Merge branch 'staging/fixes' into main

bin/v-add-firewall-ipset

@@ -89,7 +89,9 @@ if [ ! -f "${IPSET_PATH}/${IPSET_FILE}.iplist" ] || [ "$force" = "yes" ]; then
         # Advanced: execute script with the same basename for aditional pre-processing
         # ex: 
         if [ -x "${IPSET_PATH}/${IPSET_FILE}.sh" ]; then 
-            setpriv --clear-groups --reuid nobody --regid nogroup -- ${IPSET_PATH}/${IPSET_FILE}.sh "$ip_name" "$iplist_tempfile"
+            preprocess_output="$(cat "$iplist_tempfile" | setpriv --clear-groups --reuid nobody --regid nogroup -- ${IPSET_PATH}/${IPSET_FILE}.sh "$ip_name" "$iplist_tempfile")"
+            check_result $? "Preprocessing script failed (${IPSET_FILE}.sh)"
+            [[ "$preprocess_output" ]] && echo "$preprocess_output" > "$iplist_tempfile"
         fi
 
     elif [[ "$data_source" =~ ^script:/ ]]; then
@@ -113,6 +115,14 @@ if [ ! -f "${IPSET_PATH}/${IPSET_FILE}.iplist" ] || [ "$force" = "yes" ]; then
 
     fi
 
+    # Cleanup ip list
+    sed -r -i -e 's/[;#].*$//' -e 's/[ \t]*$//' -e '/^$/d' "$iplist_tempfile"
+    if [[ $ip_version == 'v4' ]]; then
+        sed -i -r -n -e '/^((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])/p' "$iplist_tempfile"
+    elif [[ $ip_version == 'v6' ]]; then
+        sed -i -r -n -e '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}/p' "$iplist_tempfile"
+    fi
+
     # Validate iplist file size
     iplist_size=$(sed -r -e '/^#|^$/d' "$iplist_tempfile" | wc -l)
     [[ "$iplist_size" -le $IPSET_MIN_SIZE ]] && check_result $E_INVALID "iplist file too small (<${IPSET_MIN_SIZE}), ignoring"

bin/v-add-letsencrypt-host

@@ -11,8 +11,9 @@
 #----------------------------------------------------------#
 
 # Argument definition
-user="admin"
 domain=$HOSTNAME
+user="$($HESTIA/bin/v-search-domain-owner "$domain" web)"
+[[ -z "$user" ]] && user="admin"
 
 # Includes
 source $HESTIA/func/main.sh

bin/v-add-web-domain-ssl-hsts

@@ -54,7 +54,6 @@ else
 fi
 
 echo 'add_header Strict-Transport-Security "max-age=15768000;" always;' > $hstsconf
-echo "HTTP Strict Transport Security (HSTS) turned on for $domain."
 
 
 #----------------------------------------------------------#

bin/v-delete-web-domain-ssl-hsts

@@ -49,7 +49,7 @@ else
 fi
 
 rm -f $hstsconf
-echo "HTTP Strict Transport Security (HSTS) turned off for $domain."
+
 
 #----------------------------------------------------------#
 #                       Hestia                             #

func/rebuild.sh

@@ -527,14 +527,9 @@ rebuild_mail_domain_conf() {
         # Setting HELO for mail domain
         if [ ! -z "$local_ip" ]; then
             IP_RDNS=$(is_ip_rdns_valid "$local_ip")
+            sed -i "/^${domain}:/d" /etc/exim4/mailhelo.conf >/dev/null 2>&1
             if [ ! -z "$IP_RDNS" ]; then
-                if [ -f /etc/exim4/mailhelo.conf ] && [ $(grep -s "^${domain}:" /etc/exim4/mailhelo.conf) ]; then
-                    sed -i "/^${domain}:/c\\${domain}:${IP_RDNS}" /etc/exim4/mailhelo.conf
-                else
-                    echo ${domain}:${IP_RDNS} >> /etc/exim4/mailhelo.conf
-                fi
-            else
-                sed -i "/^${domain}:/d" /etc/exim4/mailhelo.conf >/dev/null 2>&1
+                echo ${domain}:${IP_RDNS} >> /etc/exim4/mailhelo.conf
             fi
         fi
 

