Merge branch 'main' into feature/427-redirect

CHANGELOG.md

@@ -3,17 +3,70 @@ All notable changes to this project will be documented in this file.
 
 ## [DEVELOPMENT]
 ### Features
-- Introduced support for PHPmyAdmin Single Sign On
+- Introduced single sign-on support for phpMyAdmin.
+- Introduced support for NGINX FastCGI cache.
+- Introduced support for SMTP Relay / smarthosts (server-wide or per-domain).
+- Introduced the ability to choose which webmail client to use per-domain (Roundcube or Rainloop).
+- Added B2 Backup Support for Remote Backup Location - thanks **@rez0n**!
+- Added template support for osTicket - thanks **@madito**!
+- Packages for phpMyAdmin, Roundcube, and Rainloop will be pulled directly from their upstream source instead of APT for new installations.
+- Added DNS records view to mail domains which provides DKIM, SPF, and other entries to use with an external provider.
+- Added an upgrade script to provide in-place upgrades to php7.4 (or any other version).
+
 
 ### Bugfixes
-- Fixed an issue where user name was duplicated when editing FTP users (#1411)
+- Fixed an issue where user name was duplicated when editing FTP users. (#1411)
 - Fixed an issue where the iptables service would appear to be in a stopped state when fail2ban is stopped. (#1374)
 - Fixed an issue where the default language value was incorrectly set under Server Settings > Configure.
 - Fixed an issue with the dark theme where available updates were incorrectly displayed.
 - Fixed an issue where local and FTP backup files were not deleted when running `v-delete-user-backup`. (#1421)
-- Fixed an issue where IP addresses could not be deleted (#1423)
-- Improvements have been made to the API's error handling - thanks **@danielalexis**!
-- ZSTD Compression has been made multi-threaded.
+- Fixed an issue where IP addresses could not be deleted. (#1423)
+- Fixed an issue where `v-rebuild-user` would incorrectly rebuild domain items in addition to user account configuration.
+- Fixed an issue which caused a web domain's custom document root value to be lost when restoring from backup.
+- Fixed an issue which caused a `NSPOSIXErrorDomain:100` error when using Safari/iOS (thanks **@stsimb**).
+- Fixed an issue where exim ignored the configured mail quota limit.
+- Fixed an issue where invalid character validation was performed when editing mail auto replies.
+- Fixed an issue which caused Let's Encrypt to fail when using the Moodle template (thanks **@ArturoBlanco**).
+- Fixed an issue where the MySQL `wait_timeout` value was not saved due to wrong regexp attribute (thanks **@guicapanema**).
+- Fixed an issue where nginx web statistics authorization file was placed in the wrong directory.
+- Fixed several small issues that were reported when using PostgreSQL.
+- Improved reliability of mail domains and webmail clients.
+- Improved reliability of service restarts during upgrades.
+- Improved compatibility with Blesta / WHMCS plugins.
+- Improved API error handling routines - thanks **@danielalexis**!
+- Improved backup performance through the use of multi-threading when creating archives using the `zstd` compression type.
+- Improved error handling when creating firewall rules.
+- Improved handling of suspended users and domains to allow deletion without unsuspension.
+- Improved dependencies over package control to install `lsb-release` and `zstd`.
+- Improved SFTP connection handling to be case insensitive (thanks **@lazzurs**).
+- Improved domain validation to prevent creating subdomains when the top-level domain belongs to another account (thanks **@KuJoe** and **@sickcodes**).
+- Improved IDN domain handling to resolve issues with Let's Encrypt SSL and mail domain services.
+- Added private folder to openbasedir permissions for all main templates.
+- Disabled changing backup folder via Web UI because it used symbolic link instead of mount causing issues with restore mail / user files.
+- Fixed XSS vulnerability in `v-add-sys-ip` and user history log (thanks **@numanturle**).
+- Fixed remote code execution vulnerability which could occur when deleting SSH keys (thanks **@numanturle**).
+
+## [1.3.5] - Service Release
+### Features
+- No new features have been introduced in this release.
+
+### Bugfixes
+- Updated APT repository key for PHP from packages.sury.org (https://forum.hestiacp.com/t/apt-upgrade-failed-gpg-error-packages-sury-org)
+- Updated phpMyAdmin to v5.1.0.
+
+## [1.3.4] - Service Release
+### Features
+- No new features have been introduced in this release.
+
+### Bugfixes
+- Fixed xss vulnerability in v-add-sys-ip and user history log (thanks **@numanturle**)
+- Fixed remote execution possibility when deleting ssh key (thanks **@numanturle**)
+
+## [1.3.3] - Service Release
+### Bugfixes
+- Improved if web folder already exists and do not follow symlink on chmod (thanks @0xGsch and @kikoas1995).
+- Improved api key authentification to prevent brute force attacks.
+- Improved ssh keys folder permission to prevent unauthorized access.
 
 ## [1.3.2] - Service Release
 ### Features

README.md

@@ -2,7 +2,7 @@
 
 [Hestia Control Panel](https://www.hestiacp.com/)
 ==================================================
-**Latest stable release:** Version 1.3.2 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
+**Latest stable release:** Version 1.3.5 | [View Changelog](https://github.com/hestiacp/hestiacp/blob/release/CHANGELOG.md)<br>
 
 **Web:** [www.hestiacp.com](https://www.hestiacp.com/)<br>
 **Documentation:** [docs.hestiacp.com](https://docs.hestiacp.com/)<br>

bin/v-add-backup-host

@@ -49,7 +49,7 @@ sftpc() {
         set count 0
         spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
         expect {
-            "password:" {
+            -nocase "password:" {
                 send "$password\r"
                 exp_continue
             }

bin/v-add-dns-domain

@@ -38,6 +38,7 @@ source $HESTIA/conf/hestia.conf
 # Additional argument formatting
 format_domain
 format_domain_idn
+domain_utf=$(idn -t --quiet -u "$domain_idn")
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -48,11 +49,22 @@ is_format_valid 'user' 'domain' 'ip'
 is_system_enabled "$DNS_SYSTEM" 'DNS_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
-is_domain_new 'dns' "$domain"
+
+if [ "$($BIN/v-list-dns-domain $user $domain_utf plain |cut -f 1) " != "$domain" ]; then
+    is_domain_new 'dns' "$domain_utf"
+fi
+if [ "$($BIN/v-list-dns-domain $user $domain_idn plain |cut -f 1) " != "$domain" ]; then
+    is_domain_new 'dns' "$domain_idn"
+else
+    is_domain_new 'dns' "$domain"
+fi
+
 is_package_full 'DNS_DOMAINS'
 template=$(get_user_value '$DNS_TEMPLATE')
 is_dns_template_valid $template
 
+is_base_domain_owner "$domain"
+
 if [ ! -z "$ns1" ]; then
     ns1=$(echo $4 |sed -e 's/\.*$//g' -e 's/^\.*//g')
     is_format_valid 'ns1'

bin/v-add-dns-record

@@ -50,6 +50,11 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
     fi
 fi
 
+if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
+    dvalue=$(idn -t --quiet -a "$dvalue" )
+    record=$(idn -t --quiet -a "$record" )
+fi
+
 # Cleanup quotes on dvalue
 # - [CAA] records will be left unchanged
 # - [SRV] will be  stripped of double quotes even when  containg spaces

bin/v-add-letsencrypt-domain

@@ -109,18 +109,16 @@ debug_log() {
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-
-
-
 # Generate correct variables for mail domain SSL certificates
 if [ ! -z "$mail" ]; then
     root_domain=$domain
     domain="mail.$root_domain"
-    webmail=$(get_object_value "mail" "$domain" '$WEBMAIL');
+    webmail=$(get_object_value "mail" "DOMAIN" "$root_domain" '$WEBMAIL');
     if [ ! -z "$webmail" ]; then
         aliases="$WEBMAIL_ALIAS.$root_domain"
     fi

bin/v-add-mail-domain

@@ -36,7 +36,7 @@ fi
 # Additional argument formatting
 format_domain
 format_domain_idn
-
+domain_utf=$(idn -t --quiet -u "$domain_idn")
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -47,10 +47,21 @@ is_format_valid 'user' 'domain' 'antispam' 'antivirus' 'dkim' 'dkim_size'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
-is_domain_new 'mail' "$domain"
+
+if [ "$($BIN/v-list-mail-domain $user $domain_utf plain |cut -f 1) " != "$domain" ]; then
+    is_domain_new 'mail' "$domain_utf"
+fi
+if [ "$($BIN/v-list-mail-domain $user $domain_idn plain |cut -f 1) " != "$domain" ]; then
+    is_domain_new 'mail' "$domain_idn"
+else
+    is_domain_new 'mail' "$domain"
+fi
+
 is_package_full 'MAIL_DOMAINS'
 is_dir_symlink $HOMEDIR/$user/mail
 
+is_base_domain_owner "$domain"
+
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 
@@ -104,23 +115,6 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
         echo "$local_ip" > $HOMEDIR/$user/conf/mail/$domain/ip
     fi
 
-    # Touch mailhelo.conf if it doesnt exist
-    if [ ! -f "/etc/exim4/mailhelo.conf" ]; then
-        touch /etc/exim4/mailhelo.conf
-    fi
-
-    # Setting HELO for mail domain
-    if [ ! -z "$local_ip" ]; then
-        IP_RDNS=$(is_ip_rdns_valid "$local_ip")
-        if [ ! -z "$IP_RDNS" ]; then
-            if [ $(grep -s "^${domain}:" /etc/exim4/mailhelo.conf) ]; then
-                sed -i "/^${domain}:/c\\${domain}:${IP_RDNS}" /etc/exim4/mailhelo.conf
-            else
-                echo ${domain}:${IP_RDNS} >> /etc/exim4/mailhelo.conf
-            fi
-        fi        
-    fi
-
     # Adding antispam protection
     if [ "$antispam" = 'yes' ]; then
         touch $HOMEDIR/$user/conf/mail/$domain/antispam
@@ -169,7 +163,7 @@ fi
 # Add webmail configuration to mail domain
 if [ ! -z "$WEB_SYSTEM" ] || [ ! -z "$PROXY_SYSTEM" ]; then
     if [ ! -z "$IMAP_SYSTEM" ]; then
-        $BIN/v-add-sys-webmail $user $domain '' '' ''
+        $BIN/v-add-sys-webmail $user $domain '' 'no'
     fi
 fi
     

bin/v-add-sys-filemanager

@@ -13,14 +13,14 @@
 # Includes
 source $HESTIA/func/main.sh
 source $HESTIA/conf/hestia.conf
+source $HESTIA/install/upgrade/upgrade.conf
 
 MODE=$1
 user="admin"
 
 FM_INSTALL_DIR="$HESTIA/web/fm"
-FM_V="7.4.1"
-FM_FILE="filegator_v${FM_V}.zip"
-FM_URL="https://github.com/filegator/filegator/releases/download/v${FM_V}/${FM_FILE}"
+FM_FILE="filegator_v${fm_v}.zip"
+FM_URL="https://github.com/filegator/filegator/releases/download/v${fm_v}/${FM_FILE}"
 COMPOSER_BIN="$HOMEDIR/$user/.composer/composer"
 
 

bin/v-add-sys-ip

@@ -1,7 +1,7 @@
 #!/bin/bash
 # info: add system ip address
-# options: IP NETMASK [INTERFACE] [USER] [IP_STATUS] [IP_NAME] [NAT_IP]
-# labels: 
+# options: IP NETMASK [INTERFACE] [USER] [IP_STATUS] [IP_NAME] [NAT_IP] [HELO]
+# labels:
 #
 # example: v-add-sys-ip 216.239.32.21 255.255.255.0
 #
@@ -28,6 +28,7 @@ user="${4-admin}"
 ip_status="${5-shared}"
 ip_name=$6
 nat_ip=$7
+helo=$8
 
 # Includes
 source $HESTIA/func/main.sh
@@ -40,8 +41,8 @@ source $HESTIA/conf/hestia.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'IP NETMASK [INTERFACE] [USER] [STATUS] [NAME] [NATED_IP]'
-is_format_valid 'ip' 'netmask' 'interface' 'user' 'ip_status'
+check_args '2' "$#" 'IP NETMASK [INTERFACE] [USER] [STATUS] [NAME] [NATED_IP] [HELO]'
+is_format_valid 'ip' 'netmask' 'iface' 'user' 'ip_status'
 is_ip_free
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
@@ -112,6 +113,7 @@ U_WEB_DOMAINS='0'
 INTERFACE='$iface'
 NETMASK='$netmask'
 NAT='$nat_ip'
+HELO='$helo'
 TIME='$time'
 DATE='$date'" > $HESTIA/data/ips/$ip
 chmod 660 $HESTIA/data/ips/$ip
@@ -213,6 +215,11 @@ if [ ! -z "$FIREWALL_SYSTEM" ]; then
     $BIN/v-update-firewall
 fi
 
