Debian 13 installation files

Create wprocket-webp-express-force-https.tpl

.gitignore

@@ -4,3 +4,6 @@
 *.gz
 .vscode
 .DS_Store
+data
+conf
+log

Changelog.md

@@ -0,0 +1,468 @@
+Version 0.9.9-0-13 [2025-08-15]
+==================================================
+* Improvement: Activating FileManager licence for all users (credits to Official VestaCP)
+* Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta)
+* Improvement: Added support for PHP 8.3 and 8.4
+* SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP)
+* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all .php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php)
+* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot])
+* Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request')
+* Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12
+* Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel
+* Improvement: v-install-wordpress: Support for IDN format domains
+* Security: Adding ProFTPD jail rule to Fail2Ban
+* Introducing: v-make-main-apache-log - making one log file for PHP requests for all websites
+* Security: Introducing a new command: v-fix-php-ini-disable-functions
+* Improvement: Introducing myVesta rules for SpamAssassin (enhancing spam filtering)
+* Improvement: When deleting a domain, also delete the database if the domain has a database
+* Bugfix: Removing temporary Docker container network interfaces from RRD
+* Introducing v-run-wp-cli-myvesta that knows the correct terminal width
+* Introducing a new command: v-cd-www alias for v-change-dir-www
+* Introducing a new command: v-clear-fail2ban
+* Introducing a new command: v-get-dns-config (to print zone file in bind9 format)
+* Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute)
+* Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command
+* Security: Enhance package validation, in v-change-user-package 'eval' replaced with 'parse_object_kv_list_non_eval'
+* Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp'
+* Improvement: v-install-wordpress: Almost always use https
+* Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables  in the command line
+* Security: Jailing v-run-wp-cli (running WP-CLI as user, added open_basedir, disabling shell_exec() and other dangerous PHP functions)
+* Security: v-commander: removing the ability to set a root password
+* Bugfix: DKIM record deletion command in v-delete-mail-domain-dkim script
+* Adding FTP / SFTP port for Remote Backup (credits to ikheetjeff)
+* Introducing a new command: v-delete-mails - delete emails older than N days (credits to isscbta)
+* Introducing new commands: v-blacklist-email-domain, v-blacklist-email-account, v-whitelist-email-domain, v-whitelist-email-account (credits to isscbta)
+* Bugfix: v-move-folder-and-make-symlink: use 'mv' instead of 'rsync'
+* Improvement: Calculate the size of directories on /hdd too
+* Bugfix: v-move-domain-and-database-to-account: Update wordfence-waf.php
+* Bugfix: v-add-letsencrypt-domain: Detecting valid status on wildcard variant
+* Bugfix: db.sh and v-clone-website: mysqldump --max_allowed_packet=1024M
+* Bugfix: web/index.php: Prevent recreation of token by shitty browser add-ons
+* Bugfix: v-restore-user: permissions fix while restoring backup
+* Bugfix: Add some loops due to 403 errors during LE request in some random cases
+* Improvement: v-clone-website: adding --EXCLUDE_UPLOADS parameter
+* Bugfix: vst-install-debian.sh - removing phppgadmin
+* Bugfix: v-update-firewall: $FIREWALL_STATEFUL conf variable (for Infomaniak VPS servers)
+* Bugfix: Awstats template for all systems does not have a closed bracket in line 27 (credits to gkirde)
+* Bugfix: Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */
+* Bugfix: Small PHP syntax fixes in the admin panel
+* Introducing nginx template 'wprocket-webp-express-force-https' (credits to Luka Paunovic)
+* Improvement: Added functions to check if a domain or user is unsuspended in main.sh
+* Introducing a new command: v-update-document-errors-files
+* Improvement: new v-backup-user-now command does backup even if the system Load Average is above the limit, or the administrator configured backups to perform only at night
+* Improvement: v-install-wp-cli and v-install-wp-cli-myvesta - automatically updates if wp-cli is 30 days old
+* Bugfix: Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl
+* Improvement: v-install-wordpress: avoid changing nginx proxy template in apache-less variant
+* Added to .gitignore excludes for 'data', 'conf', and 'log' folders
+* And many other minor bugfixes and improvements...
+
+Version 0.9.9-0-12 [2025-02-28]
+==================================================
+* SpamHaus DNSBL removed from exim4
+* A lot of small bugs fixed
+
+Version 0.9.9-0-11 [2024-05-30]
+==================================================
+* Introducing v-run-wp-cli command ( @isscbta )
+* Introducing v-add-wordpress-admin command ( @isscbta )
+* Few bugs fixed
+
+Version 0.9.9-0-10 [2024-04-11]
+==================================================
+* Introducing v-edit-php-ini command ( @isscbta )
+* Introducing v-edit-domain-php-ini command ( @isscbta )
+
+Version 0.9.9-0-9 [2024-04-05]
+==================================================
+* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos )
+* Few bugs fixed
+
+Version 0.9.9-0-5 to 0.9.9-0-8
+==================================================
+* Few bugs fixed
+
+Version 0.9.9-0-4 [2023-06-27]
+==================================================
+* Support for Debian 12 ( in mutual cooperation with @HestiaCP )
+
+Version 0.9.9-0-2 [2023-06-12]
+==================================================
+* Hosting panel UI perfomance fix
+
+Version 0.9.9-0 [2023-06-05]
+==================================================
+* Redesign of hosting panel
+* Fix for WP_CACHE_KEY_SALTs in v-clone-website command
+* Fix for "Helo name contains a ip address" in Exim4
+* Fix for Exim4 for punycode domains (in collaboration with @HestiaCP )
+
+Version 0.9.8-26-62 [2023-04-05]
+==================================================
+* Fix for LetsEncrypt Asynchronous Order Finalization (in collaboration with @HestiaCP )
+
+Version 0.9.8-26-61 [2023-04-04]
+==================================================
+* Many bugfixes
+* Hotfix for LetsEncrypt to prevent Apache falling 
+
+Version 0.9.8-26-60 [2023-02-12]
+==================================================
+* New script: v-commander (useful for maintaining the server)
+* New script: v-activate-rocket-nginx (serve WP-Rocket cache directly from nginx)
+* New script: v-update-myvesta (get the very latest build of myVesta)
+* v-clone-website: By default cloning to database: user_domain_com (instead of cloning to database: user_old_db_migrated)
+* Many minor bugfixes
+
+Version 0.9.8-26-59 [2023-02-01]
+==================================================
+* Support for PHP 8.2
+* New script: v-move-folder-and-make-symlink
+* New script: v-lock-wordpress (to prevent PHP malware) and v-unlock-wordpress
+* v-install-wordpress: Installing WordPress to user_domain_com database instead of installing to user_wp database
+* Many minor bugfixes
+
+Version 0.9.8-26-58 [2022-07-12]
+==================================================
+* [Security] hash_equals() in /reset/mail/ (credits to @divinity76 )
+* Avoid out-of-memory while downloading large log files from panel (credits to @divinity76 )
+* Fix for an boring PHP Notice in vesta-php
+
+Version 0.9.8-26-57 [2022-07-06]
+==================================================
+* Fix for GMail SMTP timeouts on Debian11
+* [Security] Fix for Local Sed Injection Vulnerability ( credits to @cleemy-desu-wayo )
+
+Version 0.9.8-26-56 [2022-05-28]
+==================================================
+* Adding Barracuda RBL to SpamAssassin
+* Fixing insane HTML form bug in List backup items page
+* Script for easy adding second IP address for SMTP authenticated users only (v-make-separated-ip-for-email)
+
+Version 0.9.8-26-55 [2022-04-26]
+==================================================
+* Support for MySQL 8
+* [Security] Preventing brute-force resetting password  (thanks to HestiaCP @hestiacp for fix)
+* Many minor bugfixes
+
+Version 0.9.8-26-54 [2021-12-17]
+==================================================
+* Checking if FreshClam is started after installation
+
+Version 0.9.8-26-53 [2021-12-12]
+==================================================
+* Support for PHP 8.1
+* Function to ensure that pool.d folders are not empty
+
+Version 0.9.8-26-52 [2021-11-23]
+==================================================
+* Fix for not to match wildcard "*domains" and "databases*" while restoring
+* Added memcached to v-list-sys-services
+
+Version 0.9.8-26-51 [2021-11-14]
+==================================================
+* Many fixes for "List services" page (v-list-sys-services function)
+
+Version 0.9.8-26-50 [2021-11-07]
+==================================================
+* Many small bugfixes and CSRF fixes
+
+Version 0.9.8-26-49 [2021-07-17]
+==================================================
+* Support for Debian 11
+
+Version 0.9.8-26-48 [2021-07-11]
+==================================================
+* Fixed two bugs in LetsEncrypt generating process
+
+Version 0.9.8-26-47 [2021-05-30]
+==================================================
+* Enabling TLS for ProFTPD FTPS
+* More logical "Restore backup" template
+
+Version 0.9.8-26-46 [2021-04-17]
+==================================================
+* [Feature] Updating CloudFlare IP addresses
+
+Version 0.9.8-26-45 [2021-04-13]
+==================================================
+* [Feature] Logging whole LetsEncrypt process to /usr/local/vesta/log/letsencrypt.log and /usr/local/vesta/log/letsencrypt_cron.log
+* [Feature] Warn admin once (by sending email) if LetsEncrypt renewing failed for server hostname
+* [Bugfix] Correct truncating of CA LetsEncrypt certificate (thanks to HestiaCP @hestiacp for fix)
+
+Version 0.9.8-26-44 [2021-04-04]
+==================================================
+* [Security] Preventing denial-of-service in openssl library in vesta-nginx service (CVE-2021-3449)
+* [Security] Preventing admin to install non-vesta packages from vesta admin panel user interface (Credits to: Numan Türle @numanturle)
+* [Bugfix] Preventing multiple execution of v-backup-users
+* [UserInterface] CSS fix for Apache status table (Credits to: Milos Spasic)
+
+Version 0.9.8-26-43 [2021-03-15]
+==================================================
+* [Security] fix for: CSRF remote code execution in UploadHandler.php - CVE-2021-28379 (Credits to: Fady Osman @fady_othman)
+* [Security] fix for: Local privilege escalation from user account to admin account via v-add-web-domain (Credits to: Two independent security researchers, Marti Guasch Jiménez and Francisco Andreu Sanz, working with the SSD Secure Disclosure program) (and also thanks to HestiaCP @hestiacp for fix)
+* [Security] fix for: Local privilege escalation in v-generate-ssl-cert (potential user to admin or root escalation) (Credits to: Numan Türle @numanturle, thanks to HestiaCP @hestiacp for fix)
+* [Security] fix for: Local privilege escalation in /web/api/ via v-make-tmp-file (probably admin to root escalation) (Credits to: Numan Türle @numanturle, thanks to HestiaCP @hestiacp for fix)
+* [Security] fix for: Cross site scripting in /web/add/ip/ (admin to other admin XSS escalation) (Credits to: Numan Türle @numanturle, thanks to HestiaCP @hestiacp for fix)
+* [Security] fix for: Admin to root escalation in v-activate-vesta-license (Credits to: Numan Türle @numanturle)
+* [Security] Ensure HTML will not be displayed in list log page (Credits to: Kristan Kenney @kristankenney, thanks to HestiaCP @hestiacp for fix)
+
+Version 0.9.8-26-42 [2021-02-26]
+==================================================
+* [Feature] Support for PHP 8.0, see: https://forum.myvestacp.com/viewtopic.php?f=18&t=52
+* [Bugfix] Making sure Apache is in mpm_event mode
+
+Version 0.9.8-26-41 [2021-02-11]
+==================================================
+* Few bugfixes
+
+Version 0.9.8-26-40 [2021-02-08]
+==================================================
+* Few bugfixes
+
+Version 0.9.8-26-39 [2020-12-12]
+==================================================
+* [Security] Fixing useless issue with tokens in "download backup" and "loginas" functions (thanks to HestiaCP for fixes)
+* [Security] Fixing XSS in /list/rrd/?period= value
+
+Version 0.9.8-26-38 [2020-12-05]
+==================================================
+* [Security] Fixing Apache status public access (thanks to HestiaCP for letting us know)
+
+Version 0.9.8-26-37 [2020-10-26]
+==================================================
+* [Bugfix] Fixing LetsEncrypt deprecated GET method for ACME v2 (thanks to @moucho)
+* [Bugfix] Fixing Roundcube to send via authenticated SMTP user instead via php
+
+Version 0.9.8-26-36 [2020-09-10]
+==================================================
+* [Bugfix] Checking necessary available disk space before doing backup
+* [Security] Disabling login with 'root'
+
+Version 0.9.8-26-35 [2020-08-23]
+==================================================
+* [Feature] Limiting max recipients per email to 15, in order to prevent mass spamming
+* [Bugfix] While restoring backup, only exclude logs folder from root, not in public_html
