Improved code formating

web/add/cron/index.php

@@ -4,32 +4,19 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'CRON';
-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
-
-// Panel
-top_panel($user,$TAB);
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check POST request
 if (!empty($_POST['ok'])) {
-    // Check input
+
+    // Check empty fields
     if ((!isset($_POST['v_min'])) || ($_POST['v_min'] == '')) $errors[] = __('minute');
     if ((!isset($_POST['v_hour'])) || ($_POST['v_hour'] == '')) $errors[] = __('hour');
     if ((!isset($_POST['v_day'])) || ($_POST['v_day'] == '')) $errors[] = __('day');
     if ((!isset($_POST['v_month'])) || ($_POST['v_month'] == '')) $errors[] = __('month');
     if ((!isset($_POST['v_wday'])) || ($_POST['v_wday'] == '')) $errors[] = __('day of week');
     if ((!isset($_POST['v_cmd'])) || ($_POST['v_cmd'] == '')) $errors[] = __('cmd');
-
-    // Protect input
-    $v_min = escapeshellarg($_POST['v_min']);
-    $v_hour = escapeshellarg($_POST['v_hour']);
-    $v_day = escapeshellarg($_POST['v_day']);
-    $v_month = escapeshellarg($_POST['v_month']);
-    $v_wday = escapeshellarg($_POST['v_wday']);
-    $v_cmd = escapeshellarg($_POST['v_cmd']);
-
-    // Check for errors
     if (!empty($errors[0])) {
         foreach ($errors as $i => $error) {
             if ( $i == 0 ) {
@@ -39,32 +26,46 @@ if (!empty($_POST['ok'])) {
             }
         }
         $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-    } else {
-        // Add Cron Job
+    }
+
+    // Protect input
+    $v_min = escapeshellarg($_POST['v_min']);
+    $v_hour = escapeshellarg($_POST['v_hour']);
+    $v_day = escapeshellarg($_POST['v_day']);
+    $v_month = escapeshellarg($_POST['v_month']);
+    $v_wday = escapeshellarg($_POST['v_wday']);
+    $v_cmd = escapeshellarg($_POST['v_cmd']);
+
+    // Add cron job
+    if (empty($_SESSION['error_msg'])) {
         exec (VESTA_CMD."v-add-cron-job ".$user." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
-        $v_type = $_POST['v_type'];
-        $v_charset = $_POST['v_charset'];
         check_return_code($return_var,$output);
-        unset($v_password);
         unset($output);
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('CRON_CREATED_OK');
-            unset($v_min);
-            unset($v_hour);
-            unset($v_day);
-            unset($v_month);
-            unset($v_wday);
-            unset($v_cmd);
-            unset($output);
-        }
+    }
+
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('CRON_CREATED_OK');
+        unset($v_min);
+        unset($v_hour);
+        unset($v_day);
+        unset($v_month);
+        unset($v_wday);
+        unset($v_cmd);
+        unset($output);
     }
 }
 
-exec (VESTA_CMD."v-list-database-types 'json'", $output, $return_var);
-$db_types = json_decode(implode('', $output), true);
-unset($output);
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 
+// Panel
+top_panel($user,$TAB);
+
+// Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_cron.html');
+
+// Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 

web/add/db/index.php

@@ -6,24 +6,16 @@ session_start();
 $TAB = 'DB';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
-
-// Panel
-top_panel($user,$TAB);
-
-$v_db_email = $panel[$user]['CONTACT'];
-
+// Check POST request
 if (!empty($_POST['ok'])) {
-    // Check input
+
+    // Check empty fields
     if (empty($_POST['v_database'])) $errors[] = __('database');
     if (empty($_POST['v_dbuser'])) $errors[] = __('username');
     if (empty($_POST['v_password'])) $errors[] = __('password');
     if (empty($_POST['v_type'])) $errors[] = __('type');
     if (empty($_POST['v_host'])) $errors[] = __('host');
     if (empty($_POST['v_charset'])) $errors[] = __('charset');
-
-    // Check for errors
     if (!empty($errors[0])) {
         foreach ($errors as $i => $error) {
             if ( $i == 0 ) {
@@ -36,12 +28,18 @@ if (!empty($_POST['ok'])) {
     }
 
     // Validate email
-    if (!empty($_POST['v_db_email'])) {
+    if ((!empty($_POST['v_db_email'])) && (empty($_SESSION['error_msg']))) {
         if (!filter_var($_POST['v_db_email'], FILTER_VALIDATE_EMAIL)) {
             $_SESSION['error_msg'] = __('Please enter valid email address.');
         }
     }
 
+    // Check password length
+    if (empty($_SESSION['error_msg'])) {
+        $pw_len = strlen($_POST['v_password']);
+        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
+    }
+
     // Protect input
     $v_database = escapeshellarg($_POST['v_database']);
     $v_dbuser = escapeshellarg($_POST['v_dbuser']);
@@ -51,63 +49,71 @@ if (!empty($_POST['ok'])) {
     $v_host = $_POST['v_host'];
     $v_db_email = $_POST['v_db_email'];
 
-    // Check password length
-    if (empty($_SESSION['error_msg'])) {
-        $pw_len = strlen($_POST['v_password']);
-        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
-    }
-
+    // Add database
     if (empty($_SESSION['error_msg'])) {
-        // Add Database
         $v_type = escapeshellarg($_POST['v_type']);
         $v_charset = escapeshellarg($_POST['v_charset']);
         $v_host = escapeshellarg($_POST['v_host']);
         exec (VESTA_CMD."v-add-database ".$user." ".$v_database." ".$v_dbuser." ".$v_password." ".$v_type." ".$v_host." ".$v_charset, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
         $v_type = $_POST['v_type'];
         $v_host = $_POST['v_host'];
         $v_charset = $_POST['v_charset'];
-        check_return_code($return_var,$output);
+    }
+
+    // Get database manager url
+    if (empty($_SESSION['error_msg'])) {
+        exec (VESTA_CMD."v-list-sys-config json", $output, $return_var);
+        $sys = json_decode(implode('', $output), true);
         unset($output);
-        if ((!empty($v_db_email)) && (empty($_SESSION['error_msg']))) {
-            list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"]);
-            if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/";
-            if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://".$http_host."/phppgadmin/";
-            $to = $v_db_email;
-            $subject = __("Database Credentials");
-            $hostname = exec('hostname');
-            $from = __('MAIL_FROM',$hostname);
-            $mailtext = __('DATABASE_READY',$user."_".$_POST['v_database'],$user."_".$_POST['v_dbuser'],$_POST['v_password'],$db_admin_link);
-            send_email($to, $subject, $mailtext, $from);
-        }
-        if (empty($_SESSION['error_msg'])) {
-            exec (VESTA_CMD."v-list-sys-config json", $output, $return_var);
-            $sys = json_decode(implode('', $output), true);
-            unset($output);
-
-            list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"] . ":");
-            if ($_POST['v_host'] != 'localhost' ) $http_host = $_POST['v_host'];
-            if ($_POST['v_type'] == 'mysql') $db_admin = "phpMyAdmin";
-            if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/";
-            if (($_POST['v_type'] == 'mysql') && (!empty($sys['config']['DB_PMA_URL']))) $db_admin_link = $sys['config']['DB_PMA_URL'];
-            if ($_POST['v_type'] == 'pgsql') $db_admin = "phpPgAdmin";
-            if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://".$http_host."/phppgadmin/";
-            if (($_POST['v_type'] == 'pgsql') && (!empty($sys['config']['DB_PGA_URL']))) $db_admin_link = $sys['config']['DB_PGA_URL'];
-
-            $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',$user."_".$_POST['v_database'],$user."_".$_POST['v_database']);
-            $_SESSION['ok_msg'] .= " / <a href=".$db_admin_link." target='_blank'>" . __('open %s',$db_admin) . "</a>";
-            unset($v_database);
-            unset($v_dbuser);
-            unset($v_password);
-            unset($v_type);
-            unset($v_charset);
-        }
+        list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"] . ":");
+        if ($_POST['v_host'] != 'localhost' ) $http_host = $_POST['v_host'];
+        if ($_POST['v_type'] == 'mysql') $db_admin = "phpMyAdmin";
+        if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/";
+        if (($_POST['v_type'] == 'mysql') && (!empty($sys['config']['DB_PMA_URL']))) $db_admin_link = $sys['config']['DB_PMA_URL'];
+        if ($_POST['v_type'] == 'pgsql') $db_admin = "phpPgAdmin";
+        if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://".$http_host."/phppgadmin/";
+        if (($_POST['v_type'] == 'pgsql') && (!empty($sys['config']['DB_PGA_URL']))) $db_admin_link = $sys['config']['DB_PGA_URL'];
+    }
+
+    // Email login credentials
+    if ((!empty($v_db_email)) && (empty($_SESSION['error_msg']))) {
+        $to = $v_db_email;
+        $subject = __("Database Credentials");
+        $hostname = exec('hostname');
+        $from = __('MAIL_FROM',$hostname);
+        $mailtext = __('DATABASE_READY',$user."_".$_POST['v_database'],$user."_".$_POST['v_dbuser'],$_POST['v_password'],$db_admin_link);
+        send_email($to, $subject, $mailtext, $from);
+    }
+
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',$user."_".$_POST['v_database'],$user."_".$_POST['v_database']);
+        $_SESSION['ok_msg'] .= " / <a href=".$db_admin_link." target='_blank'>" . __('open %s',$db_admin) . "</a>";
+        unset($v_database);
+        unset($v_dbuser);
+        unset($v_password);
+        unset($v_type);
+        unset($v_charset);
     }
 }
 
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Get user email
+$v_db_email = $panel[$user]['CONTACT'];
+
+// List avaiable database types
 exec (VESTA_CMD."v-list-database-types 'json'", $output, $return_var);
 $db_types = json_decode(implode('', $output), true);
 unset($output);
 
+// List available database servers
 $db_hosts = array();
 foreach ($db_types as $db_type ) {
     exec (VESTA_CMD."v-list-database-hosts ".$db_type." 'json'", $output, $return_var);
@@ -117,7 +123,10 @@ foreach ($db_types as $db_type ) {
     unset($output);
 }
 
+// Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_db.html');
+
+// Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 

web/add/dns/index.php

@@ -4,92 +4,86 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'DNS';
-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
-
-// Panel
-top_panel($user,$TAB);
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
+// Check POST request for dns domain
 if (!empty($_POST['ok'])) {
-    // Check input
+
+    // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
     if (empty($_POST['v_ip'])) $errors[] = __('ip');
+    if (!empty($errors[0])) {
+        foreach ($errors as $i => $error) {
+            if ( $i == 0 ) {
+                $error_msg = $error;
+            } else {
+                $error_msg = $error_msg.", ".$error;
+            }
+        }
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+    }
 
     // Protect input
     $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
     $v_domain = escapeshellarg($v_domain);
     $v_domain = strtolower($v_domain);
     $v_ip = escapeshellarg($_POST['v_ip']);
-
     if (!empty($_POST['v_ns1'])) $v_ns1 = escapeshellarg($_POST['v_ns1']);
     if (!empty($_POST['v_ns2'])) $v_ns2 = escapeshellarg($_POST['v_ns2']);
     if (!empty($_POST['v_ns3'])) $v_ns3 = escapeshellarg($_POST['v_ns3']);
     if (!empty($_POST['v_ns4'])) $v_ns4 = escapeshellarg($_POST['v_ns4']);
 
-    // Check for errors
-    if (!empty($errors[0])) {
-        foreach ($errors as $i => $error) {
-            if ( $i == 0 ) {
-                $error_msg = $error;
-            } else {
-                $error_msg = $error_msg.", ".$error;
-            }
-        }
-        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-    } else {
-        // Add DNS
+    // Add dns domain
+    if (empty($_SESSION['error_msg'])) {
         exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_ip." ".$v_ns1." ".$v_ns2." ".$v_ns3." ".$v_ns4." no", $output, $return_var);
         check_return_code($return_var,$output);
         unset($output);
+    }
 
-        // Change Expiriation date
+    // Set expiriation date
+    if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_exp'])) && ($_POST['v_exp'] != date('Y-m-d', strtotime('+1 year')))) {
             $v_exp = escapeshellarg($_POST['v_exp']);
             exec (VESTA_CMD."v-change-dns-domain-exp ".$user." ".$v_domain." ".$v_exp." no", $output, $return_var);
             check_return_code($return_var,$output);
             unset($output);
         }
+    }
 
-        // Change TTL
+    // Set ttl
+    if (empty($_SESSION['error_msg'])) {
         if ((!empty($_POST['v_ttl'])) && ($_POST['v_ttl'] != '14400') && (empty($_SESSION['error_msg']))) {
             $v_ttl = escapeshellarg($_POST['v_ttl']);
             exec (VESTA_CMD."v-change-dns-domain-ttl ".$user." ".$v_domain." ".$v_ttl." no", $output, $return_var);
             check_return_code($return_var,$output);
             unset($output);
         }
+    }
 
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
-            unset($v_domain);
-        }
-
-        if (empty($_SESSION['error_msg'])) {
-            exec (VESTA_CMD."v-restart-dns", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-        }
+    // Restart dns server
+    if (empty($_SESSION['error_msg'])) {
+        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
 
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
+        unset($v_domain);
     }
 }
 
-// DNS Record
+
+// Check POST request for dns record
 if (!empty($_POST['ok_rec'])) {
-    // Check input
+
+    // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = 'domain';
     if (empty($_POST['v_rec'])) $errors[] = 'record';
     if (empty($_POST['v_type'])) $errors[] = 'type';
     if (empty($_POST['v_val'])) $errors[] = 'value';
-
-    // Protect input
-    $v_domain = escapeshellarg($_POST['v_domain']);
-    $v_rec = escapeshellarg($_POST['v_rec']);
-    $v_type = escapeshellarg($_POST['v_type']);
-    $v_val = escapeshellarg($_POST['v_val']);
-    $v_priority = escapeshellarg($_POST['v_priority']);
-
-    // Check for errors
     if (!empty($errors[0])) {
         foreach ($errors as $i => $error) {
             if ( $i == 0 ) {
@@ -99,24 +93,45 @@ if (!empty($_POST['ok_rec'])) {
             }
         }
         $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-    } else {
-        // Add DNS Record
+    }
+
+    // Protect input
+    $v_domain = escapeshellarg($_POST['v_domain']);
+    $v_rec = escapeshellarg($_POST['v_rec']);
+    $v_type = escapeshellarg($_POST['v_type']);
+    $v_val = escapeshellarg($_POST['v_val']);
+    $v_priority = escapeshellarg($_POST['v_priority']);
+
+    // Add dns record
+    if (empty($_SESSION['error_msg'])) {
         exec (VESTA_CMD."v-add-dns-record ".$user." ".$v_domain." ".$v_rec." ".$v_type." ".$v_val." ".$v_priority, $output, $return_var);
-        $v_type = $_POST['v_type'];
         check_return_code($return_var,$output);
         unset($output);
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',$_POST[v_rec],$_POST[v_domain]);
-            unset($v_domain);
-            unset($v_rec);
-            unset($v_val);
-            unset($v_priority);
-        }
+        $v_type = $_POST['v_type'];
+    }
+
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',$_POST[v_rec],$_POST[v_domain]);
+        unset($v_domain);
+        unset($v_rec);
+        unset($v_val);
+        unset($v_priority);
     }
 }
 
-if ((empty($_GET['domain'])) && (empty($_POST['domain'])))  {
-    if ((empty($v_ns1)) && (empty($v_ns2))) {
+
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Display body for dns domain
+if (empty($_GET['domain'])) {
+    if (empty($v_ttl)) $v_ttl = 14400;
+    if (empty($v_exp)) $v_exp = date('Y-m-d', strtotime('+1 year'));
+    if (empty($v_ns1)) {
         exec (VESTA_CMD."v-list-user-ns ".$user." json", $output, $return_var);
         $nameservers = json_decode(implode('', $output), true);
         $v_ns1 = $nameservers[0];
@@ -125,17 +140,18 @@ if ((empty($_GET['domain'])) && (empty($_POST['domain'])))  {
         $v_ns4 = $nameservers[3];
         unset($output);
     }
-    if (empty($v_ttl)) $v_ttl = 14400;
-    if (empty($v_exp)) $v_exp = date('Y-m-d', strtotime('+1 year'));
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_dns.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
-} else {
+}
+
+// Display body for dns record
+if (!empty($_GET['domain'])) {
     $v_domain = $_GET['domain'];
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_dns_rec.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
 }
 