+# Update ip helo for exim
+if [ ! -z "$MAIL_SYSTEM" ] && [ ! -z "$helo"]; then
+    $BIN/v-change-sys-ip-helo $ip $helo
+fi
+
 # Logging
 log_history "added system ip address $ip" '' 'admin'
 log_event "$OK" "$ARGUMENTS"

bin/v-add-sys-rainloop

@@ -14,7 +14,7 @@ source $HESTIA/func/main.sh
 source $HESTIA/conf/hestia.conf
 source $HESTIA/install/upgrade/upgrade.conf
 
-MODE=$2
+MODE=$1
 UPDATE="no"
 # Version and Download paths
 # Version to be moved to upgrade script
@@ -54,7 +54,7 @@ fi
 if [ -f "/var/lib/rainloop/data/VERSION" ]; then
     version=$(cat $RL_INSTALL_DIR/data/VERSION);
     if [ "$version" == "$rl_v" ]; then
-        echo "Error: Installed version ($version) is equal as the availble version ($rc_v)"
+        echo "Error: Installed version ($version) is equal as the availble version ($rl_v)"
         exit 2;
     else 
         UPDATE="yes"
@@ -88,7 +88,7 @@ if [ "$UPDATE" == "no" ]; then
     echo "Password: $admin_password" >> ~/.rainloop
     echo "Secret key: admin_$key" >> ~/.rainloop
     
-    unzip -q $RL_FILE
+    unzip -q ${RL_INSTALL_DIR}/${RL_FILE}
     
     mv ./data $RL_CONFIG_DIR/
     ln -s $RL_CONFIG_DIR/data/ ./data
@@ -151,8 +151,17 @@ if [ "$UPDATE" == "no" ]; then
 
 else
    [ ! -f "${RC_INSTALL_DIR}/${RC_FILE}" ] && wget "$RL_URL" --quiet -O "${RL_INSTALL_DIR}/${RL_FILE}"
-   unzip -q -o $RL_FILE
-   rm $RL_INSTALL_DIR/$RL_FILE
+   version=$(cat $RL_INSTALL_DIR/data/VERSION);
+   
+   unzip -q -j rainloop-community-latest.zip "data/VERSION" -d $RL_INSTALL_DIR/ 
+   version_source=$(cat $RL_INSTALL_DIR/VERSION);
+   
+   # Check version inside .zip file in case hestia didn't update yet
+   if [ "$version" != "$version_source" ]; then 
+       unzip -q ${RL_INSTALL_DIR}/${RL_FILE}
+       rm $RL_INSTALL_DIR/$RL_FILE
+    fi
+    rm ${RL_INSTALL_DIR}/VERSION
 fi
 
 #----------------------------------------------------------#

bin/v-add-sys-roundcube

@@ -121,9 +121,8 @@ if [ "$UPDATE" == "no" ]; then
     chmod 751 $RC_LOG
     
     if [ ! -z "$(echo "$DB_SYSTEM" | grep -w 'mysql')" ]; then
-        # Remove the following 2 lines when going live
-        mysql -e "DROP DATABASE roundcube"
-        mysql -e "DROP USER roundcube@localhost"
+        mysql -e "DROP DATABASE IF EXISTS roundcube"
+        mysql -e "DROP USER IF EXISTS roundcube@localhost"
         mysql -e "CREATE DATABASE roundcube"
         # Mysql available on system
         r=$(generate_password)
@@ -192,4 +191,4 @@ fi
 
 
 log_history "Rouncube successfuly installed" '' 'admin'
-log_event "$OK" "$ARGUMENTS"
+log_event "$OK" "$ARGUMENTS"

bin/v-add-sys-theme

@@ -1,98 +0,0 @@
-#!/bin/bash
-# info: install theme from local source or GitHub.
-# options: THEME [MODE] [ACTIVE]
-# labels: hestia
-#
-# example: v-add-sys-theme myTheme local 
-#
-# The function for installing a custom theme or downloading one
-# from the HestiaCP theme repository.
-# For more info see https://docs.hestiacp.com/customize_hestia.html
-
-
-#----------------------------------------------------------#
-#                    Variable&Function                     #
-#----------------------------------------------------------#
-
-# Argument definition
-theme=$1
-mode=$2
-active=$3
-
-# Includes
-source $HESTIA/func/main.sh
-source $HESTIA/conf/hestia.conf
-
-# Define themes repository URL format
-HESTIA_THEMES_REPO="$HESTIA_GIT_REPO/$RELEASE_BRANCH/install/deb/themes"
-
-# Perform verification if read-only mode is enabled
-check_hestia_demo_mode
-
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-# Fallback to downloading from GitHub if no mode specified
-if [ -z "$mode" ]; then
-    mode="git"
-fi
-
-# Initialize local directory if it does not exist
-if [ ! -d "$HESTIA_THEMES_CUSTOM" ]; then
-    mkdir -p $HESTIA_THEMES_CUSTOM
-fi
-
-# Abort if no theme name specified
-if [ -z "$theme" ]; then
-    echo "ERROR: No theme name specified."
-    echo "Usage: v-add-sys-theme theme [GIT | LOCAL] [ACTIVE]"
-    echo "       theme: name of the theme to install."
-    echo "       active: Set downloaded theme as active (optional)"
-
-    exit 1
-fi
-
-# Check if theme name already exists as system theme
-if [ -e $HESTIA_THEMES/$theme.css ]; then
-    echo "ERROR: System theme with the same name already exists: $theme."
-    exit 1
-fi
-
-# Prompt to replace existing theme if detected
-if [ -e $HESTIA_THEMES_CUSTOM/$theme.css ]; then
-    echo "WARNING: Theme file $theme.css already exists."
-    read -p "Would you like to replace it? [Y/N] " replace_theme
-
-    if [ "$replace_theme" = "N" ] || [ "$replace_theme" = "n" ]; then
-        exit 1
-    fi
-fi
-
-# Install theme from GitHub repository
-if [ "$mode" = "git" ]; then
-    # Check if it's a valid file first
-    theme_check=$(curl -s --head -w %{http_code} $HESTIA_THEMES_REPO/$theme.css -o /dev/null)
-    if [ $theme_check -ne "200" ]; then
-        echo "Error: invalid theme name specified."
-        exit 1
-    fi
-
-    # Download the theme file from Git
-    echo "Downloading and installing theme: $theme..."
-    wget $HESTIA_THEMES_REPO/$theme.css -O $HESTIA_THEMES_CUSTOM/$theme.css > /dev/null 2>&1
-fi
-
-if [ "$mode" = "local" ]; then
-    read -p "Please enter the full path to the CSS file to import: " theme_path
-    cp -f $theme_path $HESTIA_THEMES_CUSTOM/
-fi
-
-# Set active theme
-$BIN/v-change-sys-theme $theme
-
-#----------------------------------------------------------#
-#                       Hestia                             #
-#----------------------------------------------------------#
-
-exit

bin/v-add-sys-webmail

@@ -1,12 +1,13 @@
 #!/bin/bash
 # info: add webmail support for a domain
-# options: USER DOMAIN WEBMAIL [RESTART] [QUIET]
+# options: USER DOMAIN [WEBMAIL] [RESTART] [QUIET]
 # labels: hestia
 #
 # example: v-add-sys-webmail user domain.com
+# example: v-add-sys-webmail user domain.com rainloop
+# example: v-add-sys-webmail user domain.com roundcube
 #
-# this function adds support for webmail services
-# to a mail domain.
+# this function enables webmail client for a mail domain.
 
 #----------------------------------------------------------#
 #                    Variable&Function                     #
@@ -30,8 +31,6 @@ if [[ "$domain" =~ .*\.$ ]]; then
     domain=$(echo "$domain" |sed -e "s/\.$//")
 fi
 
-domain_idn=$(idn -t --quiet -a "$domain")
-
 # Includes
 source $HESTIA/func/main.sh
 source $HESTIA/func/domain.sh
@@ -53,7 +52,7 @@ if [ -z "$webmail" ]; then
     done
 fi
 
-check_args '3' "$#" 'USER DOMAIN WEBMAIL [RESTART]'
+check_args '2' "$#" 'USER DOMAIN [WEBMAIL] [RESTART]'
 is_format_valid 'user' 'domain'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
 is_system_enabled "$IMAP_SYSTEM" 'IMAP_SYSTEM'
@@ -96,10 +95,10 @@ else
 
         if [ "$dns_domain" = "$domain" ]; then
             if [ -z "$webmail_record" ]; then
-                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip
+                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip '' '' $restart
             else
-                $BIN/v-delete-dns-record $user $domain $webmail_record
-                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip
+                $BIN/v-delete-dns-record $user $domain $webmail_record $restart
+                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip '' '' $restart
             fi
         fi
     fi

bin/v-add-user

@@ -115,6 +115,7 @@ mkdir $HOMEDIR/$user/.config \
       $HOMEDIR/$user/.cache \
       $HOMEDIR/$user/.local \
       $HOMEDIR/$user/.composer \
+      $HOMEDIR/$user/.vscode-server \
       $HOMEDIR/$user/.ssh \
       $HOMEDIR/$user/.npm
 
@@ -123,6 +124,7 @@ chown $user:$user \
       $HOMEDIR/$user/.cache \
       $HOMEDIR/$user/.local \
       $HOMEDIR/$user/.composer \
+      $HOMEDIR/$user/.vscode-server \
       $HOMEDIR/$user/.ssh \
       $HOMEDIR/$user/.npm
 

bin/v-add-web-domain

@@ -37,6 +37,7 @@ source $HESTIA/conf/hestia.conf
 format_domain
 format_domain_idn
 format_aliases
+domain_utf=$(idn -t --quiet -u "$domain_idn")
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -48,9 +49,21 @@ is_format_valid 'user' 'domain' 'aliases' 'ip' 'proxy_ext'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
-is_domain_new 'web' "$domain,$aliases"
+
+if [ "$($BIN/v-list-web-domain $user $domain_utf plain |cut -f 1) " != "$domain" ]; then
+    is_domain_new 'web' "$domain_utf,$aliases"
+fi
+if [ "$($BIN/v-list-web-domain $user $domain_idn plain |cut -f 1) " != "$domain" ]; then
+    is_domain_new 'web' "$domain_idn,$aliases"
+else
+    is_domain_new 'web' "$domain,$aliases"
+fi
+
 is_dir_symlink "$HOMEDIR/$user/web"
 is_dir_symlink "$HOMEDIR/$user/web/$domain"
+
+is_base_domain_owner "$domain,$aliases"
+
 if [ ! -z "$ip" ]; then
     is_ip_valid "$ip" "$user"
 else
@@ -68,6 +81,8 @@ check_hestia_demo_mode
 # Reading user values
 source $USER_DATA/user.conf
 
+[[ -e "$HOMEDIR/$user/web/$domain" ]] && check_result $E_EXISTS "Web domain folder for $domain should not exist"
+
 # Creating domain directories
 $BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain"
 $BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain/public_html"
@@ -94,10 +109,10 @@ done
 chown -R $user:$user $HOMEDIR/$user/web/$domain
 chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
 chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
-chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
-chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
-chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
-chown $user:www-data $HOMEDIR/$user/web/$domain/public_*html
+user_exec chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
+user_exec chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
+user_exec chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
+chown --no-dereference $user:www-data $HOMEDIR/$user/web/$domain/public_*html
 
 # Adding PHP-FPM backend
 if [ ! -z "$WEB_BACKEND" ]; then

bin/v-add-web-domain-alias

@@ -51,6 +51,8 @@ is_object_unsuspended 'web' 'DOMAIN' "$domain"
 is_domain_new 'web' "$aliases"
 is_package_full 'WEB_ALIASES'
 
+is_base_domain_owner "$aliases"
+
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 

bin/v-add-web-domain-allow-users

@@ -0,0 +1,67 @@
+#!/bin/bash
+# info: Alow other users create subdomains
+# options: USER DOMAIN
+# labels: web hestia
+#
+# example: v-add-web-domain-allow-users
+#
+# Disallow other users to create a new subdomain.
+# eg: admin adds admin.com
+# user can create user.admin.com
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+domain_idn=$2
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/func/ip.sh
+source $HESTIA/conf/hestia.conf
+
+# Additional argument formatting
+format_domain
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Load domain data
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+if [ -z "$ALLOW_USERS" ]; then
+    add_object_key "web" 'DOMAIN' "$domain" 'ALLOW_USERS' 'TIME'
+fi
+
+# Adding new alias
+update_object_value 'web' 'DOMAIN' "$domain" '$ALLOW_USERS' "yes"
+
+log_history "Allow users create subdomain for $domain"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-add-web-domain-ssl-force