install/deb/templates/web/nginx/php-fpm/sendy.stpl

@@ -87,5 +87,5 @@ server {
 
     include     /etc/nginx/conf.d/phpmyadmin.inc*;
     include     /etc/nginx/conf.d/phppgadmin.inc*;
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }

install/deb/templates/web/nginx/php-fpm/wordpress.stpl

@@ -73,5 +73,5 @@ server {
     include     /etc/nginx/conf.d/phppgadmin.inc*;
     include     /etc/nginx/conf.d/webmail.inc*;
 
-    include     %home%/%user%/conf/web/%domain%/nginx.conf_*;
+    include     %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
 }

install/hst-install-debian.sh

@@ -42,9 +42,9 @@ if [ "$release" -eq 9 ]; then
         mariadb-client mariadb-common mariadb-server postgresql
         postgresql-contrib phppgadmin phpmyadmin mc flex whois rssh git idn zip
         sudo bc ftp lsof rrdtool quota e2fslibs bsdutils e2fsprogs curl
-        imagemagick fail2ban dnsutils bsdmainutils cron hestia hestia-nginx
+        imagemagick fail2ban dnsutils bsdmainutils cron hestia=${HESTIA_INSTALL_VER} hestia-nginx
         hestia-php expect libmail-dkim-perl unrar-free vim-common acl sysstat
-        rsyslog ssh setpriv ipset libapache2-mod-ruid2"
+        rsyslog openssh-server ssh setpriv ipset libapache2-mod-ruid2"
 elif [ "$release" -eq 10 ]; then
     software="nginx apache2 apache2-utils apache2-suexec-custom
         apache2-suexec-pristine libapache2-mod-fcgid libapache2-mod-php$fpm_v
@@ -60,8 +60,8 @@ elif [ "$release" -eq 10 ]; then
         phppgadmin mc flex whois git idn zip sudo bc ftp lsof rrdtool
         quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils
         bsdmainutils cron hestia hestia-nginx hestia-php expect
-        libmail-dkim-perl unrar-free vim-common acl sysstat rsyslog ssh util-linux
-        ipset libapache2-mpm-itk"
+        libmail-dkim-perl unrar-free vim-common acl sysstat rsyslog openssh-server
+        ssh util-linux ipset libapache2-mpm-itk"
 fi
 
 installer_dependencies="apt-transport-https curl dirmngr gnupg wget"

install/hst-install-ubuntu.sh

@@ -42,9 +42,9 @@ software="apache2 apache2.2-common apache2-suexec-custom apache2-utils
     php$fpm_v-imagick php$fpm_v-intl php$fpm_v-json php$fpm_v-mbstring
     php$fpm_v-opcache php$fpm_v-pspell php$fpm_v-readline php$fpm_v-xml
     postgresql postgresql-contrib proftpd-basic quota roundcube-core
-    roundcube-mysql roundcube-plugins rrdtool rssh spamassassin sudo hestia
+    roundcube-mysql roundcube-plugins rrdtool rssh spamassassin sudo hestia=${HESTIA_INSTALL_VER}
     hestia-nginx hestia-php vim-common vsftpd whois zip acl sysstat setpriv
-    ipset libonig5 libzip5"
+    ipset libonig5 libzip5 openssh-server ssh"
 
 installer_dependencies="apt-transport-https curl dirmngr gnupg wget"
 

web/add/db/index.php

@@ -42,8 +42,7 @@ if (!empty($_POST['ok'])) {
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        $pw_len = strlen($_POST['v_password']);
-        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
     }
 
     // Protect input

web/add/mail/index.php

@@ -96,6 +96,8 @@ if (!empty($_POST['ok_acc'])) {
         header('location: /login/');
         exit();
     }
+    
+    
 
     // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
@@ -118,6 +120,11 @@ if (!empty($_POST['ok_acc'])) {
             $_SESSION['error_msg'] = __('Please enter valid email address.');
         }
     }
+    
+    // Check password length
+    if (empty($_SESSION['error_msg']) && !empty($_POST['v_fwd_only']) ) {
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+    }
 
     // Protect input
     $v_domain = escapeshellarg($_POST['v_domain']);

web/add/user/index.php

@@ -45,8 +45,7 @@ if (!empty($_POST['ok'])) {
 
     // Check password length
     if (empty($_SESSION['error_msg'])) {
-        $pw_len = strlen($_POST['v_password']);
-        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
     }
 
     // Protect input

web/css/src/styles.css

@@ -3973,3 +3973,35 @@ form#vstobjects.suspended {
     display: none;
   }
 }
+
+meter {
+  /* Reset the default appearance */
+  -webkit-appearance: none;
+  -moz-appearance: none;
+  appearance: none;
+  margin: 0 auto 1em;
+  width: 373px;
+  background-color: #e7e7e7;
+  height: 3px;
+  border-bottom-left-radius: 5px;
+  border-bottom-right-radius: 5px;
+  margin-left: 3px;
+  box-shadow: 0px 1px 2px rgba(0,0,0,0.25);
+}
+
+meter[value="1"] { background: red; }
+meter[value="2"] { background: orange; }
+meter[value="3"] { background: yellow; }
+meter[value="4"] { background: green; }
+
+/* Webkit based browsers */
+meter[value="1"]::-webkit-meter-optimum-value { background: red; }
+meter[value="2"]::-webkit-meter-optimum-value { background: orange; }
+meter[value="3"]::-webkit-meter-optimum-value { background: yellow; }
+meter[value="4"]::-webkit-meter-optimum-value { background: green; }
+
+/* Gecko based browsers */
+meter[value="1"]::-moz-meter-bar { background: red; }
+meter[value="2"]::-moz-meter-bar { background: orange; }
+meter[value="3"]::-moz-meter-bar { background: yellow; }
+meter[value="4"]::-moz-meter-bar { background: green; }

web/edit/db/index.php

@@ -63,15 +63,19 @@ if (!empty($_POST['save'])) {
 
     // Change database password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        $v_password = tempnam("/tmp","vst");
-        $fp = fopen($v_password, "w");
-        fwrite($fp, $_POST['v_password']."\n");
-        fclose($fp);
-        exec (HESTIA_CMD."v-change-database-password ".$v_username." ".escapeshellarg($v_database)." ".$v_password, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        }else{ 
+            $v_password = tempnam("/tmp","vst");
+            $fp = fopen($v_password, "w");
+            fwrite($fp, $_POST['v_password']."\n");
+            fclose($fp);
+            exec (HESTIA_CMD."v-change-database-password ".$v_username." ".escapeshellarg($v_database)." ".$v_password, $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            unlink($v_password);
+            $v_password = escapeshellarg($_POST['v_password']);
+        }
     }
 
     // Set success message

web/edit/mail/index.php

@@ -398,15 +398,19 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco
 
     // Change password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        $v_password = tempnam("/tmp","vst");
-        $fp = fopen($v_password, "w");
-        fwrite($fp, $_POST['v_password']."\n");
-        fclose($fp);
-        exec (HESTIA_CMD."v-change-mail-account-password ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_password, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);;
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { 
+            $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); 
+        }else{         
+            $v_password = tempnam("/tmp","vst");
+            $fp = fopen($v_password, "w");
+            fwrite($fp, $_POST['v_password']."\n");
+            fclose($fp);
+            exec (HESTIA_CMD."v-change-mail-account-password ".$v_username." ".escapeshellarg($v_domain)." ".escapeshellarg($v_account)." ".$v_password, $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            unlink($v_password);
+            $v_password = escapeshellarg($_POST['v_password']);
+        }
     }
 