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/add/ip/index.php

@@ -4,80 +4,93 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'IP';
-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Panel
-top_panel($user,$TAB);
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
+}
 
-// Are you admin?
-if ($_SESSION['user'] == 'admin') {
-    if (!empty($_POST['ok'])) {
-        // Check input
-        if (empty($_POST['v_ip'])) $errors[] = __('ip address');
-        if (empty($_POST['v_netmask'])) $errors[] = __('netmask');
-        if (empty($_POST['v_interface'])) $errors[] = __('interface');
-        if (empty($_POST['v_owner'])) $errors[] = __('assigned user');
-
-        // Protect input
-        $v_ip = escapeshellarg($_POST['v_ip']);
-        $v_netmask = escapeshellarg($_POST['v_netmask']);
-        $v_name = escapeshellarg($_POST['v_name']);
-        $v_nat = escapeshellarg($_POST['v_nat']);
+// Check POST request
+if (!empty($_POST['ok'])) {
 
-        $v_interface = $_POST['v_interface'];
-        $v_shared = $_POST['v_shared'];
-        if ($v_shared == 'on') {
-            $ip_status = 'shared';
-        } else {
-            $ip_status = 'dedicated';
-            $v_dedicated = 'yes';
+    // Check empty fields
+    if (empty($_POST['v_ip'])) $errors[] = __('ip address');
+    if (empty($_POST['v_netmask'])) $errors[] = __('netmask');
+    if (empty($_POST['v_interface'])) $errors[] = __('interface');
+    if (empty($_POST['v_owner'])) $errors[] = __('assigned user');
+    if (!empty($errors[0])) {
+        foreach ($errors as $i => $error) {
+            if ( $i == 0 ) {
+                $error_msg = $error;
+            } else {
+                $error_msg = $error_msg.", ".$error;
+            }
         }
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+    }
 
-        $v_owner = $_POST['v_owner'];
+    // Protect input
+    $v_ip = escapeshellarg($_POST['v_ip']);
+    $v_netmask = escapeshellarg($_POST['v_netmask']);
+    $v_name = escapeshellarg($_POST['v_name']);
+    $v_nat = escapeshellarg($_POST['v_nat']);
+    $v_interface = escapeshellarg($_POST['v_interface']);
+    $v_owner = escapeshellarg($_POST['v_owner']);
+    $v_shared = $_POST['v_shared'];
+
+    // Check shared checkmark
+    if ($v_shared == 'on') {
+        $ip_status = 'shared';
+    } else {
+        $ip_status = 'dedicated';
+        $v_dedicated = 'yes';
 
-        // Check for errors
-        if (!empty($errors[0])) {
-            foreach ($errors as $i => $error) {
-                if ( $i == 0 ) {
-                    $error_msg = $error;
-                } else {
-                    $error_msg = $error_msg.", ".$error;
-                }
-            }
-            $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-        } else {
-            // Add IP
-            $v_interface = escapeshellarg($_POST['v_interface']);
-            $v_owner = $_POST['v_owner'];
-            exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface."  ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var);
-            $v_owner = $_POST['v_owner'];
-            $v_interface = $_POST['v_interface'];
-            check_return_code($return_var,$output);
-            unset($output);
-            if (empty($_SESSION['error_msg'])) {
-                $_SESSION['ok_msg'] = __('IP_CREATED_OK',$_POST['v_ip'],$_POST['v_ip']);
-                unset($v_ip);
-                unset($v_netmask);
-                unset($v_name);
-                unset($v_nat);
-            }
-        }
     }
-    exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
-    $interfaces = json_decode(implode('', $output), true);
-    unset($output);
 
-    exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
-    $users = json_decode(implode('', $output), true);
-    unset($output);
+    // Add IP
+    if (empty($_SESSION['error_msg'])) {
+        exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface."  ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_owner = $_POST['v_owner'];
+        $v_interface = $_POST['v_interface'];
+    }
 
-    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_ip.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('IP_CREATED_OK',$_POST['v_ip'],$_POST['v_ip']);
+        unset($v_ip);
+        unset($v_netmask);
+        unset($v_name);
+        unset($v_nat);
+    }
 }
 
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// List network interfaces
+exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
+$interfaces = json_decode(implode('', $output), true);
+unset($output);
+
+// List users
+exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
+$users = json_decode(implode('', $output), true);
+unset($output);
+
+// Display body
+include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_ip.html');
+
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/add/mail/index.php

@@ -4,71 +4,84 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'MAIL';
-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Panel
-top_panel($user,$TAB);
 
-// Mail Domain
+// Check POST request for mail domain
 if (!empty($_POST['ok'])) {
+
+    // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
+    if (!empty($errors[0])) {
+        foreach ($errors as $i => $error) {
+            if ( $i == 0 ) {
+                $error_msg = $error;
+            } else {
+                $error_msg = $error_msg.", ".$error;
+            }
+        }
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+    }
+
+    // Check antispam option
     if (!empty($_POST['v_antispam'])) {
         $v_antispam = 'yes';
     } else {
         $v_antispam = 'no';
     }
 
+    // Check antivirus option
     if (!empty($_POST['v_antivirus'])) {
         $v_antivirus = 'yes';
     } else {
         $v_antivirus = 'no';
     }
 
+    // Check dkim option
     if (!empty($_POST['v_dkim'])) {
         $v_dkim = 'yes';
     } else {
         $v_dkim = 'no';
     }
 
-    // Protect input
+    // Set domain name to lowercase and remove www prefix
     $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
     $v_domain = escapeshellarg($v_domain);
     $v_domain = strtolower($v_domain);
 
-    // Check for errors
-    if (!empty($errors[0])) {
-        foreach ($errors as $i => $error) {
-            if ( $i == 0 ) {
-                $error_msg = $error;
-            } else {
-                $error_msg = $error_msg.", ".$error;
-            }
-        }
-        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-    } else {
-
-        // Add mail domain
+    // Add mail domain
+    if (empty($_SESSION['error_msg'])) {
         exec (VESTA_CMD."v-add-mail-domain ".$user." ".$v_domain." ".$v_antispam." ".$v_antivirus." ".$v_dkim, $output, $return_var);
         check_return_code($return_var,$output);
         unset($output);
+    }
 
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK',$_POST['v_domain'],$_POST['v_domain']);
-            unset($v_domain);
-        }
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK',$_POST['v_domain'],$_POST['v_domain']);
+        unset($v_domain);
     }
 }
 
 
-// Mail Account
+// Check POST request for mail account
 if (!empty($_POST['ok_acc'])) {
-    // Check input
+
+    // Check empty fields
     if (empty($_POST['v_domain'])) $errors[] = __('domain');
     if (empty($_POST['v_account'])) $errors[] = __('account');
     if (empty($_POST['v_password'])) $errors[] = __('password');
+    if (!empty($errors[0])) {
+        foreach ($errors as $i => $error) {
+            if ( $i == 0 ) {
+                $error_msg = $error;
+            } else {
+                $error_msg = $error_msg.", ".$error;
+            }
+        }
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+    }
 
     // Protect input
     $v_domain = escapeshellarg($_POST['v_domain']);
@@ -78,99 +91,100 @@ if (!empty($_POST['ok_acc'])) {
     $v_quota = escapeshellarg($_POST['v_quota']);
     $v_aliases = $_POST['v_aliases'];
     $v_fwd = $_POST['v_fwd'];
-
     if (empty($_POST['v_quota'])) $v_quota = 0;
     if ((!empty($_POST['v_quota'])) || (!empty($_POST['v_aliases'])) || (!empty($_POST['v_fwd'])) ) $v_adv = 'yes';
 
-    // Check for errors
-    if (!empty($errors[0])) {
-        foreach ($errors as $i => $error) {
-            if ( $i == 0 ) {
-                $error_msg = $error;
-            } else {
-                $error_msg = $error_msg.", ".$error;
-            }
-        }
-        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-    } else {
-        // Add Mail Account
+    // Add Mail Account
+    if (empty($_SESSION['error_msg'])) {
         exec (VESTA_CMD."v-add-mail-account ".$user." ".$v_domain." ".$v_account." ".$v_password." ".$v_quota, $output, $return_var);
         check_return_code($return_var,$output);
         unset($output);
+    }
 
-        // Add Aliases
-        if ((!empty($_POST['v_aliases'])) && (empty($_SESSION['error_msg']))) {
-            $valiases = preg_replace("/\n/", " ", $_POST['v_aliases']);
-            $valiases = preg_replace("/,/", " ", $valiases);
-            $valiases = preg_replace('/\s+/', ' ',$valiases);
-            $valiases = trim($valiases);
-            $aliases = explode(" ", $valiases);
-            foreach ($aliases as $alias) {
-                $alias = escapeshellarg($alias);
-                if (empty($_SESSION['error_msg'])) {
-                    exec (VESTA_CMD."v-add-mail-account-alias ".$user." ".$v_domain." ".$v_account." ".$alias, $output, $return_var);
-                    check_return_code($return_var,$output);
-                }
+    // Add Aliases
+    if ((!empty($_POST['v_aliases'])) && (empty($_SESSION['error_msg']))) {
+        $valiases = preg_replace("/\n/", " ", $_POST['v_aliases']);
+        $valiases = preg_replace("/,/", " ", $valiases);
+        $valiases = preg_replace('/\s+/', ' ',$valiases);
+        $valiases = trim($valiases);
+        $aliases = explode(" ", $valiases);
+        foreach ($aliases as $alias) {
+            $alias = escapeshellarg($alias);
+            if (empty($_SESSION['error_msg'])) {
+                exec (VESTA_CMD."v-add-mail-account-alias ".$user." ".$v_domain." ".$v_account." ".$alias, $output, $return_var);
+                check_return_code($return_var,$output);
                 unset($output);
             }
         }
+    }
 
-        // Add Forwads
-        if ((!empty($_POST['v_fwd'])) && (empty($_SESSION['error_msg']))) {
-            $vfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
-            $vfwd = preg_replace("/,/", " ", $vfwd);
-            $vfwd = preg_replace('/\s+/', ' ',$vfwd);
-            $vfwd = trim($vfwd);
-            $fwd = explode(" ", $vfwd);
-            foreach ($fwd as $forward) {
-                $forward = escapeshellarg($forward);
-                if (empty($_SESSION['error_msg'])) {
-                    exec (VESTA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." ".$forward, $output, $return_var);
-                    check_return_code($return_var,$output);
-                }
-                unset($output);
-            }
-            // Add fwd_only flag
-            if ((!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
-                exec (VESTA_CMD."v-add-mail-account-fwd-only ".$user." ".$v_domain." ".$v_account, $output, $return_var);
+    // Add Forwarders
+    if ((!empty($_POST['v_fwd'])) && (empty($_SESSION['error_msg']))) {
+        $vfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
+        $vfwd = preg_replace("/,/", " ", $vfwd);
+        $vfwd = preg_replace('/\s+/', ' ',$vfwd);
+        $vfwd = trim($vfwd);
+        $fwd = explode(" ", $vfwd);
+        foreach ($fwd as $forward) {
+            $forward = escapeshellarg($forward);
+            if (empty($_SESSION['error_msg'])) {
+                exec (VESTA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." ".$forward, $output, $return_var);
                 check_return_code($return_var,$output);
                 unset($output);
             }
         }
+    }
 
-        if (empty($_SESSION['error_msg'])) {
-            exec (VESTA_CMD."v-list-sys-config json", $output, $return_var);
-            $sys = json_decode(implode('', $output), true);
-            unset($output);
-
-            list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
-            $webmail = "http://".$http_host."/webmail/";
-            if (!empty($sys['config']['MAIL_URL'])) $webmail = $sys['config']['MAIL_URL'];
-
-            $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',strtolower($_POST['v_account']),$_POST[v_domain],strtolower($_POST['v_account']),$_POST[v_domain]);
-            $_SESSION['ok_msg'] .= " / <a href=".$webmail." target='_blank'>" . __('open webmail') . "</a>";
-            unset($v_account);
-            unset($v_password);
-            unset($v_password);
-            unset($v_aliases);
-            unset($v_fwd);
-            unset($v_quota);
-        }
+    // Add fwd_only flag
+    if ((!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-add-mail-account-fwd-only ".$user." ".$v_domain." ".$v_account, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
+
+    // Get webmail url
+    if (empty($_SESSION['error_msg'])) {
+        exec (VESTA_CMD."v-list-sys-config json", $output, $return_var);
+        $sys = json_decode(implode('', $output), true);
+        unset($output);
+        list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
+        $webmail = "http://".$http_host."/webmail/";
+        if (!empty($sys['config']['MAIL_URL'])) $webmail = $sys['config']['MAIL_URL'];
+    }
+
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',strtolower($_POST['v_account']),$_POST[v_domain],strtolower($_POST['v_account']),$_POST[v_domain]);
+        $_SESSION['ok_msg'] .= " / <a href=".$webmail." target='_blank'>" . __('open webmail') . "</a>";
+        unset($v_account);
+        unset($v_password);
+        unset($v_password);
+        unset($v_aliases);
+        unset($v_fwd);
+        unset($v_quota);
     }
 }
 
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 
-if ((empty($_GET['domain'])) && (empty($_POST['domain'])))  {
-    $v_domain = (isset($_GET['domain'])?$_GET['domain']:'');
+// Panel
+top_panel($user,$TAB);
+
+// Display body for mail domain
+if (empty($_GET['domain']))  {
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_mail.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
-} else {
+}
+
+// Display body for mail account
+if (!empty($_GET['domain']))  {
     $v_domain = $_GET['domain'];
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_mail_acc.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
 }
 
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/add/package/index.php

@@ -4,175 +4,181 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'PACKAGE';
+
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-if (empty($_SESSION['user'])) {
-    header("Location: /login/");
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
 }
 