+
+Version 0.9.8-26-34 [2020-08-19]
+==================================================
+* [Bugfix] Split long DNS TXT entries into 255 chunks
+
+Version 0.9.8-26-33 [2020-08-16]
+==================================================
+* [Feature] Ability to set some domain to send emails from another IP (command: v-make-separated-ip-for-email-domain)
+
+Version 0.9.8-26-32 [2020-08-02]
+==================================================
+* [Feature] v-replace-in-file command introduced
+* [Security] Making sure new myVesta commands can be called only by root
+
+Version 0.9.8-26-31 [2020-07-30]
+==================================================
+* [Feature] v-import-cpanel-backup command moved to vesta-bin folder (becoming standard myVesta command)
+* Starting to log auto-update output
+
+Version 0.9.8-26-30 [2020-07-26]
+==================================================
+* New ASCII logo in installer
+* Deleted favicon when user don't know secret-url of hosting panel
+* [bugfix] Minor bug fixed in v-make-separated-ip-for-email
+* [bugfix] Minor fix of URL for templates in v-update-dns-templates
+* [bugfix] Minor fixes in installer
+
+Version 0.9.8-26-29 [2020-07-21]
+==================================================
+* [Feature] v-clone-website command moved to vesta-bin folder (becoming standard myVesta command)
+* [Feature] v-migrate-site-to-https command moved to vesta-bin folder (becoming standard myVesta command)
+* [Bugfix] Fix for ClamAV socket
+* Changing Vesta to myVesta in title of hosting panel pages
+
+Version 0.9.8-26-28 [2020-07-15]
+==================================================
+* [Feature] v-install-wordpress command introduced
+* [Feature] v-move-domain-and-database-to-account command introduced
+* [Feature] v-make-separated-ip-for-email command introduced
+* [Bugfix] Fix for LetsEncrypt issuing in apache-less variant (nginx + php-fpm variant)
+* [Bugfix] Fix for configuring phpMyAdmin DB in apache-less variant (nginx + php-fpm variant)
+
+Version 0.9.8-26-27 [2020-07-05]
+==================================================
+* [Feature] Admins now see changelog when they open myVesta panel after myVesta get updated (changelog will dissapear on next refresh)
+* [Bugfix] Better control of opened SMTP concurrent connections (preventing denial-of-service of SMTP) on fresh installed servers - https://github.com/myvesta/vesta/commit/c57b15b5daca2a0ea88ee6a89a2ff5a4ef47d2a3
+* Second tuning of php-fpm pool.d config files (perfomances and limits)
+
+Version 0.9.8-26-26 [2020-06-27]
+==================================================
+* [Feature] Self-signed SSL will be automaticaly added when you add new domain (CloudFlare is fine with that, you don't need LetsEncrypt anymore if you use CloudFlare as reverse-proxy(CDN+Firewall), just set "Full" in SSL section on CloudFlare)
+* [Feature] Script for adding self-signed SSL to desired domain [v-install-unsigned-ssl]
+* From now, on fresh installed server, default backup cron goes at Saturday at 01 AM (instead of everyday at 05 AM)
+* New favicon for hosting panel
+
+Version 0.9.8-26-25 [2020-06-23]
+==================================================
+* [Security] Fixing unnecessary slash in nginx configs for phpmyadmin and roundcube (Credits to Bernardo Berg @bberg1984 for finding this issue!)
+* [Security] Adding escapeshellarg on few more places in php code (Credits to Talha Günay and @Lupul for finding these places)
+
+Version 0.9.8-26-24 [2020-06-22]
+==================================================
+* [Bugfix] nginx + php-fpm installer variant now finally works
+
+Version 0.9.8-26-23 [2020-06-14]
+==================================================
+* Adding label that LetsEncrypt can be added when you Edit domain
+
+Version 0.9.8-26-22 [2020-06-13]
+==================================================
+* [Bugfix] Checking (in order to delete) php7.4 pool config file while deleting domain
+
+Version 0.9.8-26-21 [2020-06-13]
+==================================================
+* [Feature] Blocking executable files inside archives in received emails (ClamAV)
+* [Bugfix] Removing ability to schedule LetsEncrypt issuing while adding new domain (because it can fall in infinite loop whole day)
+* [Bugfix] Force acme-challenge to use Apache if myVesta is behind main nginx
+* [Bugfix] Adding http2 support to nginx caching.tpl
+* [Bugfix] Script that removes depricated 'ssl on;' in nginx templates
+* [Security] Ensure UPDATE_SSL_SCRIPT is not set in some config files
+
+Version 0.9.8-26-20 [2020-06-01]
+==================================================
+* [Bugfix] Script that will ensure that Apache2 will always stay in mpm_event mode
+* [Bugfix] Ensure config files will not be overwritten while updating vesta-nginx package
+* [Bugfix] Fixing URL in v-update-web-templates script
+* [Feature] Additional rates for nginx anti-denial-of-service templates
+
+Version 0.9.8-26-19 [2020-05-15]
+==================================================
+* [Bugfix] Do not match subdomains while restoring domain [v-restore-user]
+
+Version 0.9.8-26-18 [2020-05-15]
+==================================================
+* [Bugfix] Fixing NS parameters in v-add-dns-on-web-alias
+
+Version 0.9.8-26-17 [2020-05-15]
+==================================================
+* [Bugfix] Reverting default clamav socket path 
+* [Bugfix] Put mail_max_userip_connections = 50 in dovecot
+
+Version 0.9.8-26-16 [2020-05-15]
+==================================================
+* [Bugfix] Allow quick restarting of nginx if acme-challenge should be added many times
+* [Bugfix] Enabling email notification to fresh installed servers about backup success status
+* [Bugfix] Timeout 10 sec for apache2 status
+
+Version 0.9.8-26-15 [2020-05-09]
+==================================================
+* [Feature] nginx templates that can prevent denial-of-service on your server
+* First tuning php-fpm pool.d config files (perfomances and limits)
+* New logo
+
+Version 0.9.8-26-14 [2020-05-08]
+==================================================
+* v-clone-website script switched to parameters
+* Display new version in console while updating myVesta
+
+Version 0.9.8-26-13 [2020-05-07]
+==================================================
+* [Feature] Put build date and version in right-bottom corner of control panel
+
+Version 0.9.8-26-12 [2020-05-07]
+==================================================
+* [Feature] Put build date and version while compiling myVesta
+* [Feature] Office365 DNS template
+* [Feature] Yandex DNS template
+* ProFTPD MaxIstances = 100 for fresh installed servers
+
+Version 0.9.8-26-11 [2020-05-01]
+==================================================
+* [Feature] Skipping LE renewing after 7 failed attempts
+* [Bugfix] Keep conf files during auto-update
+* [Bugfix] Do not restart apache while preparing letsencrypt acme challenge
+* [Bugfix] Set ALLOW_BACKUP_ANYTIME='yes' for fresh installed servers
+
+Version 0.9.8-26-10 [2020-04-11]
+==================================================
+* [Feature] Creating v-normalize-restored-user script (normalize NS1, NS2 and IP of account that is backuped on other server and restored on this server)
+* Tweak for hostname FPM conf
+* [Security] Forbid changing root password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com)
+* [Security] Importing system enviroment in v-change-user-password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com)
+
+Version 0.9.8-26-9 [2020-03-23]
+==================================================
+* [Security] Preventing manipulation with $SERVER['HTTP_HOST'] (Credits to @mdisec - Managing Partner of PRODAFT / INVICTUS A.Ş. Master ninja at pentest.blog)
+
+Version 0.9.8-26-8 [2020-03-23]
+==================================================
+* [Security] Temporary fix for parsing backup conf (Credits to @dreiggy - https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/)
+
+Version 0.9.8-26-7 [2020-03-18]
+==================================================
+* [Bugfix] Fix that avoid LetsEncrypt domain validation timeout
+* [Bugfix] Set timeout in v-list-sys-web-status script
+
+Version 0.9.8-26-6 [2020-02-21]
+==================================================
+* [Bugfix] mail-wrapper.php from now works
+* [Feature] Introducing NOTIFY_ADMIN_FULL_BACKUP, email notification about backup success status
+* [Feature] Introducing KEEP_N_FTP_BACKUPS, ability to limit number of remote FTP backups
+* [Feature] Introducing force-https-webmail-phpmyadmin nginx template
+* [Feature] Trigger for /root/update_firewall_custom.sh
+
+Version 0.9.8-26-5 [2020-02-10]
+==================================================
+* [Security] sudoers fix for Debian10
+* [Feature] [Script that will migrate your site from http to https, replacing http to https URLs in database](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/v-migrate-site-to-https)
+* [Feature] [Cloning script that will copy the whole site from one domain to another (sub)domain](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/v-clone-website)
+* [Feature] [Script that will install multiple PHP versions on your server](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/multi-php-install.sh)
+* [Bugfix] Roundcube force https
+* [Bugfix] Exim compatibility with Loopia for Debian10
+
+Version 0.9.8-26-4 [2020-01-07]
+==================================================
+* [Feature] Allow whitelisting specific IP for /api/
+* [Feature] Allow whitelisting specific IP to avoid secret_url
+* [Feature] Allow Softaculous in secure_login gateway
+* [Bugfix] apparmor install fix again
+* [Bugfix] Turning off MariaDB SQL strict mode
+
+Version 0.9.8-26-3 [2019-11-26]
+==================================================
+* [Bugfix] Better check if session cron already added
+
+Version 0.9.8-26-2 [2019-11-15]
+==================================================
+* [Feature] Support for sub-sub-sub-sub versions :))
+* [Bugfix] Support for longer username of email accounts
+* [Bugfix] apparmor install fix
+* [Bugfix] Trying to fix ClamAV broken socket
+* Moving to myvestacp.com
+
+Version 0.9.8-26 [2019-09-28]
+==================================================
+* [Bugfix] Let's Encrypt HTTP/2 support (by @serghey-rodin)
+* [Bugfix] Fixing broken autoreply output
+* [Feature] Multi-PHP support for PHP 7.4
+* [Feature] Multi-PHP installer for Debian 8
+* [Bugfix] Cron for removing old PHP sessions files
+* [Bugfix] New CloudFlare IPs
+* [Security] MySQL port blocked by default from outside
+* [Feature] Warning when server hostname is not pointing to server IP
+* [Feature] max_length_of_MySQL_username=80
+
+Older versions
+==================================================
+* Support for Debian 10 (previous Debian releases are also supported, but Debian 10 is recommended)
+* [Support for multi-PHP versions](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/multi-php-install.sh)
+* You can limit the maximum number of sent emails (per hour) [per mail account](https://github.com/myvesta/vesta/blob/master/install/debian/10/exim/exim4.conf.template#L105-L106) and [per hosting account](https://github.com/myvesta/vesta/blob/master/install/debian/10/exim/exim4.conf.template#L65-L66), preventing hijacking of email accounts and preventing PHP malware scripts to send spam.
+* You can see [what PHP scripts are sending emails](https://github.com/myvesta/vesta/blob/master/install/debian/10/php/php7.3-dedi.patch#L50), when and to whom
+* You can completely "lock" myVesta so it can be accessed only via **secret URL**, for example https://serverhost:8083/?MY-SECRET-URL
+    + Literally no PHP scripts will be alive on your hosting panel (won't be able to get executed), unless you access the hosting panel with secret URL parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - attackers won't be able to access it without knowing your secret URL - PHP scripts from myVesta
+* We [disabled dangerous PHP functions](https://github.com/myvesta/vesta/blob/master/install/debian/10/php/php7.3-dedi.patch#L9) in php.ini, so even if, for example, your customer's CMS gets compromised, hacker will not be able to execute shell scripts from within PHP.
+* Apache is fully switched to mpm_event mode, while PHP is running in PHP-FPM mode, which is the most stable PHP-stack solution
+    + OPCache is turned on by default
+* Auto-generating LetsEncrypt SSL for server hostname (signed SSL for Vesta 8083 port, for dovecot (IMAP & POP3) and for Exim (SMTP))
+* You can change Vesta port during installation or later using one command line: **v-change-vesta-port [number]**
+* Backup will run with lowest priority (to avoid load on server), and can be configured to run only by night (and to stop on the morning and continue next night)
+* You can compile Vesta binaries by yourself
+* [Script that will convert Vesta to myVesta](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/convert-vesta-to-myvesta.sh)
+* [Wordpress installer in one second](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/create_wp_https)
+* [Script for importing cPanel backups to Vesta](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/cpanel-import.sh)
+* [Official Vesta Softaculous installer](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/install-softaculous.sh)