@@ -85,11 +85,11 @@ fi
 update_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE' 'yes'
 
 # Restart web server
-$BIN/v-restart-web
+$BIN/v-restart-web $restart
 check_result $? "Web restart failed" > /dev/null
 
 # Restart proxy
-$BIN/v-restart-proxy
+$BIN/v-restart-proxy $restart
 check_result $? "Proxy restart failed" > /dev/null
 
 # Logging

bin/v-add-web-domain-ssl-hsts

@@ -71,11 +71,11 @@ fi
 update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HSTS' 'yes'
 
 # Restart web server
-$BIN/v-restart-web
+$BIN/v-restart-web $restart
 check_result $? "Web restart failed" > /dev/null
 
 # Restart proxy
-$BIN/v-restart-proxy
+$BIN/v-restart-proxy $restart
 check_result $? "Proxy restart failed" > /dev/null
 
 # Logging

bin/v-change-dns-domain-tpl

@@ -124,7 +124,7 @@ if [ "$template" = "office365" ]; then
     if [ "$?" -eq 0 ]; then
         record='@'
         formatted_domain=$(echo "$domain" | sed 's/\./-/g')
-        $BIN/v-add-dns-record $user $domain $record MX "${formatted_domain}.mail.protection.outlook.com." '0'
+        $BIN/v-add-dns-record $user $domain $record MX "${formatted_domain}.mail.protection.outlook.com." '0' '' $restart
     fi
 fi
 

bin/v-change-sys-api

@@ -0,0 +1,57 @@
+#!/bin/bash
+# info: Enable / Disable API access 
+# options: STATUS 
+# labels: hestia
+#
+# example: v-change-sys-api enable
+#          # Enable API
+#
+# example: v-change-sys-api disable
+#          # Disable API
+#
+# Enabled / Disable API
+
+
+status=$1
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+check_args '1' "$#" "STATUS"
+is_type_valid "enable,disable" "$status"
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ "$status" = "enable" ]; then
+    if [ $API = "no" ]; then
+        if [ ! -f "$HESTIA/web/api/index.php" ]; then
+            wget -q https://raw.githubusercontent.com/hestiacp/hestiacp/release/web/api/index.php -O $HESTIA/web/api/index.php
+        else
+            sed -i 's|die("Error: Disabled");|//die("Error: Disabled");|g' $HESTIA/web/api/index.php
+        fi
+        $HESTIA/bin/v-change-sys-config-value "API" "yes"
+    fi
+else
+    if [ $API = "yes" ]; then
+        $HESTIA/bin/v-change-sys-config-value "API" "no"
+        $HESTIA/bin/v-change-sys-config-value "API_ALLOWED_IP" ""
+        sed -i 's|//die("Error: Disabled");|die("Error: Disabled");|g' $HESTIA/web/api/index.php
+    fi
+fi
+
+#----------------------------------------------------------#
+#                       Logging                            #
+#----------------------------------------------------------#
+
+log_history "API status has been changed to $status" '' 'admin'
+log_event "$OK" "$ARGUMENTS"

bin/v-change-sys-config-value

@@ -46,12 +46,6 @@ else
     sed -i "s|$key=.*|$key='$value'|g" $HESTIA/conf/hestia.conf
 fi
 
-if [ "$key" = "BACKUP" ] && [ "$value" != '/backup' ]; then
-    rm /backup
-    ln -s $value /backup
-fi
-
-
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#

bin/v-change-sys-hostname

@@ -51,6 +51,11 @@ else
     echo "$domain" > /etc/hostname
 fi
 
+# Update ip helo for exim
+if [ ! -z "$MAIL_SYSTEM" ]; then
+    pub_ip=$(curl --ipv4 -s https://ip.hestiacp.com/)
+    $BIN/v-change-sys-ip-helo $pub_ip $domain
+fi
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-change-sys-theme → bin/v-change-sys-ip-helo

@@ -1,26 +1,37 @@
 #!/bin/bash
-# info: update web templates
-# options: THEME
-# labels: hestia
+# info: change ip HELO/SMTP Banner
+# options: IP HELO
 #
-# The function for changing the currently active system theme.
+# The function for changing HELO/SMTP Banner associated with ip.
+
 
 #----------------------------------------------------------#
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 
 # Argument definition
-theme=$1
+ip=$1
+helo=$2
 
 # Includes
 source $HESTIA/func/main.sh
+source $HESTIA/func/ip.sh
 source $HESTIA/conf/hestia.conf
 
+# Check if mail system is installed
+if [ -z "$MAIL_SYSTEM" ]; then
+    check_result "$E_NOTEXIST" "Mail system not installed"
+fi
 
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 
+check_args '2' "$#" 'IP HELO'
+is_format_valid 'ip'
+is_format_valid 'helo'
+is_ip_valid "$ip"
+
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 
@@ -29,35 +40,15 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Initialize local directory if it does not exist
-if [ ! -d "$HESTIA_THEMES_CUSTOM" ]; then
-    mkdir -p $HESTIA_THEMES_CUSTOM
-fi
-
-# Theme argument and file detection
-if [ -z "$theme" ]; then
-    echo "ERROR: No theme specified."
-    exit 1
-else
-    if [ -e "$HESTIA_THEMES/$theme.css" ]; then
-        theme_conf="$HESTIA_THEMES/$theme.css"
-    elif [ -e "$HESTIA_THEMES_CUSTOM/$theme.css" ]; then
-        theme_conf="$HESTIA_THEMES_CUSTOM/$theme.css"
-    else
-        echo "ERROR: Unable to locate specified theme."
-        exit 1
-    fi
-
-    # Replace theme override file
-    rm -f $HESTIA/web/css/active-theme.css
-    cp -f $theme_conf $HESTIA/web/css/active-theme.css
-
-    # Set default theme in configuration file
-    $BIN/v-change-sys-config-value 'THEME' $theme
-fi
+# Change ip HELO/SMTP Banner
+update_ip_helo_value $ip $helo
 
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#
 
+# Logging
+log_history "changed associated HELO/SMTP Banner on $ip to $helo" '' 'admin'
+log_event "$OK" "$ARGUMENTS"
+
 exit

bin/v-change-user-php-cli

@@ -27,15 +27,16 @@ source $HESTIA/conf/hestia.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-# Reading user values
-source $USER_DATA/user.conf
-
 FILE=$HOMEDIR/$user/.bash_aliases
 
+check_args '2' "$#" 'USER PHPVERSION'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 
+# Reading user values
+source $USER_DATA/user.conf
+
 # Verify php version format
 if [[ ! $version =~ ^[0-9]\.[0-9]+ ]]; then
     echo "The php version format is invalid, it should look like [0-9].[0-9]..."

bin/v-check-api-key

@@ -12,11 +12,18 @@
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 
-if [ -z "$1" ]; then
+[[ -z $HESTIA ]] && HESTIA="/usr/local/hestia"
+
+source $HESTIA/func/main.sh
+
+new_timestamp
+
+abort_missmatch() {
     echo "Error: key missmatch"
-    exit 9
-fi
-key=$(basename $1)
+    echo "$date $time api $ip failed to login" >> $HESTIA/log/auth.log
+    exit $E_PASSWORD
+}
+
 ip=${2-127.0.0.1}
 time_n_date=$(date +'%T %F')
 time=$(echo "$time_n_date" |cut -f 1 -d \ )
@@ -29,11 +36,20 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [ ! -e $HESTIA/data/keys/$key ]; then
-    echo "Error: key missmatch"
-    echo "$date $time api $ip failed to login" >> $HESTIA/log/auth.log
-    exit 9
-fi
+key="$(basename "$1")"
+
+# Exit if Key is unset or to short
+[[ -z $key || ${#key} -lt 16 ]] && abort_missmatch
+
+# Key file must exist
+maybe_key_path="$(readlink -e "${HESTIA}/data/keys/${key}")"
+[[ -z $maybe_key_path ]] && abort_missmatch
+
+# Key file cannot be the key store
+[[ $maybe_key_path == "${HESTIA}/data/keys" ]] && abort_missmatch
+
+# Key file must be in the key store
+[[ $maybe_key_path == "${HESTIA}/data/keys/"* ]] || abort_missmatch
 
 
 #----------------------------------------------------------#

bin/v-delete-mail-domain

@@ -86,9 +86,6 @@ rm -f $USER_DATA/mail/$domain.pem
 rm -f $USER_DATA/mail/$domain.pub
 rm -f $USER_DATA/mail/*@$domain.msg
 
-# Unsetting HELO for mail domain
-sed -i "/^${domain}:/d" /etc/exim4/mailhelo.conf
-
 # Decreasing domain value
 decrease_user_value "$user" '$U_MAIL_DOMAINS'
 if [ "$DKIM" = 'yes' ]; then

bin/v-delete-sys-filemanager

@@ -19,7 +19,6 @@ source $HESTIA/conf/hestia.conf
 
 user='admin'
 FM_INSTALL_DIR="$HESTIA/web/fm"
-FM_V="7.4.1"
 COMPOSER_BIN="$HOMEDIR/$user/.composer/composer"
 
 #----------------------------------------------------------#

bin/v-delete-sys-theme

@@ -1,64 +0,0 @@
-#!/bin/bash
-# info: removes a theme from the custom theme library
-# options: theme
-# labels: hestia
-#
-# example: v-delete-sys-theme dark
-#
-# The function removes a theme from the custom theme library. 
-# Please note "default" theme can't be deleted due to dependencies for other themes
-
-
-#----------------------------------------------------------#
-#                    Variable&Function                     #
-#----------------------------------------------------------#
-
-# Argument definition
-theme=$1
-
-# Includes
-source $HESTIA/func/main.sh
-source $HESTIA/conf/hestia.conf
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-# Perform verification if read-only mode is enabled
-check_hestia_demo_mode
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-if [ -z "$theme" ]; then
-    # Theme not specified, throw an error.
-    echo "ERROR: No theme specified."
-    exit 1
-else
-    if [ -e $HESTIA_THEMES/$theme.css ]; then
-        # Protect system themes from deletion
-        # Users can use the terminal to work around this if really desired.
-        echo "ERROR: Unable to delete system theme: $theme."
-        exit 1
-    fi
-    if [ -e $HESTIA_THEMES_CUSTOM/$theme.css ]; then
-        # Remove theme if it exists.
-        echo "Deleting $theme..."
-        rm -f $HESTIA_THEMES_CUSTOM/$theme.css > /dev/null 2&>1
-    else
-        # Theme doesn't exist, throw an error.
-        echo "ERROR: Theme $theme does not exist."
-    fi
-fi
-
-# Set default theme in configuration file if deleted theme was active
-if [ "$THEME" = "$theme" ]; then
-    rm -f $HESTIA/web/css/active-theme.css
-    $BIN/v-change-sys-config-value 'THEME' default
-fi
-
-#----------------------------------------------------------#
-#                       Hestia                             #
-#----------------------------------------------------------#
-
-exit

bin/v-delete-sys-webmail

@@ -58,7 +58,7 @@ if [ ! -z "$WEBMAIL_ALIAS" ]; then
 
         if [ "$dns_domain" = "$domain" ]; then
             if [ ! -z "$webmail_record" ]; then
-                $BIN/v-delete-dns-record $user $domain $webmail_record
+                $BIN/v-delete-dns-record $user $domain $webmail_record $restart
             fi
         fi
     fi

bin/v-delete-user-auth-log

@@ -3,9 +3,12 @@
 #
 # The function for deleting a users auth log file
 
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
 # Argument definition
 user=$1
-date=$(date "+%F %T")
 
 # Includes
 source $HESTIA/func/main.sh
@@ -22,17 +25,15 @@ check_args '1' "$#" 'USER'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 
-if [ ! -f $USER_DATA/auth.log ]; then
-    touch  $USER_DATA/auth.log
-fi
-
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-rm $USER_DATA/auth.log
-
-log_history "Authentication log for $user was cleared on $date."
-log_event "$OK" "$ARGUMENTS"
+# Remove log file and log event
+if [ -f $USER_DATA/auth.log ]; then
+    rm -f $USER_DATA/auth.log
+    log_history "login history for $user was cleared."
+    log_event "$OK" "$ARGUMENTS"
+fi
 
 exit

bin/v-delete-user-log

@@ -13,7 +13,6 @@
 
 # Argument definition
 user=$1
-date=$(date "+%F %T")
 
 # Includes
 source $HESTIA/func/main.sh
@@ -22,20 +21,23 @@ source $HESTIA/conf/hestia.conf
 # Perform verification if read-only mode is enabled
 check_hestia_demo_mode
 