     // Change quota

web/edit/user/index.php

@@ -98,15 +98,20 @@ if (!empty($_POST['save'])) {
 
     // Change password
     if ((!empty($_POST['v_password'])) && (empty($_SESSION['error_msg']))) {
-        $v_password = tempnam("/tmp","vst");
-        $fp = fopen($v_password, "w");
-        fwrite($fp, $_POST['v_password']."\n");
-        fclose($fp);
-        exec (HESTIA_CMD."v-change-user-password ".escapeshellarg($v_username)." ".$v_password, $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        unlink($v_password);
-        $v_password = escapeshellarg($_POST['v_password']);
+        // Check password length
+        $pw_len = strlen($_POST['v_password']);
+        if (!preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$/', $_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements'); }
+        if (empty($_SESSION['error_msg'])) {
+            $v_password = tempnam("/tmp","vst");
+            $fp = fopen($v_password, "w");
+            fwrite($fp, $_POST['v_password']."\n");
+            fclose($fp);
+            exec (HESTIA_CMD."v-change-user-password ".escapeshellarg($v_username)." ".$v_password, $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            unlink($v_password);
+            $v_password = escapeshellarg($_POST['v_password']);
+        }
     }
 
     // Enable twofa
@@ -184,11 +189,15 @@ if (!empty($_POST['save'])) {
 
     // Change full name
     if ($v_name != $_POST['v_name']){
-        $v_name = escapeshellarg($_POST['v_name']);
-        exec (HESTIA_CMD."v-change-user-name ".escapeshellarg($v_username). " ". "$v_name", $output, $return_var);
-        check_return_code($return_var,$output);
-        unset($output);
-        $v_name = $_POST['v_name'];
+            if (empty($_POST['v_name'])) {
+                 $_SESSION['error_msg'] = __('Please enter a valid name');
+            }else{
+                $v_name = escapeshellarg($_POST['v_name']);
+                exec (HESTIA_CMD."v-change-user-name ".escapeshellarg($v_username). " ".$v_name, $output, $return_var);
+                check_return_code($return_var,$output);
+                unset($output);
+                $v_name = $_POST['v_name'];
+            }
     }
 
     // Change NameServers

web/js/pages/add_db.js

@@ -63,19 +63,53 @@ App.Listeners.DB.keypress_db_databasename = function() {
     });
 }
 
+App.Actions.DB.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.DB.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.DB.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+
+App.Listeners.DB.keypress_v_password();
+
 //
 // Page entry point
 // Trigger listeners
 App.Listeners.DB.keypress_db_username();
 App.Listeners.DB.keypress_db_databasename();
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_add_db.v_password.value = randomstring;
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        App.Actions.DB.update_v_password();
+    }    
 }

web/js/pages/add_mail_acc.js

@@ -75,22 +75,56 @@ $('form[name="v_quota"]').on('submit', function(evt) {
     });
 });
 
+App.Actions.MAIL_ACC.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.MAIL_ACC.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.MAIL_ACC.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+
+App.Listeners.MAIL_ACC.keypress_v_password();
+
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_add_mail_acc.v_password.value = randomstring;
-
-    if($('input[name=v_password]').attr('type') == 'text')
-        $('#v_password').text(randomstring);
-    else
-        $('#v_password').text(Array(randomstring.length+1).join('*'));
-    generate_mail_credentials();
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        if($('input[name=v_password]').attr('type') == 'text')
+            $('#v_password').text(randomstring);
+        else
+            $('#v_password').text(Array(randomstring.length+1).join('*'));
+        
+        App.Actions.MAIL_ACC.update_v_password();
+        generate_mail_credentials();
+    }    
 }
 
 generate_mail_credentials = function() {

web/js/pages/add_user.js

@@ -1,17 +1,60 @@
 $(function() {
     $('#v_email').change(function() {
-        document.getElementById('v_notify').value = document.getElementById('v_email').value;
+        if($('#v_email_notify').attr('checked')){
+            document.getElementById('v_notify').value = document.getElementById('v_email').value;
+        }
     });
+    $('#v_email_notify').change(function() {
+        if($('#v_email_notify').attr('checked')){
+            document.getElementById('v_notify').value = document.getElementById('v_email').value;
+        }else{
+            document.getElementById('v_notify').value = '';
+        }
+    });    
 });
 