ISSUE_TEMPLATE.md

@@ -1,23 +1,19 @@
-### Operating System (OS/VERSION):
+### Describe the problem:
 
-Type here, e.g. CentOS 6
-
-### VestaCP Version:
-
-Type here, e.g. 3.14159
-
-### Installed Software (what you got with the installer):
-
-Type here, e.g. php-fpm, apache, nginx, mysql
+Type here what is the problem
 
 ### Steps to Reproduce:
 
-Type here, e.g. install vesta and type rm -rf / --no-preserve-root
+Type here what we should do in order to see the bug on our test server
 
-### Related Issues/Forum Threads:
+### Debian version:
 
-Found anything that might be related to this? It might help us find the cause.
+Type here, example: Debian 10
 
-### Other Notes:
+### VestaCP Version:
 
-Anything else?
+Type here, example: 0.9.8.26-29
+
+### Installed Software (what you got with the installer):
+
+Copy here first 22 lines of file /usr/local/vesta/conf/vesta.conf

README.md

@@ -1,42 +1,95 @@
-[Vesta Control Panel](http://vestacp.com/)
-==================================================
 
-[![Join the chat at https://gitter.im/vesta-cp/Lobby](https://badges.gitter.im/vesta-cp/Lobby.svg)](https://gitter.im/vesta-cp/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+<h1 align="center"><a href="https://myvestacp.com">myVesta</a></h1>
 
-* Vesta is an open source hosting control panel.
-* Vesta has a clean and focused interface without the clutter.
-* Vesta has the latest of very innovative technologies.
+<div style="text-align:center">
 
-How to install (2 step)
-----------------------------
-Connect to your server as root via SSH
-```bash
-ssh root@your.server
-```
+[![Screenshot of myVesta](https://www.myvestacp.com/screenshot1.png)](https://www.myvestacp.com/)
 
-Download the installation script, and run it:
-```bash
-curl http://vestacp.com/pub/vst-install.sh | bash
-```
+</div>
 
-How to install (3 step)
-----------------------------
-If the above example does not work, try this 3 step method:
-Connect to your server as root via SSH
-```bash
-ssh root@your.server
-```
+<h1 align="center">About</h1>
 