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'USER'
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Remove log file
-if [ -z $user ]; then
-    echo "Error: no user specified."
-elif [ ! -f "$HESTIA/data/users/$user/history.log" ]; then
-    echo "Error: no history log found for $user."
-else
+# Remove log file and log event
+if [ -f "$HESTIA/data/users/$user/history.log" ]; then
     rm -f $HESTIA/data/users/$user/history.log
+    log_history "user action log for $user was cleared."
+    log_event "$OK" "$ARGUMENTS"
 fi
 
-log_history "Log for $user was cleared on $date."
-log_event "$OK" "$ARGUMENTS"
-
 exit

bin/v-delete-web-domain-allow-users

@@ -0,0 +1,68 @@
+#!/bin/bash
+# info: disables other users create subdomains
+# options: USER DOMAIN
+# labels: web hestia
+#
+# example: v-delete-web-domain-allow-users
+#
+# Disallow other users to create a new subdomain.
+# eg: admin adds admin.com
+# user can't create user.admin.com
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+domain_idn=$2
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/func/ip.sh
+source $HESTIA/conf/hestia.conf
+
+# Additional argument formatting
+format_domain
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+
+# Load domain data
+parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+if [ -z "$ALLOW_USERS" ]; then
+add_object_key "web" 'DOMAIN' "$domain" 'ALLOW_USERS' 'TIME'
+fi
+
+# Adding new alias
+update_object_value 'web' 'DOMAIN' "$domain" '$ALLOW_USERS' "no"
+
+log_history "Allow users create subdomain for $domain"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-delete-web-domain-fast-cgi-cache

@@ -48,7 +48,7 @@ fi
 
 # Delete cache folder on disabling
 if [ -d /var/cache/nginx/php-fpm/$domain ]; then
-    rm -f /var/cache/nginx/php-fpm/$domain
+    rm -rf /var/cache/nginx/php-fpm/$domain
 fi
 
 #----------------------------------------------------------#
@@ -72,4 +72,4 @@ fi
 log_history "disabled fast cgi support for $domain"
 log_event "$OK" "$ARGUMENTS"
 
-exit
+exit

bin/v-delete-web-domain-ssl-force

@@ -61,13 +61,11 @@ fi
 update_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE' 'no'
 
 # Restart services if requested
-if [ ! -z "$restart" ]; then
-    $BIN/v-restart-web
-    check_result $? "Web restart failed" >/dev/null
+$BIN/v-restart-web $restart
+check_result $? "Web restart failed" >/dev/null
 
-    $BIN/v-restart-proxy
-    check_result $? "Proxy restart failed" >/dev/null
-fi
+$BIN/v-restart-proxy $restart
+check_result $? "Proxy restart failed" >/dev/null
 
 # Logging
 log_history "disabled automatic HTTP-to-HTTPS redirection for $domain"

bin/v-delete-web-domain-ssl-hsts

@@ -60,13 +60,11 @@ rm -f $hstsconf
 update_object_value 'web' 'DOMAIN' "$domain" '$SSL_HSTS' 'no'
 
 # Restart services if requested
-if [ ! -z "$restart" ]; then
-    $BIN/v-restart-web
-    check_result $? "Web restart failed" >/dev/null
+$BIN/v-restart-web $restart
+check_result $? "Web restart failed" >/dev/null
 
-    $BIN/v-restart-proxy
-    check_result $? "Proxy restart failed" >/dev/null
-fi
+$BIN/v-restart-proxy $restart
+check_result $? "Proxy restart failed" >/dev/null
 
 # Logging
 log_history "disabled HTTP Strict Transport Security (HSTS) for $domain"

bin/v-delete-web-php

@@ -88,6 +88,15 @@ fi
 # Cleanup php folder
 [[ -d /etc/php/$version ]] && rm -rf "/etc/php/$version"
 
+if [ "$WEB_BACKEND" = "php-fpm" ]; then
+    # Check if www.conf is still missing
+    if [ ! -f "/etc/php/*/fpm/pool.d/www.conf" ]; then
+        # If not grab the "last php version
+        last=$($HESTIA/bin/v-list-sys-php "shell" | tail -n1);
+        cp -f $HESTIA/install/deb/php-fpm/www.conf /etc/php/$last/fpm/pool.d/www.conf
+        $HESTIA/bin/v-restart-web-backend
+    fi
+fi
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-generate-api-key

@@ -27,7 +27,9 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 if [ ! -d ${KEYS} ]; then
-  mkdir -p ${KEYS}
+    mkdir -p ${KEYS}
+    chown admin:root ${KEYS}
+    chmod 750 ${KEYS}
 fi
 
 if [[ -e ${KEYS}${HASH} ]] ; then

bin/v-generate-ssl-cert

@@ -70,7 +70,8 @@ fi
 
 args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
 check_args '7' "$#" "$args_usage"
-is_format_valid 'domain_alias' 'format'
+is_format_valid 'domain' 'aliases' 'format'
+
 
 if [ ! -f /root/.rnd ]; then
     touch /root/.rnd

bin/v-list-mail-domain-ssl

@@ -27,7 +27,7 @@ format_domain_idn
 # JSON list function
 json_list() {
     echo '{'
-    echo -e "\t\"$domain_idn\": {"
+    echo -e "\t\"$domain\": {"
     echo "        \"CRT\": \"$crt\","
     echo "        \"KEY\": \"$key\","
     echo "        \"CA\": \"$ca\","
@@ -106,7 +106,7 @@ csv_list() {
 check_args '2' "$#" 'USER DOMAIN [FORMAT]'
 is_format_valid 'user' 'domain'
 is_object_valid 'user' 'USER' "$user"
-is_object_valid 'mail' 'DOMAIN' "$domain_idn"
+is_object_valid 'mail' 'DOMAIN' "$domain"
 
 
 #----------------------------------------------------------#

bin/v-list-sys-config

@@ -67,7 +67,10 @@ json_list() {
         "DB_PGA_ALIAS": "'$DB_PGA_ALIAS'",
         "LOGIN_STYLE": "'$LOGIN_STYLE'",
         "INACTIVE_SESSION_TIMEOUT": "'$INACTIVE_SESSION_TIMEOUT'",
-        "PHPMYADMIN_KEY": "'$PHPMYADMIN_KEY'"
+        "PHPMYADMIN_KEY": "'$PHPMYADMIN_KEY'",
+        "ENFORCE_SUBDOMAIN_OWNERSHIP": "'$ENFORCE_SUBDOMAIN_OWNERSHIP'",
+        "API": "'$API'",
+        "API_ALLOWED_IP": "'$API_ALLOWED_IP'"
     }
     }'
 }
@@ -150,6 +153,12 @@ shell_list() {
     if [ ! -z "$FILE_MANAGER" ]; then
         echo "File Manager enabled:             $FILE_MANAGER"
     fi
+    if [ ! -z "$API" ]; then
+    echo "API enabled:             $API"
+    echo "Allowed IPS:             $API_ALLOWED_IP"
+    
+    fi
+    
     if [ ! -z "$SMTP_RELAY" ] && [ "$SMTP_RELAY" != 'false' ]; then
 	echo "SMTP Relay enabled:                $SMTP_RELAY"
 	echo "SMTP Relay Server:                 $SMTP_RELAY_HOST"
@@ -174,7 +183,7 @@ plain_list() {
     echo -ne "$FILE_MANAGER\t$REPOSITORY\t$VERSION\t$DEMO_MODE\t$RELEASE_BRANCH\t"
     echo -ne "$SMTP_RELAY_HOST\t$SMTP_RELAY_PORT\t$SMTP_RELAY_USER\t"
     echo -ne "$UPGRADE_SEND_EMAIL\t$UPGRADE_SEND_EMAIL_LOG\t$THEME\t$LANGUAGE\t$BACKUP_GZIP\t"
-    echo -e  "$BACKUP\t$WEBMAIL_ALIAS\t$DB_PMA_URL\t$DB_PGA_URL"
+    echo -e  "$BACKUP\t$WEBMAIL_ALIAS\t$DB_PMA_URL\t$DB_PGA_URL\t$API\t$API_ALLOWED_IP"
 }
 
 
@@ -191,7 +200,7 @@ csv_list() {
     echo -n "'SMTP_RELAY','SMTP_RELAY_HOST','SMTP_RELAY_PORT','SMTP_RELAY_USER',"
     echo -n "'UPGRADE_SEND_EMAIL','UPGRADE_SEND_EMAIL_LOG',"
     echo -n "'THEME', 'LANGUAGE','BACKUP_GZIP','BACKUP','WEBMAIL_ALIAS',"
-    echo -n "'DB_PMA_ALIAS','DB_PGA_ALIAS'"
+    echo -n "'DB_PMA_ALIAS','DB_PGA_ALIAS','API','API_ALLOWED_IP'"
     echo
     echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
     echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@@ -203,6 +212,8 @@ csv_list() {
     echo -n "'$SMTP_RELAY','$SMTP_RELAY_HOST','$SMTP_RELAY_PORT','$SMTP_RELAY_USER',"
     echo -n "'$UPGRADE_SEND_EMAIL','$UPGRADE_SEND_EMAIL_LOG','$THEME','$LANGUAGE',"
     echo -n "'$BACKUP_GZIP','$BACKUP','$WEBMAIL_ALIAS','$DB_PMA_URL','$DB_PGA_URL'"
+    echo -n "'$API','$API_ALLOWED_IP'"
+    
     echo
 }
 

bin/v-list-sys-ip

@@ -32,6 +32,7 @@ json_list() {
         "INTERFACE": "'$INTERFACE'",
         "NETMASK": "'$NETMASK'",
         "NAT": "'$NAT'",
+        "HELO": "'$HELO'",
         "TIME": "'$TIME'",
         "DATE": "'$DATE'"
         }'
@@ -49,6 +50,7 @@ shell_list() {
     echo "NAME:           $NAME"
     echo "USERS:          $U_SYS_USERS"
     echo "DOMAINS:        $U_WEB_DOMAINS"
+    echo "HELO:           $HELO"
     echo "TIME:           $TIME"
     echo "DATE:           $DATE"
 }
@@ -56,15 +58,15 @@ shell_list() {
 # PLAIN list function
 plain_list() {
     echo -ne "$IP\t$OWNER\t$STATUS\t$NAME\t$U_SYS_USERS\t$U_WEB_DOMAINS\t"
-    echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE"
+    echo -e "$INTERFACE\t$NETMASK\t$NAT\t$HELO\t$TIME\t$DATE"
 }
 
 # CSV list function
 csv_list() {
     echo -n "IP,OWNER,STATUS,NAME,U_SYS_USERS,U_WEB_DOMAINS,INTERFACE"
-    echo "NETMASK,NAT,TIME,DATE"
+    echo "NETMASK,NAT,HELO,TIME,DATE"
     echo -n "$IP,$OWNER,$STATUS,$NAME,\"$U_SYS_USERS\",$U_WEB_DOMAINS,"
-    echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE"
+    echo "$INTERFACE, $NETMASK,$NAT,$HELO,$TIME,$DATE"
 }
 
 

bin/v-list-sys-ips

@@ -34,6 +34,7 @@ json_list() {
         "INTERFACE": "'$INTERFACE'",
         "NETMASK": "'$NETMASK'",
         "NAT": "'$NAT'",
+        "HELO": "'$HELO'",
         "TIME": "'$TIME'",
         "DATE": "'$DATE'"
         }'
@@ -49,14 +50,14 @@ json_list() {
 
 # SHELL list function
 shell_list() {
-    echo "IP   MASK   NAT   STATUS   WEB  DATE"
-    echo "--   ----   ---   ------   ---  ----"
+    echo "IP   MASK   NAT    HELO    STATUS   WEB  DATE"
+    echo "--   ----   ---    ----    ------   ---  ----"
     while read IP; do
         source $HESTIA/data/ips/$IP
         if [ -z "$NAT" ]; then
             NAT='no'
         fi
-        echo "$IP $NETMASK $NAT $STATUS $U_WEB_DOMAINS $DATE"
+        echo "$IP $NETMASK $NAT $HELO $STATUS $U_WEB_DOMAINS $DATE"
     done < <(ls $HESTIA/data/ips/)
 }
 
@@ -65,18 +66,18 @@ plain_list() {
     while read IP; do
         source $HESTIA/data/ips/$IP
         echo -ne "$IP\t$OWNER\t$STATUS\t$NAME\t$U_SYS_USERS\t$U_WEB_DOMAINS\t"
-        echo -e "$INTERFACE\t$NETMASK\t$NAT\t$TIME\t$DATE"
+        echo -e "$INTERFACE\t$NETMASK\t$NAT\t$HELO\t$TIME\t$DATE"
     done < <(ls $HESTIA/data/ips/)
 }
 