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
-
-// Panel
-top_panel($user,$TAB);
-
-// Are you admin?
-if ($_SESSION['user'] == 'admin') {
-    if (!empty($_POST['ok'])) {
-        // Check input
-        if (empty($_POST['v_package'])) $errors[] = __('package');
-        if (empty($_POST['v_web_template'])) $errors[] = __('web template');
-        if (empty($_POST['v_proxy_template'])) $errors[] = __('proxy template');
-        if (empty($_POST['v_dns_template'])) $errors[] = __('dns template');
-        if (empty($_POST['v_shell'])) $errrors[] = __('shell');
-        if (!isset($_POST['v_web_domains'])) $errors[] = __('web domains');
-        if (!isset($_POST['v_web_aliases'])) $errors[] = __('web aliases');
-        if (!isset($_POST['v_dns_domains'])) $errors[] = __('dns domains');
-        if (!isset($_POST['v_dns_records'])) $errors[] = __('dns records');
-        if (!isset($_POST['v_mail_domains'])) $errors[] = __('mail domains');
-        if (!isset($_POST['v_mail_accounts'])) $errors[] = __('mail accounts');
-        if (!isset($_POST['v_databases'])) $errors[] = __('databases');
-        if (!isset($_POST['v_cron_jobs'])) $errors[] = __('cron jobs');
-        if (!isset($_POST['v_backups'])) $errors[] = __('backups');
-        if (!isset($_POST['v_disk_quota'])) $errors[] = __('quota');
-        if (!isset($_POST['v_bandwidth'])) $errors[] = __('bandwidth');
-        if (empty($_POST['v_ns1'])) $errors[] = __('ns1');
-        if (empty($_POST['v_ns2'])) $errors[] = __('ns2');
-
-
-        // Protect input
-        $v_package = escapeshellarg($_POST['v_package']);
-        $v_web_template = escapeshellarg($_POST['v_web_template']);
-        $v_proxy_template = escapeshellarg($_POST['v_proxy_template']);
-        $v_dns_template = escapeshellarg($_POST['v_dns_template']);
-        $v_shell = escapeshellarg($_POST['v_shell']);
-        $v_web_domains = escapeshellarg($_POST['v_web_domains']);
-        $v_web_aliases = escapeshellarg($_POST['v_web_aliases']);
-        $v_dns_domains = escapeshellarg($_POST['v_dns_domains']);
-        $v_dns_records = escapeshellarg($_POST['v_dns_records']);
-        $v_mail_domains = escapeshellarg($_POST['v_mail_domains']);
-        $v_mail_accounts = escapeshellarg($_POST['v_mail_accounts']);
-        $v_databases = escapeshellarg($_POST['v_databases']);
-        $v_cron_jobs = escapeshellarg($_POST['v_cron_jobs']);
-        $v_backups = escapeshellarg($_POST['v_backups']);
-        $v_disk_quota = escapeshellarg($_POST['v_disk_quota']);
-        $v_bandwidth = escapeshellarg($_POST['v_bandwidth']);
-        $v_ns1 = trim($_POST['v_ns1'], '.');
-        $v_ns2 = trim($_POST['v_ns2'], '.');
-        $v_ns3 = trim($_POST['v_ns3'], '.');
-        $v_ns4 = trim($_POST['v_ns4'], '.');
-        $v_ns = $v_ns1.",".$v_ns2;
-        if (!empty($v_ns3)) $v_ns .= ",".$v_ns3;
-        if (!empty($v_ns4)) $v_ns .= ",".$v_ns4;
-        $v_ns = escapeshellarg($v_ns);
-        $v_time = escapeshellarg(date('H:i:s'));
-        $v_date = escapeshellarg(date('Y-m-d'));
-
-        // Check for errors
-        if (!empty($errors[0])) {
-            foreach ($errors as $i => $error) {
-                if ( $i == 0 ) {
-                    $error_msg = $error;
-                } else {
-                    $error_msg = $error_msg.", ".$error;
-                }
+// Check POST request
+if (!empty($_POST['ok'])) {
+
+    // Check empty fields
+    if (empty($_POST['v_package'])) $errors[] = __('package');
+    if (empty($_POST['v_web_template'])) $errors[] = __('web template');
+    if (empty($_POST['v_proxy_template'])) $errors[] = __('proxy template');
+    if (empty($_POST['v_dns_template'])) $errors[] = __('dns template');
+    if (empty($_POST['v_shell'])) $errrors[] = __('shell');
+    if (!isset($_POST['v_web_domains'])) $errors[] = __('web domains');
+    if (!isset($_POST['v_web_aliases'])) $errors[] = __('web aliases');
+    if (!isset($_POST['v_dns_domains'])) $errors[] = __('dns domains');
+    if (!isset($_POST['v_dns_records'])) $errors[] = __('dns records');
+    if (!isset($_POST['v_mail_domains'])) $errors[] = __('mail domains');
+    if (!isset($_POST['v_mail_accounts'])) $errors[] = __('mail accounts');
+    if (!isset($_POST['v_databases'])) $errors[] = __('databases');
+    if (!isset($_POST['v_cron_jobs'])) $errors[] = __('cron jobs');
+    if (!isset($_POST['v_backups'])) $errors[] = __('backups');
+    if (!isset($_POST['v_disk_quota'])) $errors[] = __('quota');
+    if (!isset($_POST['v_bandwidth'])) $errors[] = __('bandwidth');
+    if (empty($_POST['v_ns1'])) $errors[] = __('ns1');
+    if (empty($_POST['v_ns2'])) $errors[] = __('ns2');
+    if (!empty($errors[0])) {
+        foreach ($errors as $i => $error) {
+            if ( $i == 0 ) {
+                $error_msg = $error;
+            } else {
+                $error_msg = $error_msg.", ".$error;
             }
-            $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-        } else {
-            exec ('mktemp -d', $output, $return_var);
-            $tmpdir = $output[0];
-            unset($output);
-
-            // Create package
-            $pkg = "WEB_TEMPLATE=".$v_web_template."\n";
-            $pkg .= "PROXY_TEMPLATE=".$v_proxy_template."\n";
-            $pkg .= "DNS_TEMPLATE=".$v_dns_template."\n";
-            $pkg .= "WEB_DOMAINS=".$v_web_domains."\n";
-            $pkg .= "WEB_ALIASES=".$v_web_aliases."\n";
-            $pkg .= "DNS_DOMAINS=".$v_dns_domains."\n";
-            $pkg .= "DNS_RECORDS=".$v_dns_records."\n";
-            $pkg .= "MAIL_DOMAINS=".$v_mail_domains."\n";
-            $pkg .= "MAIL_ACCOUNTS=".$v_mail_accounts."\n";
-            $pkg .= "DATABASES=".$v_databases."\n";
-            $pkg .= "CRON_JOBS=".$v_cron_jobs."\n";
-            $pkg .= "DISK_QUOTA=".$v_disk_quota."\n";
-            $pkg .= "BANDWIDTH=".$v_bandwidth."\n";
-            $pkg .= "NS=".$v_ns."\n";
-            $pkg .= "SHELL=".$v_shell."\n";
-            $pkg .= "BACKUPS=".$v_backups."\n";
-            $pkg .= "TIME=".$v_time."\n";
-            $pkg .= "DATE=".$v_date."\n";
-
-            // Write package
-            $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
-            fwrite($fp, $pkg);
-            fclose($fp);
-
-            // Add new package
-            if (empty($_SESSION['error_msg'])) {
-                exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-            }
-
-            // Remove tmpdir 
-            exec ('rm -rf '.$tmpdir, $output, $return_var);
-            unset($output);
-
-            // Check output
-            if (empty($_SESSION['error_msg'])) {
-                $_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK',$_POST['v_package'],$_POST['v_package']);
-                unset($v_package);
-            }
-
         }
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
     }
 
+    // Protect input
+    $v_package = escapeshellarg($_POST['v_package']);
+    $v_web_template = escapeshellarg($_POST['v_web_template']);
+    $v_proxy_template = escapeshellarg($_POST['v_proxy_template']);
+    $v_dns_template = escapeshellarg($_POST['v_dns_template']);
+    $v_shell = escapeshellarg($_POST['v_shell']);
+    $v_web_domains = escapeshellarg($_POST['v_web_domains']);
+    $v_web_aliases = escapeshellarg($_POST['v_web_aliases']);
+    $v_dns_domains = escapeshellarg($_POST['v_dns_domains']);
+    $v_dns_records = escapeshellarg($_POST['v_dns_records']);
+    $v_mail_domains = escapeshellarg($_POST['v_mail_domains']);
+    $v_mail_accounts = escapeshellarg($_POST['v_mail_accounts']);
+    $v_databases = escapeshellarg($_POST['v_databases']);
+    $v_cron_jobs = escapeshellarg($_POST['v_cron_jobs']);
+    $v_backups = escapeshellarg($_POST['v_backups']);
+    $v_disk_quota = escapeshellarg($_POST['v_disk_quota']);
+    $v_bandwidth = escapeshellarg($_POST['v_bandwidth']);
+    $v_ns1 = trim($_POST['v_ns1'], '.');
+    $v_ns2 = trim($_POST['v_ns2'], '.');
+    $v_ns3 = trim($_POST['v_ns3'], '.');
+    $v_ns4 = trim($_POST['v_ns4'], '.');
+    $v_ns = $v_ns1.",".$v_ns2;
+    if (!empty($v_ns3)) $v_ns .= ",".$v_ns3;
+    if (!empty($v_ns4)) $v_ns .= ",".$v_ns4;
+    $v_ns = escapeshellarg($v_ns);
+    $v_time = escapeshellarg(date('H:i:s'));
+    $v_date = escapeshellarg(date('Y-m-d'));
+
+    // Create temporary dir
+    if (empty($_SESSION['error_msg'])) {
+        exec ('mktemp -d', $output, $return_var);
+        $tmpdir = $output[0];
+        check_return_code($return_var,$output);
+        unset($output);
+    }
 
-    exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
-    check_error($return_var);
-    $web_templates = json_decode(implode('', $output), true);
-    unset($output);
+    // Create package file
+    if (empty($_SESSION['error_msg'])) {
+        $pkg = "WEB_TEMPLATE=".$v_web_template."\n";
+        $pkg .= "PROXY_TEMPLATE=".$v_proxy_template."\n";
+        $pkg .= "DNS_TEMPLATE=".$v_dns_template."\n";
+        $pkg .= "WEB_DOMAINS=".$v_web_domains."\n";
+        $pkg .= "WEB_ALIASES=".$v_web_aliases."\n";
+        $pkg .= "DNS_DOMAINS=".$v_dns_domains."\n";
+        $pkg .= "DNS_RECORDS=".$v_dns_records."\n";
+        $pkg .= "MAIL_DOMAINS=".$v_mail_domains."\n";
+        $pkg .= "MAIL_ACCOUNTS=".$v_mail_accounts."\n";
+        $pkg .= "DATABASES=".$v_databases."\n";
+        $pkg .= "CRON_JOBS=".$v_cron_jobs."\n";
+        $pkg .= "DISK_QUOTA=".$v_disk_quota."\n";
+        $pkg .= "BANDWIDTH=".$v_bandwidth."\n";
+        $pkg .= "NS=".$v_ns."\n";
+        $pkg .= "SHELL=".$v_shell."\n";
+        $pkg .= "BACKUPS=".$v_backups."\n";
+        $pkg .= "TIME=".$v_time."\n";
+        $pkg .= "DATE=".$v_date."\n";
+
+        $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
+        fwrite($fp, $pkg);
+        fclose($fp);
+    }
 
-    exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
-    check_error($return_var);
-    $proxy_templates = json_decode(implode('', $output), true);
-    unset($output);
+    // Add new package
+    if (empty($_SESSION['error_msg'])) {
+        exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
 
-    exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
-    check_error($return_var);
-    $dns_templates = json_decode(implode('', $output), true);
+    // Remove tmpdir 
+    exec ('rm -rf '.$tmpdir, $output, $return_var);
     unset($output);
 
-    exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
-    check_error($return_var);
-    $shells = json_decode(implode('', $output), true);
-    unset($output);
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK',$_POST['v_package'],$_POST['v_package']);
+        unset($v_package);
+    }
 
-    // Set default values
-    if (empty($v_web_template)) $v_web_template = 'default';
-    if (empty($v_proxy_template)) $v_proxy_template = 'default';
-    if (empty($v_dns_template)) $v_dns_template = 'default';
-    if (empty($v_shell)) $v_shell = 'nologin';
-    if (empty($v_web_domains)) $v_web_domains = "'0'";
-    if (empty($v_web_aliases)) $v_web_aliases = "'0'";
-    if (empty($v_dns_domains)) $v_dns_domains = "'0'";
-    if (empty($v_dns_records)) $v_dns_records = "'0'";
-    if (empty($v_mail_domains)) $v_mail_domains = "'0'";
-    if (empty($v_mail_accounts)) $v_mail_accounts = "'0'";
-    if (empty($v_databases)) $v_databases = "'0'";
-    if (empty($v_cron_jobs)) $v_cron_jobs = "'0'";
-    if (empty($v_backups)) $v_backups = "'0'";
-    if (empty($v_disk_quota)) $v_disk_quota = "'0'";
-    if (empty($v_bandwidth)) $v_bandwidth = "'0'";
-    if (empty($v_ns1)) $v_ns1 = 'ns1.example.ltd';
-    if (empty($v_ns2)) $v_ns2 = 'ns2.example.ltd';
-
-
-    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_package.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
 }
 
+
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// List web temmplates
+exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
+$web_templates = json_decode(implode('', $output), true);
+unset($output);
+
+// List web templates for proxy
+exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
+$proxy_templates = json_decode(implode('', $output), true);
+unset($output);
+
+// List DNS templates
+exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
+$dns_templates = json_decode(implode('', $output), true);
+unset($output);
+
+// List system shells
+exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
+$shells = json_decode(implode('', $output), true);
+unset($output);
+
+// Set default values
+if (empty($v_web_template)) $v_web_template = 'default';
+if (empty($v_proxy_template)) $v_proxy_template = 'default';
+if (empty($v_dns_template)) $v_dns_template = 'default';
+if (empty($v_shell)) $v_shell = 'nologin';
+if (empty($v_web_domains)) $v_web_domains = "'0'";
+if (empty($v_web_aliases)) $v_web_aliases = "'0'";
+if (empty($v_dns_domains)) $v_dns_domains = "'0'";
+if (empty($v_dns_records)) $v_dns_records = "'0'";
+if (empty($v_mail_domains)) $v_mail_domains = "'0'";
+if (empty($v_mail_accounts)) $v_mail_accounts = "'0'";
+if (empty($v_databases)) $v_databases = "'0'";
+if (empty($v_cron_jobs)) $v_cron_jobs = "'0'";
+if (empty($v_backups)) $v_backups = "'0'";
+if (empty($v_disk_quota)) $v_disk_quota = "'0'";
+if (empty($v_bandwidth)) $v_bandwidth = "'0'";
+if (empty($v_ns1)) $v_ns1 = 'ns1.example.ltd';
+if (empty($v_ns2)) $v_ns2 = 'ns2.example.ltd';
+
+// Display body
+include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_package.html');
+
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/add/user/index.php

@@ -1,110 +1,128 @@
 <?php
 // Init
+error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'USER';
+
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-if (empty($_SESSION['user'])) {
-    header("Location: /login/");
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
 }
 
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
-
-// Panel
-top_panel($user,$TAB);
-
-// Are you admin?
-if ($_SESSION['user'] == 'admin') {
-    if (!empty($_POST['ok'])) {
-        // Check input
-        if (empty($_POST['v_username'])) $errors[] = __('user');
-        if (empty($_POST['v_password'])) $errors[] = __('password');
-        if (empty($_POST['v_package'])) $errrors[] = __('package');
-        if (empty($_POST['v_email'])) $errors[] = __('email');
-        if (empty($_POST['v_fname'])) $errors[] = __('first name');
-        if (empty($_POST['v_lname'])) $errors[] = __('last name');
-
-        // Protect input
-        $v_username = escapeshellarg($_POST['v_username']);
-        $v_password = escapeshellarg($_POST['v_password']);
-        $v_email = escapeshellarg($_POST['v_email']);
-        $v_package = escapeshellarg($_POST['v_package']);
-        $v_language = escapeshellarg($_POST['v_language']);
-        $v_fname = escapeshellarg($_POST['v_fname']);
-        $v_lname = escapeshellarg($_POST['v_lname']);
-        $v_notify = $_POST['v_notify'];
-
-        // Validate email
-        if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
-            $_SESSION['error_msg'] = __('Please enter valid email address.');
-        }
+// Check POST request
+if (!empty($_POST['ok'])) {
 
-        // Check for errors
-        if (!empty($errors[0])) {
-            foreach ($errors as $i => $error) {
-                if ( $i == 0 ) {
-                    $error_msg = $error;
-                } else {
-                    $error_msg = $error_msg.", ".$error;
-                }
+    // Check empty fields
+    if (empty($_POST['v_username'])) $errors[] = __('user');
+    if (empty($_POST['v_password'])) $errors[] = __('password');
+    if (empty($_POST['v_package'])) $errrors[] = __('package');
+    if (empty($_POST['v_email'])) $errors[] = __('email');
+    if (empty($_POST['v_fname'])) $errors[] = __('first name');
+    if (empty($_POST['v_lname'])) $errors[] = __('last name');
+    if (!empty($errors[0])) {
+        foreach ($errors as $i => $error) {
+            if ( $i == 0 ) {
+                $error_msg = $error;
+            } else {
+                $error_msg = $error_msg.", ".$error;
             }
-            $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
         }
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+    }
 
-        // Check password length
-        if (empty($_SESSION['error_msg'])) {
-            $pw_len = strlen($_POST['v_password']);
-            if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
-        }
+    // Validate email
+    if ((empty($_SESSION['error_msg'])) && (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL))) {
+        $_SESSION['error_msg'] = __('Please enter valid email address.');
+    }
 