+<p align="center">myVesta is a security and stability-focused fork of VestaCP, exclusively supporting Debian in order to maintain a streamlined ecosystem. Boasting a clean, clutter-free interface and the latest innovative technologies, our project is committed to staying synchronized with official VestaCP commits. We work independently to enhance security and develop new features, driven by our passion for contributing to the open-source community rather than monetary gain. As such, we will offer all features built for myVesta to the official VestaCP project through pull requests, without interfering with their development milestones.</p>
+
+<p align="center"><b><a href="https://github.com/myvesta/vesta/blob/master/Changelog.md">View Changelog</a>
+</b></p>
+
+<h1>Links</h1>
+<ul>
+  <li><a href="https://www.myvestacp.com/">Visit our homepage.</a></li>
+  <li><a href="https://forum.myvestacp.com/">Check out our forum for discussions and support.</a></li>
+  <li><a href="https://wiki.myvestacp.com/">For more information, take a look at our knowledge base.</a></li>
+</ul>
+
+<h1>Features of myVesta</h1>
+<ul>
+    <li>Support for Debian 11 and 12 (Debian 12 is recommended, but previous Debian releases are also supported)</li>
+    <li>Support for MySQL 8</li>
+    <li><a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=51">nginx templates</a> that can prevent denial-of-service on your server</li>
+    <li><a href="https://forum.myvestacp.com/viewtopic.php?f=18&t=52">Support for multi-PHP versions</a></li>
+    <li>You can <a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=350">host NodeJS apps</a></li>
+    <li>You can limit the maximum number of sent emails (per hour) <a href="https://github.com/myvesta/vesta/blob/master/install/debian/10/exim/exim4.conf.template#L112-L113">per mail account</a> and <a href="https://github.com/myvesta/vesta/blob/master/install/debian/10/exim/exim4.conf.template#L72-L73">per hosting account</a>, preventing hijacking of email accounts and preventing PHP malware scripts to send spam.</li>
+    <li>
+      You can completely "lock" myVesta so it can be accessed only via secret URL, for example https://serverhost:8083/?MY-SECRET-URL
+      <ul>
+        <li>During installation you will be asked to choose a secret URL for your hosting panel</li>
+        <li>Literally no PHP scripts will be alive on your hosting panel (won't be able to get executed), unless you access the hosting panel with secret URL parameter. Thus, when it happens that, let's say, some zero-day exploit pops up - attackers won't be able to access it without knowing your secret URL - PHP scripts from VestaCP will be simply dead - no one will be able to interact with your panel unless they have the secret URL.</li>
+        <li>You can see for yourself how this mechanism was built by looking at:</li>
+        <ul>
+          <li><a href="https://github.com/myvesta/vesta/blob/master/src/deb/for-download/php/php.ini#L496">src/deb/for-download/php/php.ini</a></li>
+          <li><a href="https://github.com/myvesta/vesta/blob/master/web/inc/secure_login.php">web/inc/secure_login.php</a></li>
+        </ul>
+        <li>If you didn't set the secret URL during installation, you can do it anytime. Just execute in shell: <code>echo "&lt;?php \$login_url='MY-SECRET-URL';" > /usr/local/vesta/web/inc/login_url.php</code></li>
+      </ul>
+    </li>
+  <li>We <a href="https://github.com/myvesta/vesta/blob/master/install/debian/10/php/php7.3-dedi.patch#L9">disabled dangerous PHP functions</a> in php.ini, so even if, for example, your customer's CMS gets compromised, hacker will not be able to execute shell scripts from within PHP.</li>
+  <li>Apache is fully switched to mpm_event mode, while PHP is running in PHP-FPM mode, which is the most stable PHP-stack solution
+    <ul><li>OPCache is turned on by default</li></ul>
+    <li>Auto-generating LetsEncrypt SSL for server hostname (signed SSL for Vesta 8083 port, for dovecot (IMAP & POP3) and for Exim (SMTP))</li>
+    <li>You can change Vesta port during installation or later using one command line: v-change-vesta-port [number]</li>
+    <li>ClamAV is configured to block zip/rar/7z archives that contains executable files (just like GMail)</li>
+    <li>Backup will run with lowest priority (to avoid load on server), and can be configured to run only by night (and to stop on the morning and continue next night) </li>
+    <ul>
+    <li>You can compile Vesta binaries by yourself - <a href="https://github.com/myvesta/vesta/blob/master/src/deb/vesta_compile.sh">src/deb/vesta_compile.sh</a></li>
+<li>You can even create your own APT repository in a minute</li>
+<li>We are using latest nginx version for vesta-nginx package</li>
+<li>With your own APT infrastructure you can take security of Vesta-installer infrastructure in your own hands. You will have full control of your Vesta code (this way you can rest assured that there's 0% chance that you'll install malicious packages from repositories that may get hacked)</li>
+<li>Binaries that you compile are 100% compatible with official VestaCP from vestacp.com, so you can run official VestaCP code with your own binaries (in case you don't want the source code from this fork)</li>
+</ul>
+    
+  </li>
+  </ul>
+  
+<h1>How to install</h1>
 Download the installation script:
-```bash
-curl -O http://vestacp.com/pub/vst-install.sh
+
+```shell
+curl -O http://c.myvestacp.com/vst-install-debian.sh
 ```
+
 Then run it:
-```bash
-bash vst-install.sh
+
+```shell
+bash vst-install-debian.sh
 ```
 
-License
-----------------------------
-Vesta is licensed under  [GPL v3 ](https://github.com/serghey-rodin/vesta/blob/master/LICENSE) license
+Or use our <a href="https://www.myvestacp.com/install_generator.html">installer generator</a>.
+
+<h1>Useful scripts</h1>
+<ul>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=24&t=50">How to move accounts from one (my)Vesta server to another myVesta server</a></li>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=17&t=386">WordPress installer in one second </a></li>(v-install-wordpress)
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=17&t=385">Cloning script that will copy the whole site from one (sub)domain to another (sub)domain </a></li>(v-clone-website)
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=17&t=382">Script that will migrate your site from http to https, replacing http to https URLs in database </a></li>(v-migrate-site-to-https)
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=24&t=63">Script for importing cPanel backups to Vesta (thanks to Maks Usmanov - Skamasle) </a></li> (v-import-cpanel-backup)
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=18&t=52">Script that will install multiple PHP versions on your server</a></li>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=350">How to host NodeJS apps</a></li>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=20&t=51">Script that will install nginx templates that can prevent denial-of-service on your server</a></li>
+  <li><a href="https://forum.myvestacp.com/viewtopic.php?f=15&t=47">Official VestaCP Softaculous installer</a></li>
+</ul>
+
+
+<h1>Licence</h1>
+myVesta is licensed under <a href="https://github.com/serghey-rodin/vesta/blob/master/LICENSE">GPL v3</a> license.
+
 

SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security issues to info@myvestacp.com

bin/v-activate-rocket-nginx

@@ -0,0 +1,144 @@
+#!/bin/bash
+# info: Install rocket-nginx extension for certain domain
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain doesn't exist";
+    exit 1;
+fi
+
+if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo 'Please install WordPress first.'
+    exit 1;
+fi
+
+if [ ! -d "/etc/nginx/rocket-nginx" ]; then
+    echo "rocket-nginx is not installed";
+    echo "Do you want to install it now (y/n)?"
+    read answer
+    if [ "$answer" == "y" ]; then
+        echo "Installing rocket-nginx..."
+        curl -sL https://c.myvestacp.com/tools/install-rocket-nginx.sh | bash -
+    else
+        echo "Exiting script"
+        exit 1;
+    fi
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Changing Proxy Template
+# Check if the proxy template is already set correctly
+current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}')
+if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then
+    echo "Proxy Template is already set up correctly"
+else
+    # Prompt the user to choose whether to force HTTPS or not
+    echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):"
+    read answer
+
+    # Change the proxy template based on the user's choice
+    if [ "$answer" == "h" ]; then
+        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting"
+    elif [ "$answer" == "f" ]; then
+        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https"
+    elif [ "$answer" == "w" ]; then
+        /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https"
+    fi
+
+    echo "Proxy Template is ready"
+fi
+
+# Disabling wp-cron in wp-config.php
+cd /home/$user/web/$domain/public_html
+checkstring_disable="define('DISABLE_WP_CRON', true)"
+checkstring_enable="define('DISABLE_WP_CRON', false)"
+string_disable="define( 'DISABLE_WP_CRON', true );"
+line="<?php"
+file="wp-config.php"
+
+if grep -q -w -i -F "$checkstring_disable" "$file"; then
+  echo "WP-Cron is already disabled in your wp-config.php"
+elif grep -q -w -i -F "$checkstring_enable" "$file"; then
+  echo "Disabling WP-Cron in your wp-config.php..."
+  sed -i "/$checkstring_enable/d" "$file"
+  sed -i "/$line/Ia $string_disable" "$file"
+else
+  echo "Disabling WP-Cron in your wp-config.php..."
+  sed -i "/$line/Ia $string_disable" "$file"
+fi
+
+
+# Adding cron job
+# Check if a cron job already exists for any of the specified PHP-FPM versions
+existing_cron=$(crontab -l -u $user | grep -o "wp-cron.php >/home/$user/web/$domain/cron.log" | grep -v "grep")
+
+if [ ! -z "$existing_cron" ]; then
+    echo "There is already a cron job added for user $user and domain $domain."
+else
+    echo "Adding cron job..."
+    # Add the cron job
+    fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain")
+    touch /home/$user/web/$domain/cron.log
+    chown $user:$user /home/$user/web/$domain/cron.log
+
+    case $fpm_ver in
+        5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) 
+            /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1"
+            ;;
+    esac
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+echo "Installation is completed."
+echo "Checking RESPONSE HEADERS (You should see x-rocket-nginx-serving-static if the WP Rocket plugin is activated):"
+curl -I https://$domain
+
+exit

bin/v-activate-vesta-license

@@ -27,7 +27,7 @@ source $VESTA/conf/vesta.conf
 
 # Checking arg number
 check_args '2' "$#" 'MODULE LICENSE'
-
+is_user_format_valid "$license" "license"
 
 #----------------------------------------------------------#
 #                       Action                             #
@@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
 
 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/activate.php?licence_key=$license&module=$module)
+answer=$(curl --max-time 60 -s $v_host/activate.php?licence_key=$license&module=$module)
 check_result $? "cant' connect to vestacp.com " $E_CONNECT
 
 # Checking server answer

bin/v-add-backup-host

@@ -38,8 +38,7 @@ EOF
 sftpc() {
     expect -f "-" <<EOF "$@"
         set count 0
-        spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o \
-            Port=$port $user@$host
+        spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
         expect {
             "password:" {
                 send "$password\r"
@@ -94,12 +93,14 @@ EOF
 
 if [ "$type" != 'local' ];then
     check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]"
-    is_format_valid 'host'
+    is_format_valid 'user' 'host' 'path' 'port'
     is_password_valid
     if [ "$type" = 'sftp' ]; then
         which expect >/dev/null 2>&1
         check_result $? "expect command not found"  $E_NOTEXIST
     fi
+    host "$host" >/dev/null 2>&1
+    check_result $? "host connection failed" "$E_CONNECT"
 fi
 