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_add_user.v_password.value = randomstring;
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        App.Actions.WEB.update_v_password();
+    }    
 }
+
+App.Actions.WEB.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.WEB.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.WEB.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+
+App.Listeners.WEB.keypress_v_password();

web/js/pages/edit_db.js

@@ -63,20 +63,55 @@ App.Listeners.DB.keypress_db_databasename = function() {
     });
 }
 
+App.Actions.DB.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.DB.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.DB.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+
+App.Listeners.DB.keypress_v_password();
+
 //
 // Page entry point
 // Trigger listeners
 App.Listeners.DB.keypress_db_username();
 App.Listeners.DB.keypress_db_databasename();
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_edit_db.v_password.value = randomstring;
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        App.Actions.DB.update_v_password();
+    }    
 }
+
      

web/js/pages/edit_mail_acc.js

@@ -53,47 +53,57 @@ App.Listeners.MAIL_ACC.init = function() {
     });
 }
 
-App.Helpers.isUnlimitedValue = function(value) {
-    var value = value.trim();
-    if (value == App.Constants.UNLIM_VALUE || value == App.Constants.UNLIM_TRANSLATED_VALUE) {
-        return true;
-    }
-
-    return false;
+App.Actions.MAIL_ACC.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
 }
 
-//
-// Page entry point
-// Trigger listeners
-App.Listeners.MAIL_ACC.init();
-App.Listeners.MAIL_ACC.checkbox_unlimited_feature();
-$('form[name="v_quota"]').on('submit', function(evt) {
-    $('input:disabled').each(function(i, elm) {
-        $(elm).attr('disabled', false);
-        if (App.Helpers.isUnlimitedValue($(elm).val())) {
-            $(elm).val(App.Constants.UNLIM_VALUE);
-        }
+App.Listeners.MAIL_ACC.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.MAIL_ACC.update_v_password(elm, $(elm).val());
+        }, 100);
     });
-});
+}
+
+App.Listeners.MAIL_ACC.keypress_v_password();
 
 
-randomString = function() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_edit_mail_acc.v_password.value = randomstring;
-
-    if($('input[name=v_password]').attr('type') == 'text')
-        $('#v_password').text(randomstring);
-    else
-        $('#v_password').text(Array(randomstring.length+1).join('*'));
-    generate_mail_credentials();
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+        if($('input[name=v_password]').attr('type') == 'text')
+            $('#v_password').text(randomstring);
+        else
+            $('#v_password').text(Array(randomstring.length+1).join('*'));
+        
+        App.Actions.MAIL_ACC.update_v_password();
+        generate_mail_credentials();
+    }    
 }
-
 generate_mail_credentials = function() {
     var div = $('.mail-infoblock').clone();
     div.find('#mail_configuration').remove();

web/js/pages/edit_user.js

@@ -1,14 +1,46 @@
-function randomString() {
+randomString = function(min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.v_edit_user.v_password.value = randomstring;
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        $('input[name=v_password]').val(randomstring);
+    }    
 }
 
+App.Actions.WEB.update_v_password = function (){
+    var password = $('input[name="v_password"]').val();
+    var min_small = new RegExp(/^(?=.*[a-z]).+$/);
+    var min_cap = new RegExp(/^(?=.*[A-Z]).+$/);
+    var min_num = new RegExp(/^(?=.*\d).+$/); 
+    var min_length = 8;
+    var score = 0;
+    if(password.length >= min_length) { score = score + 1; }
+    if(min_small.test(password)) { score = score + 1;}
+    if(min_cap.test(password)) { score = score + 1;}
+    if(min_num.test(password)) { score = score+ 1; }
+    $('#meter').val(score);   
+}
+
+App.Listeners.WEB.keypress_v_password = function() {
+    var ref = $('input[name="v_password"]');
+    ref.bind('keypress input', function(evt) {
+        clearTimeout(window.frp_usr_tmt);
+        window.frp_usr_tmt = setTimeout(function() {
+            var elm = $(evt.target);
+            App.Actions.WEB.update_v_password(elm, $(elm).val());
+        }, 100);
+    });
+}
+App.Listeners.WEB.keypress_v_password();
+
+
 $(document).ready(function(){
     $('.add-ns-button').click(function(){
         var n = $('input[name^=v_ns]').length;