 # CSV list function
 csv_list() {
     echo -n "IP,OWNER,STATUS,NAME,U_SYS_USERS,U_WEB_DOMAINS,INTERFACE"
-    echo "NETMASK,NAT,TIME,DATE"
+    echo "NETMASK,NAT,HELO,TIME,DATE"
     while read IP; do
         source $HESTIA/data/ips/$IP
         echo -n "$IP,$OWNER,$STATUS,$NAME,\"$U_SYS_USERS\",$U_WEB_DOMAINS,"
-        echo "$INTERFACE, $NETMASK,$NAT,$TIME,$DATE"
+        echo "$INTERFACE, $NETMASK,$NAT,$HELO,$TIME,$DATE"
     done < <(ls $HESTIA/data/ips/)
 }
 

bin/v-list-sys-themes

@@ -22,63 +22,40 @@ source $HESTIA/conf/hestia.conf
 
 # JSON list function
 json_list() {
-    object1=$(echo "$themes" |wc -w)
-    object2=$(echo "$themes_custom" |wc -w)
     i=1
     echo '['
-    for theme in $themes; do
-        if [ "$i" -lt "$object1" ]; then
+    for theme in "${available_themes[@]}"; do
+        if [ "$i" -lt "$theme_count" ]; then
             echo -e  "\t\"$theme\","
         else
-            if [ $object2 -gt 0 ]; then
-                echo -e  "\t\"$theme\","
-            else
-                echo -e  "\t\"$theme\""            
-            fi
+            echo -e  "\t\"$theme\""
         fi
         (( ++i))
     done
-    for custom_theme in $themes_custom; do
-        if [ "$i" -lt "$object2" ]; then
-            echo -e  "\t\"$custom_theme\","
-        else
-            echo -e  "\t\"$custom_theme\""
-        fi
-        (( ++i))
-    done
-    echo "]"
+    echo ']'
 }
 
 # SHELL list function
 shell_list() {
     echo "THEME"
-    echo "------"
-    for theme in $themes; do
-        echo "$theme"
-    done
-    for custom_theme in $themes_custom; do
-        echo "$custom_theme"
+    echo "-----"
+    for theme in "${available_themes[@]}"; do
+        echo $theme
     done
 }
 
 # PLAIN list function
 plain_list() {
-    for theme in $themes; do
-        echo "$theme"
-    done
-    for custom_theme in $themes_custom; do
-        echo "$custom_theme"
+    for theme in "${available_themes[@]}"; do
+        echo $theme
     done
 }
 
 # CSV list function
 csv_list() {
     echo "THEME"
-    for theme in $themes; do
-        echo "$theme"
-    done
-    for custom_theme in $themes_custom; do
-        echo "$custom_theme"
+    for theme in "${available_themes[@]}"; do
+        echo $theme
     done
 }
 
@@ -87,16 +64,19 @@ csv_list() {
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Parsing templates
+# Parse system provided themes
+provided_themes=$(ls -v $HESTIA/web/css/themes | grep '\.min.css' | sed 's/\.min.css$//')
 
-# System provided themes
-themes=$(ls -v $HESTIA_THEMES/)
-themes=$(echo "$themes" | grep '\.css' | sed 's/\.css$//')
+# Parse custom themes
+custom_themes=$(ls -v $HESTIA/web/css/themes/custom/ | grep '\.css' | sed 's/\.css$//')
 
-# Custom themes
-themes_custom=$(ls -v $HESTIA_THEMES_CUSTOM/)
-themes_custom=$(echo "$themes_custom" | grep '\.css' | sed 's/\.css$//')
+# Create array with all available themes
+for theme in $provided_themes $custom_themes; do
+    available_themes=(${available_themes[@]} $theme)
+done
 
+# Get count of themes (for proper JSON formatting)
+theme_count="${#available_themes[@]}"
 
 # Listing data
 case $format in

bin/v-list-user-auth-log

@@ -25,15 +25,17 @@ json_list() {
     for str in $logs; do
         IP=$(echo "$str" |cut -f 2 -d \')
         FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
-        DATE=$(echo "$str" |cut -f 6 -d \')
-        TIME=$(echo "$str" |cut -f 8 -d \')
-        ACTIVE=$(echo "$str" |cut -f 10 -d \')
+        STATUS=$(echo "$str" |cut -f 6 -d \')
+        DATE=$(echo "$str" |cut -f 8 -d \')
+        TIME=$(echo "$str" |cut -f 10 -d \')
+        ACTIVE=$(echo "$str" |cut -f 12 -d \')
         echo -n '    "'$i'": {
             "IP": "'$IP'",
             "FINGERPRINT": "'$FINGERPRINT'",
             "TIME": "'$TIME'",
             "DATE": "'$DATE'",
-            "ACTIVE": "'$ACTIVE'"
+            "ACTIVE": "'$ACTIVE'",
+            "STATUS": "'$STATUS'"
         }'
         if [ "$i" -lt "$objects" ]; then
             echo ','
@@ -47,15 +49,16 @@ json_list() {
 
 shell_list() {
     IFS=$'\n'
-    echo "DATE~TIME~IP~FINGERPRINT~ACTIVE"
+    echo "DATE~TIME~IP~FINGERPRINT~ACTIVE~STATUS"
     echo "----~----~--~-----------~------"
     for str in $logs; do
         IP=$(echo "$str" |cut -f 2 -d \')
         FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
-        DATE=$(echo "$str" |cut -f 6 -d \')
-        TIME=$(echo "$str" |cut -f 8 -d \')
-        ACTIVE=$(echo "$str" |cut -f 10 -d \')
-        echo "$DATE~$TIME~$IP~$FINGERPRINT~$ACTIVE"
+        STATUS=$(echo "$str" |cut -f 6 -d \')
+        DATE=$(echo "$str" |cut -f 8 -d \')
+        TIME=$(echo "$str" |cut -f 10 -d \')
+        ACTIVE=$(echo "$str" |cut -f 12 -d \')
+        echo "$DATE~$TIME~$IP~$FINGERPRINT~$ACTIVE~$STATUS"
     done
 }
 
@@ -65,24 +68,26 @@ plain_list() {
     for str in $logs; do
         IP=$(echo "$str" |cut -f 2 -d \')
         FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
-        DATE=$(echo "$str" |cut -f 6 -d \')
-        TIME=$(echo "$str" |cut -f 8 -d \')
-        ACTIVE=$(echo "$str" |cut -f 10 -d \')
-        echo -e "$DATE\t$TIME\t$IP\t$FINGERPRINT\t$ACTIVE"
+        STATUS=$(echo "$str" |cut -f 6 -d \')
+        DATE=$(echo "$str" |cut -f 8 -d \')
+        TIME=$(echo "$str" |cut -f 10 -d \')
+        ACTIVE=$(echo "$str" |cut -f 12 -d \')
+        echo -e "$DATE\t$TIME\t$IP\t$FINGERPRINT\t$ACTIVE\t$STATUS"
     done
 }
 
 # CSV list function
 csv_list() {
     IFS=$'\n'
-    echo "ID,CMD,UNDO,TIME,DATE"
+    echo "DATE,TIME,IP,FINGERPRINT,ACTIVE,STATUS"
     for str in $logs; do
         IP=$(echo "$str" |cut -f 2 -d \')
         FINGERPRINT=$(echo "$str" |cut -f 4 -d \')
-        DATE=$(echo "$str" |cut -f 6 -d \')
-        TIME=$(echo "$str" |cut -f 8 -d \')
-        ACTIVE=$(echo "$str" |cut -f 10 -d \')
-        echo "$DATE,$TIME,$IP,$FINGERPRINT,$ACTIVE"
+        STATUS=$(echo "$str" |cut -f 6 -d \')
+        DATE=$(echo "$str" |cut -f 8 -d \')
+        TIME=$(echo "$str" |cut -f 10 -d \')
+        ACTIVE=$(echo "$str" |cut -f 12 -d \')
+        echo "$DATE,$TIME,$IP,$FINGERPRINT,$ACTIVE,$STATUS"
 
     done
 }

bin/v-log-user-login

@@ -1,11 +1,17 @@
 #!/bin/bash
 # info: add user login
-# options: USER IP [FINGERPRINT]
+# options: USER IP STATUS [FINGERPRINT]
 
 # Argument definition
 user=$1
 ip=$2
-fingerprint=${3}
+status=$3
+fingerprint=${4}
+
+active="yes"
+if [ $status = "failed" ]; then
+    active="no"
+fi
 
 # Includes
 source $HESTIA/func/main.sh
@@ -34,9 +40,9 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
 
-awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="active='no'" '$2 == finger {$5=active}1' $USER_DATA/auth.log   
+awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="ACTIVE='no'" '$2 == TIME {$5=ACTIVE}1' $USER_DATA/auth.log   
 
-echo "IP='$ip' FINGERPRINT='$fingerprint' DATE='$date' TIME='$time' active='yes'" >> $USER_DATA/auth.log
+echo "IP='$ip' FINGERPRINT='$fingerprint' STATUS='$status' DATE='$date' TIME='$time' ACTIVE='$active'" >> $USER_DATA/auth.log
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-log-user-logout

@@ -26,7 +26,7 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
 
-awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="active='no'" '$2 == finger {$5=active}1' $USER_DATA/auth.log 
+awk -i inplace -v finger="FINGERPRINT='$fingerprint'" -v active="ACTIVE='no'" '$2 == TIME  {$5=active}1' $USER_DATA/auth.log 
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-rebuild-mail-domain

@@ -58,8 +58,8 @@ rebuild_mail_domain_conf
 if [ ! -z "$WEB_SYSTEM" ] || [ ! -z "$PROXY_SYSTEM" ]; then
     if [ ! -z "$IMAP_SYSTEM" ]; then
         WEBMAIL=$(get_object_value 'web' 'DOMAIN' "$domain" "$WEBMAIL")
-        $BIN/v-delete-sys-webmail $user $domain '' 'yes'
-        $BIN/v-add-sys-webmail $user $domain $WEBMAIL '' 'yes'
+        $BIN/v-delete-sys-webmail $user $domain '' $restart
+        $BIN/v-add-sys-webmail $user $domain $WEBMAIL '' $restart
     fi
 fi
 

bin/v-rebuild-mail-domains

@@ -62,10 +62,10 @@ for domain in $(search_objects 'mail' 'SUSPENDED' "*" 'DOMAIN'); do
     if [ ! -z "$WEB_SYSTEM" ] || [ ! -z "$PROXY_SYSTEM" ]; then
         if [ ! -z "$IMAP_SYSTEM" ]; then
             WEBMAIL=$(get_object_value 'web' 'DOMAIN' "$domain" "$WEBMAIL")
-            $BIN/v-delete-sys-webmail $user $domain '' 'yes'
-            $BIN/v-add-sys-webmail $user $domain $WEBMAIL '' 'yes'
+            $BIN/v-delete-sys-webmail $user $domain $restart
+            $BIN/v-add-sys-webmail $user $domain $WEBMAIL $restart
             if [ $? -ne 0 ]; then
-                $BIN/v-add-sys-webmail $user $domain '' '' 'yes'    
+                $BIN/v-add-sys-webmail $user $domain '' $restart
             fi
         fi
     fi

bin/v-rebuild-web-domains

@@ -117,12 +117,14 @@ done
 # Updating user counters
 $BIN/v-update-user-counters $user
 
-# Restarting web server
-$BIN/v-restart-web $restart
-check_result $? "Web restart failed" >/dev/null
+if [ "$restart" = "yes" ]; then
+    # Restarting web server
+    $BIN/v-restart-web $restart
+    check_result $? "Web restart failed" >/dev/null
 
-$BIN/v-restart-proxy $restart
-check_result $? "Proxy restart failed" >/dev/null
+    $BIN/v-restart-proxy $restart
+    check_result $? "Proxy restart failed" >/dev/null
+fi
 
 # Logging
 log_event "$OK" "$ARGUMENTS"

bin/v-rename-package → bin/v-rename-user-package

@@ -29,9 +29,11 @@ source $HESTIA/conf/hestia.conf
 # Ensure that package names have been passed to the script.
 if [ -z "$old_name" ]; then
     echo "ERROR: Current package name not specified."
+    exit 1
 fi
 if [ -z "$new_name" ]; then
     echo "ERROR: New package name not specified."
+    exit 1
 fi
 
 # Perform verification if read-only mode is enabled
@@ -44,7 +46,7 @@ check_hestia_demo_mode
 
 if [ -e $HESTIA/data/packages/$old_name.pkg ]; then
     mv $HESTIA/data/packages/$old_name.pkg $HESTIA/data/packages/$new_name.pkg
-    echo "Successfully renamed $old_name to $new_name."
+    
 