 

bin/v-add-dns-on-web-alias

@@ -50,12 +50,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l)
 # Adding second level domain
 if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then
     $BIN/v-add-dns-domain \
-        $user $alias $ip '' '' '' '' '' $restart >> /dev/null
+        $user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
     exit
 fi
 
 # Adding top-level domain and then its sub
-$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null
+$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' '' '' '' $restart >> /dev/null
 
 # Checking top-level domain
 if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then

bin/v-add-dns-record

@@ -45,10 +45,12 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
     fi
 fi
 
-dvalue=${dvalue//\"/}
+if [ $rtype != "CAA" ]; then
+    dvalue=${dvalue//\"/}
 
-if [[ "$dvalue" =~ [\;[:space:]] ]]; then
-    dvalue='"'"$dvalue"'"'
+    if [[ "$dvalue" =~ [\;[:space:]] ]]; then
+        dvalue='"'"$dvalue"'"'
+    fi
 fi
 
 # Additional argument formatting

bin/v-add-firewall-ban

@@ -72,6 +72,13 @@ $iptables -I fail2ban-$chain 1 -s $ip \
 # Changing permissions
 chmod 660 $conf
 
+# nginx deny rules conf
+if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
+    if ! grep -q  "deny $ip;" /etc/nginx/conf.d/block.conf; then
+        echo "deny $ip;" >> /etc/nginx/conf.d/block.conf
+        systemctl reload nginx
+   fi
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-add-firewall-chain

@@ -21,6 +21,12 @@ protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
 # Defining absolute path to iptables
 iptables="/sbin/iptables"
 
+# Get vesta port by reading nginx.conf
+vestaport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
+if [ -z "$vestaport" ]; then
+    vestaport=8083
+fi
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
@@ -41,13 +47,19 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
 
 # Checking known chains
 case $chain in
-    SSH)        port=22; protocol=TCP ;;
+    SSH)        # Get ssh port by reading ssh config file.
+                sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
+                if [ -z "$sshport" ]; then
+                    sshport=22
+                fi
+                port=$sshport; 
+                protocol=TCP ;;
     FTP)        port=21; protocol=TCP  ;;
     MAIL)       port='25,465,587,2525,110,995,143,993'; protocol=TCP  ;;
     DNS)        port=53; protocol=UDP  ;;
     WEB)        port='80,443'; protocol=TCP  ;;
     DB)         port='3306,5432'; protocol=TCP  ;;
-    VESTA)      port=8083; protocol=TCP  ;;
+    VESTA)      port=$vestaport; protocol=TCP  ;;
     *)          check_args '2' "$#" 'CHAIN PORT' ;;
 esac
 

bin/v-add-firewall-rule

@@ -83,6 +83,16 @@ sort_fw_rules
 # Updating system firewall
 $BIN/v-update-firewall
 
+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
+        touch /etc/nginx/conf.d/block-firewall.conf
+        if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then
+            echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf
+            systemctl restart nginx
+        fi
+    fi
+fi
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-add-letsencrypt-domain

@@ -1,13 +1,8 @@
 #!/bin/bash
-# info: adding letsencrypt ssl cetificate for domain
-# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY]
+# info: check letsencrypt domain
+# options: USER DOMAIN [ALIASES]
 #
-# The function turns on SSL support for a domain. Parameter ssl_dir is a path
-# to directory where 2 or 3 ssl files can be found. Certificate file
-# domain.tld.crt and its key domain.tld.key  are mandatory. Certificate
-# authority domain.tld.ca file is optional. If home directory  parameter
-# (ssl_home) is not set, https domain uses public_shtml as separate
-# documentroot directory.
+# The function check and validates domain with Let's Encript
 
 
 #----------------------------------------------------------#
@@ -18,8 +13,15 @@
 user=$1
 domain=$2
 aliases=$3
-restart=$4
-notify=$5
+
+# LE API
+API='https://acme-v02.api.letsencrypt.org'
+
+if [[ "$LE_STAGING" = 'yes' ]]; then
+	API='https://acme-staging-v02.api.letsencrypt.org'
+fi
+
+deb_release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
 
 # Includes
 source $VESTA/func/main.sh
@@ -27,98 +29,421 @@ source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 
 # Additional argument formatting
-format_domain_idn
+format_identifier_idn() {
+    identifier_idn=$identifier
+    if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
+        identifier_idn=$(idn -t --quiet -a $identifier_idn)
+    fi
+}
+
+# encode base64
+encode_base64() {
+    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
+}
+
+# Let's Encrypt v2 curl function
+query_le_v2() {
+
+    protected='{"nonce": "'$3'",'
+    protected=''$protected' "url": "'$1'",'
+    protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
+    content="Content-Type: application/jose+json"
+
+    payload_=$(echo -n "$2" |encode_base64)
+    protected_=$(echo -n "$protected" |encode_base64)
+    signature_=$(printf "%s" "$protected_.$payload_" |\
+        openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
+        encode_base64)
+
+    post_data='{"protected":"'"$protected_"'",'
+    post_data=$post_data'"payload":"'"$payload_"'",'
+    post_data=$post_data'"signature":"'"$signature_"'"}'
+
+    # Save http response to file passed as "$4" arg or print to stdout if not provided
+    # http response headers are always sent to stdout
+    local save_to_file=${4:-"/dev/stdout"}
+    if [ "$deb_release" -gt 8 ]; then
+        curl --location --user-agent "myVesta" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
+    else
+        curl --location --user-agent "myVesta" --insecure --retry 5 --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file"
+    fi
+ }
+
 
 
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]'
-is_format_valid 'user' 'domain'
+check_args '2' "$#" 'USER DOMAIN [ALIASES]'
+is_format_valid 'user' 'domain' 'aliases'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
-is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'web' 'DOMAIN' "$domain"
 is_object_unsuspended 'web' 'DOMAIN' "$domain"
+get_domain_values 'web'
 
+echo "-----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : v-add-letsencrypt-domain $domain [$aliases]" >> /usr/local/vesta/log/letsencrypt.log
+
+# check if alias is the letsencrypt wildcard domain, if not, make the normal checks
+if [[ "$aliases" != "*.$domain" ]]; then
+    for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
+        check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
+        if [ -z "$check_alias" ]; then
+            echo "[$(date)] : EXIT=domain alias $alias doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
+            check_result $E_NOTEXIST "domain alias $alias doesn't exist"
+        fi
+    done
+fi;
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Parsing domain data
-get_domain_values 'web'
-
 # Registering LetsEncrypt user account
+echo "[$(date)] : v-add-letsencrypt-user $user" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-letsencrypt-user $user
+echo "[$(date)] : result: $?" >> /usr/local/vesta/log/letsencrypt.log
 if [ "$?" -ne 0  ]; then
     touch $VESTA/data/queue/letsencrypt.pipe
     sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
     send_notice "LETSENCRYPT" "Account registration failed"
+    echo "[$(date)] : EXIT=LE account registration" >> /usr/local/vesta/log/letsencrypt.log
     check_result $E_CONNECT "LE account registration" >/dev/null
 fi
 
 # Parsing LetsEncrypt account data
 source $USER_DATA/ssl/le.conf
-email=$EMAIL
 
-# Validating domain and aliases
-i=1
-for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
-    $BIN/v-check-letsencrypt-domain $user $alias
-    if [ "$?" -ne 0 ]; then
-        touch $VESTA/data/queue/letsencrypt.pipe
-        sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
-        send_notice "LETSENCRYPT" "$alias validation failed"
-        check_result $E_INVALID "LE domain validation" >/dev/null
+# Checking wildcard alias
+if [ "$aliases" = "*.$domain" ]; then
+    echo "[$(date)] : Checking wildcard alias" >> /usr/local/vesta/log/letsencrypt.log
+    wildcard='yes'
+    proto="dns-01"
+    if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
+        echo "[$(date)] : EXIT=DNS domain $domain doesn't exist" >> /usr/local/vesta/log/letsencrypt.log
+        check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
+    fi
+else
+    proto="http-01"
+fi
+
+# Requesting nonce / STEP 1
+echo "[$(date)] : --- Requesting nonce / STEP 1 ---" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : curl -s -I \"$API/directory\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(curl --user-agent "myVesta" -s -I "$API/directory")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 200 ]]; then
+    echo "[$(date)] : EXIT=Let's Encrypt nonce request status $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt nonce request status $status"
+fi
+
+# Placing new order / STEP 2
+echo "[$(date)] : --- Placing new order / STEP 2 ---" >> /usr/local/vesta/log/letsencrypt.log
+url="$API/acme/new-order"
+payload='{"identifiers":['
+for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
+    format_identifier_idn
+    payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
+done
+payload=$(echo "$payload"|sed "s/,$//")
+payload=$payload']}'
+# validation='pending'
+# # Start counter to avoid infinite loop
+# i=0
+# while [ "$validation" = 'pending' ]; do
+# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(query_le_v2 "$url" "$payload" "$nonce")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
+echo "[$(date)] : authz=$authz" >> /usr/local/vesta/log/letsencrypt.log
+finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
+echo "[$(date)] : finalize=$finalize" >> /usr/local/vesta/log/letsencrypt.log
+order=$(echo -e "$answer" | grep -i location | cut -f2 -d \  | tr -d '\r\n')
+echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
+echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 201 ]]; then
+    echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt new auth status $status"
+fi
+# # Exit the loop after 5 attempts
+# i=$((i + 1))
+# if [ $i -gt 5 ]; then
+#     break
+# fi
+# sleep 2
+# done
+
+# Requesting authorization token / STEP 3
+echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log
+for auth in $authz; do
+    payload=''
+    echo "[$(date)] : for auth=$auth" >> /usr/local/vesta/log/letsencrypt.log
+    echo "[$(date)] : query_le_v2 \"$auth\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+    answer=$(query_le_v2 "$auth" "$payload" "$nonce")
+    echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+    url=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \")
+    echo "[$(date)] : url=$url" >> /usr/local/vesta/log/letsencrypt.log
+    token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
+    echo "[$(date)] : token=$token" >> /usr/local/vesta/log/letsencrypt.log
+    nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+    echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+    status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+    echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+    if [[ "$status" -ne 200 ]]; then
+        echo "[$(date)] : EXIT=Let's Encrypt acme/authz bad status $status" >> /usr/local/vesta/log/letsencrypt.log
+        check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
     fi
 