web/js/pages/setup_webapp.js

@@ -1,14 +1,16 @@
-function randomString(target) {
+randomString = function(target, min_length = 16) {
     var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
-    var string_length = 16;
+    var string_length = min_length;
     var randomstring = '';
     for (var i = 0; i < string_length; i++) {
         var rnum = Math.floor(Math.random() * chars.length);
         randomstring += chars.substr(rnum, 1);
     }
-    document.getElementById(target).value = randomstring;
-}
-
-$(document).ready(function() {
-
-});
+    var regex = new RegExp(/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\d)[a-zA-Z\d]{8,}$/);
+    if(!regex.test(randomstring)){
+        randomString();
+    }else{
+        elm = document.getElementById(target);
+        $(elm).val(randomstring);
+    }    
+}

web/templates/admin/add_db.html

@@ -88,11 +88,22 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password">
+                                    <input type="text" size="20" class="vst-input password" name="v_password"><br />
+                                    <meter max="4" id="meter"></meter>
                                 </td>
                             </tr>
                             <tr>
-                                <td class="vst-text input-label">
+                                <td class="vst-text">
+                                    <?php print('Your password must have at least');?>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text">
                                     <?php print __('Type');?>
                                 </td>
                             </tr>

web/templates/admin/add_mail_acc.html

@@ -72,11 +72,22 @@
                         </tr>
                         <tr>
                             <td>
-                                <input type="text" size="20" class="vst-input password" name="v_password">
+                                <input type="text" size="20" class="vst-input password" name="v_password"><br />
+                                <meter max="4" id="meter"></meter>
                             </td>
                         </tr>
                         <tr>
-                            <td class="vst-text input-label">
+                            <td class="vst-text">
+                                <?php print('Your password must have at least');?>
+                                <ul>
+                                    <li><?php print('8 characters long');?></li>
+                                    <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                    <li><?php print('1 number');?></li>
+                                </ul>
+                            </td>
+                        </tr>
+                        <tr>
+                            <td class="vst-text">
                                 <a href="javascript:elementHideShow('advtable');" class="vst-advanced"> <?php print __('Advanced options');?>&nbsp;<i class="fas fa-arrow-circle-right"></i></a>
                             </td>
                         </tr>

web/templates/admin/add_user.html

@@ -68,11 +68,22 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>" tabindex="2" >
+                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>" tabindex="2" /><br />
+                                    <meter max="4" id="meter"></meter>
                                 </td>
                             </tr>
                             <tr>
-                                <td class="vst-text input-label">
+                                <td class="vst-text">
+                                    <?php print('Your password must have at least');?>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text ">
                                     <?php print __('Contact');?>
                                 </td>
                             </tr>
@@ -90,6 +101,11 @@
                                 <td>
                                     <input type="text" size="20" class="vst-input" name="v_email" id='v_email' value="<?=htmlentities(trim($v_email, "'"))?>" tabindex="5" >
                                 </td>
+                            </tr>
+                             <tr>
+                                <td class="vst-text input-label">
+                                    <label><input type="checkbox" size="20" class="vst-checkbox" name="v_email_notice" id='v_email_notify' value="" tabindex="5" /> <?php print __('Send welcome email');?></label>
+                                </td>
                             </tr>
                             <tr>
                                 <td class="vst-text input-label" name="v_package">

web/templates/admin/edit_db.html

@@ -83,7 +83,18 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">
+                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>"><br />
+                                    <meter max="4" id="meter"></meter>
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="vst-text">
+                                    <?php print('Your password must have at least');?>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
                                 </td>
                             </tr>
                             <tr>