     # Update package for existing users
     for user in `ls $HESTIA/data/users/`; do
@@ -54,6 +56,7 @@ if [ -e $HESTIA/data/packages/$old_name.pkg ]; then
             v-change-user-package $user $new_name
         fi
     done
+    echo "Successfully renamed package $old_name to $new_name."
 else
     echo "ERROR: Specified package not found."
 fi
@@ -64,7 +67,7 @@ fi
 #----------------------------------------------------------#
 
 # Logging
-log_history "renamed package $old_name to $new_name"
+log_history "renamed package $old_name to $new_name" '' 'admin'
 log_event "$OK" "$ARGUMENTS"
 
 exit

bin/v-restore-user

@@ -505,6 +505,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
 
         # Unpacking domain container
         tar xf $BACKUP/$backup -C $tmpdir ./mail/$domain
+        
         if [ "$?" -ne 0 ]; then
             rm -rf $tmpdir
             error="Can't unpack $domain mail container"
@@ -595,16 +596,14 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
 
         # Restoring email accounts
         cp -f $tmpdir/mail/$domain/$backup_system/$domain.conf $USER_DATA/mail/
-
-        # Rebuilding mail config
-        $BIN/v-rebuild-mail-domains $user
-        
+       
         domain_idn=$domain
         format_domain_idn
-
+        
         # Restoring emails
         if [ $backup_mode = 'zstd' ]; then    
             if [ -e "$tmpdir/mail/$domain/accounts.tar.zst" ]; then
+                # Current Hestia store email in the $HOMEDIR/$user/mail/$domain_idn
                 chmod u+w "$HOMEDIR/$user/mail/$domain_idn"
                 $BIN/v-extract-fs-archive "$user" "$tmpdir/mail/$domain/accounts.tar.zst" "$HOMEDIR/$user/mail/$domain_idn/"
                 if [ "$?" -ne 0 ]; then
@@ -637,7 +636,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
             fi
         fi
         # Chowning mail conf files to exim user
-        find $HOMEDIR/$user/conf/mail/$domain_idn -user root \
+        find $HOMEDIR/$user/conf/mail/$domain -user root \
             -exec chown $exim_user {} \;
             
     done

bin/v-unsuspend-mail-domain

@@ -62,7 +62,12 @@ decrease_user_value "$user" '$SUSPENDED_MAIL'
 
 # Enable webmail access
 if [ ! -z "$IMAP_SYSTEM" ]; then
-    $BIN/v-add-sys-webmail $user $domain 'yes'
+    if [ ! -z "$WEBMAIL_SYSTEM" ]; then
+        for client in ${WEBMAIL_SYSTEM//,/ };do
+            webmail="$client"
+        done
+        $BIN/v-add-sys-webmail $user $domain $webmail 'yes'
+    fi   
 fi
 # Logging
 log_event "$OK" "$ARGUMENTS"

bin/v-update-mail-templates

@@ -28,7 +28,7 @@ source $HESTIA/conf/hestia.conf
 cp -rf $HESTIA_INSTALL_DIR/templates/mail $HESTIA/data/templates/
 
 # Rebuild mail domains if mail services are enabled
-if [ ! -z "$skip" ]; then
+if [ -z "$skip" ]; then
 	if [ ! -z $MAIL_SYSTEM ]; then
 		for user in $($HESTIA/bin/v-list-sys-users plain); do
 			$BIN/v-rebuild-mail-domains $user no
@@ -39,11 +39,13 @@ fi
 #                       Hestia                             #
 #----------------------------------------------------------#
 
-# Restarting web server
-$BIN/v-restart-web $restart
-check_result $? "restart" >/dev/null 2>&1
-
-$BIN/v-restart-proxy $restart
-check_result $? "restart" >/dev/null 2>&1
+if [ ! -z "$restart" ] || [ "$restart" == "yes" ]; then
+    # Restarting web server
+    $BIN/v-restart-web $restart
+    check_result $? "restart" >/dev/null 2>&1
+    
+    $BIN/v-restart-proxy $restart
+    check_result $? "restart" >/dev/null 2>&1
+fi
 
 exit

bin/v-update-sys-ip

@@ -125,6 +125,14 @@ if [ ! -e "$HESTIA/data/ips/$pub_ip" ]; then
     fi
 fi
 
+# Update ip helo for exim
+if [ ! -z "$MAIL_SYSTEM" ]; then
+    helo=$(is_ip_rdns_valid $pub_ip)
+
+    if [ ! -z "$helo" ]; then
+        $BIN/v-change-sys-ip-helo $ip $helo
+    fi
+fi
 
 #----------------------------------------------------------#
 #                       Hestia                             #

bin/v-update-web-templates

@@ -47,7 +47,7 @@ for php_ver in $(ls /etc/php/); do
 done
 
 # Rebuilding web domains
-if [ ! -z "$skip" ]; then
+if [  -z "$skip" ]; then
     for user in $($BIN/v-list-sys-users plain); do
         $BIN/v-rebuild-web-domains $user no
     done
@@ -57,11 +57,12 @@ fi
 #                       Hestia                             #
 #----------------------------------------------------------#
 
-# Restarting web server
-$BIN/v-restart-web $restart
-check_result $? "restart" >/dev/null 2>&1
-
-$BIN/v-restart-proxy $restart
-check_result $? "restart" >/dev/null 2>&1
-
+if [ ! -z "$restart" ] || [ "$restart" == "yes" ]; then
+    # Restarting web server
+    $BIN/v-restart-web $restart
+    check_result $? "restart" >/dev/null 2>&1
+    
+    $BIN/v-restart-proxy $restart
+    check_result $? "restart" >/dev/null 2>&1
+fi 
 exit

func/backup.sh

@@ -194,7 +194,7 @@ sftpc() {
         spawn /usr/bin/sftp -o StrictHostKeyChecking=no \
             -o Port=$PORT $USERNAME@$HOST
         expect {
-            "password:" {
+            -nocase "password:" {
                 send "$PASSWORD\r"
                 exp_continue
             }
@@ -457,4 +457,4 @@ b2_backup() {
             b2 delete-file-version $backup > /dev/null 2>&1
         done
     fi
-}
+}

func/domain.sh

@@ -38,11 +38,11 @@ is_web_domain_new() {
     web=$(grep -F -H "DOMAIN='$1'" $HESTIA/data/users/*/web.conf)
     if [ ! -z "$web" ]; then
         if [ "$type" == 'web' ]; then
-            check_result $E_EXISTS "Web domain $1 exist"
+            check_result $E_EXISTS "Web domain $1 exists"
         fi
         web_user=$(echo "$web" |cut -f 7 -d /)
         if [ "$web_user" != "$user" ]; then
-            check_result $E_EXISTS "Web domain $1 exist"
+            check_result $E_EXISTS "Web domain $1 exists"
         fi
     fi
 }
@@ -743,15 +743,17 @@ add_webmail_config() {
     override_alias="";
     if [ "$WEBMAIL_ALIAS" != "mail" ]; then
         override_alias="mail.$domain"
+        override_alias_idn="mail.$domain_idn"
+        
     fi
     
     cat $MAILTPL/$1/$2 | \
         sed -e "s|%ip%|$local_ip|g" \
             -e "s|%domain%|$WEBMAIL_ALIAS.$domain|g" \
-            -e "s|%domain_idn%|$domain_idn|g" \
+            -e "s|%domain_idn%|$WEBMAIL_ALIAS.$domain_idn|g" \
             -e "s|%root_domain%|$domain|g" \
             -e "s|%alias%|$override_alias|g" \
-            -e "s|%alias_idn%|${aliases_idn//,/ }|g" \
+            -e "s|%alias_idn%|$override_alias_idn|g" \
             -e "s|%alias_string%|$alias_string|g" \
             -e "s|%email%|info@$domain|g" \
             -e "s|%web_system%|$WEB_SYSTEM|g" \
@@ -867,3 +869,66 @@ is_domain_new() {
 get_domain_values() {
     parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/$1.conf)
 }
+
+#----------------------------------------------------------#
+# 2 Char domain name detection                             #
+#----------------------------------------------------------#
+
+is_valid_extension() {
+    if [ ! -e "$HESTIA/data/extensions/public_suffix_list.dat" ]; then
+        mkdir $HESTIA/data/extensions/
+        chmod 750 $HESTIA/data/extensions/
+        /usr/bin/wget --tries=3 --timeout=15 --read-timeout=15 --waitretry=3 --no-dns-cache --quiet -O $HESTIA/data/extensions/public_suffix_list.dat https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat 
+    fi
+    test_domain=$(idn -t --quiet -u "$1" )
+    extension=$( /bin/echo "${test_domain}" | /usr/bin/rev | /usr/bin/cut -d "." --output-delimiter="." -f 1 | /usr/bin/rev );
+    exten=$(grep "^$extension\$" $HESTIA/data/extensions/public_suffix_list.dat);
+}
+
+is_valid_2_part_extension() {
+    if [ ! -e "$HESTIA/data/extensions/public_suffix_list.dat" ]; then
+        mkdir $HESTIA/data/extensions/
+        chmod 750 $HESTIA/data/extensions/
+        /usr/bin/wget --tries=3 --timeout=15 --read-timeout=15 --waitretry=3 --no-dns-cache --quiet -O $HESTIA/data/extensions/public_suffix_list.dat https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat 
+    fi
+    test_domain=$(idn -t --quiet -u "$1" )
+    extension=$( /bin/echo "${test_domain}" | /usr/bin/rev | /usr/bin/cut -d "." --output-delimiter="." -f 1-2 | /usr/bin/rev );
+    exten=$(grep "^$extension\$" $HESTIA/data/extensions/public_suffix_list.dat);
+}
+
+get_base_domain() {
+    test_domain=$1
+    is_valid_extension "$test_domain"
+    if [ $? -ne 0 ]; then
+        basedomain=$( /bin/echo "${test_domain}" | /usr/bin/rev | /usr/bin/cut -d "." --output-delimiter="." -f 1-2 | /usr/bin/rev ); 
+    else 
+        is_valid_2_part_extension "$test_domain"
+        if [ $? -ne 0 ]; then
+           basedomain=$( /bin/echo "${test_domain}" | /usr/bin/rev | /usr/bin/cut -d "." --output-delimiter="." -f 1-2 | /usr/bin/rev ); 
+        else
+           extension=$( /bin/echo "${test_domain}" | /usr/bin/rev | /usr/bin/cut -d "." --output-delimiter="." -f 1-2 | /usr/bin/rev ); 
+           partdomain=$( /bin/echo "${test_domain}" | /usr/bin/rev | /usr/bin/cut -d "." --output-delimiter="." -f 3 | /usr/bin/rev );
+           basedomain="$partdomain.$extension"
+        fi
+    fi
+}
+
+is_base_domain_owner(){
+    for object in ${1//,/ }; do
+        if [ "$object" != "none" ]; then
+            get_base_domain $object
+            web=$(grep -F -H -h "DOMAIN='$basedomain'" $HESTIA/data/users/*/web.conf);
+            if [ $ENFORCE_SUBDOMAIN_OWNERSHIP = "yes" ]; then
+                if [ ! -z "$web" ]; then
+                    parse_object_kv_list "$web"
+                    if [ -z "$ALLOW_USERS" ] ||  [ "$ALLOW_USERS" != "yes" ]; then
+                        # Don't care if $basedomain all ready exists only if the owner is of the base domain is the current user
+                        is_domain_new "" $basedomain
+                    fi
+                else
+                    is_domain_new "" $basedomain
+                fi
+            fi
+        fi
+    done
+}

func/ip.sh

@@ -43,6 +43,35 @@ is_ip_rdns_valid() {
     return 1 # False
 }
 
+# Update ip helo for exim
+update_ip_helo_value() {
+    ip="$1"
+    helo="$2"
+
+    # Create or update ip value
+    if [ ! $(get_ip_value '$HELO') ]; then
+        echo "HELO='$helo'" >> $HESTIA/data/ips/$ip
+    else
+        update_ip_value '$HELO' "$helo"
+    fi
+
+    # Create mailhelo.conf file if doesn't exist
+    if [ ! -e "/etc/${MAIL_SYSTEM}/mailhelo.conf" ]; then
+        touch /etc/${MAIL_SYSTEM}/mailhelo.conf
+    fi
+
+    #Create or update ip:helo pair in mailhelo.conf file
+    if [ ! -z "$helo" ]; then
+        if [ $(cat /etc/${MAIL_SYSTEM}/mailhelo.conf | grep "$ip") ]; then
+            sed -i "/^$ip:/c $ip:$helo" /etc/${MAIL_SYSTEM}/mailhelo.conf
+        else
+            echo $ip:$helo >> /etc/${MAIL_SYSTEM}/mailhelo.conf
+        fi
+    else
+        sed -i "/^$ip:/d" /etc/${MAIL_SYSTEM}/mailhelo.conf
+    fi
+}
+
 # Update ip address value
 update_ip_value() {
     key="$1"

func/main.sh

@@ -16,8 +16,8 @@ DNSTPL=$HESTIA/data/templates/dns
 RRD=$HESTIA/web/rrd
 SENDMAIL="$HESTIA/web/inc/mail-wrapper.php"
 HESTIA_GIT_REPO="https://raw.githubusercontent.com/hestiacp/hestiacp"
-HESTIA_THEMES="$HESTIA_INSTALL_DIR/themes"
-HESTIA_THEMES_CUSTOM="$HESTIA/data/templates/themes"
+HESTIA_THEMES="$HESTIA/web/css/themes"
+HESTIA_THEMES_CUSTOM="$HESTIA/web/css/themes/custom"
 SCRIPT="$(basename $0)"
 