-    # Checking LE limits per account
-    if [ "$i" -gt 100 ]; then
-        touch $VESTA/data/queue/letsencrypt.pipe
-        sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
-        send_notice 'LETSENCRYPT' 'Limit of domains per account is reached'
-        check_result $E_LIMIT "LE can't sign more than 100 domains"
+    # Configuring challenge / STEP 4
+    echo "[$(date)] : --- Configuring challenge / STEP 4 ---" >> /usr/local/vesta/log/letsencrypt.log
+    echo "[$(date)] : wildcard=$wildcard" >> /usr/local/vesta/log/letsencrypt.log
+    if [ "$wildcard" = 'yes'  ]; then
+        record=$(printf "%s" "$token.$THUMB" |\
+            openssl dgst -sha256 -binary |encode_base64)
+        old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
+        old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
+        for old_record in $old_records; do
+            $BIN/v-delete-dns-record "$user" "$domain" "$old_record"
+        done
+        $BIN/v-add-dns-record "$user" "$domain" "_acme-challenge" "TXT" "$record"
+        exitstatus=$?
+        echo "[$(date)] : v-add-dns-record \"$user\" \"$domain\" \"_acme-challenge\" \"TXT\" \"$record\"" >> /usr/local/vesta/log/letsencrypt.log
+        if [ "$exitstatus" -ne 0  ]; then
+            echo "[$(date)] : EXIT=DNS _acme-challenge record wasn't created" >> /usr/local/vesta/log/letsencrypt.log
+        fi
+        check_result $exitstatus "DNS _acme-challenge record wasn't created"
+        systemctl restart bind9
+    else
+        if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
+            if [ -f "/usr/local/vesta/web/inc/nginx_proxy" ]; then
+                #  if vesta is behind main nginx
+                well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
+                acme_challenge="$well_known/acme-challenge"
+                mkdir -p $acme_challenge
+                echo "$token.$THUMB" > $acme_challenge/$token
+                echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
+                chown -R $user:$user $well_known
+            else
+                # default nginx method
+                conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
+                sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
+                # if [ ! -e "$conf" ]; then
+                    echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
+                        > $conf
+                    echo '    default_type text/plain;' >> $conf
+                    echo '    return 200 "$1.'$THUMB'";' >> $conf
+                    echo '}' >> $conf
+                # fi
+                echo "[$(date)] : in $conf we put: $THUMB" >> /usr/local/vesta/log/letsencrypt.log
+                if [ ! -e "$sconf" ]; then
+                    ln -s "$conf" "$sconf"
+                fi
+                echo "[$(date)] : v-restart-proxy" >> /usr/local/vesta/log/letsencrypt.log 
+                $BIN/v-restart-proxy
+                if [ -z "$PROXY_SYSTEM" ]; then
+                    # apache-less variant
+                    echo "[$(date)] : v-restart-web" >> /usr/local/vesta/log/letsencrypt.log 
+                    $BIN/v-restart-web
+                fi
+                exitstatus=$?
+                if [ "$exitstatus" -ne 0  ]; then
+                    echo "[$(date)] : EXIT=Proxy restart failed = $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
+                fi
+                check_result $exitstatus "Proxy restart failed" >/dev/null
+            fi
+        else
+            well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
+            acme_challenge="$well_known/acme-challenge"
+            mkdir -p $acme_challenge
+            echo "$token.$THUMB" > $acme_challenge/$token
+            chown -R $user:$user $well_known
+            echo "[$(date)] : in $acme_challenge/$token we put: $token.$THUMB" >> /usr/local/vesta/log/letsencrypt.log
+            # $BIN/v-restart-web
+            # check_result $? "Web restart failed" >/dev/null
+        fi
+    fi
+
+    # Requesting ACME validation / STEP 5
+    echo "[$(date)] : --- Requesting ACME validation / STEP 5 ---" >> /usr/local/vesta/log/letsencrypt.log
+    validation_check=$(echo "$answer" |grep '"valid"')
+    echo "[$(date)] : validation_check=$validation_check" >> /usr/local/vesta/log/letsencrypt.log
+    if [[ ! -z "$validation_check" ]]; then
+        validation='valid'
+    else
+        validation='pending'
+    fi
+
+    # Doing pol check on status
+    i=1
+    while [ "$validation" = 'pending' ]; do
+        i=0
+        while true; do
+            echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log
+            payload='{}'
+            echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+            answer=$(query_le_v2 "$url" "$payload" "$nonce")
+            echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+            url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \")
+            echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log
+            validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
+            echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+            nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+            echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+            status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+            echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+            if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then
+                break
+            fi
+            if [ "$wildcard" = 'yes'  ]; then
+                if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then
+                    break
+                fi                
+            fi
+            i=$((i + 1))
+            if ((i > 30)); then
+                break
+            fi
+            sleep 2
+        done
+        if [[ "$status" -ne 200 ]]; then
+            echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log
+            check_result $E_CONNECT "Let's Encrypt validation status $status"
+        fi
+
+        i=$((i + 1))
+        if [ "$i" -gt 10 ]; then
+            echo "[$(date)] : EXIT=Let's Encrypt domain validation timeout" >> /usr/local/vesta/log/letsencrypt.log
+            check_result $E_CONNECT "Let's Encrypt domain validation timeout"
+        fi
+        echo "[$(date)] : curl: $url2 :" >> /usr/local/vesta/log/letsencrypt.log
+        get_answer=$(curl --user-agent "myVesta" --silent -S "$url2")
+        echo "[$(date)] : get_answer=$get_answer" >> /usr/local/vesta/log/letsencrypt.log
+        sleeping=$((i*2))
+        echo "[$(date)] : sleep $sleeping (i=$i)" >> /usr/local/vesta/log/letsencrypt.log
+        sleep $sleeping
+    done
+    if [ "$validation" = 'invalid' ]; then
+        echo "[$(date)] : EXIT=Let's Encrypt domain verification failed" >> /usr/local/vesta/log/letsencrypt.log
+        check_result $E_CONNECT "Let's Encrypt domain verification failed"
     fi
-    i=$((i++))
 done
 
-# Generating CSR
-ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \
+
+# Generating new ssl certificate
+ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
     "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
 
-# Signing CSR
-crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir)
-if [ "$?" -ne 0 ]; then
-    touch $VESTA/data/queue/letsencrypt.pipe
-    sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
-    send_notice "LETSENCRYPT" "$alias validation failed"
-    check_result "$E_INVALID" "LE $domain validation"
-fi
-echo "$crt" > $ssl_dir/$domain.crt
+# Sending CSR to finalize order / STEP 6
+echo "[$(date)] : --- Sending CSR to finalize order / STEP 6 ---" >> /usr/local/vesta/log/letsencrypt.log
 