-        if (empty($_SESSION['error_msg'])) {
-            exec (VESTA_CMD."v-add-user ".$v_username." ".$v_password." ".$v_email." ".$v_package." ".$v_fname." ".$v_lname, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            if (empty($_SESSION['error_msg'])) {
-                exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
-                if (!empty($v_notify)) {
-                    $to = $_POST['v_notify'];
-                    $subject = _translate($_POST['v_language'],"Welcome to Vesta Control Panel");
-                    $hostname = exec('hostname');
-                    $from = _translate($_POST['v_language'],'MAIL_FROM',$hostname);
-                    if (!empty($_POST['v_fname'])) {
-                        $mailtext = _translate($_POST['v_language'],'GREETINGS_GORDON_FREEMAN',$_POST['v_fname'],$_POST['v_lname']);
-                    } else {
-                        $mailtext = _translate($_POST['v_language'],'GREETINGS');
-                    }
-                    $mailtext .= _translate($_POST['v_language'],'ACCOUNT_READY',$_SERVER['HTTP_HOST'],$_POST['v_username'],$_POST['v_password']);
-                    send_email($to, $subject, $mailtext, $from);
-                }
-
-                $_SESSION['ok_msg'] = __('USER_CREATED_OK',$_POST[v_username],$_POST[v_username]);
-                $_SESSION['ok_msg'] .= " / <a href=/login/?loginas=".$_POST[v_username].">" . __('login as') ." ".$_POST[v_username]. "</a>";
-                unset($v_username);
-                unset($v_password);
-                unset($v_email);
-                unset($v_fname);
-                unset($v_lname);
-                unset($v_notify);
-            }
-            unset($output);
-        }
+    // Check password length
+    if (empty($_SESSION['error_msg'])) {
+        $pw_len = strlen($_POST['v_password']);
+        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
+    }
+
+    // Protect input
+    $v_username = escapeshellarg($_POST['v_username']);
+    $v_password = escapeshellarg($_POST['v_password']);
+    $v_email = escapeshellarg($_POST['v_email']);
+    $v_package = escapeshellarg($_POST['v_package']);
+    $v_language = escapeshellarg($_POST['v_language']);
+    $v_fname = escapeshellarg($_POST['v_fname']);
+    $v_lname = escapeshellarg($_POST['v_lname']);
+    $v_notify = $_POST['v_notify'];
+
+
+    // Add user
+    if (empty($_SESSION['error_msg'])) {
+        exec (VESTA_CMD."v-add-user ".$v_username." ".$v_password." ".$v_email." ".$v_package." ".$v_fname." ".$v_lname, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
     }
 
-    exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
-    check_error($return_var);
-    $data = json_decode(implode('', $output), true);
-    unset($output);
+    // Set language
+    if (empty($_SESSION['error_msg'])) {
+        exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
 
-    exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
-    $languages = json_decode(implode('', $output), true);
-    unset($output);
+    // Send email to the new user
+    if ((empty($_SESSION['error_msg'])) && (!empty($v_notify))) {
+        $to = $_POST['v_notify'];
+        $subject = _translate($_POST['v_language'],"Welcome to Vesta Control Panel");
+        $hostname = exec('hostname');
+        unset($output);
+        $from = _translate($_POST['v_language'],'MAIL_FROM',$hostname);
+        if (!empty($_POST['v_fname'])) {
+            $mailtext = _translate($_POST['v_language'],'GREETINGS_GORDON_FREEMAN',$_POST['v_fname'],$_POST['v_lname']);
+        } else {
+            $mailtext = _translate($_POST['v_language'],'GREETINGS');
+        }
+        $mailtext .= _translate($_POST['v_language'],'ACCOUNT_READY',$_SERVER['HTTP_HOST'],$_POST['v_username'],$_POST['v_password']);
+        send_email($to, $subject, $mailtext, $from);
+    }
 
-    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_user.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
+    // Flush field values on success
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('USER_CREATED_OK',$_POST['v_username'],$_POST['v_username']);
+        $_SESSION['ok_msg'] .= " / <a href=/login/?loginas=".$_POST['v_username'].">" . __('login as') ." ".$_POST['v_username']. "</a>";
+        unset($v_username);
+        unset($v_password);
+        unset($v_email);
+        unset($v_fname);
+        unset($v_lname);
+        unset($v_notify);
+    }
 }
 
+
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// List hosting packages
+exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
+check_error($return_var);
+$data = json_decode(implode('', $output), true);
+unset($output);
+
+// List languages
+exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
+$languages = json_decode(implode('', $output), true);
+unset($output);
+
+// Display body
+include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_user.html');
+
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/edit/backup/exclusions/index.php

@@ -3,116 +3,129 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-
 $TAB = 'BACKUP EXCLUSIONS';
-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 
-// Panel
-top_panel($user,$TAB);
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 
+// List backup exclustions
 exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var);
 check_return_code($return_var,$output);
-if (empty($_SESSION['error_msg'])) {
-    $data = json_decode(implode('', $output), true);
-    unset($output);
-    $v_username = $user;
-
-    foreach ($data['WEB'] as $key => $value) {
-        if (!empty($value)){
-            $v_web .= $key . ":" . $value. "\n";
-        } else {
-            $v_web .= $key . "\n";
-        }
+$data = json_decode(implode('', $output), true);
+unset($output);
+
+// Parse web
+$v_username = $user;
+foreach ($data['WEB'] as $key => $value) {
+    if (!empty($value)){
+        $v_web .= $key . ":" . $value. "\n";
+    } else {
+        $v_web .= $key . "\n";
     }
+}
 
-    foreach ($data['DNS'] as $key => $value) {
-        if (!empty($value)){
-            $v_dns .= $key . ":" . $value. "\n";
-        } else {
-            $v_dns .= $key . "\n";
-        }
+// Parse dns
+foreach ($data['DNS'] as $key => $value) {
+    if (!empty($value)){
+        $v_dns .= $key . ":" . $value. "\n";
+    } else {
+        $v_dns .= $key . "\n";
     }
+}
 
-    foreach ($data['MAIL'] as $key => $value) {
-        if (!empty($value)){
-            $v_mail .= $key . ":" . $value. "\n";
-        } else {
-            $v_mail .= $key . "\n";
-        }
+// Parse mail
+foreach ($data['MAIL'] as $key => $value) {
+    if (!empty($value)){
+        $v_mail .= $key . ":" . $value. "\n";
+    } else {
+        $v_mail .= $key . "\n";
     }
+}
 
-    foreach ($data['DB'] as $key => $value) {
-        if (!empty($value)){
-            $v_db .= $key . ":" . $value. "\n";
-        } else {
-            $v_db .= $key . "\n";
-        }
+// Parse databases
+foreach ($data['DB'] as $key => $value) {
+    if (!empty($value)){
+        $v_db .= $key . ":" . $value. "\n";
+    } else {
+        $v_db .= $key . "\n";
     }
+}
 
-    foreach ($data['USER'] as $key => $value) {
-        if (!empty($value)){
-            $v_userdir .= $key . ":" . $value. "\n";
-        } else {
-            $v_userdir .= $key . "\n";
-        }
+// Parse user directories
+foreach ($data['USER'] as $key => $value) {
+    if (!empty($value)){
+        $v_userdir .= $key . ":" . $value. "\n";
+    } else {
+        $v_userdir .= $key . "\n";
     }
+}
 
+// Check POST request
+if (!empty($_POST['save'])) {
+    $v_web = $_POST['v_web'];
+    $v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']);
+    $v_web_tmp = rtrim($v_web_tmp, ",");
+    $v_web_tmp = "WEB=" . escapeshellarg($v_web_tmp);
+
+    $v_dns = $_POST['v_dns'];
+    $v_dns_tmp = str_replace("\r\n", ",", $_POST['v_dns']);
+    $v_dns_tmp = rtrim($v_dns_tmp, ",");
+    $v_dns_tmp = "DNS=" . escapeshellarg($v_dns_tmp);
+
+    $v_mail = $_POST['v_mail'];
+    $v_mail_tmp = str_replace("\r\n", ",", $_POST['v_mail']);
+    $v_mail_tmp = rtrim($v_mail_tmp, ",");
+    $v_mail_tmp = "MAIL=" . escapeshellarg($v_mail_tmp);
+
+    $v_db = $_POST['v_db'];
+    $v_db_tmp = str_replace("\r\n", ",", $_POST['v_db']);
+    $v_db_tmp = rtrim($v_db_tmp, ",");
+    $v_db_tmp = "DB=" . escapeshellarg($v_db_tmp);
+
+    $v_cron = $_POST['v_cron'];
+    $v_cron_tmp = str_replace("\r\n", ",", $_POST['v_cron']);
+    $v_cron_tmp = rtrim($v_cron_tmp, ",");
+    $v_cron_tmp = "CRON=" . escapeshellarg($v_cron_tmp);
+
+    $v_userdir = $_POST['v_userdir'];
+    $v_userdir_tmp = str_replace("\r\n", ",", $_POST['v_userdir']);
+    $v_userdir_tmp = rtrim($v_userdir_tmp, ",");
+    $v_userdir_tmp = "USER=" . escapeshellarg($v_userdir_tmp);
+
+    // Create temporary exeption list on a filesystem
+    exec ('mktemp', $mktemp_output, $return_var);
+    $tmp = $mktemp_output[0];
+    $fp = fopen($tmp, 'w');
+    fwrite($fp, $v_web_tmp . "\n" . $v_dns_tmp . "\n" . $v_mail_tmp . "\n" .  $v_db_tmp . "\n" . $v_userdir_tmp . "\n");
+    fclose($fp);
+    unset($mktemp_output);
+
+    // Save changes
+    exec (VESTA_CMD."v-update-user-backup-exclusions ".$user." ".$tmp, $output, $return_var);
+    check_return_code($return_var,$output);
+    unset($output);
 
-    // Action
-    if (!empty($_POST['save'])) {
-
-        $v_web = $_POST['v_web'];
-        $v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']);
-        $v_web_tmp = rtrim($v_web_tmp, ",");
-        $v_web_tmp = "WEB=" . escapeshellarg($v_web_tmp);
-
-        $v_dns = $_POST['v_dns'];
-        $v_dns_tmp = str_replace("\r\n", ",", $_POST['v_dns']);
-        $v_dns_tmp = rtrim($v_dns_tmp, ",");
-        $v_dns_tmp = "DNS=" . escapeshellarg($v_dns_tmp);
-
-        $v_mail = $_POST['v_mail'];
-        $v_mail_tmp = str_replace("\r\n", ",", $_POST['v_mail']);
-        $v_mail_tmp = rtrim($v_mail_tmp, ",");
-        $v_mail_tmp = "MAIL=" . escapeshellarg($v_mail_tmp);
-
-        $v_db = $_POST['v_db'];
-        $v_db_tmp = str_replace("\r\n", ",", $_POST['v_db']);
-        $v_db_tmp = rtrim($v_db_tmp, ",");
-        $v_db_tmp = "DB=" . escapeshellarg($v_db_tmp);
-
-        $v_cron = $_POST['v_cron'];
-        $v_cron_tmp = str_replace("\r\n", ",", $_POST['v_cron']);
-        $v_cron_tmp = rtrim($v_cron_tmp, ",");
-        $v_cron_tmp = "CRON=" . escapeshellarg($v_cron_tmp);
-
-        $v_userdir = $_POST['v_userdir'];
-        $v_userdir_tmp = str_replace("\r\n", ",", $_POST['v_userdir']);
-        $v_userdir_tmp = rtrim($v_userdir_tmp, ",");
-        $v_userdir_tmp = "USER=" . escapeshellarg($v_userdir_tmp);
-
-        exec ('mktemp', $mktemp_output, $return_var);
-        $tmp = $mktemp_output[0];
-        $fp = fopen($tmp, 'w');
-        fwrite($fp, $v_web_tmp . "\n" . $v_dns_tmp . "\n" . $v_mail_tmp . "\n" .  $v_db_tmp . "\n" . $v_userdir_tmp . "\n");
-        fclose($fp);
-        exec (VESTA_CMD."v-update-user-backup-exclusions ".$user." ".$tmp, $output, $return_var);
-        check_return_code($return_var,$output);
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __("Changes has been saved.");
-        }
+    // Set success message
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __("Changes has been saved.");
     }
 }
 
+
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_backup_exclusions.html');
+
+// Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 

web/edit/cron/index.php

@@ -3,73 +3,79 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-
 $TAB = 'CRON';
-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 
-// Panel
-top_panel($user,$TAB);
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 
-// Check user argument?
+// Check job id
 if (empty($_GET['job'])) {
     header("Location: /list/cron/");
     exit;
 }
 
+// List cron job
 $v_job = escapeshellarg($_GET['job']);
 exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var);
 check_return_code($return_var,$output);
-if (empty($_SESSION['error_msg'])) {
-    $data = json_decode(implode('', $output), true);
-    unset($output);
+$data = json_decode(implode('', $output), true);
+unset($output);
+
+// Parse cron job
+$v_username = $user;
+$v_job = $_GET['job'];
+$v_min = $data[$v_job]['MIN'];
+$v_hour = $data[$v_job]['HOUR'];
+$v_day = $data[$v_job]['DAY'];
+$v_month = $data[$v_job]['MONTH'];
+$v_wday = $data[$v_job]['WDAY'];
+$v_cmd = $data[$v_job]['CMD'];
+$v_date = $data[$v_job]['DATE'];
+$v_time = $data[$v_job]['TIME'];
+$v_suspended = $data[$v_job]['SUSPENDED'];
+if ( $v_suspended == 'yes' ) {
+    $v_status =  'suspended';
+} else {
+    $v_status =  'active';
+}
+
+// Check POST request
+if (!empty($_POST['save'])) {
     $v_username = $user;
-    $v_job = $_GET['job'];
-    $v_min = $data[$v_job]['MIN'];
-    $v_hour = $data[$v_job]['HOUR'];
-    $v_day = $data[$v_job]['DAY'];
-    $v_month = $data[$v_job]['MONTH'];
-    $v_wday = $data[$v_job]['WDAY'];
-    $v_cmd = $data[$v_job]['CMD'];
-    $v_date = $data[$v_job]['DATE'];
-    $v_time = $data[$v_job]['TIME'];
-    $v_suspended = $data[$v_job]['SUSPENDED'];
-    if ( $v_suspended == 'yes' ) {
-        $v_status =  'suspended';
-    } else {
-        $v_status =  'active';
-    }
+    $v_min = escapeshellarg($_POST['v_min']);
+    $v_hour = escapeshellarg($_POST['v_hour']);
+    $v_day = escapeshellarg($_POST['v_day']);
+    $v_month = escapeshellarg($_POST['v_month']);
+    $v_wday = escapeshellarg($_POST['v_wday']);
+    $v_cmd = escapeshellarg($_POST['v_cmd']);
+
+    // Save changes
+    exec (VESTA_CMD."v-change-cron-job ".$v_username." ".$v_job." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
+    check_return_code($return_var,$output);
+    unset($output);
 
-    // Action
-    if (!empty($_POST['save'])) {
-        $v_username = $user;
-        // Change job
-        if (($v_min != $_POST['v_min']) || ($v_hour != $_POST['v_hour']) || ($v_day != $_POST['v_day']) || ($v_month != $_POST['v_month']) || ($v_wday != $_POST['v_wday']) || ($v_cmd != $_POST['v_cmd']) &&(empty($_SESSION['error_msg']))) {
-            $v_min = escapeshellarg($_POST['v_min']);
-            $v_hour = escapeshellarg($_POST['v_hour']);
-            $v_day = escapeshellarg($_POST['v_day']);
-            $v_month = escapeshellarg($_POST['v_month']);
-            $v_wday = escapeshellarg($_POST['v_wday']);
-            $v_cmd = escapeshellarg($_POST['v_cmd']);
-            exec (VESTA_CMD."v-change-cron-job ".$v_username." ".$v_job." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            $v_cmd = $_POST['v_cmd'];
-        }
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __("Changes has been saved.");
-        }
+    $v_cmd = $_POST['v_cmd'];
+
+    // Set success message
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __("Changes has been saved.");
     }
 }
 
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_cron.html');
+
+// Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 

web/edit/db/index.php

@@ -3,8 +3,8 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-
 $TAB = 'DB';
+
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Header
@@ -13,6 +13,7 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 
+// Check database id
 if (empty($_GET['database'])) {
     header("Location: /list/db/");
     exit;
@@ -23,69 +24,63 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 
+// List datbase
 $v_database = escapeshellarg($_GET['database']);
 exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var);
 check_return_code($return_var,$output);
-if (empty($_SESSION['error_msg'])) {
-    $data = json_decode(implode('', $output), true);
-    unset($output);
+$data = json_decode(implode('', $output), true);
+unset($output);
+
+// Parse database
+$v_username = $user;
+$v_database = $_GET['database'];
+$v_dbuser = $data[$v_database]['DBUSER'];
+$v_password = "••••••••";
+$v_host = $data[$v_database]['HOST'];
+$v_type = $data[$v_database]['TYPE'];
+$v_charset = $data[$v_database]['CHARSET'];
+$v_date = $data[$v_database]['DATE'];
+$v_time = $data[$v_database]['TIME'];
+$v_suspended = $data[$v_database]['SUSPENDED'];
+if ( $v_suspended == 'yes' ) {
+    $v_status =  'suspended';
+} else {
+    $v_status =  'active';
+}
+
+// Check POST request
+if (!empty($_POST['save'])) {
     $v_username = $user;
-    $v_database = $_GET['database'];
-    $v_dbuser = $data[$v_database]['DBUSER'];
-    $v_password = "••••••••";
-    $v_host = $data[$v_database]['HOST'];
-    $v_type = $data[$v_database]['TYPE'];
-    $v_charset = $data[$v_database]['CHARSET'];
-    $v_date = $data[$v_database]['DATE'];
-    $v_time = $data[$v_database]['TIME'];
-    $v_suspended = $data[$v_database]['SUSPENDED'];
-    if ( $v_suspended == 'yes' ) {
-        $v_status =  'suspended';
-    } else {
-        $v_status =  'active';
-    }
 
