Merge branch 'main' into nginx-agents

CHANGELOG.md

@@ -4,10 +4,13 @@ All notable changes to this project will be documented in this file.
 ## [1.4.4] - Service release
 
 ### Features
+
 - Add nginx user_agent separation to desktop/mobile (e.g. for fastcgi cache)
 
 ### Bugfixes
 
+- Add template for when webmail is disabled allowing to generate SSL. 
+
 ## [1.4.3] - Service release
 
 ### Features

bin/v-add-mail-domain-webmail

@@ -60,7 +60,7 @@ check_args '2' "$#" 'USER DOMAIN [WEBMAIL] [RESTART]'
 is_format_valid 'user' 'domain'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$IMAP_SYSTEM" 'IMAP_SYSTEM'
-is_type_valid "$WEBMAIL_SYSTEM" "$webmail"
+is_type_valid "$WEBMAIL_SYSTEM disabled" "$webmail"
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"
@@ -126,11 +126,16 @@ else
         if [ "$WEB_SYSTEM" = "nginx" ]; then
             WEBMAIL_TEMPLATE="web_system"
         fi
-    else
+    elif [ "$webmail" == "rainloop" ]; then
         WEBMAIL_TEMPLATE="rainloop"
         if [ ! -z "$PROXY_SYSTEM" ]; then
             PROXY_TEMPLATE="default_rainloop"
         fi
+    else
+        WEBMAIL_TEMPLATE="disabled"
+        if [ ! -z "$PROXY_SYSTEM" ]; then
+            PROXY_TEMPLATE="disabled"
+        fi
     fi
     
     add_webmail_config "$WEB_SYSTEM" "${WEBMAIL_TEMPLATE}.tpl"

bin/v-delete-web-php

@@ -81,10 +81,11 @@ done
 # Do a blank echo to get the \n back
 echo
 
-# Check if installation was sucessfully
+# Check if installation was successfully
 if [ -f "$php_fpm" ]; then
     echo "ERROR: Uninstallation failed, please run the following command manually for debugging:"
     echo "apt-get purge $mph"
+    exit 1; 
 fi
 
 # Cleanup php folder

func/rebuild.sh

@@ -588,6 +588,11 @@ rebuild_mail_domain_conf() {
         if [ ! -e $HOMEDIR/$user/mail/$domain_idn ]; then
             mkdir "$HOMEDIR/$user/mail/$domain_idn"
         fi
+        
+        # Webamil client
+        if [ "$WEBAMIL" = '' ]; then
+           $HESTIA/bin/v-add-mail-domain-webmail $user $domain 'roundcube' 'no'
+        fi
 
         # Adding catchall email
         dom_aliases=$HOMEDIR/$user/conf/mail/$domain/aliases

install/deb/phpmyadmin/hestia-sso.php

@@ -74,35 +74,39 @@ class Hestia_API {
 
     function get_user_ip(){
         // Saving user IPs to the session for preventing session hijacking
-        $user_combined_ip = $_SERVER['REMOTE_ADDR'];
+        $user_combined_ip = array(); 
+        if($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']){
+            $user_combined_ip[] = $_SERVER['REMOTE_ADDR'];
+        }
         if(isset($_SERVER['HTTP_CLIENT_IP'])){
             $user_combined_ip .=  '|'. $_SERVER['HTTP_CLIENT_IP'];
         }
         if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED_FOR']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_X_FORWARDED_FOR'];
+                $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED_FOR'];
             }
         }
         if(isset($_SERVER['HTTP_FORWARDED_FOR'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED_FOR']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_FORWARDED_FOR'];
+                $user_combined_ip[] = $_SERVER['HTTP_FORWARDED_FOR'];
             }
         }
         if(isset($_SERVER['HTTP_X_FORWARDED'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_X_FORWARDED'];
+               $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED'];
             }
-        }        if(isset($_SERVER['HTTP_FORWARDED'])){
+        }        
+        if(isset($_SERVER['HTTP_FORWARDED'])){
             if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED']){
-                $user_combined_ip .=  '|'. $_SERVER['HTTP_FORWARDED'];
+                $user_combined_ip[] =  '|'. $_SERVER['HTTP_FORWARDED'];
             }
         }
         if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){
             if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){
-              $user_combined_ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
+              $user_combined_ip[] = $_SERVER['HTTP_CF_CONNECTING_IP'];
             }
         }
-        return $user_combined_ip;
+        return implode($user_combined_ip,'|');
     }
 }
 