 # Return codes
@@ -239,7 +239,7 @@ is_object_new() {
         object=$(grep "$2='$3'" $USER_DATA/$1.conf)
     fi
     if [ ! -z "$object" ]; then
-        check_result $E_EXISTS "$2=$3 is already exists"
+        check_result $E_EXISTS "$2=$3 already exists"
     fi
 }
 
@@ -346,7 +346,7 @@ is_object_value_empty() {
     parse_object_kv_list "$str"
     eval value=$4
     if [ ! -z "$value" ] && [ "$value" != 'no' ]; then
-        check_result $E_EXISTS "${4//$}=$value is already exists"
+        check_result $E_EXISTS "${4//$}=$value already exists"
     fi
 }
 
@@ -962,6 +962,7 @@ is_format_valid() {
                 host)           is_object_format_valid "$arg" "$arg_name" ;;
                 hour)           is_cron_format_valid "$arg" $arg_name ;;
                 id)             is_int_format_valid "$arg" 'id' ;;
+                iface)          is_interface_format_valid "$arg" ;;
                 ip)             is_ip_format_valid "$arg" ;;
                 ip_name)        is_domain_format_valid "$arg" 'IP name';;
                 ip_status)      is_ip_status_format_valid "$arg" ;;
@@ -1165,3 +1166,14 @@ user_exec() {
 
     setpriv --groups "$user_groups" --reuid "$user" --regid "$user" -- $@
 }
+
+# Simple chmod wrapper that skips symlink files after glob expand
+no_symlink_chmod() {
+    local filemode=$1; shift;
+
+    for i in "$@"; do
+        [[ -L ${i} ]] && continue
+
+        chmod "${filemode}" "${i}"
+    done
+}

func/rebuild.sh

@@ -78,17 +78,20 @@ rebuild_user_conf() {
         $HOMEDIR/$user/.cache \
         $HOMEDIR/$user/.local \
         $HOMEDIR/$user/.composer \
-        $HOMEDIR/$user/.ssh
-
+        $HOMEDIR/$user/.vscode-server \
+        $HOMEDIR/$user/.ssh \
+        $HOMEDIR/$user/.npm
     chmod a+x $HOMEDIR/$user
     chmod a+x $HOMEDIR/$user/conf
-    chown $user:$user \
+    chown --no-dereference $user:$user \
         $HOMEDIR/$user \
         $HOMEDIR/$user/.config \
         $HOMEDIR/$user/.cache \
         $HOMEDIR/$user/.local \
         $HOMEDIR/$user/.composer \
-        $HOMEDIR/$user/.ssh
+        $HOMEDIR/$user/.vscode-server \
+        $HOMEDIR/$user/.ssh \
+        $HOMEDIR/$user/.npm
     chown root:root $HOMEDIR/$user/conf
 
     $BIN/v-add-user-sftp-jail "$user"
@@ -119,8 +122,8 @@ rebuild_user_conf() {
         chmod 751 $HOMEDIR/$user/conf/web
         chmod 751 $HOMEDIR/$user/web
         chmod 771 $HOMEDIR/$user/tmp
-        chown $user:$user $HOMEDIR/$user/web
-        if [ -z "$create_user" ]; then
+        chown --no-dereference $user:$user $HOMEDIR/$user/web
+        if [ "$create_user" = "yes" ]; then
             $BIN/v-rebuild-web-domains $user $restart
         fi
     fi
@@ -134,7 +137,7 @@ rebuild_user_conf() {
 
         mkdir -p $HOMEDIR/$user/conf/dns
         chmod 751 $HOMEDIR/$user/conf/dns
-        if [ -z "$create_user" ]; then
+        if [ "$create_user" = "yes" ]; then
             $BIN/v-rebuild-dns-domains $user $restart
         fi
     fi
@@ -154,7 +157,7 @@ rebuild_user_conf() {
         mkdir -p $HOMEDIR/$user/mail
         chmod 751 $HOMEDIR/$user/mail
         chmod 751 $HOMEDIR/$user/conf/mail
-        if [ -z "$create_user" ]; then
+        if [ "$create_user" = "yes" ]; then
             $BIN/v-rebuild-mail-domains $user
         fi
     fi
@@ -165,7 +168,7 @@ rebuild_user_conf() {
         chmod 660 $USER_DATA/db.conf
         echo "$BIN/v-update-databases-disk $user" >> $HESTIA/data/queue/disk.pipe
 
-        if [ -z "$create_user" ]; then
+        if [ "$create_user" = "yes" ]; then
             $BIN/v-rebuild-databases $user
         fi
     fi
@@ -174,7 +177,7 @@ rebuild_user_conf() {
         touch $USER_DATA/cron.conf
         chmod 660 $USER_DATA/cron.conf
 
-        if [ -z "$create_user" ]; then
+        if [ "$create_user" = "yes" ]; then
             $BIN/v-rebuild-cron-jobs $user $restart
         fi
     fi
@@ -243,7 +246,7 @@ rebuild_web_domain_conf() {
     fi
 
     # Set ownership
-    chown $user:$user \
+    chown --no-dereference $user:$user \
         $HOMEDIR/$user/web/$domain \
         $HOMEDIR/$user/web/$domain/private \
         $HOMEDIR/$user/web/$domain/cgi-bin \
@@ -402,16 +405,16 @@ rebuild_web_domain_conf() {
     done
 
     # Set folder permissions
-    chmod 551   $HOMEDIR/$user/web/$domain \
+    no_symlink_chmod 551   $HOMEDIR/$user/web/$domain \
                 $HOMEDIR/$user/web/$domain/stats \
                 $HOMEDIR/$user/web/$domain/logs
-    chmod 751   $HOMEDIR/$user/web/$domain/private \
+    no_symlink_chmod 751   $HOMEDIR/$user/web/$domain/private \
                 $HOMEDIR/$user/web/$domain/cgi-bin \
                 $HOMEDIR/$user/web/$domain/public_*html \
                 $HOMEDIR/$user/web/$domain/document_errors
     chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
 
-    chown $user:www-data $HOMEDIR/$user/web/$domain/public_*html
+    chown --no-dereference $user:www-data $HOMEDIR/$user/web/$domain/public_*html
 }
 # DNS domain rebuild
 rebuild_dns_domain_conf() {
@@ -531,16 +534,6 @@ rebuild_mail_domain_conf() {
             echo "$local_ip" > $HOMEDIR/$user/conf/mail/$domain/ip
         fi
 
-        
-        # Setting HELO for mail domain
-        if [ ! -z "$local_ip" ]; then
-            IP_RDNS=$(is_ip_rdns_valid "$local_ip")
-            sed -i "/^${domain}:/d" /etc/exim4/mailhelo.conf >/dev/null 2>&1
-            if [ ! -z "$IP_RDNS" ]; then
-                echo ${domain}:${IP_RDNS} >> /etc/exim4/mailhelo.conf
-            fi
-        fi
-
         # Adding antispam protection
         if [ "$ANTISPAM" = 'yes' ]; then
             touch $HOMEDIR/$user/conf/mail/$domain/antispam

func/upgrade.sh

@@ -69,7 +69,7 @@ upgrade_health_check() {
     # Theme
     if [ -z "$THEME" ]; then 
         echo "[ ! ] Adding missing variable to hestia.conf: THEME ('default')"
-        $BIN/v-change-sys-theme 'default'
+        $BIN/v-change-sys-config-value 'THEME' 'default'
     fi
 
     # Default language
@@ -143,7 +143,17 @@ upgrade_health_check() {
         echo "[ ! ] Adding missing variable to hestia.conf: INACTIVE_SESSION_TIMEOUT ('60')"
         $BIN/v-change-sys-config-value "INACTIVE_SESSION_TIMEOUT" "60"
     fi
-    
+
+    # Enforce Subdomain ownership
+    if [ -z "$ENFORCE_SUBDOMAIN_OWNERSHIP" ]; then
+        echo "[ ! ] Adding missing variable to hestia.conf: ENFORCE_SUBDOMAIN_OWNERSHIP ('yes')"
+        $BIN/v-change-sys-config-value "ENFORCE_SUBDOMAIN_OWNERSHIP" "yes"
+    fi    
+    # API Allowed IP
+    if [ -z "$API_ALLOWED_IP" ]; then
+        echo "[ ! ] Adding missing variable to hestia.conf: API_ALLOWED_IP ('allow-all')"        
+        $BIN/v-change-sys-config-value "API_ALLOWED_IP" "allow-all"
+    fi  
     
     echo "[ * ] Health check complete. Starting upgrade from $VERSION to $new_version..."
     echo "============================================================================="
@@ -226,9 +236,8 @@ upgrade_complete_message() {
     echo "Forum:    https://forum.hestiacp.com/                                        "
     echo "Discord:  https://discord.gg/nXRUZch                                         "
     echo "GitHub:   https://github.com/hestiacp/hestiacp/                              "
-    echo "E-mail:   info@hestiacp.com                                                  "
     echo 
-    echo "Help support the Hestia Control Panel project by donating via PayPal:         "
+    echo "Help support the Hestia Control Panel project by donating via PayPal:        "
     echo "https://www.hestiacp.com/donate                                              "
     echo
     echo "Made with love & pride by the open-source community around the world.        "
@@ -646,7 +655,7 @@ upgrade_roundcube(){
         if [ ! -z "$(echo "$WEBMAIL_SYSTEM" | grep -w 'roundcube')" ]; then
             rc_version=$(cat /var/lib/roundcube/index.php | grep -o -E '[0-9].[0-9].[0-9]+' | head -1);
             if [ "$rc_version" == "$rc_v" ]; then
-                echo "[ * ] Upgrading RoundCube to version v$rc_v..."
+                echo "[ * ] Upgrading Roundcube to version v$rc_v..."
                 $HESTIA/bin/v-add-sys-roundcube
             fi
         fi
@@ -658,13 +667,20 @@ upgrade_rainloop(){
         if [ ! -z "$(echo "$WEBMAIL_SYSTEM" | grep -w 'rainloop')" ]; then
             rc_version=$(cat /var/lib/rainloop/data/VERSION);
             if [ "$rc_version" == "$rc_v" ]; then
-                echo "[ * ] Upgrading rainloop to version v$rc_v..."
+                echo "[ * ] Upgrading Rainloop to version v$rl_v..."
                 $HESTIA/bin/v-add-sys-rainloop
             fi
         fi
     fi
 }
 
+disable_api(){
+    if [ "$API" = "no" ]; then
+        echo "[ ! ] Disable Api..."
+        sed -i 's|//die("Error: Disabled");|die("Error: Disabled");|g' $HESTIA/web/api/index.php
+        $HESTIA/bin/v-change-sys-config-value "API_ALLOWED_IP" ""
+    fi
+}
 upgrade_rebuild_web_templates() {
     if [ "$UPGRADE_UPDATE_WEB_TEMPLATES" = "true" ]; then
         echo "[ ! ] Updating default web domain templates..."
@@ -694,6 +710,7 @@ upgrade_rebuild_users() {
             echo "[ * ] Rebuilding user accounts and domains, this may take a few minutes..."
         fi
         for user in $($HESTIA/bin/v-list-sys-users plain); do
+        export restart="no"
             if [ "$DEBUG_MODE" = "true" ]; then
                 echo "      - $user:"
             else
@@ -734,16 +751,9 @@ upgrade_rebuild_users() {
 }
 
 upgrade_restart_services() {
-    # Refresh user interface theme
-    if [ "$THEME" ]; then
-        if [ "$THEME" != "default" ]; then
-            echo "[ * ] Applying user interface updates..."
-            $BIN/v-change-sys-theme $THEME
-        fi
-    fi
-
     if [ "$UPGRADE_RESTART_SERVICES" = "true" ]; then
         echo "[ * ] Restarting services..."
+        export restart="yes"
         sleep 2
         if [ ! -z "$MAIL_SYSTEM" ]; then
             if [ "$DEBUG_MODE" = "true" ]; then
@@ -774,7 +784,7 @@ upgrade_restart_services() {
                 if [ "$DEBUG_MODE" = "true" ]; then
                     echo "      - php$v-fpm"
                 fi
-                $BIN/v-restart-service php$v-fpm $restart
+                $BIN/v-restart-service php$v-fpm
             fi
         done
         if [ ! -z "$FTP_SYSTEM" ]; then
@@ -787,20 +797,20 @@ upgrade_restart_services() {
             if [ "$DEBUG_MODE" = "true" ]; then
                 echo "      - $FIREWALL_EXTENSION"
             fi
-            $BIN/v-restart-service $FIREWALL_EXTENSION yes
+            $BIN/v-restart-service $FIREWALL_EXTENSION
         fi
         # Restart SSH daemon service
         if [ "$DEBUG_MODE" = "true" ]; then
             echo "      - sshd"
         fi
-        $BIN/v-restart-service ssh $restart
+        $BIN/v-restart-service ssh
     fi
 
