408b33326496030c201b8051b003e9e8cdb2efc9",
+                "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/c8409889fdbf48b99271930ea0ebcf3ee5e1ceae",
+                "reference": "c8409889fdbf48b99271930ea0ebcf3ee5e1ceae",
                 "shasum": ""
             },
             "require": {
@@ -4721,7 +4729,7 @@
             "description": "Allows you to standardize and centralize the way objects are constructed in your application",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/dependency-injection/tree/v5.4.40"
+                "source": "https://github.com/symfony/dependency-injection/tree/v5.4.42"
             },
             "funding": [
                 {
@@ -4737,20 +4745,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-31T14:33:22+00:00"
+            "time": "2024-07-25T13:57:40+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v5.4.40",
+            "version": "v5.4.41",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "26dd9912df6940810ea00f8f53ad48d6a3424995"
+                "reference": "6d29dd9340b372fa603f04e6df4dd76bb808591e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/26dd9912df6940810ea00f8f53ad48d6a3424995",
-                "reference": "26dd9912df6940810ea00f8f53ad48d6a3424995",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/6d29dd9340b372fa603f04e6df4dd76bb808591e",
+                "reference": "6d29dd9340b372fa603f04e6df4dd76bb808591e",
                 "shasum": ""
             },
             "require": {
@@ -4788,7 +4796,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v5.4.40"
+                "source": "https://github.com/symfony/filesystem/tree/v5.4.41"
             },
             "funding": [
                 {
@@ -4804,7 +4812,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-05-31T14:33:22+00:00"
+            "time": "2024-06-28T09:36:24+00:00"
         },
         {
             "name": "symfony/polyfill-php81",

index.php

@@ -62,6 +62,7 @@ if ($action == '2fa_entercode') {
 	// show template to enter code
 	UI::view('login/enter2fa.html.twig', [
 		'pagetitle' => lng('login.2fa'),
+		'remember_me' => (Settings::Get('panel.db_version') >= 202407200) ? true : false,
 		'message' => $message
 	]);
 } elseif ($action == '2fa_verify') {
@@ -72,6 +73,7 @@ if ($action == '2fa_entercode') {
 		exit();
 	}
 	$code = Request::post('2fa_code');
+	$remember = Request::post('2fa_remember');
 	// verify entered code
 	$tfa = new FroxlorTwoFactorAuth('Froxlor ' . Settings::Get('system.hostname'));
 	// get user-data
@@ -83,7 +85,8 @@ if ($action == '2fa_entercode') {
 		// verify code set to user's data_2fa field
 		$sel_stmt = Database::prepare("SELECT `data_2fa` FROM " . $table . " WHERE `" . $field . "` = :uid");
 		$userinfo_code = Database::pexecute_first($sel_stmt, ['uid' => $uid]);
-		$result = $tfa->verifyCode($userinfo_code['data_2fa'], $code);
+		// 60sec discrepancy (possible slow email delivery)
+		$result = $tfa->verifyCode($userinfo_code['data_2fa'], $code, 60);
 	} else {
 		$result = $tfa->verifyCode($_SESSION['secret_2fa'], $code, 3);
 	}
@@ -105,13 +108,6 @@ if ($action == '2fa_entercode') {
 		$userinfo['adminsession'] = $isadmin;
 		$userinfo['userid'] = $uid;
 
-		// if not successful somehow - start again
-		if (!finishLogin($userinfo)) {
-			Response::redirectTo('index.php', [
-				'showmessage' => '2'
-			]);
-		}
-
 		// when using email-2fa, remove the one-time-code
 		if ($userinfo['type_2fa'] == '1') {
 			$del_stmt = Database::prepare("UPDATE " . $table . " SET `data_2fa` = '' WHERE `" . $field . "` = :uid");
@@ -119,6 +115,42 @@ if ($action == '2fa_entercode') {
 				'uid' => $uid
 			]);
 		}
+
+		// when remember is activated, set the cookie
+		if ($remember) {
+			$selector = base64_encode(Froxlor::genSessionId(9));
+			$authenticator = Froxlor::genSessionId(33);
+			$valid_until = time()+60*60*24*30;
+			$ins_stmt = Database::prepare("
+				INSERT INTO `".TABLE_PANEL_2FA_TOKENS."` SET
+				`selector` = :selector,
+				`token` = :authenticator,
+				`userid` = :userid,
+				`valid_until` = :valid_until
+			");
+			Database::pexecute($ins_stmt, [
+				'selector' => $selector,
+				'authenticator' => hash('sha256', $authenticator),
+				'userid' => $uid,
+				'valid_until' => $valid_until
+			]);
+			$cookie_params = [
+				'expires' => $valid_until, // 30 days
+				'path' => '/',
+				'domain' => UI::getCookieHost(),
+				'secure' => UI::requestIsHttps(),
+				'httponly' => true,
+				'samesite' => 'Strict'
+			];
+			setcookie('frx_2fa_remember', $selector.':'.base64_encode($authenticator), $cookie_params);
+		}
+
+		// if not successful somehow - start again
+		if (!finishLogin($userinfo)) {
+			Response::redirectTo('index.php', [
+				'showmessage' => '2'
+			]);
+		}
 		exit();
 	}
 	// wrong 2fa code - treat like "wrong password"
@@ -349,6 +381,25 @@ if ($action == '2fa_entercode') {
 
 		// 2FA activated
 		if (Settings::Get('2fa.enabled') == '1' && $userinfo['type_2fa'] > 0) {
+
+			// check for remember cookie
+			if (!empty($_COOKIE['frx_2fa_remember'])) {
+				list($selector, $authenticator) = explode(':', $_COOKIE['frx_2fa_remember']);
+				$sel_stmt = Database::prepare("SELECT `token` FROM `".TABLE_PANEL_2FA_TOKENS."` WHERE `selector` = :selector AND `userid` = :uid AND `valid_until` >= UNIX_TIMESTAMP()");
+				$token_check = Database::pexecute_first($sel_stmt, ['selector' => $selector, 'uid' => $userinfo[$uid]]);
+				if ($token_check && hash_equals($token_check['token'], hash('sha256', base64_decode($authenticator)))) {
+					if (!finishLogin($userinfo)) {
+						Response::redirectTo('index.php', [
+							'showmessage' => '2'
+						]);
+					}
+					exit();
+				}
+				// not found or invalid, this cookie is useless, get rid of it
+				unset($_COOKIE['frx_2fa_remember']);
+				setcookie('frx_2fa_remember', "", time()-3600);
+			}
+
 			// redirect to code-enter-page
 			$_SESSION['secret_2fa'] = ($userinfo['type_2fa'] == 2 ? $userinfo['data_2fa'] : 'email');
 			$_SESSION['uid_2fa'] = $userinfo[$uid];
@@ -829,8 +880,8 @@ function finishLogin($userinfo)
 			$theme = $userinfo['theme'];
 		} else {
 			$theme = Settings::Get('panel.default_theme');
-			CurrentUser::setField('theme', $theme);
 		}
+		CurrentUser::setField('theme', $theme);
 
 		$qryparams = [];
 		if (!empty($_SESSION['lastqrystr'])) {

install/froxlor.sql.php

@@ -730,8 +730,8 @@ opcache.validate_timestamps'),
 	('panel', 'logo_overridecustom', '0'),
 	('panel', 'settings_mode', '0'),
 	('panel', 'menu_collapsed', '1'),
-	('panel', 'version', '2.2.0-rc1'),
-	('panel', 'db_version', '202401090');
+	('panel', 'version', '2.2.1'),
+	('panel', 'db_version', '202408140');
 