install/deb/templates/mail/apache2/disabled.stpl

@@ -0,0 +1,22 @@
+<VirtualHost %ip%:%web_ssl_port%>
+    ServerName %domain_idn%
+    ServerAlias %alias%
+    Alias / /var/lib/roundcube/
+    Alias /error/ %home%/%user%/web/%root_domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    
+    SSLEngine on
+    SSLVerifyClient none
+    SSLCertificateFile         %home%/%user%/conf/mail/%root_domain%/ssl/%root_domain%.crt
+    SSLCertificateKeyFile      %home%/%user%/conf/mail/%root_domain%/ssl/%root_domain%.key
+    
+    <Directory /var/www/html>
+        Options +FollowSymLinks
+        AllowOverride All
+        order allow,deny
+        allow from all
+    </Directory>
+
+    IncludeOptional %home%/%user%/conf/mail/%root_domain%/%web_system%.ssl.conf_*
+
+</VirtualHost>

install/deb/templates/mail/apache2/disabled.tpl

@@ -0,0 +1,17 @@
+<VirtualHost %ip%:%web_port%>
+    ServerName %domain_idn%
+    ServerAlias %alias%
+    Alias / /var/lib/roundcube/
+    Alias /error/ %home%/%user%/web/%root_domain%/document_errors/
+    #SuexecUserGroup %user% %group%
+    
+    SSLEngine on
+    SSLVerifyClient none
+    
+    <Directory /var/www/html>
+        Options +FollowSymLinks
+        AllowOverride All
+        order allow,deny
+        allow from all
+    </Directory>
+</VirtualHost>

install/deb/templates/mail/nginx/default_disabled.stpl

@@ -0,0 +1,33 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        /var/lib/roundcube;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate     %ssl_pem%;
+    ssl_certificate_key %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+    location / {
+        try_files $uri $uri/ =404;
+        alias /var/www/html;
+    }
+
+    location /error/ {
+        alias /var/www/document_errors/;
+    }
+	
+    location @fallback {
+        proxy_pass https://%ip%:%web_ssl_port%;
+    }
+
+    include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.conf_*;
+}

install/deb/templates/mail/nginx/default_disabled.tpl

@@ -0,0 +1,33 @@
+server {
+    listen      %ip%:%proxy_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        /var/lib/roundcube;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+    
+    ssl_certificate     %ssl_pem%;
+    ssl_certificate_key %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+    
+    location / {
+        try_files $uri $uri/ =404;
+        alias /var/www/html;
+    }
+    
+    location /error/ {
+        alias /var/www/document_errors/;
+    }
+    
+    location @fallback {
+        proxy_pass https://%ip%:%web_ssl_port%;
+    }
+    
+    include %home%/%user%/conf/mail/%root_domain%/%proxy_system%.conf_*;
+}

install/deb/templates/mail/nginx/disabled.stpl

@@ -0,0 +1,30 @@
+server {
+    listen      %ip%:%web_ssl_port% ssl http2;
+    server_name %domain_idn% %alias_idn%;
+    root        /var/www/html;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+
+    ssl_certificate     %ssl_pem%;
+    ssl_certificate_key %ssl_key%;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    location ~ /\.(?!well-known\/) {
+    deny all;
+    return 404;
+    }
+    
+    
+    location / {
+    try_files $uri $uri/ =404;
+    }
+    
+    location /error/ {
+    alias /var/www/document_errors/;
+    }
+
+
+    include %home%/%user%/conf/mail/%root_domain%/%web_system%.conf_*;
+}

install/deb/templates/mail/nginx/disabled.tpl

@@ -0,0 +1,26 @@
+server {
+    listen      %ip%:%web_port%;
+    server_name %domain_idn% %alias_idn%;
+    root        /var/www/html;
+    index       index.php index.html index.htm;
+    access_log /var/log/nginx/domains/%domain%.log combined;
+    error_log  /var/log/nginx/domains/%domain%.error.log error;
+
+    include %home%/%user%/conf/mail/%root_domain%/nginx.forcessl.conf*;
+
+    location ~ /\.(?!well-known\/) {
+        deny all;
+        return 404;
+    }
+
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    location /error/ {
+        alias /var/www/document_errors/;
+    }
+	
+    include %home%/%user%/conf/mail/%root_domain%/%web_system%.conf_*;
+}