     # Always restart the Hestia Control Panel service
     if [ "$DEBUG_MODE" = "true" ]; then
         echo "      - hestia"
     fi
-    $BIN/v-restart-service hestia $restart
+    $BIN/v-restart-service hestia
 }
 
 upgrade_perform_cleanup() {

install/deb/exim/exim4.conf.template

@@ -9,6 +9,7 @@
 #CLAMD = yes
 
 smtp_banner = $smtp_active_hostname
+smtp_active_hostname = ${if exists {/etc/exim4/mailhelo.conf}{${lookup{$interface_address}lsearch{/etc/exim4/mailhelo.conf}{$value}{$primary_hostname}}}{$primary_hostname}}
 add_environment = <; PATH=/bin:/usr/bin
 keep_environment =
 disable_ipv6 = true
@@ -342,7 +343,7 @@ smtp_relay_smtp:
 
 remote_smtp:
   driver = smtp
-  helo_data = ${if exists {/etc/exim4/mailhelo.conf}{${lookup{$sender_address_domain}lsearch*{/etc/exim4/mailhelo.conf}{$value}{$primary_hostname}}}{$primary_hostname}}
+  helo_data = ${if exists {/etc/exim4/mailhelo.conf}{${lookup{$sending_ip_address}lsearch{/etc/exim4/mailhelo.conf}{$value}{$primary_hostname}}}{$primary_hostname}}
   dkim_domain = DKIM_DOMAIN
   dkim_selector = mail
   dkim_private_key = DKIM_PRIVATE_KEY

install/deb/filemanager/filegator/configuration.php

@@ -61,11 +61,26 @@ $dist_config['services']['Filegator\Services\View\ViewInterface']['config'] = [
     'add_to_body' => '
 <script>
     var checkVueLoaded = setInterval(function() {
-        if (document.getElementsByClassName("navbar-item").length) {
+        if (document.getElementsByClassName("container").length) {
             clearInterval(checkVueLoaded);
             var navProfile = document.getElementsByClassName("navbar-item profile")[0]; navProfile.replaceWith(navProfile.cloneNode(true))
             document.getElementsByClassName("navbar-item logout")[0].text="Exit to Control Panel \u00BB";
-        }
+            div = document.getElementsByClassName("container")[0];
+            callback = function(){
+                if (document.getElementsByClassName("navbar-item logout")[0]){
+                    if ( document.getElementsByClassName("navbar-item logout")[0].text != "Exit to Control Panel \u00BB" ){
+                        var navProfile = document.getElementsByClassName("navbar-item profile")[0]; navProfile.replaceWith(navProfile.cloneNode(true))
+                        document.getElementsByClassName("navbar-item logout")[0].text="Exit to Control Panel \u00BB";
+                    }
+                }
+            }
+            config = {
+                childList:true,
+                subtree:true
+            }
+            observer = new MutationObserver(callback);
+            observer.observe(div,config);
+        }    
     }, 200);
 </script>',
 ];

install/deb/filemanager/install-fm.sh

@@ -13,6 +13,7 @@ fi
 user='admin'
 fm_error='no'
 source $HESTIA/func/main.sh
+source $HESTIA/install/upgrade/upgrade.conf
 
 if [ -z "$HOMEDIR" ] || [ -z "$HESTIA_INSTALL_DIR" ]; then
     echo "Error: Hestia environment vars not present"
@@ -21,9 +22,8 @@ fi
 
 FM_INSTALL_DIR="$HESTIA/web/fm"
 
-FM_V="7.4.1"
-FM_FILE="filegator_v${FM_V}.zip"
-FM_URL="https://github.com/filegator/filegator/releases/download/v${FM_V}/${FM_FILE}"
+FM_FILE="filegator_v${fm_v}.zip"
+FM_URL="https://github.com/filegator/filegator/releases/download/v${fm_v}/${FM_FILE}"
 
 
 COMPOSER_BIN="$HOMEDIR/$user/.composer/composer"

install/deb/templates/mail/apache2/default.stpl

@@ -1,5 +1,5 @@
 <VirtualHost %ip%:%web_ssl_port%>
-    ServerName %domain%
+    ServerName %domain_idn%
     ServerAlias %alias%
     Alias / /var/lib/roundcube/
     Alias /error/ %home%/%user%/web/%root_domain%/document_errors/

install/deb/templates/mail/apache2/default.tpl

@@ -1,6 +1,6 @@
 <VirtualHost %ip%:%web_port%>
-    ServerName %domain%
-    ServerAlias %alias%
+    ServerName %domain_idn%
+    ServerAlias %alias_idn%
     Alias / /var/lib/roundcube/
     Alias /error/ %home%/%user%/web/%root_domain%/document_errors/
     #SuexecUserGroup %user% %group%

install/deb/templates/mail/apache2/rainloop.stpl

@@ -1,6 +1,6 @@
 <VirtualHost %ip%:%web_ssl_port%>
-ServerName %domain%
-ServerAlias %alias%
+ServerName %domain_idn%
+ServerAlias %alias_idn%
 Alias / /var/lib/rainloop/
 Alias /error/ %home%/%user%/web/%root_domain%/document_errors/
 #SuexecUserGroup %user% %group%

install/deb/templates/mail/apache2/rainloop.tpl

@@ -1,6 +1,6 @@
 <VirtualHost %ip%:%web_port%>
-    ServerName %domain%
-    ServerAlias %alias%
+    ServerName %domain_idn%
+    ServerAlias %alias_idn%
     Alias / /var/lib/rainloop/
     Alias /error/ %home%/%user%/web/%root_domain%/document_errors/
     #SuexecUserGroup %user% %group%

install/deb/templates/mail/nginx/default.stpl

@@ -1,6 +1,6 @@
 server {
     listen      %ip%:%proxy_ssl_port% ssl http2;
-    server_name %domain% %alias%;
+    server_name %domain_idn% %alias_idn%;
     root        /var/lib/roundcube;
     index       index.php index.html index.htm;
     access_log /var/log/nginx/domains/%domain%.log combined;

install/deb/templates/mail/nginx/default.tpl

@@ -1,6 +1,6 @@
 server {
     listen      %ip%:%proxy_port%;
-    server_name %domain% %alias%;
+    server_name %domain_idn% %alias_idn%;
     root        /var/lib/roundcube;
     index       index.php index.html index.htm;
     access_log /var/log/nginx/domains/%domain%.log combined;

install/deb/templates/mail/nginx/default_rainloop.stpl

@@ -1,6 +1,6 @@
 server {
 listen      %ip%:%proxy_ssl_port% ssl http2;
-server_name %domain% %alias%;
+server_name %domain_idn% %alias_idn%;
 root        /var/lib/rainloop;
 index       index.php index.html index.htm;
 access_log /var/log/nginx/domains/%domain%.log combined;

install/deb/templates/mail/nginx/default_rainloop.tpl

@@ -1,6 +1,6 @@
 server {
 listen      %ip%:%proxy_port%;
-server_name %domain% %alias%;
+server_name %domain_idn% %alias_idn%;
 root        /var/lib/rainloop;
 index       index.php index.html index.htm;
 access_log /var/log/nginx/domains/%domain%.log combined;

install/deb/templates/mail/nginx/rainloop.stpl

@@ -1,6 +1,6 @@
 server {
 listen      %ip%:%web_ssl_port% ssl http2;
-server_name %domain% %alias%;
+server_name %domain_idn% %alias_idn%;
 root        /var/lib/rainloop;
 index       index.php index.html index.htm;
 access_log /var/log/nginx/domains/%domain%.log combined;

install/deb/templates/mail/nginx/rainloop.tpl

@@ -1,6 +1,6 @@
 server {
 listen      %ip%:%web_port%;
-server_name %domain% %alias%;
+server_name %domain_idn% %alias_idn%;
 root        /var/lib/rainloop;
 index       index.php index.html index.htm;
 access_log /var/log/nginx/domains/%domain%.log combined;

install/deb/templates/mail/nginx/web_system.stpl

@@ -1,6 +1,6 @@
 server {
     listen      %ip%:%web_ssl_port% ssl http2;
-    server_name %domain% %alias%;
+    server_name %domain_idn% %alias_idn%;
     root        /var/lib/roundcube;
     index       index.php index.html index.htm;
     access_log /var/log/nginx/domains/%domain%.log combined;

install/deb/templates/mail/nginx/web_system.tpl

@@ -1,6 +1,6 @@
 server {
     listen      %ip%:%web_port%;
-    server_name %domain% %alias%;
+    server_name %domain_idn% %alias_idn%;
     root        /var/lib/roundcube;
     index       index.php index.html index.htm;
     access_log /var/log/nginx/domains/%domain%.log combined;

install/deb/templates/web/nginx/php-fpm/cms_made_simple.stpl

@@ -35,7 +35,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         }
     }

install/deb/templates/web/nginx/php-fpm/cms_made_simple.tpl

@@ -30,7 +30,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         }
     }

install/deb/templates/web/nginx/php-fpm/codeigniter2.stpl

@@ -36,7 +36,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
             fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
         }
     }

install/deb/templates/web/nginx/php-fpm/codeigniter2.tpl

@@ -31,7 +31,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
             fastcgi_param  SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name;
         }
     }

install/deb/templates/web/nginx/php-fpm/codeigniter3.stpl

@@ -36,7 +36,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/codeigniter3.tpl

@@ -32,7 +32,7 @@ server {
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/datalife_engine.stpl

@@ -107,7 +107,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/datalife_engine.tpl

@@ -105,7 +105,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/default.stpl

@@ -35,7 +35,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/default.tpl

@@ -30,7 +30,7 @@ server {
             fastcgi_pass    %backend_lsnr%;
             fastcgi_index   index.php;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;     
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;     
         }
     }
 

install/deb/templates/web/nginx/php-fpm/dokuwiki.stpl

@@ -38,7 +38,7 @@ server {
             fastcgi_index   index.php;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/dokuwiki.tpl

@@ -33,7 +33,7 @@ server {
             fastcgi_index   index.php;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
     }
 

install/deb/templates/web/nginx/php-fpm/drupal-composer.stpl

@@ -61,7 +61,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal-composer.tpl

@@ -57,7 +57,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal-social.stpl

@@ -61,7 +61,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal-social.tpl

@@ -57,7 +57,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal6.stpl

@@ -75,7 +75,7 @@ server {
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_pass %backend_lsnr%;             
         include         /etc/nginx/fastcgi_params;
-        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
     }
 
     location /error/ {

install/deb/templates/web/nginx/php-fpm/drupal6.tpl

@@ -70,7 +70,7 @@ server {
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_pass %backend_lsnr%;             
         include         /etc/nginx/fastcgi_params;
-        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+        include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
     }
 
     location /error/ {

install/deb/templates/web/nginx/php-fpm/drupal7.stpl

@@ -76,7 +76,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal7.tpl

@@ -71,7 +71,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include         /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal8.stpl

@@ -76,7 +76,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/drupal8.tpl

@@ -72,7 +72,7 @@ server {
             fastcgi_index index.php;
             fastcgi_param SCRIPT_FILENAME $request_filename;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
 
         location ~ ^/sites/.*/files/styles/ {

install/deb/templates/web/nginx/php-fpm/joomla.stpl

@@ -43,7 +43,7 @@ server {
             fastcgi_index   index.php;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             include /etc/nginx/fastcgi_params;
-            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf;
+            include     %home%/%user%/conf/web/%domain%/nginx.fastcgi_cache.conf*;
         }
     }