-# Dowloading CA certificate
-le_certs='https://letsencrypt.org/certs'
-x1='lets-encrypt-x1-cross-signed.pem.txt'
-x3='lets-encrypt-x3-cross-signed.pem.txt'
-issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:")
-if [ -z "$(echo $issuer|grep X3)" ]; then
-    curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
-else
-    curl -s $le_certs/$x3 > $ssl_dir/$domain.ca
+csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
+payload='{"csr":"'$csr'"}'
+echo "[$(date)] : query_le_v2 \"$finalize\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n')
+echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
+echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 200 ]]; then
+    echo "[$(date)] : EXIT=Let's Encrypt finalize bad status $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
+fi
+
+if [ "$nonce" = "" ]; then
+    echo "[$(date)] : EXIT=Let's Encrypt 'nonce' is empty after step 6" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt 'nonce' is empty after step 6"
+fi
+
+if [ "$certificate" = "" ]; then
+    validation="processing"
+	i=1
+	while [ "$validation" = "processing" ]; do
+        echo "[$(date)] : --- Polling server waiting for Certificate / STEP 7 ---" >> /usr/local/vesta/log/letsencrypt.log
+		answer=$(query_le_v2 "$order" "" "$nonce")
+		i=$((i + 1))
+
+		nonce=$(echo "$answer" | grep -i nonce | cut -f2 -d \  | tr -d '\r\n')
+        echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+		status=$(echo "$answer" | grep HTTP/ | tail -n1 | cut -f 2 -d ' ')
+        echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+		validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"')
+        echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log
+		certificate=$(echo "$answer" | grep 'certificate":' | cut -f4 -d '"')
+        echo "[$(date)] : certificate=$certificate" >> /usr/local/vesta/log/letsencrypt.log
+		sleep $((i * 2)) # Sleep for 2s, 4s, 6s, 8s
+		if [ $i -gt 10 ]; then
+			check_result "$E_CONNECT" "Certificate processing timeout ($domain)"
+		fi
+	done
+fi
+
+if [ "$certificate" = "" ]; then
+    echo "[$(date)] : EXIT=Let's Encrypt 'certificate' is empty after step 7" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_CONNECT "Let's Encrypt 'certificate' is empty after step 7"
+fi
+
+# Downloading signed certificate / STEP 8
+echo "[$(date)] : --- Downloading signed certificate / STEP 8 ---" >> /usr/local/vesta/log/letsencrypt.log
+echo "[$(date)] : query_le_v2 \"$certificate\" \"\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log
+answer=$(query_le_v2 "$certificate" "" "$nonce" "$ssl_dir/$domain.pem")
+echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log
+status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ')
+echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log
+if [[ "$status" -ne 200 ]]; then
+    [ -d "$ssl_dir" ] && rm -rf "$ssl_dir"
+    echo "[$(date)] : EXIT=Let's Encrypt downloading signed cert failed status: $status" >> /usr/local/vesta/log/letsencrypt.log
+    check_result $E_NOTEXIST "Let's Encrypt downloading signed cert failed status: $status"
+fi
+
+# Splitting up downloaded pem
+# echo "[$(date)] : - Splitting up downloaded pem" >> /usr/local/vesta/log/letsencrypt.log
+crt_end=$(grep -n 'END CERTIFICATE' $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
+# echo "[$(date)] : crt_end=$crt_end" >> /usr/local/vesta/log/letsencrypt.log
+head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
+
+pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
+# echo "[$(date)] : pem_lines=$pem_lines" >> /usr/local/vesta/log/letsencrypt.log
+ca_end=$(grep -n 'BEGIN CERTIFICATE' $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
+# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
+ca_end=$(( pem_lines - crt_end + 1 ))
+# echo "[$(date)] : ca_end=$ca_end" >> /usr/local/vesta/log/letsencrypt.log
+tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
+
+# Temporary fix for double "END CERTIFICATE"
+if [[ $(head -n 1 $ssl_dir/$domain.ca) = "-----END CERTIFICATE-----" ]]; then
+    sed -i '1,2d' $ssl_dir/$domain.ca
 fi
 
 # Adding SSL
 ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
 $BIN/v-delete-web-domain-ssl $user $domain >/dev/null 2>&1
+echo "[$(date)] : v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home" >> /usr/local/vesta/log/letsencrypt.log
 $BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
-if [ "$?" -ne '0' ]; then
+exitstatus=$?
+echo "[$(date)] : v-add-web-domain-ssl status: $exitstatus" >> /usr/local/vesta/log/letsencrypt.log
+if [ "$exitstatus" -ne '0' ]; then
     touch $VESTA/data/queue/letsencrypt.pipe
     sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
+    echo "[$(date)] : EXIT=$domain certificate installation failed" >> /usr/local/vesta/log/letsencrypt.log
     send_notice 'LETSENCRYPT' "$domain certificate installation failed"
-    check_result $? "SSL install" >/dev/null
+    check_result $exitstatus "SSL install" >/dev/null
 fi
 
 # Adding LE autorenew cronjob
@@ -135,24 +460,20 @@ if [ -z "$LETSENCRYPT" ]; then
 fi
 update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
 
+reset_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT'
 
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 
-# Restarting web
-$BIN/v-restart-web $restart
-if [ "$?" -ne 0  ]; then
-    send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
-fi
-
-# Notifying user
-send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
-
 # Deleteing task from queue
 touch $VESTA/data/queue/letsencrypt.pipe
 sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
 
+# Notifying user
+send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
+echo "[$(date)] : EXIT=***** $domain SSL has been installed successfully *****" >> /usr/local/vesta/log/letsencrypt.log
+
 # Logging
 log_event "$OK" "$ARGUMENTS"
 

bin/v-add-letsencrypt-user

@@ -1,8 +1,8 @@
 #!/bin/bash
 # info: register letsencrypt user account
-# options: USER [EMAIL]
+# options: USER
 #
-# The function creates and register LetsEncript account key
+# The function creates and register LetsEncript account 
 
 
 #----------------------------------------------------------#
@@ -11,8 +11,13 @@
 
 # Argument definition
 user=$1
-email=$2
-key_size=4096
+
+# LE API
+API='https://acme-v02.api.letsencrypt.org'
+
+if [[ "$LE_STAGING" = 'yes' ]]; then
+	API='https://acme-staging-v02.api.letsencrypt.org'
+fi
 
 # Includes
 source $VESTA/func/main.sh
@@ -23,15 +28,38 @@ encode_base64() {
     cat |base64 |tr '+/' '-_' |tr -d '\r\n='
 }
 
+# Let's Encrypt v2 curl function
+query_le_v2() {
+    protected='{"nonce": "'$3'",'
+    protected=''$protected' "url": "'$1'",'
+    protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
+    content="Content-Type: application/jose+json"
+
+    payload_=$(echo -n "$2" |encode_base64)
+    protected_=$(echo -n "$protected" |encode_base64)
+    signature_=$(printf "%s" "$protected_.$payload_" |\
+        openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
+        encode_base64)
+
+    post_data='{"protected":"'"$protected_"'",'
+    post_data=$post_data'"payload":"'"$payload_"'",'
+    post_data=$post_data'"signature":"'"$signature_"'"}'
+
+    curl --user-agent "myVesta" -s -i -d "$post_data" "$1" -H "$content"
+}
+
 
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '1' "$#" 'USER [EMAIL]'
+check_args '1' "$#" 'USER'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 if [ -e "$USER_DATA/ssl/le.conf" ]; then
+    source "$USER_DATA/ssl/le.conf"
+fi
+if [ ! -z "$KID" ]; then
     exit
 fi
 
@@ -40,57 +68,57 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
 
-api='https://acme-v01.api.letsencrypt.org'
-if [ -z "$email" ]; then
-    email=$(get_user_value '$CONTACT')
+
+# Defining user email
+if [[ -z "$EMAIL" ]]; then
+    EMAIL=$(get_user_value '$CONTACT')
 fi
 
-agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')
+# Defining user agreement
+agreement=''
 
-# Generating key
-key="$USER_DATA/ssl/user.key"
-if [ ! -e "$key" ]; then
-    openssl genrsa -out $key $key_size >/dev/null 2>&1
-    chmod 600 $key
+# Generating user key
+KEY="$USER_DATA/ssl/user.key"
+if [ ! -e "$KEY" ]; then
+    openssl genrsa -out $KEY 4096 >/dev/null 2>&1
+    chmod 600 $KEY
 fi
 
 # Defining key exponent
-exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\
-    grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
-    xxd -r -p |encode_base64)
+if [ -z "$EXPONENT" ]; then
+    EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
+        grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
+        xxd -r -p |encode_base64)
+fi
 
 # Defining key modulus
-modulus=$(openssl rsa -in "$key" -modulus -noout |\
-    sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
+if [ -z "$MODULUS" ]; then
+    MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
+        sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
+fi
 
-# Defining key thumb
-thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)"
+# Defining JWK
+jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'
 
-# Defining JWK header
-header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-header='{"alg":"RS256","jwk":'"$header"'}'
+# Defining key thumbnail
+if [ -z "$THUMB" ]; then
+    THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
+fi
 
-# Requesting nonce
-nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
 
-# Defining registration query
-query='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
-query=$query'"agreement":"'$agreement'"}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
+# Requesting ACME nonce
+nonce=$(curl -s -I "$API/directory" |grep -i nonce |cut -f2 -d\ |tr -d '\r\n')
 
-# Sending request to LetsEncrypt API
-answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
-status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
+# Creating ACME account
+url="$API/acme/new-acct"
+payload='{"termsOfServiceAgreed": true}'
+answer=$(query_le_v2 "$url" "$payload" "$nonce")
+kid=$(echo "$answer" |grep -i location: |cut -f2 -d ' '|tr -d '\r')
 
-# Checking http answer status
-if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then
-    check_result $E_CONNECT "LetsEncrypt account registration $status"
+# Checking answer status
+status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ')
+if [[ "${status:0:2}" -ne "20" ]]; then
+    check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
 fi
 
 
@@ -99,12 +127,17 @@ fi
 #----------------------------------------------------------#
 
 # Adding le.conf
-echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf
-echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf
-echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf
-echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf
-chmod 660  $USER_DATA/ssl/le.conf
-
+if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
+    echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
+    echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
+    echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
+    echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
+    echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
+    chmod 660  $USER_DATA/ssl/le.conf
+else
+    sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
+    echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
+fi
 
 # Logging
 log_event "$OK" "$ARGUMENTS"

bin/v-add-mail-account

@@ -61,8 +61,14 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     fi
     str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
     echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd
+    userstr="$account:$account:$user:mail:$HOMEDIR/$user"
+    echo $userstr >> $HOMEDIR/$user/conf/mail/$domain/accounts
 fi
 
+# Create mail account folder (mailbox)
+mkdir $HOMEDIR/$user/mail/$domain/$account
+chown $user:mail $HOMEDIR/$user/mail/$domain/$account
+chmod 700 $HOMEDIR/$user/mail/$domain/$account
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-add-mail-domain

@@ -45,6 +45,16 @@ is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_domain_new 'mail' "$domain"
 is_package_full 'MAIL_DOMAINS'
+# Allow mail symlink to HDD
+check_symlink=1
+symlink=$(readlink $HOMEDIR/$user/mail)
+if [ "$symlink" = "/hdd/home/$user/mail" ]; then
+    check_symlink=0
+fi
+
+if [ $check_symlink -eq 1 ]; then
+    is_dir_symlink $HOMEDIR/$user/mail
+fi
 