install/hst-install-debian.sh

@@ -1757,8 +1757,8 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
 fi
 
 if [ "$exim" = 'yes' ]; then
-# Set HELO for IP as it didn't set during v-change-sys-hostname
-$HESTIA/bin/v-change-sys-ip-helo $ip $servername
+    # Set HELO for IP as it didn't set during v-change-sys-hostname
+    $HESTIA/bin/v-change-sys-ip-helo $local_ip $servername
 fi
 
 # Configuring libapache2-mod-remoteip

install/hst-install-ubuntu.sh

@@ -1789,8 +1789,8 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then
 fi
 
 if [ "$exim" = 'yes' ]; then
-# Set HELO for IP as it didn't set during v-change-sys-hostname
-$HESTIA/bin/v-change-sys-ip-helo $ip $servername
+    # Set HELO for IP as it didn't set during v-change-sys-hostname
+    $HESTIA/bin/v-change-sys-ip-helo $local_ip $servername
 fi
 
 # Configuring libapache2-mod-remoteip

install/upgrade/versions/1.4.4.sh

@@ -1,4 +1,3 @@
-
 #!/bin/bash
 
 # Hestia Control Panel upgrade script for target version 1.4.4
@@ -7,5 +6,13 @@
 #######                      Place additional commands below.                   #######
 #######################################################################################
 
+
 #Add nginx user_agent separation to desktop/mobile
 cp -f $HESTIA_INSTALL_DIR/nginx/agents.conf /etc/nginx/conf.d/
+
+# Reset PMA SSO to fix bug with Nginx + Apache2 
+if [ "$PHPMYADMIN_KEY" != "" ]; then
+    echo "[ * ] Refressh hestia-sso for PMA..."
+    $BIN/v-delete-sys-pma-sso 
+    $BIN/v-add-sys-pma-sso 
+fi

web/inc/main.php

@@ -225,17 +225,15 @@ function humanize_time($usage) {
     if ( $usage > 60 ) {
         $usage = $usage / 60;
         if ( $usage > 24 ) {
-            $usage = $usage / 24;
-            $usage = number_format($usage);
-            $usage .= ' ' . _('day' . ($usage != 1) ?: 's');
+             $usage = $usage / 24;
+             $usage = number_format($usage);
+             return sprintf(ngettext('%d day', '%d days', $usage), $usage);
         } else {
-            $usage = number_format($usage);
-            $usage .= ' ' . _('hour' . ($usage != 1) ?: 's');
+            return sprintf(ngettext('%d hour', '%d hours', $usage), $usage);
         }
     } else {
-        $usage .= ' ' . _('minute' . ($usage != 1) ?: 's');
+        return sprintf(ngettext('%d minute', '%d minutes', $usage), $usage);
     }
-    return $usage;
 }
 
 function humanize_usage_size($usage) {
@@ -269,7 +267,7 @@ function humanize_usage_measure($usage) {
     } else {
         $measure = 'mb';
     }
-    return _($measure);
+    return $measure;
 }
 
 function get_percentage($used,$total) {

web/login/index.php

@@ -6,13 +6,13 @@ include($_SERVER['DOCUMENT_ROOT'] . '/inc/main.php');
 
 $TAB = 'login';
 
-/*
-// Logout
+
 if (isset($_GET['logout'])) {
-    setcookie('limit2fa','',time() - 3600,"/");
+    unset($_SESSION);
+    session_unset();
     session_destroy();
+    header('Location: /login/');
 }
-*/
 