-    // Action
-    if (!empty($_POST['save'])) {
-        $v_username = $user;
+    // Change database user
+    if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
+        $v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
+        $v_dbuser = escapeshellarg($v_dbuser);
+        exec (VESTA_CMD."v-change-database-user ".$v_username." ".$v_database." ".$v_dbuser, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_dbuser = $user."_".preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
+    }
 
-        // Change database username
-        if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
-            $v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
-            $v_dbuser = escapeshellarg($v_dbuser);
-            if ($v_password != $_POST['v_password']) {
-                // Change username and password
-                $v_password = escapeshellarg($_POST['v_password']);
-                exec (VESTA_CMD."v-change-database-user ".$v_username." ".$v_database." ".$v_dbuser." ".$v_password, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-                $v_dbuser = $user."_".preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
-                $v_password = "••••••••";
-                $v_pw_changed = 'yes';
-            } else {
-                // Change only username
-                exec (VESTA_CMD."v-change-database-user ".$v_username." ".$v_database." ".$v_dbuser, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-                $v_dbuser = $user."_".preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
-            }
-        }
+    // Change database password
+    if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
+        $v_password = escapeshellarg($_POST['v_password']);
+        exec (VESTA_CMD."v-change-database-password ".$v_username." ".$v_database." ".$v_password, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_password = "••••••••";
+        unset($output);
+    }
 
-        // Change only database password
-        if (($v_password != $_POST['v_password']) && (!isset($v_pw_changed)) && (empty($_SESSION['error_msg']))) {
-            $v_password = escapeshellarg($_POST['v_password']);
-            exec (VESTA_CMD."v-change-database-password ".$v_username." ".$v_database." ".$v_password, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_password = "••••••••";
-            unset($output);
-        }
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('Changes has been saved.');
-        }
+    // Set success message
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('Changes has been saved.');
     }
 }
 
+// Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_db.html');
+
+// Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 

web/edit/dns/index.php

@@ -3,17 +3,11 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-
 $TAB = 'DNS';
-include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 
-// Panel
-top_panel($user,$TAB);
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Check user argument?
+// Check domain name
 if (empty($_GET['domain'])) {
     header("Location: /list/dns/");
     exit;
@@ -24,163 +18,194 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
 
-// Check domain
+// List dns domain
 if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
     $v_domain = escapeshellarg($_GET['domain']);
     exec (VESTA_CMD."v-list-dns-domain ".$user." ".$v_domain." json", $output, $return_var);
     check_return_code($return_var,$output);
-    if (empty($_SESSION['error_msg'])) {
-        $data = json_decode(implode('', $output), true);
-        unset($output);
-        $v_username = $user;
-        $v_domain = $_GET['domain'];
-        $v_ip = $data[$v_domain]['IP'];
-        $v_template = $data[$v_domain]['TPL'];
-        $v_ttl = $data[$v_domain]['TTL'];
-        $v_exp = $data[$v_domain]['EXP'];
-        $v_soa = $data[$v_domain]['SOA'];
-        $v_date = $data[$v_domain]['DATE'];
-        $v_time = $data[$v_domain]['TIME'];
-        $v_suspended = $data[$v_domain]['SUSPENDED'];
-        if ( $v_suspended == 'yes' ) {
-            $v_status =  'suspended';
-        } else {
-            $v_status =  'active';
-        }
-        exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
-        $templates = json_decode(implode('', $output), true);
-        unset($output);
+    $data = json_decode(implode('', $output), true);
+    unset($output);
+
+    // Parse dns domain
+    $v_username = $user;
+    $v_domain = $_GET['domain'];
+    $v_ip = $data[$v_domain]['IP'];
+    $v_template = $data[$v_domain]['TPL'];
+    $v_ttl = $data[$v_domain]['TTL'];
+    $v_exp = $data[$v_domain]['EXP'];
+    $v_soa = $data[$v_domain]['SOA'];
+    $v_date = $data[$v_domain]['DATE'];
+    $v_time = $data[$v_domain]['TIME'];
+    $v_suspended = $data[$v_domain]['SUSPENDED'];
+    if ( $v_suspended == 'yes' ) {
+        $v_status =  'suspended';
+    } else {
+        $v_status =  'active';
     }
 
-    // Action
-    if (!empty($_POST['save'])) {
-        $v_domain = escapeshellarg($_POST['v_domain']);
-
-        // IP
-        if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
-            $v_ip = escapeshellarg($_POST['v_ip']);
-            exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            $restart_dns = 'yes';
-            unset($output);
-        }
-
-        // Template
-        if (( $_SESSION['user'] == 'admin') && ($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
-            $v_template = escapeshellarg($_POST['v_template']);
-            exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            $restart_dns = 'yes';
-        }
-
-        // SOA
-        if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) {
-            $v_soa = escapeshellarg($_POST['v_soa']);
-            exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            $restart_dns = 'yes';
-        }
-
-        // EXP
-        if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) {
-            $v_exp = escapeshellarg($_POST['v_exp']);
-            exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            $restart_dns = 'yes';
-        }
-
-        // TTL
-        if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) {
-            $v_ttl = escapeshellarg($_POST['v_ttl']);
-            exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            $restart_dns = 'yes';
-        }
-
-        // Restart dns
-        if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-restart-dns", $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-        }
-
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('Changes has been saved.');
-        }
-    }
+    // List dns templates
+    exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
+    $templates = json_decode(implode('', $output), true);
+    unset($output);
+}
 
-    if ($_SESSION['user'] == 'admin') {
-        include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_dns.html');
-    } else {
-        include($_SERVER['DOCUMENT_ROOT'].'/templates/user/edit_dns.html');
-    }
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
-} else {
+// List dns record
+if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
     $v_domain = escapeshellarg($_GET['domain']);
     $v_record_id = escapeshellarg($_GET['record_id']);
     exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var);
     check_return_code($return_var,$output);
+    $data = json_decode(implode('', $output), true);
+    unset($output);
+
+    // Parse dns record
+    $v_username = $user;
+    $v_domain = $_GET['domain'];
+    $v_record_id = $_GET['record_id'];
+    $v_rec = $data[$v_record_id]['RECORD'];
+    $v_type = $data[$v_record_id]['TYPE'];
+    $v_val = $data[$v_record_id]['VALUE'];
+    $v_priority = $data[$v_record_id]['PRIORITY'];
+    $v_suspended = $data[$v_record_id]['SUSPENDED'];
+    if ( $v_suspended == 'yes' ) {
+        $v_status =  'suspended';
+    } else {
+        $v_status =  'active';
+    }
+    $v_date = $data[$v_record_id]['DATE'];
+    $v_time = $data[$v_record_id]['TIME'];
+}
+
+// Check POST request for dns domain
+if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
+    $v_domain = escapeshellarg($_POST['v_domain']);
+
+    // Change domain IP
+    if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
+        $v_ip = escapeshellarg($_POST['v_ip']);
+        exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
+        check_return_code($return_var,$output);
+        $restart_dns = 'yes';
+        unset($output);
+    }
+
+    // Change domain template
+    if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
+        $v_template = escapeshellarg($_POST['v_template']);
+        exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $restart_dns = 'yes';
+    }
+
+    // Change SOA record
+    if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) {
+        $v_soa = escapeshellarg($_POST['v_soa']);
+        exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $restart_dns = 'yes';
+    }
+
+    // Change expiriation date
+    if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) {
+        $v_exp = escapeshellarg($_POST['v_exp']);
+        exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
+
+    // Change domain ttl
+    if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) {
+        $v_ttl = escapeshellarg($_POST['v_ttl']);
+        exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $restart_dns = 'yes';
+    }
+
+    // Restart dns server
+    if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
+
+    // Set success message
     if (empty($_SESSION['error_msg'])) {
-        $data = json_decode(implode('', $output), true);
+        $_SESSION['ok_msg'] = __('Changes has been saved.');
+    }
+}
+
+// Check POST request for dns record
+if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
+    // Protect input
+    $v_domain = escapeshellarg($_POST['v_domain']);
+    $v_record_id = escapeshellarg($_POST['v_record_id']);
+
+    // Change dns record
+    if (($v_val != $_POST['v_val']) || ($v_priority != $_POST['v_priority']) && (empty($_SESSION['error_msg']))) {
+        $v_val = escapeshellarg($_POST['v_val']);
+        $v_priority = escapeshellarg($_POST['v_priority']);
+        exec (VESTA_CMD."v-change-dns-record ".$v_username." ".$v_domain." ".$v_record_id." ".$v_val." ".$v_priority, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_val = $_POST['v_val'];
+        unset($output);
+        $restart_dns = 'yes';
+    }
+
+    // Change dns record id
+    if (($_GET['record_id'] != $_POST['v_record_id']) && (empty($_SESSION['error_msg']))) {
+        $v_old_record_id = escapeshellarg($_GET['record_id']);
+        exec (VESTA_CMD."v-change-dns-record-id ".$v_username." ".$v_domain." ".$v_old_record_id." ".$v_record_id, $output, $return_var);
+        check_return_code($return_var,$output);
         unset($output);
-        $v_username = $user;
-        $v_domain = $_GET['domain'];
-        $v_record_id = $_GET['record_id'];
-        $v_rec = $data[$v_record_id]['RECORD'];
-        $v_type = $data[$v_record_id]['TYPE'];
-        $v_val = $data[$v_record_id]['VALUE'];
-        $v_priority = $data[$v_record_id]['PRIORITY'];
-        $v_suspended = $data[$v_record_id]['SUSPENDED'];
-        if ( $v_suspended == 'yes' ) {
-            $v_status =  'suspended';
-        } else {
-            $v_status =  'active';
-        }
-        $v_date = $data[$v_record_id]['DATE'];
-        $v_time = $data[$v_record_id]['TIME'];
+        $restart_dns = 'yes';
+    }
+
+    // Restart dns server
+    if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
+
+    // Set success message
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('Changes has been saved.');
     }
 
-    // Action
-    if (!empty($_POST['save'])) {
-        $v_domain = escapeshellarg($_POST['v_domain']);
-        $v_record_id = escapeshellarg($_POST['v_record_id']);
-        if (($v_val != $_POST['v_val']) || ($v_priority != $_POST['v_priority']) && (empty($_SESSION['error_msg']))) {
-            $v_val = escapeshellarg($_POST['v_val']);
-            $v_priority = escapeshellarg($_POST['v_priority']);
-            exec (VESTA_CMD."v-change-dns-record ".$v_username." ".$v_domain." ".$v_record_id." ".$v_val." ".$v_priority, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_val = $_POST['v_val'];
-            $restart_dns = 'yes';
-            unset($output);
-        }
-
-        if (($_GET['record_id'] != $_POST['v_record_id']) && (empty($_SESSION['error_msg']))) {
-            $v_old_record_id = escapeshellarg($_GET['record_id']);
-            exec (VESTA_CMD."v-change-dns-record-id ".$v_username." ".$v_domain." ".$v_old_record_id." ".$v_record_id, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-        }
-
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('Changes has been saved.');
-        }
-
-        if ((empty($_SESSION['error_msg'])) && ($_GET['record_id'] != $_POST['v_record_id'])) {
-            header("Location: /edit/dns/?domain=".$_GET['domain']."&record_id=".$_POST['v_record_id']);
-            exit;
-        }
+    // Change url if record id was changed
+    if ((empty($_SESSION['error_msg'])) && ($_GET['record_id'] != $_POST['v_record_id'])) {
+        header("Location: /edit/dns/?domain=".$_GET['domain']."&record_id=".$_POST['v_record_id']);
+        exit;
     }
+}
+
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Display body for dns domain
+if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
+    if ($_SESSION['user'] == 'admin') {
+        include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_dns.html');
+    } else {
+        include($_SERVER['DOCUMENT_ROOT'].'/templates/user/edit_dns.html');
+    }
+}
 
+// List dns record
+if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
+    // Display body for dns record
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_dns_rec.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
 }
 
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
 
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/edit/ip/index.php

@@ -3,107 +3,114 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-
 $TAB = 'IP';
+
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
+}
 
-// Panel
-top_panel($user,$TAB);
+// Check ip argument
+if (empty($_GET['ip'])) {
+    header("Location: /list/ip/");
+    exit;
+}
 
-// Are you admin?
-if ($_SESSION['user'] == 'admin') {
+// List ip
+$v_ip = escapeshellarg($_GET['ip']);
+exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var);
+check_return_code($return_var,$output);
+$data = json_decode(implode('', $output), true);
+unset($output);
 
-    // Check user argument?
-    if (empty($_GET['ip'])) {
-        header("Location: /list/ip/");
-        exit;
+// Parse ip
+$v_username = $user;
+$v_ip = $_GET['ip'];
+$v_netmask = $data[$v_ip]['NETMASK'];
+$v_interace = $data[$v_ip]['INTERFACE'];
+$v_name = $data[$v_ip]['NAME'];
+$v_nat = $data[$v_ip]['NAT'];
+$v_ipstatus = $data[$v_ip]['STATUS'];
+if ($v_ipstatus == 'dedicated') $v_dedicated = 'yes';
+$v_owner = $data[$v_ip]['OWNER'];
+$v_date = $data[$v_ip]['DATE'];
+$v_time = $data[$v_ip]['TIME'];
+$v_suspended = $data[$v_ip]['SUSPENDED'];
+if ( $v_suspended == 'yes' ) {
+    $v_status =  'suspended';
+} else {
+    $v_status =  'active';
+}
+
+// List users
+exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
+$users = json_decode(implode('', $output), true);
+unset($output);
+
+// Check POST request
+if (!empty($_POST['save'])) {
+    $v_ip = escapeshellarg($_POST['v_ip']);
+
+    // Change Status
+    if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_dedicated = 'yes'; 
+    }
+    if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        unset($v_dedicated);
     }
 
-    $v_ip = escapeshellarg($_GET['ip']);
-    exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var);
-    check_return_code($return_var,$output);
-    if (empty($_SESSION['error_msg'])) {
-        $data = json_decode(implode('', $output), true);
+    // Change owner
+    if (($v_owner != $_POST['v_owner']) && (empty($_SESSION['error_msg']))) {
+        $v_owner = escapeshellarg($_POST['v_owner']);
+        exec (VESTA_CMD."v-change-sys-ip-owner ".$v_ip." ".$v_owner, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_owner = $_POST['v_owner'];
         unset($output);
-        $v_username = $user;
-        $v_ip = $_GET['ip'];
-        $v_netmask = $data[$v_ip]['NETMASK'];
-        $v_interace = $data[$v_ip]['INTERFACE'];
-        $v_name = $data[$v_ip]['NAME'];
-        $v_nat = $data[$v_ip]['NAT'];
-        $v_ipstatus = $data[$v_ip]['STATUS'];
-        if ($v_ipstatus == 'dedicated') $v_dedicated = 'yes';
-        $v_owner = $data[$v_ip]['OWNER'];
-        $v_date = $data[$v_ip]['DATE'];
-        $v_time = $data[$v_ip]['TIME'];
-        $v_suspended = $data[$v_ip]['SUSPENDED'];
-        if ( $v_suspended == 'yes' ) {
-            $v_status =  'suspended';
-        } else {
-            $v_status =  'active';
-        }
-
-        exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
-        $users = json_decode(implode('', $output), true);
+    }
+
+    // Change associated domain
+    if (($v_name != $_POST['v_name']) && (empty($_SESSION['error_msg']))) {
+        $v_name = escapeshellarg($_POST['v_name']);
+        exec (VESTA_CMD."v-change-sys-ip-name ".$v_ip." ".$v_name, $output, $return_var);
+        check_return_code($return_var,$output);
         unset($output);
+    }
 