 
 DROP TABLE IF EXISTS `panel_tasks`;
@@ -1049,4 +1049,15 @@ CREATE TABLE `panel_loginlinks` (
   `allowed_from` text NOT NULL,
   UNIQUE KEY `loginname` (`loginname`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
+
+
+DROP TABLE IF EXISTS `panel_2fa_tokens`;
+CREATE TABLE `panel_2fa_tokens` (
+  `id` int(11) NOT NULL auto_increment,
+  `selector` varchar(200) NOT NULL,
+  `token` varchar(200) NOT NULL,
+  `userid` int(11) NOT NULL default '0',
+  `valid_until` int(15) NOT NULL,
+  PRIMARY KEY  (id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
 FROXLORSQL;

install/updates/froxlor/update_2.2.inc.php

@@ -122,3 +122,50 @@ if (Froxlor::isFroxlorVersion('2.2.0-dev1')) {
 	Update::showUpdateStep("Updating from 2.2.0-dev1 to 2.2.0-rc1", false);
 	Froxlor::updateToVersion('2.2.0-rc1');
 }
+
+if (Froxlor::isDatabaseVersion('202401090')) {
+
+	Update::showUpdateStep("Adding new table for 2fa tokens");
+	Database::query("DROP TABLE IF EXISTS `panel_2fa_tokens`;");
+	$sql = "CREATE TABLE `panel_2fa_tokens` (
+	  `id` int(11) NOT NULL auto_increment,
+	  `selector` varchar(20) NOT NULL,
+	  `token` varchar(200) NOT NULL,
+	  `userid` int(11) NOT NULL default '0',
+	  `valid_until` int(15) NOT NULL,
+	  PRIMARY KEY  (id)
+	) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;";
+	Database::query($sql);
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202407200');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.0-rc1')) {
+	Update::showUpdateStep("Updating from 2.2.0-rc1 to 2.2.0-rc2", false);
+	Froxlor::updateToVersion('2.2.0-rc2');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.0-rc2')) {
+	Update::showUpdateStep("Updating from 2.2.0-rc2 to 2.2.0-rc3", false);
+	Froxlor::updateToVersion('2.2.0-rc3');
+}
+
+if (Froxlor::isDatabaseVersion('202407200')) {
+
+	Update::showUpdateStep("Adjusting field in 2fa-token table");
+	Database::query("ALTER TABLE `panel_2fa_tokens` CHANGE COLUMN `selector` `selector` varchar(200) NOT NULL;");
+	Update::lastStepStatus(0);
+
+	Froxlor::updateToDbVersion('202408140');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.0-rc3')) {
+	Update::showUpdateStep("Updating from 2.2.0-rc3 to 2.2.0 stable", false);
+	Froxlor::updateToVersion('2.2.0');
+}
+
+if (Froxlor::isFroxlorVersion('2.2.0')) {
+	Update::showUpdateStep("Updating from 2.2.0 to 2.2.1", false);
+	Froxlor::updateToVersion('2.2.1');
+}

lib/Froxlor/Api/Commands/DomainZones.php

@@ -227,7 +227,7 @@ class DomainZones extends ApiCommand implements ResourceEntity
 				// remove it for checks
 				$content = substr($content, 0, -1);
 			}
-			if (!Validate::validateDomain($content)) {
+			if (!empty($content) && !Validate::validateDomain($content)) {
 				$errors[] = lng('error.dns_mx_needdom');
 			} else {
 				// check whether there is a CNAME-record for the same resource
@@ -244,6 +244,10 @@ class DomainZones extends ApiCommand implements ResourceEntity
 			}
 			// append trailing dot (again)
 			$content .= '.';
+			// if content is only ".", the prio needs to be 0 which results in a "null mx" entry
+			if ($content == '.' && $prio != 0) {
+				$prio = 0;
+			}
 		} elseif ($type == 'NS') {
 			// check for trailing dot
 			if (substr($content, -1) == '.') {

lib/Froxlor/Api/Commands/Emails.php

@@ -270,15 +270,6 @@ class Emails extends ApiCommand implements ResourceEntity
 			throw new Exception("You cannot access this resource", 405);
 		}
 
-		// if enabling catchall is not allowed by settings, we do not need
-		// to run update()
-		if (Settings::Get('catchall.catchall_enabled') != '1') {
-			Response::standardError([
-				'operationnotpermitted',
-				'featureisdisabled'
-			], 'catchall', true);
-		}
-
 		$id = $this->getParam('id', true, 0);
 		$ea_optional = $id > 0;
 		$emailaddr = $this->getParam('emailaddr', $ea_optional, '');
@@ -297,30 +288,41 @@ class Emails extends ApiCommand implements ResourceEntity
 		$iscatchall = $this->getBoolParam('iscatchall', true, $result['iscatchall']);
 		$description = $this->getParam('description', true, $result['description']);
 
+		// if enabling catchall is not allowed by settings, we do not need
+		// to run update()
+		if ($iscatchall && $result['iscatchall'] == 0 && Settings::Get('catchall.catchall_enabled') != '1') {
+			Response::standardError([
+				'operationnotpermitted',
+				'featureisdisabled'
+			], 'catchall', true);
+		}
+
 		// get needed customer info to reduce the email-address-counter by one
 		$customer = $this->getCustomerData();
 
 		// check for catchall-flag
+		$email = $result['email_full'];
 		if ($iscatchall) {
 			$iscatchall = '1';
-			$email_parts = explode('@', $result['email_full']);
-			$email = '@' . $email_parts[1];
-			// catchall check
-			$stmt = Database::prepare("
-				SELECT `email_full` FROM `" . TABLE_MAIL_VIRTUAL . "`
-				WHERE `email` = :email AND `customerid` = :cid AND `iscatchall` = '1'
-			");
-			$params = [
-				"email" => $email,
-				"cid" => $customer['customerid']
-			];
-			$email_check = Database::pexecute_first($stmt, $params, true, true);
-			if ($email_check) {
-				Response::standardError('youhavealreadyacatchallforthisdomain', '', true);
+			$email = $result['email'];
+			// update only required if it was not a catchall before
+			if ($result['iscatchall'] == 0) {
+				$email_parts = explode('@', $result['email_full']);
+				$email = '@' . $email_parts[1];
+				// catchall check
+				$stmt = Database::prepare("
+					SELECT `email_full` FROM `" . TABLE_MAIL_VIRTUAL . "`
+					WHERE `email` = :email AND `customerid` = :cid AND `iscatchall` = '1'
+				");
+				$params = [
+					"email" => $email,
+					"cid" => $customer['customerid']
+				];
+				$email_check = Database::pexecute_first($stmt, $params, true, true);
+				if ($email_check) {
+					Response::standardError('youhavealreadyacatchallforthisdomain', '', true);
+				}
 			}
-		} else {
-			$iscatchall = '0';
-			$email = $result['email_full'];
 		}
 
 		$spam_tag_level = Validate::validate($spam_tag_level, 'spam_tag_level', '/^\d{1,}(\.\d{1,2})?$/', '', [7.0], true);

lib/Froxlor/Api/Commands/SubDomains.php

@@ -983,9 +983,11 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				'`d`.`letsencrypt`',
 				'`d`.`registration_date`',
 				'`d`.`termination_date`',
-				'`d`.`deactivated`'
+				'`d`.`deactivated`',
+				'`d`.`email_only`',
 			];
 		}
+
 		$query_fields = [];
 
 		// prepare select statement
@@ -996,7 +998,6 @@ class SubDomains extends ApiCommand implements ResourceEntity
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `da` ON `da`.`aliasdomain`=`d`.`id`
 			LEFT JOIN `" . TABLE_PANEL_DOMAINS . "` `pd` ON `pd`.`id`=`d`.`parentdomainid`
 			WHERE `d`.`customerid` IN (" . implode(', ', $customer_ids) . ")
-			AND `d`.`email_only` = '0'
 			" . $this->getSearchWhere($query_fields, true) . " GROUP BY `d`.`id` ORDER BY `parentdomainname` ASC, `d`.`parentdomainid` ASC " . $this->getOrderBy(true) . $this->getLimit());
 
 		$result = [];
@@ -1092,13 +1093,13 @@ class SubDomains extends ApiCommand implements ResourceEntity
 				$this->getUserDetail('customerid')
 			];
 		}
+
 		if (!empty($customer_ids)) {
 			// prepare select statement
 			$domains_stmt = Database::prepare("
 				SELECT COUNT(*) as num_subdom
 				FROM `" . TABLE_PANEL_DOMAINS . "` `d`
 				WHERE `d`.`customerid` IN (" . implode(', ', $customer_ids) . ")
-				AND `d`.`email_only` = '0'
 			");
 			$result = Database::pexecute_first($domains_stmt, null, true, true);
 			if ($result) {

lib/Froxlor/Api/Commands/SysLog.php

@@ -225,7 +225,7 @@ class SysLog extends ApiCommand implements ResourceEntity
 			}
 			$params['trunc'] = $truncatedate;
 			Database::pexecute($result_stmt, $params, true, true);
-			$this->logger()->logAction($this->isAdmin() ? FroxlorLogger::ADM_ACTION : FroxlorLogger::USR_ACTION, LOG_WARNING, "[API] truncated the froxlor syslog");
+			$this->logger()->logAction(FroxlorLogger::ADM_ACTION, LOG_WARNING, "[API] truncated the froxlor syslog");
 			return $this->response(true);
 		}
 		throw new Exception("Not allowed to execute given command.", 403);

lib/Froxlor/Cli/MasterCron.php

@@ -171,8 +171,9 @@ final class MasterCron extends CliCommand
 			FroxlorLogger::getInstanceOf()->setCronLog(0);
 		}
 