 /* ACTIONS FOR CURRENT USER SESSION */
 if (isset($_SESSION['user'])) {

web/templates/pages/add_mail.html

@@ -93,13 +93,13 @@
 										<select class="vst-list" name="v_webmail" tabindex="6">
 											<?php foreach ($webmail_clients as $client){
 												echo "\t\t\t\t<option value=\"".htmlentities($client)."\"";
-												if ((!empty($v_webmail)) && ( $v_webmail == $client )) {
+												if (( $v_webmail == $client )) {
 													echo ' selected' ;
 												}
 												echo ">".htmlentities(ucfirst($client))."</option>\n";
 												}
 											?>
-											<option value="" <?php if(empty($v_webmail)){ echo "selected";}?>><?=_('Disabled');?></option>
+											<option value="" <?php if (empty($v_webmail) || $v_webmail == 'disabled' ){ echo "selected";}?>><?=_('Disabled');?></option>
 										</select>
 									</td>
 								</tr>

web/templates/pages/edit_mail.html

@@ -76,13 +76,13 @@
 								<select class="vst-list" name="v_webmail" tabindex="6">
 									<?php foreach ($webmail_clients as $client){
 										echo "\t\t\t\t<option value=\"".htmlentities($client)."\"";
-										if ((!empty($v_webmail)) && ( $v_webmail == $client )) {
+										if (( $v_webmail == $client )) {
 											echo ' selected' ;
 										}
 										echo ">".htmlentities(ucfirst($client))."</option>\n";
 										}
 									?>
-									<option value="" <?php if (empty($v_webmail)){ echo "selected";}?>><?=_('Disabled');?></option>
+									<option value="disabled" <?php if ( empty($v_webmail) || ($v_webmail == 'disabled')) { echo "selected";}?>><?=_('Disabled');?></option>
 								</select>
 							</td>
 						</tr>

web/templates/pages/list_log.html

@@ -7,14 +7,14 @@
 			<?php } else if (($_SESSION['userContext'] === 'admin') && (htmlentities($_GET['user']) === 'system')) { ?>
 				<a href="/list/server/" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 			<?php } else { ?>
-				<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user']))) && (htmlentities($_GET['user']) !== 'admin')) { ?>
+				<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
 					<a href="/edit/user/?user=<?=htmlentities($_GET['user']); ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 				<?php } else { ?>
 					<a href="/edit/user/?user=<?=$user;?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 				<?php } ?>
 			<?php } ?>
 			<?php if (($_SESSION['userContext'] === 'admin') && (htmlentities($_GET['user']) !== 'admin')) { ?>
-				<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user']))) && (htmlentities($_GET['user']) !== 'admin')) { ?>
+				<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && (htmlentities($_GET['user']) !== 'admin')) { ?>
 					<?php if (htmlentities($_GET['user']) !== 'system') {?>
 						<a href="/list/log/auth/?user=<?=htmlentities($_GET['user']); ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr" title="<?=_('Login history');?>"><i class="fas fa-binoculars status-icon green"></i><?=_('Login history');?></a>
 					<?php } ?>
@@ -35,7 +35,7 @@
 					<div class="actions-panel display-inline-block" key-action="js">
 						<a class="data-controls do_delete ui-button danger cancel">
 							<i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete');?>
-							<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user'])))) {?>
+							<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user']))) {?>
 								<input type="hidden" name="delete_url" value="/delete/log/?user=<?=htmlentities($_GET['user']);?>&token=<?=$_SESSION['token']?>" />
 							<?php } else { ?>
 								<input type="hidden" name="delete_url" value="/delete/log/?token=<?=$_SESSION['token']?>" />

web/templates/pages/list_log_auth.html

@@ -2,7 +2,7 @@
 <div class="l-center">
 	<div class="l-sort clearfix noselect">
 		<div class="l-unit-toolbar__buttonstrip">
-			<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user']))) && (htmlentities($_GET['user']) !== 'admin')) { ?>
+			<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && (htmlentities($_GET['user']) !== 'admin')) { ?>
 				<a href="/list/log/?user=<?=htmlentities($_GET['user']); ?>&token=<?=$_SESSION['token']?>" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
 			<?php } else { ?>
 				<a href="/list/log/" id="btn-back" class="ui-button cancel" dir="ltr"><i class="fas fa-arrow-left status-icon blue"></i><?=_('Back');?></a>
@@ -17,7 +17,7 @@
 					<div class="actions-panel display-inline-block" key-action="js">
 						<a class="data-controls do_delete ui-button danger cancel">
 							<i class="do_delete fas fa-times-circle status-icon red"></i><?=_('Delete');?>
-							<?php if (($_SESSION['userContext'] === 'admin') && (isset(htmlentities($_GET['user'])))) {?>
+							<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user']))) {?>
 								<input type="hidden" name="delete_url" value="/delete/log/auth/?user=<?=htmlentities($_GET['user']);?>&token=<?=$_SESSION['token']?>" />
 							<?php } else { ?>
 								<input type="hidden" name="delete_url" value="/delete/log/auth/?token=<?=$_SESSION['token']?>" />