-        // Action
-        if (!empty($_POST['save'])) {
-            $v_username = $user;
-            $v_ip = escapeshellarg($_POST['v_ip']);
-
-            // Change Status
-            if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
-                exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-                $v_dedicated = 'yes'; 
-            }
-            if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) {
-                exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-                unset($v_dedicated);
-            }
-
-            // Change owner
-            if (($v_owner != $_POST['v_owner']) && (empty($_SESSION['error_msg']))) {
-                $v_owner = escapeshellarg($_POST['v_owner']);
-                exec (VESTA_CMD."v-change-sys-ip-owner ".$v_ip." ".$v_owner, $output, $return_var);
-                check_return_code($return_var,$output);
-                $v_owner = $_POST['v_owner'];
-                unset($output);
-            }
-
-            // Change Name
-            if (($v_name != $_POST['v_name']) && (empty($_SESSION['error_msg']))) {
-                $v_name = escapeshellarg($_POST['v_name']);
-                exec (VESTA_CMD."v-change-sys-ip-name ".$v_ip." ".$v_name, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-            }
-
-            // Change Nat
-            if (($v_nat != $_POST['v_nat']) && (empty($_SESSION['error_msg']))) {
-                $v_nat = escapeshellarg($_POST['v_nat']);
-                exec (VESTA_CMD."v-change-sys-ip-nat ".$v_ip." ".$v_nat, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-            }
-
-            if (empty($_SESSION['error_msg'])) {
-                $_SESSION['ok_msg'] = __('Changes has been saved.');
-            }
-        }
+    // Change NAT address
+    if (($v_nat != $_POST['v_nat']) && (empty($_SESSION['error_msg']))) {
+        $v_nat = escapeshellarg($_POST['v_nat']);
+        exec (VESTA_CMD."v-change-sys-ip-nat ".$v_ip." ".$v_nat, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
     }
 
-    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_ip.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
+    // Set success message
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('Changes has been saved.');
+    }
 }
 
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Display body
+include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_ip.html');
+
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/edit/mail/index.php

@@ -3,8 +3,8 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-
 $TAB = 'MAIL';
+
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Header
@@ -13,7 +13,7 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 
-// Check user argument?
+// Check domain argument
 if (empty($_GET['domain'])) {
     header("Location: /list/mail/");
     exit;
@@ -23,272 +23,289 @@ if (empty($_GET['domain'])) {
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
 }
+$v_username = $user;
 
-// Check domain
+// List mail domain
 if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
     $v_domain = escapeshellarg($_GET['domain']);
     exec (VESTA_CMD."v-list-mail-domain ".$user." ".$v_domain." json", $output, $return_var);
-    check_return_code($return_var,$output);
-    if (empty($_SESSION['error_msg'])) {
-        $data = json_decode(implode('', $output), true);
+    $data = json_decode(implode('', $output), true);
+    unset($output);
+
+    // Parse domain
+    $v_domain = $_GET['domain'];
+    $v_antispam = $data[$v_domain]['ANTISPAM'];
+    $v_antivirus = $data[$v_domain]['ANTIVIRUS'];
+    $v_dkim = $data[$v_domain]['DKIM'];
+    $v_catchall = $data[$v_domain]['CATCHALL'];
+    $v_date = $data[$v_domain]['DATE'];
+    $v_time = $data[$v_domain]['TIME'];
+    $v_suspended = $data[$v_domain]['SUSPENDED'];
+    if ( $v_suspended == 'yes' ) {
+        $v_status =  'suspended';
+    } else {
+        $v_status =  'active';
+    }
+}
+
+// List mail account
+if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
+    $v_domain = escapeshellarg($_GET['domain']);
+    $v_account = escapeshellarg($_GET['account']);
+    exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var);
+    $data = json_decode(implode('', $output), true);
+    unset($output);
+
+    // Parse mail account
+    $v_username = $user;
+    $v_domain = $_GET['domain'];
+    $v_account = $_GET['account'];
+    $v_password = "••••••••";
+    $v_aliases = str_replace(',', "\n", $data[$v_account]['ALIAS']);
+    $valiases = explode(",", $data[$v_account]['ALIAS']);
+    $v_fwd = str_replace(',', "\n", $data[$v_account]['FWD']);
+    $vfwd = explode(",", $data[$v_account]['FWD']);
+    $v_fwd_only = $data[$v_account]['FWD_ONLY'];
+    $v_quota = $data[$v_account]['QUOTA'];
+    $v_autoreply = $data[$v_account]['AUTOREPLY'];
+    $v_suspended = $data[$v_account]['SUSPENDED'];
+    if ( $v_suspended == 'yes' ) {
+        $v_status =  'suspended';
+    } else {
+        $v_status =  'active';
+    }
+    $v_date = $data[$v_account]['DATE'];
+    $v_time = $data[$v_account]['TIME'];
+
+    // Parse autoreply
+    if ( $v_autoreply == 'yes' ) {
+        exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var);
+        $autoreply_str = json_decode(implode('', $output), true);
         unset($output);
-        $v_username = $user;
-        $v_domain = $_GET['domain'];
-        $v_antispam = $data[$v_domain]['ANTISPAM'];
-        $v_antivirus = $data[$v_domain]['ANTIVIRUS'];
-        $v_dkim = $data[$v_domain]['DKIM'];
-        $v_catchall = $data[$v_domain]['CATCHALL'];
-        $v_date = $data[$v_domain]['DATE'];
-        $v_time = $data[$v_domain]['TIME'];
-        $v_suspended = $data[$v_domain]['SUSPENDED'];
-        if ( $v_suspended == 'yes' ) {
-            $v_status =  'suspended';
-        } else {
-            $v_status =  'active';
-        }
+        $v_autoreply_message = $autoreply_str[$v_account]['MSG'];
     }
+}
 
-    // Action
-    if (!empty($_POST['save'])) {
-        $v_domain = escapeshellarg($_POST['v_domain']);
-        // Antispam
-        if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-delete-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_antispam = 'no';
-            unset($output);
-        }
-        if (($v_antispam == 'no') && (!empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-add-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_antispam = 'yes';
-            unset($output);
-        }
-        // Antivirus
-        if (($v_antivirus == 'yes') && (empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-delete-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_antivirus = 'no';
-            unset($output);
-        }
-        if (($v_antivirus == 'no') && (!empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-add-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_antivirus = 'yes';
-            unset($output);
-        }
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('Changes has been saved.');
-        }
 
-        // DKIM
-        if (($v_dkim == 'yes') && (empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-delete-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_dkim = 'no';
-            unset($output);
-        }
-        if (($v_dkim == 'no') && (!empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-add-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_dkim = 'yes';
-            unset($output);
-        }
+// Check POST request for mail domain
+if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['account']))) {
+    $v_domain = escapeshellarg($_POST['v_domain']);
 
-        // Catchall
-        if ((!empty($v_catchall)) && (empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-delete-mail-domain-catchall ".$v_username." ".$v_domain, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_catchall = '';
-            unset($output);
-        }
-        if ((!empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
-            if ($v_catchall != $_POST['v_catchall']) {
-                $v_catchall = escapeshellarg($_POST['v_catchall']);
-                exec (VESTA_CMD."v-change-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-            }
-        }
-        if ((empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
+    // Delete antispam
+    if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-delete-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_antispam = 'no';
+        unset($output);
+    }
+
+    // Add antispam
+    if (($v_antispam == 'no') && (!empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-add-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_antispam = 'yes';
+        unset($output);
+    }
+
+    // Delete antivirus
+    if (($v_antivirus == 'yes') && (empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-delete-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_antivirus = 'no';
+        unset($output);
+    }
+
+    // Add antivirs
+    if (($v_antivirus == 'no') && (!empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-add-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_antivirus = 'yes';
+        unset($output);
+    }
+
+    // Delete DKIM
+    if (($v_dkim == 'yes') && (empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-delete-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_dkim = 'no';
+        unset($output);
+    }
+
+    // Add DKIM
+    if (($v_dkim == 'no') && (!empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-add-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_dkim = 'yes';
+        unset($output);
+    }
+
+    // Delete catchall
+    if ((!empty($v_catchall)) && (empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-delete-mail-domain-catchall ".$v_username." ".$v_domain, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_catchall = '';
+        unset($output);
+    }
+
+    // Change catchall address
+    if ((!empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
+        if ($v_catchall != $_POST['v_catchall']) {
             $v_catchall = escapeshellarg($_POST['v_catchall']);
-            exec (VESTA_CMD."v-add-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
+            exec (VESTA_CMD."v-change-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
             check_return_code($return_var,$output);
             unset($output);
         }
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('Changes has been saved.');
-        }
     }
-    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_mail.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
-} else {
-    $v_username = $user;
-    $v_domain = escapeshellarg($_GET['domain']);
-    $v_account = escapeshellarg($_GET['account']);
-    exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var);
-    check_return_code($return_var,$output);
-    if (empty($_SESSION['error_msg'])) {
-        $data = json_decode(implode('', $output), true);
+
+    // Add catchall
+    if ((empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
+        $v_catchall = escapeshellarg($_POST['v_catchall']);
+        exec (VESTA_CMD."v-add-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
+        check_return_code($return_var,$output);
         unset($output);
-        $v_username = $user;
-        $v_domain = $_GET['domain'];
-        $v_account = $_GET['account'];
-        $v_password = "••••••••";
-        $v_aliases = str_replace(',', "\n", $data[$v_account]['ALIAS']);
-        $valiases = explode(",", $data[$v_account]['ALIAS']);
-        $v_fwd = str_replace(',', "\n", $data[$v_account]['FWD']);
-        $vfwd = explode(",", $data[$v_account]['FWD']);
-        $v_fwd_only = $data[$v_account]['FWD_ONLY'];
-        $v_quota = $data[$v_account]['QUOTA'];
-        $v_autoreply = $data[$v_account]['AUTOREPLY'];
-        if ( $v_autoreply == 'yes' ) {
-            exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var);
-            $autoreply_str = json_decode(implode('', $output), true);
-            unset($output);
-            $v_autoreply_message = $autoreply_str[$v_account]['MSG'];
-        }
-        $v_suspended = $data[$v_account]['SUSPENDED'];
-        if ( $v_suspended == 'yes' ) {
-            $v_status =  'suspended';
-        } else {
-            $v_status =  'active';
-        }
-        $v_date = $data[$v_account]['DATE'];
-        $v_time = $data[$v_account]['TIME'];
     }
 
-    // Action
-    if (!empty($_POST['save'])) {
-        $v_domain = escapeshellarg($_POST['v_domain']);
-        $v_account = escapeshellarg($_POST['v_account']);
-        // Password
-        if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
-            $v_password = escapeshellarg($_POST['v_password']);
-            exec (VESTA_CMD."v-change-mail-account-password ".$v_username." ".$v_domain." ".$v_account." ".$v_password, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_password = "••••••••";
-            unset($output);
-        }
+    // Set success message
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('Changes has been saved.');
+    }
+}
 
-        // Quota
-        if (($v_quota != $_POST['v_quota']) && (empty($_SESSION['error_msg']))) {
-            if (empty($_POST['v_quota'])) {
-                $v_quota = 0; 
-            } else {
-                $v_quota = escapeshellarg($_POST['v_quota']);
-            }
-            exec (VESTA_CMD."v-change-mail-account-quota ".$v_username." ".$v_domain." ".$v_account." ".$v_quota, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
+// Check POST request for mail account
+if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['account']))) {
+    $v_domain = escapeshellarg($_POST['v_domain']);
+    $v_account = escapeshellarg($_POST['v_account']);
+
+    // Change password
+    if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
+        $v_password = escapeshellarg($_POST['v_password']);
+        exec (VESTA_CMD."v-change-mail-account-password ".$v_username." ".$v_domain." ".$v_account." ".$v_password, $output, $return_var);
+        check_return_code($return_var,$output);
+        $v_password = "••••••••";
+        unset($output);
+    }
+
+    // Change quota
+    if (($v_quota != $_POST['v_quota']) && (empty($_SESSION['error_msg']))) {
+        if (empty($_POST['v_quota'])) {
+            $v_quota = 0; 
+        } else {
+            $v_quota = escapeshellarg($_POST['v_quota']);
         }
+        exec (VESTA_CMD."v-change-mail-account-quota ".$v_username." ".$v_domain." ".$v_account." ".$v_quota, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
 
-        // Aliases
-        if (empty($_SESSION['error_msg'])) {
-            $waliases = preg_replace("/\n/", " ", $_POST['v_aliases']);
-            $waliases = preg_replace("/,/", " ", $waliases);
-            $waliases = preg_replace('/\s+/', ' ',$waliases);
-            $waliases = trim($waliases);
-            $aliases = explode(" ", $waliases);
-            $v_aliases = str_replace(' ', "\n", $waliases);
-            $result = array_diff($valiases, $aliases);
-            foreach ($result as $alias) {
-                if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
-                    exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
-                    check_return_code($return_var,$output);
-                    unset($output);
-                }
-            }
-            $result = array_diff($aliases, $valiases);
-            foreach ($result as $alias) {
-                if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
-                    exec (VESTA_CMD."v-add-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
-                    check_return_code($return_var,$output);
-                    unset($output);
-                }
+    // Change account aliases
+    if (empty($_SESSION['error_msg'])) {
+        $waliases = preg_replace("/\n/", " ", $_POST['v_aliases']);
+        $waliases = preg_replace("/,/", " ", $waliases);
+        $waliases = preg_replace('/\s+/', ' ',$waliases);
+        $waliases = trim($waliases);
+        $aliases = explode(" ", $waliases);
+        $v_aliases = str_replace(' ', "\n", $waliases);
+        $result = array_diff($valiases, $aliases);
+        foreach ($result as $alias) {
+            if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
+                exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
+                check_return_code($return_var,$output);
+                unset($output);
             }
         }
-        // Forwarders
-        if (empty($_SESSION['error_msg'])) {
-            $wfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
-            $wfwd = preg_replace("/,/", " ", $wfwd);
-            $wfwd = preg_replace('/\s+/', ' ',$wfwd);
-            $wfwd = trim($wfwd);
-            $fwd = explode(" ", $wfwd);
-            $v_fwd = str_replace(' ', "\n", $wfwd);
-            $result = array_diff($vfwd, $fwd);
-            foreach ($result as $forward) {
-                if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
-                    exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
-                    check_return_code($return_var,$output);
-                    unset($output);
-                }
-            }
-            $result = array_diff($fwd, $vfwd);
-            foreach ($result as $forward) {
-                if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
-                    exec (VESTA_CMD."v-add-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
-                    check_return_code($return_var,$output);
-                    unset($output);
-                }
+        $result = array_diff($aliases, $valiases);
+        foreach ($result as $alias) {
+            if ((empty($_SESSION['error_msg'])) && (!empty($alias))) {
+                exec (VESTA_CMD."v-add-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var);
+                check_return_code($return_var,$output);
+                unset($output);
             }
         }
+    }
 
-        // FWD_ONLY flag
-        if (($v_fwd_only == 'yes') && (empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-delete-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            $v_fwd_only = '';
-        }
-        if (($v_fwd_only != 'yes') && (!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-add-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            $v_fwd_only = 'yes';
-        }
-
-        // Autoreply
-        if (($v_autoreply == 'yes') && (empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
-            exec (VESTA_CMD."v-delete-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            $v_autoreply = 'no';
-            $v_autoreply_message = '';
-        }
-        if (($v_autoreply == 'yes') && (!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
-            if ( $v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
-                $v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
-                $v_autoreply_message = escapeshellarg($v_autoreply_message);
-                exec (VESTA_CMD."v-add-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account." ".$v_autoreply_message, $output, $return_var);
+    // Change forwarders
+    if (empty($_SESSION['error_msg'])) {
+        $wfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
+        $wfwd = preg_replace("/,/", " ", $wfwd);
+        $wfwd = preg_replace('/\s+/', ' ',$wfwd);
+        $wfwd = trim($wfwd);
+        $fwd = explode(" ", $wfwd);
+        $v_fwd = str_replace(' ', "\n", $wfwd);
+        $result = array_diff($vfwd, $fwd);
+        foreach ($result as $forward) {
+            if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
+                exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
                 check_return_code($return_var,$output);
                 unset($output);
-                $v_autoreply_message = $_POST['v_autoreply_message'];
             }
         }
-        if (($v_autoreply == 'no') && (!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
-            if (empty($_POST['v_autoreply_message'])) $_SESSION['error_msg'] = $_SESSION['error_msg'] = __('Field "%s" can not be blank.','atoreply');
-            if (empty($_SESSION['error_msg'])) {
-                $v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
-                $v_autoreply_message = escapeshellarg($v_autoreply_message);
-                exec (VESTA_CMD."v-add-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account." ".$v_autoreply_message, $output, $return_var);
+        $result = array_diff($fwd, $vfwd);
+        foreach ($result as $forward) {
+            if ((empty($_SESSION['error_msg'])) && (!empty($forward))) {
+                exec (VESTA_CMD."v-add-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var);
                 check_return_code($return_var,$output);
                 unset($output);
-                $v_autoreply = 'yes';
-                $v_autoreply_message = $_POST['v_autoreply_message'];
             }
         }
+    }
 