-		// clean up possible old login-links
+		// clean up possible old login-links and 2fa tokens
 		Database::query("DELETE FROM `" . TABLE_PANEL_LOGINLINKS . "` WHERE `valid_until` < UNIX_TIMESTAMP()");
+		Database::query("DELETE FROM `" . TABLE_PANEL_2FA_TOKENS . "` WHERE `valid_until` < UNIX_TIMESTAMP()");
 
 		return $result;
 	}

lib/Froxlor/Cron/Http/Apache.php

@@ -441,7 +441,7 @@ class Apache extends HttpConfigBase
 								if (!empty(Settings::Get('system.dhparams_file'))) {
 									$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 									if (!file_exists($dhparams)) {
-										FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+										file_put_contents($dhparams, self::FFDHE4096);
 									}
 									$this->virtualhosts_data[$vhosts_filename] .= ' SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
 								}
@@ -754,7 +754,7 @@ class Apache extends HttpConfigBase
 					if (!empty(Settings::Get('system.dhparams_file'))) {
 						$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 						if (!file_exists($dhparams)) {
-							FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+							file_put_contents($dhparams, self::FFDHE4096);
 						}
 						$vhost_content .= '  SSLOpenSSLConfCmd DHParameters "' . $dhparams . '"' . "\n";
 					}

lib/Froxlor/Cron/Http/HttpConfigBase.php

@@ -45,6 +45,26 @@ use PDO;
 class HttpConfigBase
 {
 
+	/**
+	 * Pre-defined DHE groups to use as fallback if dhparams_file
+	 * is given, but non-existent, see also https://github.com/froxlor/Froxlor/issues/1270
+	 */
+	const FFDHE4096 = <<<EOC
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
+-----END DH PARAMETERS-----
+EOC;
+
 	public function init()
 	{
 		// if Let's Encrypt is activated, run it before regeneration of webserver configfiles

lib/Froxlor/Cron/Http/Lighttpd.php

@@ -273,7 +273,7 @@ class Lighttpd extends HttpConfigBase
 						if (!empty(Settings::Get('system.dhparams_file'))) {
 							$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 							if (!file_exists($dhparams)) {
-								FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+								file_put_contents($dhparams, self::FFDHE4096);
 							}
 							$this->lighttpd_data[$vhost_filename] .= 'ssl.dh-file = "' . $dhparams . '"' . "\n";
 							$this->lighttpd_data[$vhost_filename] .= 'ssl.ec-curve = "secp384r1"' . "\n";
@@ -756,7 +756,7 @@ class Lighttpd extends HttpConfigBase
 				if (!empty(Settings::Get('system.dhparams_file'))) {
 					$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 					if (!file_exists($dhparams)) {
-						FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+						file_put_contents($dhparams, self::FFDHE4096);
 					}
 					$ssl_settings .= 'ssl.dh-file = "' . $dhparams . '"' . "\n";
 					$ssl_settings .= 'ssl.ec-curve = "secp384r1"' . "\n";

lib/Froxlor/Cron/Http/Nginx.php

@@ -399,7 +399,7 @@ class Nginx extends HttpConfigBase
 				if (!empty(Settings::Get('system.dhparams_file'))) {
 					$dhparams = FileDir::makeCorrectFile(Settings::Get('system.dhparams_file'));
 					if (!file_exists($dhparams)) {
-						FileDir::safe_exec('openssl dhparam -out ' . escapeshellarg($dhparams) . ' 4096');
+						file_put_contents($dhparams, self::FFDHE4096);
 					}
 					$sslsettings .= "\t" . 'ssl_dhparam ' . $dhparams . ';' . "\n";
 				}

lib/Froxlor/Cron/Traffic/ReportsCron.php

@@ -70,7 +70,7 @@ class ReportsCron extends FroxlorCron
 				) as `traffic_used`
 				FROM `" . TABLE_PANEL_CUSTOMERS . "` AS `c`
 				LEFT JOIN `" . TABLE_PANEL_ADMINS . "` AS `a`
-				ON `a`.`adminid` = `c`.`adminid` WHERE `c`.`reportsent` <> '1'
+				ON `a`.`adminid` = `c`.`adminid` WHERE `c`.`reportsent` & 1 = 0
 			");
 
 			$result_data = [
@@ -79,6 +79,11 @@ class ReportsCron extends FroxlorCron
 			];
 			Database::pexecute($result_stmt, $result_data);
 
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `reportsent` = `reportsent` + 1
+				WHERE `customerid` = :customerid
+			");
+
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$row['traffic'] *= 1024;
 				$row['traffic_used'] *= 1024;
@@ -148,10 +153,6 @@ class ReportsCron extends FroxlorCron
 					}
 
 					$mail->ClearAddresses();
-					$upd_stmt = Database::prepare("
-						UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `reportsent` = '1'
-						WHERE `customerid` = :customerid
-					");
 					Database::pexecute($upd_stmt, [
 						'customerid' => $row['customerid']
 					]);
@@ -165,7 +166,7 @@ class ReportsCron extends FroxlorCron
 				FROM `" . TABLE_PANEL_TRAFFIC_ADMINS . "` `t`
 				WHERE `t`.`adminid` = `a`.`adminid` AND `t`.`year` = :year AND `t`.`month` = :month
 				) as `traffic_used_total`
-				FROM `" . TABLE_PANEL_ADMINS . "` `a` WHERE `a`.`reportsent` = '0'
+				FROM `" . TABLE_PANEL_ADMINS . "` `a` WHERE `a`.`reportsent` & 1 = 0
 			");
 
 			$result_data = [
@@ -174,6 +175,11 @@ class ReportsCron extends FroxlorCron
 			];
 			Database::pexecute($result_stmt, $result_data);
 
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_ADMINS . "` SET `reportsent` = `reportsent` + 1
+				WHERE `adminid` = :adminid
+			");
+
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$row['traffic'] *= 1024;
 				$row['traffic_used_total'] *= 1024;
@@ -231,10 +237,6 @@ class ReportsCron extends FroxlorCron
 					}
 
 					$mail->ClearAddresses();
-					$upd_stmt = Database::prepare("
-						UPDATE `" . TABLE_PANEL_ADMINS . "` SET `reportsent` = '1'
-						WHERE `adminid` = :adminid
-					");
 					Database::pexecute($upd_stmt, [
 						'adminid' => $row['adminid']
 					]);
@@ -344,11 +346,16 @@ class ReportsCron extends FroxlorCron
 				FROM `" . TABLE_PANEL_CUSTOMERS . "` AS `c`
 			    LEFT JOIN `" . TABLE_PANEL_ADMINS . "` AS `a`
 			    ON `a`.`adminid` = `c`.`adminid`
-			    WHERE `c`.`diskspace` > '0' AND `c`.`reportsent` <> '2'
+			    WHERE `c`.`diskspace` > '0' AND `c`.`reportsent` & 2 = 0
 			");
 
 			$mail = new Mailer(true);
 
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `reportsent` = `reportsent` + 2
+				WHERE `customerid` = :customerid
+			");
+
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
 				$row['diskspace'] *= 1024;
 				$row['diskspace_used'] *= 1024;
@@ -418,10 +425,6 @@ class ReportsCron extends FroxlorCron
 					}
 
 					$mail->ClearAddresses();
-					$upd_stmt = Database::prepare("
-						UPDATE `" . TABLE_PANEL_CUSTOMERS . "` SET `reportsent` = '2'
-						WHERE `customerid` = :customerid
-					");
 					Database::pexecute($upd_stmt, [
 						'customerid' => $row['customerid']
 					]);
@@ -432,7 +435,12 @@ class ReportsCron extends FroxlorCron
 			 * report about diskusage for admins/reseller
 			 */
 			$result_stmt = Database::query("
-				SELECT `a`.* FROM `" . TABLE_PANEL_ADMINS . "` `a` WHERE `a`.`reportsent` <> '2'
+				SELECT `a`.* FROM `" . TABLE_PANEL_ADMINS . "` `a` WHERE `a`.`reportsent` & 2 = 0
+			");
+
+			$upd_stmt = Database::prepare("
+				UPDATE `" . TABLE_PANEL_ADMINS . "` SET `reportsent` = `reportsent` + 2
+				WHERE `adminid` = :adminid
 			");
 
 			while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
@@ -492,10 +500,6 @@ class ReportsCron extends FroxlorCron
 					}
 