web/templates/pages/list_mail_dns.html

@@ -38,7 +38,7 @@
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>A</b></div>
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>0</b></div>
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>14400</b></div>
-			<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=array_key_first($ips);?>" /></b></div>
+			<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=(empty($ips[array_key_first($ips)]['NAT'])) ?  array_key_first($ips) : $ips[array_key_first($ips)]['NAT'];?>" /></b></div>
 		</div>
 	</div>
     <div class="l-unit animated fadeIn">
@@ -57,7 +57,7 @@
 				<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>A</b></div>
 				<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>&nbsp;</b></div>
 				<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>14400</b></div>
-				<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=array_key_first($ips);?>" /></b></div>
+				<div class="clearfix l-unit__stat-col--left wide-3"><b><input type="text" class="vst-input" value="<?=(empty($ips[array_key_first($ips)]['NAT'])) ?  array_key_first($ips) : $ips[array_key_first($ips)]['NAT'];?>" /></b></div>
 			</div>
 		</div>
 	<?php } ?>
@@ -67,7 +67,8 @@
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>TXT</b></div>
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>&nbsp;</b></div>
 			<div class="clearfix l-unit__stat-col--left text-center step-top-small"><b>14400</b></div>
-			<div class="clearfix l-unit__stat-col--left  wide-3 "><b><input type="text" class="vst-input" value="<?=htmlspecialchars('v=spf1 a mx ip4:'.array_key_first($ips).'; -all');?>" /></b></div>
+            <?php $ip = (empty($ips[array_key_first($ips)]['NAT'])) ?  array_key_first($ips) : $ips[array_key_first($ips)]['NAT'];?>
+			<div class="clearfix l-unit__stat-col--left  wide-3 "><b><input type="text" class="vst-input" value="<?=htmlspecialchars('v=spf1 a mx ip4:'.$ip.'; -all');?>" /></b></div>
 		</div>
 	</div>
     <div class="l-unit animated fadeIn">

web/templates/pages/login/login_1.html

@@ -41,7 +41,7 @@
 									<tr>
 										<td style="padding: 0 0 5px 0;">
 											<button tabindex="3" type="submit" class="button"><?=_('Login');?>&nbsp;&nbsp;&nbsp;<i class="fas fa-sign-in-alt"></i></button>&nbsp;&nbsp;
-											<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/'">
+											<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/?logout=true'">
 										</td>
 									</tr>
 								</table>

web/templates/pages/login/login_2.html

@@ -38,7 +38,8 @@
 									</tr>
 									<tr>
 										<td style="padding: 0 0 5px 0;">
-											<button tabindex="3" type="submit" class="button"><?=_('Login');?>&nbsp;&nbsp;&nbsp;<i class="fas fa-sign-in-alt"></i></button>
+											<button tabindex="3" type="submit" class="button"><?=_('Login');?>&nbsp;&nbsp;&nbsp;<i class="fas fa-sign-in-alt"></i></button>&nbsp;&nbsp;
+                                            <input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/?logout'">
 										</td>
 									</tr>
 								</table>

web/templates/pages/login/reset2fa.html

@@ -52,7 +52,7 @@
 										<tr>
 											<td style="padding: 20px 0 12px 0;">
 												<input tabindex="2" type="submit" value="<?=_('Submit');?>" class="button">&nbsp;&nbsp;
-												<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/'">
+												<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/?logout'">
 											</td>
 										</tr>
 									</table>

web/templates/pages/login/reset_1.html

@@ -38,7 +38,7 @@
 									<tr>
 										<td style="padding: 20px 0 12px 0;">
 											<input tabindex="2" type="submit" value="<?=_('Submit');?>" class="button">&nbsp;&nbsp;
-											<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/'">
+											<input type="button" class="button cancel" value="<?=_('Back');?>" onclick="location.href='/login/?logout'">
 										</td>
 									</tr>
 								</table>