web/templates/admin/edit_mail_acc.html

@@ -73,9 +73,20 @@
                         </tr>
                         <tr>
                             <td>
-                                <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">
+                                <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>"><br />
+                                <meter max="4" id="meter"></meter>
                             </td>
-                         </tr>
+                        </tr>
+                        <tr>
+                            <td class="vst-text">
+                                <?php print('Your password must have at least');?>
+                                <ul>
+                                    <li><?php print('8 characters long');?></li>
+                                    <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                    <li><?php print('1 number');?></li>
+                                    </ul>
+                            </td>
+                        </tr>
                         <tr>
                             <td class="vst-text input-type input-label">
                                 <?php print __('Quota');?> <span class="optional">(<?=__('in megabytes')?>)</span>
@@ -84,7 +95,7 @@
                         <tr>
                           <td>
                                 <input type="text" size="20" class="vst-input" name="v_quota" value="<? if (!empty($v_quota)) {echo htmlentities(trim($v_quota, "'"));} else { echo "0"; } ?>">
-                                <img class="fas fa-infinity unlim-trigger" id="unlim-quota"/>
+                                <i class="unlim-trigger fas fa-infinity" id="unlim-quota"></i>
                             </td>
                         </tr>
                         <tr>

web/templates/admin/edit_user.html

@@ -73,9 +73,20 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">
+                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>"><br />
+                                    <meter max="4" id="meter"></meter>
                                 </td>
                             </tr>
+                            <tr>
+                                <td class="vst-text">
+                                    <?php print('Your password must have at least');?>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
+                                </td>
+                            </tr>                            
                             <tr>
                                 <td>
                                     <label><input type="checkbox" class="vst-checkbox password-option" name="v_twofa" <?php if(!empty($v_twofa)) echo "checked=yes" ?>> <?php print __('Enable 2FA');?></label>

web/templates/header.html

@@ -4,11 +4,11 @@
   <meta charset="utf-8">
   <link rel="icon" href="/images/favicon.ico" type="image/x-icon">
   <title><?php echo $_SERVER['HTTP_HOST']; ?> - <?=__($TAB)?> - <?=__('Hestia Control Panel');?></title>
-  <link type="text/css" rel="stylesheet" href="/css/styles.min.css?1446554106" />
+  <link type="text/css" rel="stylesheet" href="/css/styles.min.css?<?php echo JS_LATEST_UPDATE; ?>" />
   <link type="text/css" rel="stylesheet" href="/css/active-theme.css?<?php echo rand(); ?>" />
-  <link type="text/css" href="/css/animate.min.css?1446554103" rel="stylesheet" />
-  <link type="text/css" href="/css/jquery-custom-dialogs.css?1446554103" rel="stylesheet" />
-  <link type="text/css" href="/css/all.min.css?1446554103" rel="stylesheet" />
+  <link type="text/css" href="/css/animate.min.css?<?php echo JS_LATEST_UPDATE; ?>" rel="stylesheet" />
+  <link type="text/css" href="/css/jquery-custom-dialogs.css?<?php echo JS_LATEST_UPDATE; ?>" rel="stylesheet" />
+  <link type="text/css" href="/css/all.min.css?<?php echo JS_LATEST_UPDATE; ?>" rel="stylesheet" />
   <script src="/inc/jquery/jquery-3.4.1.min.js"></script>
   <script>
     //

web/templates/user/edit_user.html

@@ -73,9 +73,20 @@
                             </tr>
                             <tr>
                                 <td>
-                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>">
+                                    <input type="text" size="20" class="vst-input password" name="v_password" value="<?=htmlentities(trim($v_password, "'"))?>"><br />
+                                    <meter max="4" id="meter"></meter>       
                                 </td>
                             </tr>
+                            <tr>
+                                <td class="vst-text">
+                                    <?php print('Your password must have at least');?>
+                                    <ul>
+                                        <li><?php print('8 characters long');?></li>
+                                        <li><?php print('1 uppercase & 1 lowercase character');?></li>
+                                        <li><?php print('1 number');?></li>
+                                    </ul>
+                                </td>
+                            </tr>                            
                             <tr>
                                 <td>
                                     <label><input type="checkbox" class="vst-checkbox password-option" name="v_twofa" <?php if(!empty($v_twofa)) echo "checked=yes" ?>> <?php print __('Enable 2FA');?></label>