 					$mail->ClearAddresses();
-					$upd_stmt = Database::prepare("
-						UPDATE `" . TABLE_PANEL_ADMINS . "` SET `reportsent` = '2'
-						WHERE `adminid` = :adminid
-					");
 					Database::pexecute($upd_stmt, [
 						'adminid' => $row['adminid']
 					]);

lib/Froxlor/Database/Manager/DbManagerMySQL.php

@@ -187,7 +187,7 @@ class DbManagerMySQL
 	 */
 	public function deleteUser(string $username, string $host)
 	{
-		if (Database::getAttribute(PDO::ATTR_SERVER_VERSION) < '5.0.2') {
+		if (version_compare(Database::getAttribute(PDO::ATTR_SERVER_VERSION), '5.0.2', '<')) {
 			// Revoke privileges (only required for MySQL 4.1.2 - 5.0.1)
 			$stmt = Database::prepare("REVOKE ALL PRIVILEGES ON * . * FROM `" . $username . "`@`" . $host . "`");
 			Database::pexecute($stmt);

lib/Froxlor/Dns/Dns.php

@@ -54,7 +54,7 @@ class Dns
 				$dom_data['uid'] = $userinfo['userid'];
 			}
 		} else {
-			$where_clause = '`customerid` = :uid AND ';
+			$where_clause = '`customerid` = :uid AND `email_only` = "0" AND ';
 			$dom_data['uid'] = $userinfo['userid'];
 		}
 

lib/Froxlor/Froxlor.php

@@ -31,10 +31,10 @@ final class Froxlor
 {
 
 	// Main version variable
-	const VERSION = '2.2.0-rc1';
+	const VERSION = '2.2.1';
 
 	// Database version (YYYYMMDDC where C is a daily counter)
-	const DBVERSION = '202401090';
+	const DBVERSION = '202408140';
 
 	// Distribution branding-tag (used for Debian etc.)
 	const BRANDING = '';

lib/Froxlor/UI/Callbacks/Domain.php

@@ -74,6 +74,9 @@ class Domain
 			if ($attributes['fields']['deactivated']) {
 				return lng('admin.deactivated');
 			}
+			if ($attributes['fields']['email_only']) {
+				return lng('domains.email_only');
+			}
 			// path or redirect
 			if (preg_match('/^https?\:\/\//', $attributes['fields']['documentroot'])) {
 				return [
@@ -127,7 +130,7 @@ class Domain
 
 	public static function canViewLogs(array $attributes): bool
 	{
-		if ((!CurrentUser::isAdmin() || (CurrentUser::isAdmin() && (int)$attributes['fields']['email_only'] == 0)) && !$attributes['fields']['deactivated']) {
+		if ((int)$attributes['fields']['email_only'] == 0 && !$attributes['fields']['deactivated']) {
 			if ((int)UI::getCurrentUser()['adminsession'] == 0 && (bool)UI::getCurrentUser()['logviewenabled']) {
 				return true;
 			} elseif ((int)UI::getCurrentUser()['adminsession'] == 1) {
@@ -157,6 +160,7 @@ class Domain
 			&& $attributes['fields']['caneditdomain'] == '1'
 			&& Settings::Get('system.bind_enable') == '1'
 			&& Settings::Get('system.dnsenabled') == '1'
+			&& !$attributes['fields']['email_only']
 			&& !$attributes['fields']['deactivated'];
 	}
 
@@ -169,7 +173,7 @@ class Domain
 
 	public static function hasLetsEncryptActivated(array $attributes): bool
 	{
-		return ((bool)$attributes['fields']['letsencrypt'] && (!CurrentUser::isAdmin() || (CurrentUser::isAdmin() && (int)$attributes['fields']['email_only'] == 0)));
+		return ((bool)$attributes['fields']['letsencrypt'] && (int)$attributes['fields']['email_only'] == 0);
 	}
 
 	/**
@@ -181,7 +185,7 @@ class Domain
 			&& DDomain::domainHasSslIpPort($attributes['fields']['id'])
 			&& (CurrentUser::isAdmin() || (!CurrentUser::isAdmin() && (int)$attributes['fields']['caneditdomain'] == 1))
 			&& (int)$attributes['fields']['letsencrypt'] == 0
-			&& (!CurrentUser::isAdmin() || (CurrentUser::isAdmin() && (int)$attributes['fields']['email_only'] == 0))
+			&& !(int)$attributes['fields']['email_only']
 			&& !$attributes['fields']['deactivated']
 		) {
 			return true;

lib/Froxlor/UI/Callbacks/Text.php

@@ -52,6 +52,14 @@ class Text
 		];
 	}
 
+	public static function type2fa(array $attributes): array
+	{
+		return [
+			'macro' => 'type2fa',
+			'data' => (int)$attributes['data']
+		];
+	}
+
 	public static function customerfullname(array $attributes): string
 	{
 		return User::getCorrectFullUserDetails($attributes['fields'], true);

lib/Froxlor/Validate/Form/Data.php

@@ -232,7 +232,7 @@ class Data
 	{
 		$returnvalue = true;
 
-		if (isset($fielddata['option_mode']) && $fielddata['option_mode'] == 'multiple') {
+		if (isset($fielddata['select_mode']) && $fielddata['select_mode'] == 'multiple') {
 			$options = explode(',', $newfieldvalue);
 			foreach ($options as $option) {
 				$returnvalue = ($returnvalue && isset($fielddata['select_var'][$option]));
@@ -247,7 +247,7 @@ class Data
 			if (isset($fielddata['option_emptyallowed']) && $fielddata['option_emptyallowed']) {
 				return true;
 			}
-			return 'not in option';
+			return 'not in option (field: ' . $fieldname . ')';
 		}
 	}
 

lib/configfiles/bookworm.xml

@@ -3093,7 +3093,7 @@ MaxLoginAttempts 3
 BanLog /var/log/proftpd/ban.log
 BanTable /etc/proftpd/ban.tab
 BanMessage "User %u was banned."
-BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
+BanOnEvent ClientConnectRate 10/00:00:02 02:00:00 "Stop connecting frequently"
 BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
 BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
 BanControlsACLs all allow user root
@@ -3174,7 +3174,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #

lib/configfiles/bullseye.xml

@@ -4661,7 +4661,7 @@ MaxLoginAttempts 3
 BanLog /var/log/proftpd/ban.log
 BanTable /etc/proftpd/ban.tab
 BanMessage "User %u was banned."
-BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
+BanOnEvent ClientConnectRate 10/00:00:02 02:00:00 "Stop connecting frequently"
 BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
 BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
 BanControlsACLs all allow user root
@@ -4742,7 +4742,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #

lib/configfiles/focal.xml

@@ -3880,7 +3880,7 @@ MaxLoginAttempts 3
 BanLog /var/log/proftpd/ban.log
 BanTable /etc/proftpd/ban.tab
 BanMessage "User %u was banned."
-BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
+BanOnEvent ClientConnectRate 10/00:00:02 02:00:00 "Stop connecting frequently"
 BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
 BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
 BanControlsACLs all allow user root
@@ -3961,7 +3961,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #

lib/configfiles/jammy.xml

@@ -3872,7 +3872,7 @@ MaxLoginAttempts 3
 BanLog /var/log/proftpd/ban.log
 BanTable /etc/proftpd/ban.tab
 BanMessage "User %u was banned."
-BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
+BanOnEvent ClientConnectRate 10/00:00:02 02:00:00 "Stop connecting frequently"
 BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
 BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
 BanControlsACLs all allow user root
@@ -3953,7 +3953,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #

lib/configfiles/noble.xml

@@ -2121,7 +2121,7 @@ action = "no action";
 			<service type="ftp" title="{{lng.admin.configfiles.ftp}}">
 				<!-- Proftpd -->
 				<daemon name="proftpd" title="ProFTPd" default="true">
-					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql proftpd-mod-crypto]]></install>
+					<install><![CDATA[apt-get install proftpd-basic proftpd-mod-mysql proftpd-mod-crypto proftpd-mod-wrap]]></install>
 					<file name="/etc/proftpd/create-cert.sh" chown="root:0"
 						chmod="0700">
 						<content><![CDATA[#!/bin/bash
@@ -2547,7 +2547,7 @@ MaxLoginAttempts 3
 BanLog /var/log/proftpd/ban.log
 BanTable /etc/proftpd/ban.tab
 BanMessage "User %u was banned."
-BanOnEvent ClientConnectRate 5/00:00:02 12:00:00 "Stop connecting frequently"
+BanOnEvent ClientConnectRate 10/00:00:02 02:00:00 "Stop connecting frequently"
 BanOnEvent MaxLoginAttempts 3/00:30:00 12:00:00
 BanOnEvent AnonRejectPasswords 1/01:00:00 99:99:99
 BanControlsACLs all allow user root
@@ -2628,7 +2628,7 @@ no
 						</content>
 					</file>
 					<file name="/etc/pure-ftpd/db/mysql.conf" chown="root:0"
-						chmod="0644" backup="true">
+						chmod="0640" backup="true">
 						<content><![CDATA[
 ##############################################
 #                                            #

lib/formfields/customer/domains/formfield.domains_edit.php

@@ -47,13 +47,14 @@ return [
 						'values' => $domainips
 					],
 					'alias' => [
-						'visible' => $alias_check == '0',
+						'visible' => $alias_check == '0' && (int)$result['email_only'] == 0,
 						'label' => lng('domains.aliasdomain'),
 						'type' => 'select',
 						'select_var' => $domains,
 						'selected' => $result['aliasdomain']
 					],
 					'path' => [
+						'visible' => (int)$result['email_only'] == 0,
 						'label' => lng('panel.path'),
 						'desc' => (Settings::Get('panel.pathedit') != 'Dropdown' ? lng('panel.pathDescriptionSubdomain').(Settings::Get('system.documentroot_use_default_value') == 1 ? lng('panel.pathDescriptionEx') : '') : null),
 						'type' => $pathSelect['type'],
@@ -63,13 +64,13 @@ return [
 						'note' => $pathSelect['note'] ?? '',
 					],
 					'url' => [
-						'visible' => Settings::Get('panel.pathedit') == 'Dropdown',
+						'visible' => Settings::Get('panel.pathedit') == 'Dropdown' && (int)$result['email_only'] == 0,
 						'label' => lng('panel.urloverridespath'),
 						'type' => 'text',
 						'value' => $urlvalue
 					],
 					'redirectcode' => [
-						'visible' => Settings::Get('customredirect.enabled') == '1',
+						'visible' => Settings::Get('customredirect.enabled') == '1' && (int)$result['email_only'] == 0,
 						'label' => lng('domains.redirectifpathisurl'),
 						'desc' => lng('domains.redirectifpathisurlinfo'),
 						'type' => 'select',
@@ -77,7 +78,7 @@ return [
 						'selected' => $def_code
 					],
 					'selectserveralias' => [
-						'visible' => ($result['parentdomainid'] == '0' && $userinfo['subdomains'] != '0') || $result['parentdomainid'] != '0',
+						'visible' => (($result['parentdomainid'] == '0' && $userinfo['subdomains'] != '0') || $result['parentdomainid'] != '0') && (int)$result['email_only'] == 0,
 						'label' => lng('admin.selectserveralias'),
 						'desc' => lng('admin.selectserveralias_desc'),
 						'type' => 'select',
@@ -85,27 +86,28 @@ return [
 						'selected' => $serveraliasoptions_selected
 					],
 					'isemaildomain' => [
-						'visible' => ($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2') && $result['parentdomainid'] != '0',
+						'visible' => (($result['subcanemaildomain'] == '1' || $result['subcanemaildomain'] == '2') && $result['parentdomainid'] != '0') && (int)$result['email_only'] == 0,
 						'label' => 'Emaildomain',
 						'type' => 'checkbox',
 						'value' => '1',
 						'checked' => $result['isemaildomain']
 					],
 					'openbasedir_path' => [
-						'visible' => $result['openbasedir'] == '1',
+						'visible' => $result['openbasedir'] == '1' && (int)$result['email_only'] == 0,
 						'label' => lng('domain.openbasedirpath'),
 						'type' => 'select',
 						'select_var' => $openbasedir,
 						'selected' => $result['openbasedir_path']
 					],
 					'phpsettingid' => [
-						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) && count($phpconfigs) > 0 && $userinfo['phpenabled'] == '1' && $result['phpenabled'] == '1',
+						'visible' => ((int)Settings::Get('system.mod_fcgid') == 1 || (int)Settings::Get('phpfpm.enabled') == 1) && count($phpconfigs) > 0 && $userinfo['phpenabled'] == '1' && $result['phpenabled'] == '1' && (int)$result['email_only'] == 0,
 						'label' => lng('admin.phpsettings.title'),
 						'type' => 'select',
 						'select_var' => $phpconfigs,
 						'selected' => $result['phpsettingid']
 					],
 					'speciallogfile' => [
+						'visible' =>  (int)$result['email_only'] == 0,
 						'label' => lng('admin.speciallogfile.title'),
 						'desc' => lng('admin.speciallogfile.description'),
 						'type' => 'checkbox',
@@ -139,7 +141,7 @@ return [
 			'section_bssl' => [
 				'title' => lng('admin.webserversettings_ssl'),
 				'image' => 'icons/domain_edit.png',
-				'visible' => Settings::Get('system.use_ssl') == '1' && $ssl_ipsandports && Domain::domainHasSslIpPort($result['id']),
+				'visible' => Settings::Get('system.use_ssl') == '1' && $ssl_ipsandports && Domain::domainHasSslIpPort($result['id']) && (int)$result['email_only'] == 0,
 				'fields' => [
 					'sslenabled' => [
 						'label' => lng('admin.domain_sslenabled'),
@@ -194,6 +196,7 @@ return [
 					]
 				]
 			]
-		]
+		],
+		'buttons' => ((int)$result['email_only'] == 1) ? [] : null
 	]
 ];

lib/formfields/customer/email/formfield.emails_edit.php

@@ -103,18 +103,21 @@ return [
 						]
 					],
 					'spam_tag_level' => [
+						'visible' => Settings::Get('antispam.activated') == '1',
 						'label' => lng('antispam.spam_tag_level'),
 						'type' => 'text',
 						'string_regexp' => '/^\d{1,}(\.\d{1,2})?$/',
 						'value' => $result['spam_tag_level']
 					],
 					'spam_kill_level' => [
+						'visible' => Settings::Get('antispam.activated') == '1',
 						'label' => lng('antispam.spam_kill_level'),
 						'type' => 'text',
 						'string_regexp' => '/^\d{1,}(\.\d{1,2})?$/',
 						'value' => $result['spam_kill_level']
 					],
 					'bypass_spam' => [
+						'visible' => Settings::Get('antispam.activated') == '1',
 						'label' => lng('antispam.bypass_spam'),
 						'type' => 'label',
 						'value' => ((int)$result['bypass_spam'] == 0 ? lng('panel.no') : lng('panel.yes')),
@@ -128,6 +131,7 @@ return [
 						]
 					],
 					'policy_greylist' => [
+						'visible' => Settings::Get('antispam.activated') == '1',
 						'label' => lng('antispam.policy_greylist'),
 						'type' => 'label',
 						'value' => ((int)$result['policy_greylist'] == 0 ? lng('panel.no') : lng('panel.yes')),

lib/tablelisting/admin/tablelisting.admins.php

@@ -110,6 +110,12 @@ return [
 				'class' => 'text-center',
 				'callback' => [Text::class, 'boolean'],
 			],
+			'type_2fa' => [
+				'label' => lng('2fa.type_2fa'),
+				'field' => 'type_2fa',
+				'class' => 'text-center',
+				'callback' => [Text::class, 'type2fa'],
+			],
 		],
 		'visible_columns' => Listing::getVisibleColumnsForListing('admin_list', [
 			'loginname',

lib/tablelisting/admin/tablelisting.customers.php

@@ -149,6 +149,12 @@ return [
 				'class' => 'text-center',
 				'callback' => [Text::class, 'boolean'],
 			],
+			'c.type_2fa' => [
+				'label' => lng('2fa.type_2fa'),
+				'field' => 'type_2fa',
+				'class' => 'text-center',
+				'callback' => [Text::class, 'type2fa'],
+			],
 		],
 		'visible_columns' => Listing::getVisibleColumnsForListing('customer_list', [
 			'c.name',