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('Changes has been saved.');
+    // Delete FWD_ONLY flag
+    if (($v_fwd_only == 'yes') && (empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-delete-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_fwd_only = '';
+    }
+
+    // Add FWD_ONLY flag
+    if (($v_fwd_only != 'yes') && (!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-add-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_fwd_only = 'yes';
+    }
+
+    // Delete autoreply
+    if (($v_autoreply == 'yes') && (empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
+        exec (VESTA_CMD."v-delete-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+        $v_autoreply = 'no';
+        $v_autoreply_message = '';
+    }
+
+    // Add autoreply
+    if ((!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
+        if ( $v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
+            $v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
+            $v_autoreply_message = escapeshellarg($v_autoreply_message);
+            exec (VESTA_CMD."v-add-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account." ".$v_autoreply_message, $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            $v_autoreply = 'yes';
+            $v_autoreply_message = $_POST['v_autoreply_message'];
         }
     }
+
+    // Set success message
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('Changes has been saved.');
+    }
+}
+
+// Display body for mail domain
+if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
+    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_mail.html');
+}
+
+// Display body for mail account
+if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
     include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_mail_acc.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
 }
 
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
 
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/edit/package/index.php

@@ -3,196 +3,199 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-
 $TAB = 'PACKAGE';
+
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
-// Header
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 
-// Panel
-top_panel($user,$TAB);
+// Check user
+if ($_SESSION['user'] != 'admin') {
+    header("Location: /list/user");
+    exit;
+}
 
-// Are you admin?
-if ($_SESSION['user'] == 'admin') {
+// Check package argument
+if (empty($_GET['package'])) {
+    header("Location: /list/package/");
+    exit;
+}
 
-    // Check user argument?
-    if (empty($_GET['package'])) {
-        header("Location: /list/package/");
-        exit;
-    }
 
-    $v_package = escapeshellarg($_GET['package']);
-    exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var);
-    check_return_code($return_var,$output);
-    if (empty($_SESSION['error_msg'])) {
-        $data = json_decode(implode('', $output), true);
-        unset($output);
-
-        $v_package = $_GET['package'];
-        $v_web_template = $data[$v_package]['WEB_TEMPLATE'];
-        $v_proxy_template = $data[$v_package]['PROXY_TEMPLATE'];
-        $v_dns_template = $data[$v_package]['DNS_TEMPLATE'];
-        $v_web_domains = $data[$v_package]['WEB_DOMAINS'];
-        $v_web_aliases = $data[$v_package]['WEB_ALIASES'];
-        $v_dns_domains = $data[$v_package]['DNS_DOMAINS'];
-        $v_dns_records = $data[$v_package]['DNS_RECORDS'];
-        $v_mail_domains = $data[$v_package]['MAIL_DOMAINS'];
-        $v_mail_accounts = $data[$v_package]['MAIL_ACCOUNTS'];
-        $v_databases = $data[$v_package]['DATABASES'];
-        $v_cron_jobs = $data[$v_package]['CRON_JOBS'];
-        $v_disk_quota = $data[$v_package]['DISK_QUOTA'];
-        $v_bandwidth = $data[$v_package]['BANDWIDTH'];
-        $v_shell = $data[$v_package]['SHELL'];
-        $v_ns = $data[$v_package]['NS'];
-        $nameservers = explode(", ", $v_ns);
-        $v_ns1 = $nameservers[0];
-        $v_ns2 = $nameservers[1];
-        $v_ns3 = $nameservers[2];
-        $v_ns4 = $nameservers[3];
-        $v_backups = $data[$v_package]['BACKUPS'];
-        $v_date = $data[$v_package]['DATE'];
-        $v_time = $data[$v_package]['TIME'];
-        $v_status =  'active';
-
-
-        exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
-        check_error($return_var);
-        $web_templates = json_decode(implode('', $output), true);
-        unset($output);
-
-        exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
-        check_error($return_var);
-        $proxy_templates = json_decode(implode('', $output), true);
-        unset($output);
-
-        exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
-        check_error($return_var);
-        $dns_templates = json_decode(implode('', $output), true);
-        unset($output);
-
-        exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
-        check_error($return_var);
-        $shells = json_decode(implode('', $output), true);
-        unset($output);
-
-        // Action
-        if (!empty($_POST['save'])) {
-            // Check input
-            if (empty($_POST['v_package'])) $errors[] = __('package');
-            if (empty($_POST['v_web_template'])) $errors[] = __('web template');
-            if (empty($_POST['v_proxy_template'])) $errors[] = __('proxy template');
-            if (empty($_POST['v_dns_template'])) $errors[] = __('dns template');
-            if (empty($_POST['v_shell'])) $errrors[] = __('shell');
-            if (!isset($_POST['v_web_domains'])) $errors[] = __('web domains');
-            if (!isset($_POST['v_web_aliases'])) $errors[] = __('web aliases');
-            if (!isset($_POST['v_dns_domains'])) $errors[] = __('dns domains');
-            if (!isset($_POST['v_dns_records'])) $errors[] = __('dns records');
-            if (!isset($_POST['v_mail_domains'])) $errors[] = __('mail domains');
-            if (!isset($_POST['v_mail_accounts'])) $errors[] = __('mail accounts');
-            if (!isset($_POST['v_databases'])) $errors[] = __('databases');
-            if (!isset($_POST['v_cron_jobs'])) $errors[] = __('cron jobs');
-            if (!isset($_POST['v_backups'])) $errors[] = __('backups');
-            if (!isset($_POST['v_disk_quota'])) $errors[] = __('quota');
-            if (!isset($_POST['v_bandwidth'])) $errors[] = __('bandwidth');
-            if (empty($_POST['v_ns1'])) $errors[] = __('ns1');
-            if (empty($_POST['v_ns2'])) $errors[] = __('ns2');
-
-            // Protect input
-            $v_package = escapeshellarg($_POST['v_package']);
-            $v_web_template = escapeshellarg($_POST['v_web_template']);
-            $v_proxy_template = escapeshellarg($_POST['v_proxy_template']);
-            $v_dns_template = escapeshellarg($_POST['v_dns_template']);
-            $v_shell = escapeshellarg($_POST['v_shell']);
-            $v_web_domains = escapeshellarg($_POST['v_web_domains']);
-            $v_web_aliases = escapeshellarg($_POST['v_web_aliases']);
-            $v_dns_domains = escapeshellarg($_POST['v_dns_domains']);
-            $v_dns_records = escapeshellarg($_POST['v_dns_records']);
-            $v_mail_domains = escapeshellarg($_POST['v_mail_domains']);
-            $v_mail_accounts = escapeshellarg($_POST['v_mail_accounts']);
-            $v_databases = escapeshellarg($_POST['v_databases']);
-            $v_cron_jobs = escapeshellarg($_POST['v_cron_jobs']);
-            $v_backups = escapeshellarg($_POST['v_backups']);
-            $v_disk_quota = escapeshellarg($_POST['v_disk_quota']);
-            $v_bandwidth = escapeshellarg($_POST['v_bandwidth']);
-            $v_ns1 = trim($_POST['v_ns1'], '.');
-            $v_ns2 = trim($_POST['v_ns2'], '.');
-            $v_ns3 = trim($_POST['v_ns3'], '.');
-            $v_ns4 = trim($_POST['v_ns4'], '.');
-            $v_ns = $v_ns1.",".$v_ns2;
-            if (!empty($v_ns3)) $v_ns .= ",".$v_ns3;
-            if (!empty($v_ns4)) $v_ns .= ",".$v_ns4;
-            $v_ns = escapeshellarg($v_ns);
-            $v_time = escapeshellarg(date('H:i:s'));
-            $v_date = escapeshellarg(date('Y-m-d'));
-
-            // Check for errors
-            if (!empty($errors[0])) {
-                foreach ($errors as $i => $error) {
-                    if ( $i == 0 ) {
-                        $error_msg = $error;
-                    } else {
-                        $error_msg = $error_msg.", ".$error;
-                    }
-                }
-                $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
+// List package
+$v_package = escapeshellarg($_GET['package']);
+exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var);
+$data = json_decode(implode('', $output), true);
+unset($output);
+
+// Parse package
+$v_package = $_GET['package'];
+$v_web_template = $data[$v_package]['WEB_TEMPLATE'];
+$v_proxy_template = $data[$v_package]['PROXY_TEMPLATE'];
+$v_dns_template = $data[$v_package]['DNS_TEMPLATE'];
+$v_web_domains = $data[$v_package]['WEB_DOMAINS'];
+$v_web_aliases = $data[$v_package]['WEB_ALIASES'];
+$v_dns_domains = $data[$v_package]['DNS_DOMAINS'];
+$v_dns_records = $data[$v_package]['DNS_RECORDS'];
+$v_mail_domains = $data[$v_package]['MAIL_DOMAINS'];
+$v_mail_accounts = $data[$v_package]['MAIL_ACCOUNTS'];
+$v_databases = $data[$v_package]['DATABASES'];
+$v_cron_jobs = $data[$v_package]['CRON_JOBS'];
+$v_disk_quota = $data[$v_package]['DISK_QUOTA'];
+$v_bandwidth = $data[$v_package]['BANDWIDTH'];
+$v_shell = $data[$v_package]['SHELL'];
+$v_ns = $data[$v_package]['NS'];
+$nameservers = explode(", ", $v_ns);
+$v_ns1 = $nameservers[0];
+$v_ns2 = $nameservers[1];
+$v_ns3 = $nameservers[2];
+$v_ns4 = $nameservers[3];
+$v_backups = $data[$v_package]['BACKUPS'];
+$v_date = $data[$v_package]['DATE'];
+$v_time = $data[$v_package]['TIME'];
+$v_status =  'active';
+
+// List web templates
+exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
+$web_templates = json_decode(implode('', $output), true);
+unset($output);
+
+// List proxy templates
+exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
+$proxy_templates = json_decode(implode('', $output), true);
+unset($output);
+
+// List dns templates
+exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
+$dns_templates = json_decode(implode('', $output), true);
+unset($output);
+
+// List shels
+exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
+$shells = json_decode(implode('', $output), true);
+unset($output);
+
+// Check POST request
+if (!empty($_POST['save'])) {
+
+    // Check empty fields
+    if (empty($_POST['v_package'])) $errors[] = __('package');
+    if (empty($_POST['v_web_template'])) $errors[] = __('web template');
+    if (empty($_POST['v_proxy_template'])) $errors[] = __('proxy template');
+    if (empty($_POST['v_dns_template'])) $errors[] = __('dns template');
+    if (empty($_POST['v_shell'])) $errrors[] = __('shell');
+    if (!isset($_POST['v_web_domains'])) $errors[] = __('web domains');
+    if (!isset($_POST['v_web_aliases'])) $errors[] = __('web aliases');
+    if (!isset($_POST['v_dns_domains'])) $errors[] = __('dns domains');
+    if (!isset($_POST['v_dns_records'])) $errors[] = __('dns records');
+    if (!isset($_POST['v_mail_domains'])) $errors[] = __('mail domains');
+    if (!isset($_POST['v_mail_accounts'])) $errors[] = __('mail accounts');
+    if (!isset($_POST['v_databases'])) $errors[] = __('databases');
+    if (!isset($_POST['v_cron_jobs'])) $errors[] = __('cron jobs');
+    if (!isset($_POST['v_backups'])) $errors[] = __('backups');
+    if (!isset($_POST['v_disk_quota'])) $errors[] = __('quota');
+    if (!isset($_POST['v_bandwidth'])) $errors[] = __('bandwidth');
+    if (empty($_POST['v_ns1'])) $errors[] = __('ns1');
+    if (empty($_POST['v_ns2'])) $errors[] = __('ns2');
+    if (!empty($errors[0])) {
+        foreach ($errors as $i => $error) {
+            if ( $i == 0 ) {
+                $error_msg = $error;
             } else {
-                exec ('mktemp -d', $output, $return_var);
-                $tmpdir = $output[0];
-                unset($output);
-
-                // Create package
-                $pkg = "WEB_TEMPLATE=".$v_web_template."\n";
-                $pkg .= "PROXY_TEMPLATE=".$v_proxy_template."\n";
-                $pkg .= "DNS_TEMPLATE=".$v_dns_template."\n";
-                $pkg .= "WEB_DOMAINS=".$v_web_domains."\n";
-                $pkg .= "WEB_ALIASES=".$v_web_aliases."\n";
-                $pkg .= "DNS_DOMAINS=".$v_dns_domains."\n";
-                $pkg .= "DNS_RECORDS=".$v_dns_records."\n";
-                $pkg .= "MAIL_DOMAINS=".$v_mail_domains."\n";
-                $pkg .= "MAIL_ACCOUNTS=".$v_mail_accounts."\n";
-                $pkg .= "DATABASES=".$v_databases."\n";
-                $pkg .= "CRON_JOBS=".$v_cron_jobs."\n";
-                $pkg .= "DISK_QUOTA=".$v_disk_quota."\n";
-                $pkg .= "BANDWIDTH=".$v_bandwidth."\n";
-                $pkg .= "NS=".$v_ns."\n";
-                $pkg .= "SHELL=".$v_shell."\n";
-                $pkg .= "BACKUPS=".$v_backups."\n";
-                $pkg .= "TIME=".$v_time."\n";
-                $pkg .= "DATE=".$v_date."\n";
-
-                // Write package
-                $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
-                fwrite($fp, $pkg);
-                fclose($fp);
-
-                // Rewrite package
-                if (empty($_SESSION['error_msg'])) {
-                    exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var);
-                    check_return_code($return_var,$output);
-                    unset($output);
-                }
-
-                // Remove tmpdir
-                exec ('rm -rf '.$tmpdir, $output, $return_var);
-                unset($output);
-
-                // Propogate new package
-                exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var);
-                check_return_code($return_var,$output);
-                unset($output);
-
-                if (empty($_SESSION['error_msg'])) {
-                    $_SESSION['ok_msg'] = __('Changes has been saved.');
-                }
+                $error_msg = $error_msg.", ".$error;
             }
         }
+        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
     }
 