lib/tables.inc.php

@@ -57,3 +57,4 @@ const TABLE_PANEL_PLANS = 'panel_plans';
 const TABLE_API_KEYS = 'api_keys';
 const TABLE_PANEL_USERCOLUMNS = 'panel_usercolumns';
 const TABLE_PANEL_LOGINLINKS = 'panel_loginlinks';
+const TABLE_PANEL_2FA_TOKENS = 'panel_2fa_tokens';

lng/ca.lng.php

@@ -1143,7 +1143,8 @@ Atentament, el vostre administrador'
 		]
 	],
 	'message' => [
-		'norecipients' => 'No s\'ha enviat cap correu electrònic perquè no hi ha destinataris a la base de dades'
+		'norecipients' => 'No s\'ha enviat cap correu electrònic perquè no hi ha destinataris a la base de dades',
+		'success' => 'Missatge enviat correctament als destinataris de %s',
 	],
 	'mysql' => [
 		'databasename' => 'Usuari/Nom de la base de dades',
@@ -2169,7 +2170,6 @@ Atentament, el vostre administrador'
 		'issuer' => 'Emissor'
 	],
 	'success' => [
-		'messages_success' => 'Missatge enviat correctament als destinataris de %s',
 		'success' => 'Informació',
 		'clickheretocontinue' => 'Feu clic aquí per a continuar',
 		'settingssaved' => 'La configuració s\'ha guardat correctament.',

lng/cz.lng.php

@@ -49,6 +49,7 @@ return [
 		'2fa_ga_desc' => 'Váš účet je nastaven tak, aby používal jednorázová hesla založená na čase prostřednictvím autentizační aplikace. Naskenujte níže uvedený QR kód pomocí požadované autentizační aplikace pro vygenerování kódů. Chcete-li deaktivovat, klikněte na "Deaktivovat 2FA"',
 		'2fa_not_activated' => 'Dvoufázové ověřování není povoleno',
 		'2fa_not_activated_for_user' => 'Dvoufaktorové ověření není pro aktuálního uživatele povoleno',
+		'type_2fa' => 'Stav 2FA',
 	],
 	'admin' => [
 		'overview' => 'Přehled',
@@ -681,6 +682,8 @@ return [
 			'title' => 'Použít greylisting',
 			'description' => 'Příchozí e-maily budou chráněny <a href="https://en.wikipedia.org/wiki/Greylisting_(email)" target="_blank">greylisting</a>.<br/>Výchozí: ano'
 		],
+		'required_spf_dns' => 'Požadovaný SPF DNS záznam',
+		'required_dmarc_dns' => 'Požadovaný DMARC DNS záznam',
 		'required_dkim_dns' => 'Požadovaný DKIM DNS záznam',
 	],
 	'dns' => [
@@ -782,6 +785,7 @@ return [
 		'hsts' => 'HSTS povoleno',
 		'aliasdomainid' => 'ID aliasové domény',
 		'nodomainsassignedbyadmin' => 'Váš účet nemá v současné době přiřazeny žádné (aktivní) domény. Pokud si myslíte, že je to špatné, kontaktujte svého správce.',
+		'email_only' => 'Jen emaily',
 	],
 	'emails' => [
 		'description' => 'Zde můžete vytvářet a měnit své e-mailové adresy.<br />Účet je jako poštovní schránka před vaším domem. Pokud vám někdo pošle e-mail, bude vypuštěn na účet.<br /><br />Chcete-li stáhnout své e-maily, použijte následující nastavení ve vašem poštovním programu: (Data v <i>kurzívě</i> musí být změněna na ekvivalenty, které jste zadali!<br />Hostitelské jméno: <b><i>doménové jméno</i></b><br />Uživatelské jméno: <b><i>jméno účtu / e-mailová adresa</i></b><br />heslo: <b><i>heslo, které jste zvolili</i></b>',
@@ -1101,6 +1105,7 @@ return [
 		'combination_not_found' => 'Kombinace uživatele a e-mailové adresy nenalezena.',
 		'2fa' => 'Dvoufázové ověření (2FA)',
 		'2facode' => 'Zadejte prosím 2FA kód',
+		'2faremember' => 'Důvěřovat prohlížeči',
 	],
 	'mails' => [
 		'pop_success' => [
@@ -1208,6 +1213,7 @@ Ach upřímně, váš správce',
 	],
 	'message' => [
 		'norecipients' => 'Nebyl odeslán žádný e-mail, protože v databázi nejsou žádní příjemci',
+		'success' => 'Zpráva byla úspěšně odeslána příjemcům %s',
 	],
 	'mysql' => [
 		'databasename' => 'Uživatel/Jméno databáze',
@@ -1227,7 +1233,7 @@ Ach upřímně, váš správce',
 	],
 	'opcacheinfo' => [
 		'generaltitle' => 'Obecné informace',
-		'resetcache' => 'Resetövat OPcache',
+		'resetcache' => 'Resetovat OPcache',
 		'version' => 'Verze OPCache',
 		'phpversion' => 'Verze PHP',
 		'runtimeconf' => 'Spustitelná konfigurace',
@@ -1941,7 +1947,7 @@ Ach upřímně, váš správce',
 		],
 		'documentroot_use_default_value' => [
 			'title' => 'Použít název domény jako výchozí hodnotu pro cestu kořenového adresáře dokumentu',
-			'description' => 'Pokud je povoleno a cesta DocumentRoot je prázdná, výchozí hodnotou bude název (sub)domény.<br /><br />Příklady: <br />/var/customers/customer_name/example.com/<br />/var /customers/customer_name/subdomain.example.com/',
+			'description' => 'Pokud je povoleno a cesta DocumentRoot je prázdná, výchozí hodnotou bude název (sub)domény.<br /><br />Příklady: <br />/var/customers/webs/customer_name/example.com/<br />/var/customers/webs/customer_name/subdomain.example.com/',
 		],
 		'panel_phpconfigs_hidesubdomains' => [
 			'title' => 'Skrýt subdomény v PHP-konfiguračním přehledu',
@@ -2268,7 +2274,6 @@ Ach upřímně, váš správce',
 		'issuer' => 'Vydavatel',
 	],
 	'success' => [
-		'messages_success' => 'Zpráva byla úspěšně odeslána příjemcům %s',
 		'success' => 'Informace',
 		'clickheretocontinue' => 'Klikněte zde pro pokračování',
 		'settingssaved' => 'Nastavení bylo úspěšně uloženo.',

lng/de.lng.php

@@ -48,6 +48,7 @@ return [
 		'2fa_ga_desc' => 'Das Konto ist eingerichtet, um zeitbasierte Einmalpasswörter via Authenticator-App zu erhalten. Um die gewünschte Authenticator-App einzurichten, scanne bitte den untenstehenden QR-Code. Zum Deaktivieren, klicke auf "2FA deaktivieren"',
 		'2fa_not_activated' => 'Zwei-Faktor Authentifizierung ist nicht aktiviert',
 		'2fa_not_activated_for_user' => 'Zwei-Faktor Authentifizierung ist für den aktuellen Benutzer nicht aktiviert',
+		'type_2fa' => '2FA Status',
 	],
 	'admin' => [
 		'overview' => 'Übersicht',
@@ -713,6 +714,7 @@ return [
 		'hsts' => 'HSTS aktiviert',
 		'aliasdomainid' => 'ID der Alias-Domain',
 		'nodomainsassignedbyadmin' => 'Diesem Account wurde noch keine (aktive) Domain zugewiesen. Bitte kontaktiere deinen Administrator, wenn du der Meinung bist, das ist nicht korrekt.',
+		'email_only' => 'Nur E-Mail',
 	],
 	'emails' => [
 		'description' => 'Hier können Sie Ihre E-Mail-Adressen einrichten.<br />Ein Konto ist wie Ihr Briefkasten vor der Haustür. Wenn jemand eine E-Mail an Sie schreibt, wird diese in dieses Konto gelegt.<br /><br />Die Zugangsdaten lauten wie folgt: (Die Angaben in <i>kursiver</i> Schrift sind durch die jeweiligen Einträge zu ersetzen)<br /><br />Hostname: <b><i>Domainname</i></b><br />Benutzername: <b><i>Kontoname / E-Mail-Adresse</i></b><br />Passwort: <b><i>das gewählte Passwort</i></b>',
@@ -1031,6 +1033,7 @@ return [
 		'combination_not_found' => 'Kombination aus Benutzername und E-Mail Adresse stimmen nicht überein.',
 		'2fa' => 'Zwei-Faktor Authentifizierung (2FA)',
 		'2facode' => 'Bitte 2FA Code angeben',
+		'2faremember' => 'Browser vertrauen',
 	],
 	'mails' => [
 		'pop_success' => [
@@ -1138,6 +1141,7 @@ Vielen Dank, Ihr Administrator',
 	],
 	'message' => [
 		'norecipients' => 'Es wurde keine E-Mail versendet, da sich keine Empfänger in der Datenbank befinden',
+		'success' => 'Nachricht erfolgreich an "%s" Empfänger gesendet',
 	],
 	'mysql' => [
 		'databasename' => 'Benutzer-/Datenbankname',
@@ -1821,7 +1825,7 @@ Vielen Dank, Ihr Administrator',
 		],
 		'documentroot_use_default_value' => [
 			'title' => 'Verwende Domainnamen im Documentroot',
-			'description' => 'Wenn aktiviert wird dem standard Documentroot zusätzlich der Domain-Name angehängt.<br /><br />Beispiel:<br />/var/customers/customer_name/example.tld/<br />/var/customers/customer_name/subdomain.example.tld/',
+			'description' => 'Wenn aktiviert wird dem standard Documentroot zusätzlich der Domain-Name angehängt.<br /><br />Beispiel:<br />/var/customers/webs/customer_name/example.tld/<br />/var/customers/webs/customer_name/subdomain.example.tld/',
 		],
 		'panel_phpconfigs_hidesubdomains' => [
 			'title' => 'Verstecke Subdomains in PHP-Konfigurations-Übersicht',
@@ -2136,7 +2140,6 @@ Vielen Dank, Ihr Administrator',
 		'dmarc_entry' => 'DMARC-Eintrag für alle Domains',
 	],
 	'success' => [
-		'messages_success' => 'Nachricht erfolgreich an "%s" Empfänger gesendet',
 		'success' => 'Information',
 		'clickheretocontinue' => 'Hier klicken, um fortzufahren',
 		'settingssaved' => 'Die Einstellungen wurden erfolgreich gespeichert.',

lng/en.lng.php

@@ -49,6 +49,7 @@ return [
 		'2fa_ga_desc' => 'Your account is set up to use time-based one-time passwords via authenticator-app. Please scan the QR code below with your desired authenticator app to generate the codes. To deactivate, click on "Deactivate 2FA"',
 		'2fa_not_activated' => 'Two-factor authentication is not enabled',
 		'2fa_not_activated_for_user' => 'Two-factor authentication is not enabled for the current user',
+		'type_2fa' => '2FA status',
 	],
 	'admin' => [
 		'overview' => 'Overview',
@@ -784,6 +785,7 @@ return [
 		'hsts' => 'HSTS enabled',
 		'aliasdomainid' => 'ID of alias domain',
 		'nodomainsassignedbyadmin' => 'Your account has currently no (active) domains assigned to it. Please contact your administrator if you think this is wrong.',
+		'email_only' => 'Email only',
 	],
 	'emails' => [
 		'description' => 'Here you can create and change your email addresses.<br />An account is like your letterbox in front of your house. If someone sends you an email, it will be dropped into the account.<br /><br />To download your emails use the following settings in your mailprogram: (The data in <i>italics</i> has to be changed to the equivalents you typed in!)<br />Hostname: <b><i>domainname</i></b><br />Username: <b><i>account name / e-mail address</i></b><br />password: <b><i>the password you\'ve chosen</i></b>',
@@ -1103,6 +1105,7 @@ return [
 		'combination_not_found' => 'Combination of user and email address not found.',
 		'2fa' => 'Two-factor authentication (2FA)',
 		'2facode' => 'Please enter 2FA code',
+		'2faremember' => 'Trust browser',
 	],
 	'mails' => [
 		'pop_success' => [
@@ -1210,6 +1213,7 @@ Yours sincerely, your administrator',
 	],
 	'message' => [
 		'norecipients' => 'No e-mail has been sent because there are no recipients in the database',
+		'success' => 'Successfully sent message to %s recipients',
 	],
 	'mysql' => [
 		'databasename' => 'User/Database name',
@@ -1943,7 +1947,7 @@ Yours sincerely, your administrator',
 		],
 		'documentroot_use_default_value' => [
 			'title' => 'Use domain name as default value for DocumentRoot path',
-			'description' => 'If enabled and DocumentRoot path is empty, default value will be the (sub)domain name.<br /><br />Examples: <br />/var/customers/customer_name/example.com/<br />/var/customers/customer_name/subdomain.example.com/',
+			'description' => 'If enabled and DocumentRoot path is empty, default value will be the (sub)domain name.<br /><br />Examples: <br />/var/customers/webs/customer_name/example.com/<br />/var/customers/webs/customer_name/subdomain.example.com/',
 		],
 		'panel_phpconfigs_hidesubdomains' => [
 			'title' => 'Hide subdomains in PHP-configuration overview',
@@ -2270,7 +2274,6 @@ Yours sincerely, your administrator',
 		'issuer' => 'Issuer',
 	],
 	'success' => [
-		'messages_success' => 'Successfully sent message to %s recipients',
 		'success' => 'Information',
 		'clickheretocontinue' => 'Click here to continue',
 		'settingssaved' => 'The settings have been successfully saved.',

lng/es.lng.php

@@ -1132,7 +1132,8 @@ Atentamente, su administrador'
 		]
 	],
 	'message' => [
-		'norecipients' => 'No se ha enviado ningún correo electrónico porque no hay destinatarios en la base de datos'
+		'norecipients' => 'No se ha enviado ningún correo electrónico porque no hay destinatarios en la base de datos',
+		'success' => 'Mensaje enviado correctamente a los destinatarios de %s',
 	],
 	'mysql' => [
 		'databasename' => 'Usuario/Nombre de la base de datos',
@@ -2152,7 +2153,6 @@ Atentamente, su administrador'
 		'issuer' => 'Emisor'
 	],
 	'success' => [
-		'messages_success' => 'Mensaje enviado correctamente a los destinatarios de %s',
 		'success' => 'Información',
 		'clickheretocontinue' => 'Haga clic aquí para continuar',
 		'settingssaved' => 'La configuración se ha guardado correctamente.',

lng/fr.lng.php

@@ -466,6 +466,7 @@ return [
 	],
 	'message' => [
 		'norecipients' => 'Aucun e-mail n\'a été envoyé car il n\'existe aucun destinataire dans la base de données',
+		'success' => 'Le message a été envoyé aux destinataires "%s"',
 	],
 	'mysql' => [
 		'databasename' => 'Nom de la base de données',
@@ -749,9 +750,6 @@ return [
 			'description' => 'Les administrateurs / revendeurs peuvent réinitialiser leurs mots de passe et il sera envoyé à leurs propres adresses e-mails',
 		],
 	],
-	'success' => [
-		'messages_success' => 'Le message a été envoyé aux destinataires "%s"',
-	],
 	'traffic' => [
 		'month' => 'Mois',
 		'day' => 'Jour',

lng/it.lng.php

@@ -1043,6 +1043,7 @@ Cordiali Saluti, Team Froxlor',
 	],
 	'message' => [
 		'norecipients' => 'Nessuna e-mail è stata inviata perch¸ non ci sono i destinatari nel database',
+		'success' => 'Inviato correttamente il messaggio a %s recipients',
 	],
 	'mysql' => [
 		'description' => 'Qui puoi creare e modificare il tuo database MySQL<br />Le modifiche sono istantanee e puoi usare subito il database.<br />Nel menù a sinistra trovi phpMyAdmin con cui puoi amministrare il tuo database.<br /><br />Per usare i database nei tuoi script php usa le seguenti impostazioni: (Le parole in <i>corsivo</i> devono essere modificate con quello che hai scritto!)<br />Hostname: <b><SQL_HOST></b><br />Utente: <b><i>Nome database</i></b><br />Password: <b><i>La password che hai scelto</i></b><br />Database: <b><i>Nome database</i></b>',
@@ -1703,7 +1704,6 @@ Nota: Perfavore <b>sii sicuro</b> di usare lo stesso nome di file come per il cr
 		'spf_entry' => 'Impostazioni SPF per tutti i domini',
 	],
 	'success' => [
-		'messages_success' => 'Inviato correttamente il messaggio a %s recipients',
 		'success' => 'Informazioni',
 		'clickheretocontinue' => 'Clicca qui per continuare',
 		'settingssaved' => 'Le impostazioni sono state salvate con successo.',