-    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_package.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
+    // Protect input
+    $v_package = escapeshellarg($_POST['v_package']);
+    $v_web_template = escapeshellarg($_POST['v_web_template']);
+    $v_proxy_template = escapeshellarg($_POST['v_proxy_template']);
+    $v_dns_template = escapeshellarg($_POST['v_dns_template']);
+    $v_shell = escapeshellarg($_POST['v_shell']);
+    $v_web_domains = escapeshellarg($_POST['v_web_domains']);
+    $v_web_aliases = escapeshellarg($_POST['v_web_aliases']);
+    $v_dns_domains = escapeshellarg($_POST['v_dns_domains']);
+    $v_dns_records = escapeshellarg($_POST['v_dns_records']);
+    $v_mail_domains = escapeshellarg($_POST['v_mail_domains']);
+    $v_mail_accounts = escapeshellarg($_POST['v_mail_accounts']);
+    $v_databases = escapeshellarg($_POST['v_databases']);
+    $v_cron_jobs = escapeshellarg($_POST['v_cron_jobs']);
+    $v_backups = escapeshellarg($_POST['v_backups']);
+    $v_disk_quota = escapeshellarg($_POST['v_disk_quota']);
+    $v_bandwidth = escapeshellarg($_POST['v_bandwidth']);
+    $v_ns1 = trim($_POST['v_ns1'], '.');
+    $v_ns2 = trim($_POST['v_ns2'], '.');
+    $v_ns3 = trim($_POST['v_ns3'], '.');
+    $v_ns4 = trim($_POST['v_ns4'], '.');
+    $v_ns = $v_ns1.",".$v_ns2;
+    if (!empty($v_ns3)) $v_ns .= ",".$v_ns3;
+    if (!empty($v_ns4)) $v_ns .= ",".$v_ns4;
+    $v_ns = escapeshellarg($v_ns);
+    $v_time = escapeshellarg(date('H:i:s'));
+    $v_date = escapeshellarg(date('Y-m-d'));
+
+    // Create temprorary directory
+    exec ('mktemp -d', $output, $return_var);
+    $tmpdir = $output[0];
+    unset($output);
+
+    // Save package file on a fs
+    $pkg = "WEB_TEMPLATE=".$v_web_template."\n";
+    $pkg .= "PROXY_TEMPLATE=".$v_proxy_template."\n";
+    $pkg .= "DNS_TEMPLATE=".$v_dns_template."\n";
+    $pkg .= "WEB_DOMAINS=".$v_web_domains."\n";
+    $pkg .= "WEB_ALIASES=".$v_web_aliases."\n";
+    $pkg .= "DNS_DOMAINS=".$v_dns_domains."\n";
+    $pkg .= "DNS_RECORDS=".$v_dns_records."\n";
+    $pkg .= "MAIL_DOMAINS=".$v_mail_domains."\n";
+    $pkg .= "MAIL_ACCOUNTS=".$v_mail_accounts."\n";
+    $pkg .= "DATABASES=".$v_databases."\n";
+    $pkg .= "CRON_JOBS=".$v_cron_jobs."\n";
+    $pkg .= "DISK_QUOTA=".$v_disk_quota."\n";
+    $pkg .= "BANDWIDTH=".$v_bandwidth."\n";
+    $pkg .= "NS=".$v_ns."\n";
+    $pkg .= "SHELL=".$v_shell."\n";
+    $pkg .= "BACKUPS=".$v_backups."\n";
+    $pkg .= "TIME=".$v_time."\n";
+    $pkg .= "DATE=".$v_date."\n";
+    $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
+    fwrite($fp, $pkg);
+    fclose($fp);
+
+    // Save changes
+    exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var);
+    check_return_code($return_var,$output);
+    unset($output);
+
+    // Remove temporary dir
+    exec ('rm -rf '.$tmpdir, $output, $return_var);
+    unset($output);
+
+    // Propogate new package
+    exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var);
+    check_return_code($return_var,$output);
+    unset($output);
+
+    // Set success message
+    if (empty($_SESSION['error_msg'])) {
+        $_SESSION['ok_msg'] = __('Changes has been saved.');
+    }
 }
 
+
+// Header
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+
+// Panel
+top_panel($user,$TAB);
+
+// Display body
+include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_package.html');
+
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');

web/edit/user/index.php

@@ -3,118 +3,126 @@
 error_reporting(NULL);
 ob_start();
 session_start();
-
 $TAB = 'USER';
+
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 
+// Check user argument
+if (empty($_GET['user'])) {
+    header("Location: /list/user/");
+    exit;
+}
+
+// Edit as someone else?
+if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
+    $user=$_GET['user'];
+    $v_username=$_GET['user'];
+} else {
+    $user=$_SESSION['user'];
+    $v_username=$_SESSION['user'];
+}
+
+// List user
+exec (VESTA_CMD."v-list-user ".$v_username." json", $output, $return_var);
+check_return_code($return_var,$output);
+$data = json_decode(implode('', $output), true);
+unset($output);
+
+// Parse user
+$v_password = "••••••••";
+$v_email = $data[$v_username]['CONTACT'];
+$v_package = $data[$v_username]['PACKAGE'];
+$v_language = $data[$v_username]['LANGUAGE'];
+$v_fname = $data[$v_username]['FNAME'];
+$v_lname = $data[$v_username]['LNAME'];
+$v_shell = $data[$v_username]['SHELL'];
+$v_ns = $data[$v_username]['NS'];
+$nameservers = explode(", ", $v_ns);
+$v_ns1 = $nameservers[0];
+$v_ns2 = $nameservers[1];
+$v_ns3 = $nameservers[2];
+$v_ns4 = $nameservers[3];
+$v_suspended = $data[$v_username]['SUSPENDED'];
+if ( $v_suspended == 'yes' ) {
+    $v_status =  'suspended';
+} else {
+    $v_status =  'active';
+}
+$v_time = $data[$v_username]['TIME'];
+$v_date = $data[$v_username]['DATE'];
+
+// List packages
+exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
+$packages = json_decode(implode('', $output), true);
+unset($output);
+
+// List lanugages
+exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
+$languages = json_decode(implode('', $output), true);
+unset($output);
+
+// List shells
+exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
+$shells = json_decode(implode('', $output), true);
+unset($output);
+
 // Are you admin?
-if ($_SESSION['user'] == 'admin') {
 
-    // Check user argument?
-    if (empty($_GET['user'])) {
-        header("Location: /list/user/");
-        exit;
-    }
+// Check POST request
+if (!empty($_POST['save'])) {
 
-    // Check user
-    $v_username = escapeshellarg($_GET['user']);
-    exec (VESTA_CMD."v-list-user ".$v_username." json", $output, $return_var);
-    check_return_code($return_var,$output);
-    if (empty($_SESSION['error_msg'])) {
-        $data = json_decode(implode('', $output), true);
-        unset($output);
-        $v_username = $_GET['user'];
+    // Change password
+    if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
+        $v_password = escapeshellarg($_POST['v_password']);
+        exec (VESTA_CMD."v-change-user-password ".$v_username." ".$v_password, $output, $return_var);
+        check_return_code($return_var,$output);
         $v_password = "••••••••";
-        $v_email = $data[$v_username]['CONTACT'];
-        $v_package = $data[$v_username]['PACKAGE'];
-        $v_language = $data[$v_username]['LANGUAGE'];
-        $v_fname = $data[$v_username]['FNAME'];
-        $v_lname = $data[$v_username]['LNAME'];
-        $v_shell = $data[$v_username]['SHELL'];
-        $v_ns = $data[$v_username]['NS'];
-        $nameservers = explode(", ", $v_ns);
-        $v_ns1 = $nameservers[0];
-        $v_ns2 = $nameservers[1];
-        $v_ns3 = $nameservers[2];
-        $v_ns4 = $nameservers[3];
-        $v_suspended = $data[$v_username]['SUSPENDED'];
-        if ( $v_suspended == 'yes' ) {
-            $v_status =  'suspended';
-        } else {
-            $v_status =  'active';
-        }
-        $v_time = $data[$v_username]['TIME'];
-        $v_date = $data[$v_username]['DATE'];
-
-        exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
-        $packages = json_decode(implode('', $output), true);
         unset($output);
+    }
 
-        exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
-        $languages = json_decode(implode('', $output), true);
+    // Change package (admin only)
+    if (($v_package != $_POST['v_package']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
+        $v_package = escapeshellarg($_POST['v_package']);
+        exec (VESTA_CMD."v-change-user-package ".$v_username." ".$v_package, $output, $return_var);
+        check_return_code($return_var,$output);
         unset($output);
+    }
 
-        exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
-        $shells = json_decode(implode('', $output), true);
+    // Change language
+    if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
+        $v_language = escapeshellarg($_POST['v_language']);
+        exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
+        check_return_code($return_var,$output);
+        if (($_GET['user'] == 'admin') && (empty($_SESSION['error_msg']))) $_SESSION['language'] = $_POST['v_language'];
         unset($output);
     }
 
-    // Action
-    if (!empty($_POST['save'])) {
-        $v_username = escapeshellarg($_POST['v_username']);
-
-        // Change password
-        if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
-            $v_password = escapeshellarg($_POST['v_password']);
-            exec (VESTA_CMD."v-change-user-password ".$v_username." ".$v_password, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_password = "••••••••";
-            unset($output);
-        }
-
-        // Change package
-        if (($v_package != $_POST['v_package']) && (empty($_SESSION['error_msg']))) {
-            $v_package = escapeshellarg($_POST['v_package']);
-            exec (VESTA_CMD."v-change-user-package ".$v_username." ".$v_package, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-        }
-
-        // Change language
-        if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
-            $v_language = escapeshellarg($_POST['v_language']);
-            exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
-            check_return_code($return_var,$output);
-            if (($_GET['user'] == 'admin') && (empty($_SESSION['error_msg']))) $_SESSION['language'] = $_POST['v_language'];
-            unset($output);
-        }
+    // Change shell (admin only)
+    if (($v_shell != $_POST['v_shell']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
+        $v_shell = escapeshellarg($_POST['v_shell']);
+        exec (VESTA_CMD."v-change-user-shell ".$v_username." ".$v_shell, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
+    }
 
-        // Change shell
-        if (($v_shell != $_POST['v_shell']) && (empty($_SESSION['error_msg']))) {
-            $v_shell = escapeshellarg($_POST['v_shell']);
-            exec (VESTA_CMD."v-change-user-shell ".$v_username." ".$v_shell, $output, $return_var);
+    // Change contact email
+    if (($v_email != $_POST['v_email']) && (empty($_SESSION['error_msg']))) {
+        if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
+            $_SESSION['error_msg'] = __('Please enter valid email address.');
+        } else {
+            $v_email = escapeshellarg($_POST['v_email']);
+            exec (VESTA_CMD."v-change-user-contact ".$v_username." ".$v_email, $output, $return_var);
             check_return_code($return_var,$output);
             unset($output);
         }
+    }
 
-        // Change contact email
-        if (($v_email != $_POST['v_email']) && (empty($_SESSION['error_msg']))) {
-            // Validate email
-            if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
-                $_SESSION['error_msg'] = __('Please enter valid email address.');
-            } else {
-                $v_email = escapeshellarg($_POST['v_email']);
-                exec (VESTA_CMD."v-change-user-contact ".$v_username." ".$v_email, $output, $return_var);
-                check_return_code($return_var,$output);
-            }
-            unset($output);
-        }
-
-        // Change Name
-        if (($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname']) && (empty($_SESSION['error_msg']))) {
+    // Change full name (admin only)
+    if (($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname'])) {
+        if (($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
             $v_fname = escapeshellarg($_POST['v_fname']);
             $v_lname = escapeshellarg($_POST['v_lname']);
             exec (VESTA_CMD."v-change-user-name ".$v_username." ".$v_fname." ".$v_lname, $output, $return_var);
@@ -123,124 +131,41 @@ if ($_SESSION['user'] == 'admin') {
             $v_fname = $_POST['v_fname'];
             $v_lname = $_POST['v_lname'];
         }
-
-        // Change NameServers
-        if (($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) && (empty($_SESSION['error_msg']))) {
-            $v_ns1 = escapeshellarg($_POST['v_ns1']);
-            $v_ns2 = escapeshellarg($_POST['v_ns2']);
-            $v_ns3 = escapeshellarg($_POST['v_ns3']);
-            $v_ns4 = escapeshellarg($_POST['v_ns4']);
-            $ns_cmd = VESTA_CMD."v-change-user-ns ".$v_username." ".$v_ns1." ".$v_ns2;
-            if (!empty($_POST['v_ns3'])) $ns_cmd = $ns_cmd." ".$v_ns3;
-            if (!empty($_POST['v_ns4'])) $ns_cmd = $ns_cmd." ".$v_ns4;
-            exec ($ns_cmd, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-        }
-
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('Changes has been saved.');
-        }
     }
-    // Panel
-    top_panel($user,$TAB);
 
-    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_user.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
-} else {
-    // Check user argument?
-    if (empty($_GET['user'])) {
-        header("Location: /list/user/");
-        exit;
+    // Change NameServers
+    if (($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) && (empty($_SESSION['error_msg']))) {
+        $v_ns1 = escapeshellarg($_POST['v_ns1']);
+        $v_ns2 = escapeshellarg($_POST['v_ns2']);
+        $v_ns3 = escapeshellarg($_POST['v_ns3']);
+        $v_ns4 = escapeshellarg($_POST['v_ns4']);
+        $ns_cmd = VESTA_CMD."v-change-user-ns ".$v_username." ".$v_ns1." ".$v_ns2;
+        if (!empty($_POST['v_ns3'])) $ns_cmd = $ns_cmd." ".$v_ns3;
+        if (!empty($_POST['v_ns4'])) $ns_cmd = $ns_cmd." ".$v_ns4;
+        exec ($ns_cmd, $output, $return_var);
+        check_return_code($return_var,$output);
+        unset($output);
     }
 
-    // Check user
-    $v_username = $user;
-    exec (VESTA_CMD."v-list-user ".$v_username." json", $output, $return_var);
-    check_return_code($return_var,$output);
+    // Set success message
     if (empty($_SESSION['error_msg'])) {
-        $data = json_decode(implode('', $output), true);
-        unset($output);
-        $v_password = "••••••••";
-        $v_email = $data[$v_username]['CONTACT'];
-        $v_fname = $data[$v_username]['FNAME'];
-        $v_lname = $data[$v_username]['LNAME'];
-        $v_language = $data[$v_username]['LANGUAGE'];
-        $v_ns = $data[$v_username]['NS'];
-        $nameservers = explode(", ", $v_ns);
-        $v_ns1 = $nameservers[0];
-        $v_ns2 = $nameservers[1];
-        $v_ns3 = $nameservers[2];
-        $v_ns4 = $nameservers[3];
-        $v_suspended = $data[$v_username]['SUSPENDED'];
-        if ( $v_suspended == 'yes' ) {
-            $v_status =  'suspended';
-        } else {
-            $v_status =  'active';
-        }
-        $v_time = $data[$v_username]['TIME'];
-        $v_date = $data[$v_username]['DATE'];
-
-        exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
-        $languages = json_decode(implode('', $output), true);
-        unset($output);
-
+        $_SESSION['ok_msg'] = __('Changes has been saved.');
     }
+}
 
-    // Action
-    if (!empty($_POST['save'])) {
-        // Change password
-        if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
-            $v_password = escapeshellarg($_POST['v_password']);
-            exec (VESTA_CMD."v-change-user-password ".$v_username." ".$v_password, $output, $return_var);
-            check_return_code($return_var,$output);
-            $v_password = "••••••••";
-            unset($output);
-        }
-
-        // Change language
-        if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
-            $v_language = escapeshellarg($_POST['v_language']);
-            exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
-            check_return_code($return_var,$output);
-            if (empty($_SESSION['error_msg'])) $_SESSION['language'] = $_POST['v_language'];
-            unset($output);
-        }
-
-        // Change contact email
-        if (($v_email != $_POST['v_email']) && (empty($_SESSION['error_msg']))) {
-            $v_email = escapeshellarg($_POST['v_email']);
-            exec (VESTA_CMD."v-change-user-contact ".$v_username." ".$v_email, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-        }
-
-        // Change NameServers
-        if (($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) && (empty($_SESSION['error_msg']))) {
-            $v_ns1 = escapeshellarg($_POST['v_ns1']);
-            $v_ns2 = escapeshellarg($_POST['v_ns2']);
-            $v_ns3 = escapeshellarg($_POST['v_ns3']);
-            $v_ns4 = escapeshellarg($_POST['v_ns4']);
-            $ns_cmd = VESTA_CMD."v-change-user-ns ".$v_username." ".$v_ns1." ".$v_ns2;
-            if (!empty($_POST['v_ns3'])) $ns_cmd = $ns_cmd." ".$v_ns3;
-            if (!empty($_POST['v_ns4'])) $ns_cmd = $ns_cmd." ".$v_ns4;
-            exec ($ns_cmd, $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-        }
-
-        if (empty($_SESSION['error_msg'])) {
-            $_SESSION['ok_msg'] = __('Changes has been saved.');
-        }
-    }
-    // Panel
-    top_panel($user,$TAB);
+// Panel
+top_panel($user,$TAB);
 
+// Display body
+if ($_SESSION['user'] == 'admin') {
+    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_user.html');
+} else {
     include($_SERVER['DOCUMENT_ROOT'].'/templates/user/edit_user.html');
-    unset($_SESSION['error_msg']);
-    unset($_SESSION['ok_msg']);
 }
 
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);
+
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');