lng/nl.lng.php

@@ -619,6 +619,7 @@ Met vriendelijke groet, uw beheerder',
 	],
 	'message' => [
 		'norecipients' => 'Er is geen email verstuurd omdat er geen ontvangers in de database zijn',
+		'success' => 'Bericht verzonden naar ontvangers %s',
 	],
 	'mysql' => [
 		'databasename' => 'gebruiker/database naam',
@@ -1069,7 +1070,6 @@ Met vriendelijke groet, uw beheerder',
 		'spf_entry' => 'SPF regel voor alle domeinen',
 	],
 	'success' => [
-		'messages_success' => 'Bericht verzonden naar ontvangers %s',
 		'success' => 'Informatie',
 		'clickheretocontinue' => 'Klik hier om verder te gaan',
 		'settingssaved' => 'De instellingen zijn opgeslagen.',

lng/pt.lng.php

@@ -554,6 +554,7 @@ return [
 	],
 	'message' => [
 		'norecipients' => 'Email não enviado porque não tem destinatário no banco de dados',
+		'success' => 'Mensagens enviadas para %s destinatários com sucesso',
 	],
 	'mysql' => [
 		'description' => 'Aqui você pode criar e alterar seus bancos de dados MySQL.<br />As alterações são instantâneas e podem ser utilizadas imediatamente depois de salvas.<br />No menu do lado esquerdo você pode encontrar a ferramenta phpMyAdmin e com ela facilmente administrar seus bancos de dados.<br /><br />Para usar seu banco de dados com scripts em PHP use as seguintes configurações: (Os dados em <i>italico</i> devem ser substituidos pelo equivalente do banco de dados que você criou!)<br />Hostname: <b><SQL_HOST></b><br />Usuario: <b><i>Nome do banco de dadose</i></b><br />Senha: <b><i>a senha que você escolheu</i></b><br />Banco de dados: <b><i>Nome do banco de dados',
@@ -880,9 +881,6 @@ return [
 			'description' => 'Se ativado você pode trocar o cliente de um domínio para administração de outro.<br /><b>Attention:</b> Froxlor não troca nenhum caminho. Isto pode fazer com que domínios parem de funcionar',
 		],
 	],
-	'success' => [
-		'messages_success' => 'Mensagens enviadas para %s destinatários com sucesso',
-	],
 	'traffic' => [
 		'month' => 'Mês',
 		'day' => 'Diariamente',

logfiles_viewer.php

@@ -61,6 +61,10 @@ if (function_exists('exec')) {
 	}
 	$domain = json_decode($json_result, true)['data'];
 
+	if ($domain['email_only']) {
+		Response::dynamicError("There are no webserver logfiles for email only domains.");
+	}
+
 	$speciallogfile = '';
 	if ($domain['speciallogfile'] == '1') {
 		if ($domain['parentdomainid'] == '0') {

package-lock.json

@@ -9,7 +9,7 @@
 				"@fortawesome/fontawesome-free": "^6.4.2",
 				"@popperjs/core": "^2.11.8",
 				"@vitejs/plugin-vue": "^4.0.0",
-				"axios": "^1.6.0",
+				"axios": "^1.7.4",
 				"bootstrap": "^5.3.2",
 				"chart.js": "^4.4.0",
 				"jquery": "^3.6.1",
@@ -580,12 +580,12 @@
 			"dev": true
 		},
 		"node_modules/axios": {
-			"version": "1.6.0",
-			"resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz",
-			"integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==",
+			"version": "1.7.4",
+			"resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz",
+			"integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==",
 			"dev": true,
 			"dependencies": {
-				"follow-redirects": "^1.15.0",
+				"follow-redirects": "^1.15.6",
 				"form-data": "^4.0.0",
 				"proxy-from-env": "^1.1.0"
 			}

package.json

@@ -9,7 +9,7 @@
 		"@fortawesome/fontawesome-free": "^6.4.2",
 		"@popperjs/core": "^2.11.8",
 		"@vitejs/plugin-vue": "^4.0.0",
-		"axios": "^1.6.0",
+		"axios": "^1.7.4",
 		"bootstrap": "^5.3.2",
 		"chart.js": "^4.4.0",
 		"jquery": "^3.6.1",

ssl_editor.php

@@ -50,6 +50,10 @@ if ($action == '' || $action == 'view') {
 	}
 	$result_domain = json_decode($json_result, true)['data'];
 
+	if ($result_domain['email_only']) {
+		Response::dynamicError("There are no ssl-certificates for email only domains.");
+	}
+
 	if (Request::post('send') == 'send') {
 		$do_insert = Request::post('do_insert', 0) == 1;
 		try {

templates/Froxlor/assets/js/jquery/domains.js

@@ -41,8 +41,9 @@ export default function () {
 				$('#speciallogfilenote').remove();
 				$('#speciallogfile').removeClass('is-invalid');
 				$('#speciallogverified').val(0);
+				const cFileName = window.location.pathname.substring(window.location.pathname.lastIndexOf("/")+1);
 				$.ajax({
-					url: window.location.pathname.substring(1) + "?page=overview&action=jqSpeciallogfileNote",
+					url: cFileName + "?page=overview&action=jqSpeciallogfileNote",
 					type: "POST",
 					data: {
 						id: $('input[name=id]').val(), newval: +$('#speciallogfile').is(':checked')

templates/Froxlor/form/formfields.html.twig

@@ -3,7 +3,7 @@
 		{% if norow == false and (field.type != 'hidden' or (field.type == 'hidden' and field.display is defined and field.display is not empty)) %}
 			<div class="row g-0 formfield d-flex align-items-center">
 				{% if field.prior_infotext is defined and field.prior_infotext|length > 0 %}
-					<h5>{{ field.prior_infotext }}</h5>
+					<h5>{{ field.prior_infotext|raw }}</h5>
 				{% endif %}
 				{% if field.label is iterable %}
 					<label for="{{ id }}" class="col-sm-6 col-form-label pe-3">

templates/Froxlor/login/enter2fa.html.twig

@@ -22,6 +22,16 @@
 							<input class="form-control" type="text" name="2fa_code" id="2fa_code" value="" autocomplete="off" autofocus required/>
 						</div>
 
+						{% if remember_me %}
+						<div class="mb-3">
+							<div class="form-check form-switch">
+								<input type="hidden" name="2fa_remember" value="0"/>
+								<input class="form-check-input" type="checkbox" id="2fa_remember" name="2fa_remember" value="1">
+								<label class="form-check-label" for="2fa_remember">{{ lng('login.2faremember') }}</label>
+							</div>
+						</div>
+						{% endif %}
+
 					</div>
 
 					<div class="card-body d-grid gap-2">

templates/Froxlor/table/macros.html.twig

@@ -29,6 +29,16 @@
 	{% endif %}
 {% endmacro %}
 
+{% macro type2fa(data) %}
+	{% if (data == 1) %}
+		<i class="fa-solid fa-envelope text-success"></i>
+	{% elseif (data == 2) %}
+		<i class="fa-solid fa-mobile text-success"></i>
+	{% else %}
+		<i class="fa-solid fa-lock-open text-warning"></i>
+	{% endif %}
+{% endmacro %}
+
 {% macro link(data) %}
 	{% apply spaceless %}
 	<a href="{{ data.href }}" {% if data.class is defined %} class="{{ data.class }}" {% endif %} {% if data.target is defined %} target="{{ data.target }}" {% endif %} {% if data.title is defined %} title="{{ data.title }}" {% endif %}>

templates/Froxlor/table/table.html.twig

@@ -47,6 +47,8 @@
 											{{ macros.domainWithSan(td.data.data) }}
 										{% elseif td.data.macro == 'actions' %}
 											{{ macros.actions(td.data.data) }}
+										{% elseif td.data.macro == 'type2fa' %}
+											{{ macros.type2fa(td.data.data) }}
 										{% else %}
 											Table macro '{{ td.data.macro|json_encode }}' is not implemented!
 											Unable to handle this data: {{ td.data|json_encode }}