 
 #----------------------------------------------------------#
@@ -81,6 +91,7 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     touch $HOMEDIR/$user/conf/mail/$domain/aliases
     touch $HOMEDIR/$user/conf/mail/$domain/passwd
     touch $HOMEDIR/$user/conf/mail/$domain/fwd_only
+    touch $HOMEDIR/$user/conf/mail/$domain/accounts
     ln -s $HOMEDIR/$user/conf/mail/$domain \
         /etc/$MAIL_SYSTEM/domains/$domain_idn
 
@@ -109,6 +120,7 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     # Set ownership
     chown -R $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain
     chown -R dovecot:mail $HOMEDIR/$user/conf/mail/$domain/passwd
+    chown $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain/accounts
     chown $user:mail $HOMEDIR/$user/mail/$domain_idn
 fi
 

bin/v-add-srs-support-to-exim

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+gen_pass() {
+    MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+    if [ -z "$1" ]; then
+        LENGTH=32
+    else
+        LENGTH=$1
+    fi
+    while [ ${n:=1} -le $LENGTH ]; do
+        PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}"
+        let n+=1
+    done
+    echo "$PASS"
+}
+
+eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}')
+if (( $(echo "$eximversion < 4.96" | bc -l) )); then
+    echo "= ERROR: Exim SRS support requires Exim 4.96 or higher."
+    echo "You have Exim $eximversion"
+    exit 1;
+fi
+
+echo "=== Addind SRS support to Exim4 ==="
+# SRS support is taken from HestiaCP
+
+if [ ! -f "/etc/exim4/srs.conf" ]; then
+    echo "= Generating SRS KEY"
+    srs=$(gen_pass 16) 
+    echo $srs > /etc/exim4/srs.conf
+    chmod 640 /etc/exim4/srs.conf
+    chown root:Debian-exim /etc/exim4/srs.conf
+fi
+
+if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then
+    echo "= Backing up /etc/exim4/exim4.conf.template"
+    cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf"
+    v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Patching \"dnslookup:\" block"
+    /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' '  no_more' 'dnslookup:\n  driver = dnslookup\n  # if outbound, and forwarding has been done, use an alternate transport\n  domains = ! +local_domains\n  transport = ${if eq {$local_part@$domain} \\n                      {$original_local_part@$original_domain} \\n                      {remote_smtp} {remote_forwarded_smtp}}\n  no_more'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks"
+    v-sed 'aliases:' 'inbound_srs:\n    driver = redirect\n    senders = :\n    domains = +local_domains\n    # detect inbound bounces which are converted to SRS, and decode them\n    condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n    data = $srs_recipient\n\ninbound_srs_failure:\n    driver = redirect\n    senders = :\n    domains = +local_domains\n    # detect inbound bounces which look converted to SRS but are invalid\n    condition = ${if inbound_srs {$local_part} {}}\n    allow_fail\n    data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template'
+fi
+
+if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then
+    echo "= Adding \"remote_forwarded_smtp:\" block"
+    v-sed 'procmail:\n  driver = pipe' 'remote_forwarded_smtp:\n  driver = smtp\n  dkim_domain = DKIM_DOMAIN\n  dkim_selector = mail\n  dkim_private_key = DKIM_PRIVATE_KEY\n  dkim_canon = relaxed\n  dkim_strict = 0\n  hosts_try_fastopen = \n  hosts_try_chunking = !93.188.3.0/24\n  message_linelength_limit = 1G\n  # modify the envelope from, for mails that we forward\n  max_rcpt = 1\n  return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n  driver = pipe' '/etc/exim4/exim4.conf.template'
+fi
+
+touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
+touch /etc/exim4/limit_per_email_account_max_recipients
+touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
+touch /etc/exim4/limit_per_hosting_account_max_recipients
+
+echo "= Restarting exim4 service"
+systemctl restart exim4
+
+if [ $? -ne 0 ]; then
+    systemctl status exim4
+    cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template
+    systemctl restart exim4
+    echo "=== Patching failed, old exim conf returned, exim4 restarted again."
+    exit 1
+fi
+echo "=== SRS support was added successfully. ==="
+
+exit 0

bin/v-add-sys-ip

@@ -60,8 +60,8 @@ if [ -z "$sys_ip_check" ]; then
     /sbin/ip addr add $ip/$cidr dev $interface \
         broadcast $broadcast label $iface
 
-    # Adding RHEL/CentOS/Fedora startup script
-    if [ -e "/etc/redhat-release" ]; then
+    # Adding RHEL/CentOS/Fedora/Amazon startup script
+    if [ -d "/etc/sysconfig" ]; then
         sys_ip="# Added by vesta"
         sys_ip="$sys_ip\nDEVICE=$iface"
         sys_ip="$sys_ip\nBOOTPROTO=static"

bin/v-add-sys-mail-ssl

@@ -0,0 +1,106 @@
+#!/bin/bash
+# info: copy mail ssl certificate
+# options: USER DOMAIN [RESTART]
+#
+# The function copies user domain SSL to mail SSL directory
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain'
+is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Defining certificate location
+dom_crt="/home/$user/conf/web/ssl.$domain.pem"
+dom_key="/home/$user/conf/web/ssl.$domain.key"
+vst_crt="$VESTA/ssl/mail.crt"
+vst_key="$VESTA/ssl/mail.key"
+
+# Checking certificate
+if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
+    check_result $E_NOTEXIST "$domain certificate doesn't exist"
+fi
+
+# Checking difference
+diff $dom_crt $vst_crt >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    rm -f $vst_crt.old $vst_key.old
+    mv $vst_crt $vst_crt.old >/dev/null 2>&1
+    mv $vst_key $vst_key.old >/dev/null 2>&1
+    cp $dom_crt $vst_crt 2>/dev/null
+    cp $dom_key $vst_key 2>/dev/null
+    chown root:mail $vst_crt $vst_key
+else
+    restart=no
+fi
+
+# Updating mail certificate
+case $MAIL_SYSTEM in
+    exim)           conf='/etc/exim/exim.conf';;
+    exim4)          conf='/etc/exim4/exim4.conf.template';;
+esac
+if [ -e "$conf" ]; then
+    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
+        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
+fi
+
+# Updating imap certificate
+conf="/etc/dovecot/conf.d/10-ssl.conf"
+if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
+    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
+        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+fi
+
+# Updating vesta.conf
+if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
+    echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
+else
+    sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
+        $VESTA/conf/vesta.conf
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-add-sys-quota

@@ -21,7 +21,7 @@ source $VESTA/conf/vesta.conf
 # Checking quota package
 quota=$(which --skip-alias --skip-functions quota 2>/dev/null)
 if [ $? -ne 0 ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
         yum -y install quota >/dev/null 2>&1
         check_result $? "quota package installation failed" $E_UPDATE
     else

bin/v-add-sys-vesta-ssl

@@ -0,0 +1,97 @@
+#!/bin/bash
+# info: add vesta ssl certificate
+# options: USER DOMAIN [RESTART]
+#
+# The function copies user domain SSL to vesta SSL directory
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+restart=$3
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN [RESTART]'
+is_format_valid 'user' 'domain'
+is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+is_object_valid 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Defining certificate location
+dom_crt="/home/$user/conf/web/ssl.$domain.pem"
+dom_key="/home/$user/conf/web/ssl.$domain.key"
+vst_crt="$VESTA/ssl/certificate.crt"
+vst_key="$VESTA/ssl/certificate.key"
+
+# Checking certificate
+if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
+    check_result $E_NOTEXIST "$domain certificate doesn't exist"
+fi
+
+# Checking difference
+diff $dom_crt $vst_crt >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    rm -f $vst_crt.old $vst_key.old
+    mv $vst_crt $vst_crt.old
+    mv $vst_key $vst_key.old
+    cp $dom_crt $vst_crt 2>/dev/null
+    cp $dom_key $vst_key 2>/dev/null
+    chown root:mail $vst_crt $vst_key
+else
+    restart=no
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+    if [ ! -z "$FTP_SYSTEM" ]; then
+        $BIN/v-restart-service "$FTP_SYSTEM"
+    fi
+    if [ -e "/var/run/vesta-nginx.pid" ]; then
+        kill -HUP $(cat /var/run/vesta-nginx.pid)
+    else
+        service vesta restart
+    fi
+fi
+
+# Updating vesta.conf
+if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
+    echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
+else
+    sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
+        $VESTA/conf/vesta.conf
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-add-user-package

@@ -28,41 +28,44 @@ is_package_new() {
 }
 
 is_package_consistent() {
-    source $pkg_dir/$package.pkg
+    parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg)
     if [ "$WEB_DOMAINS" != 'unlimited' ]; then
-        is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS'
+        is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS'
     fi
     if [ "$WEB_ALIASES" != 'unlimited' ]; then
-        is_format_valid_int $WEB_ALIASES 'WEB_ALIASES'
+        is_int_format_valid $WEB_ALIASES 'WEB_ALIASES'
     fi
     if [ "$DNS_DOMAINS" != 'unlimited' ]; then
-        is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS'
+        is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS'
     fi
     if [ "$DNS_RECORDS" != 'unlimited' ]; then
-        is_format_valid_int $DNS_RECORDS 'DNS_RECORDS'
+        is_int_format_valid $DNS_RECORDS 'DNS_RECORDS'
     fi
     if [ "$MAIL_DOMAINS" != 'unlimited' ]; then
-        is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS'
+        is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS'
     fi
     if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then
-        is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
+        is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS'
     fi
     if [ "$DATABASES" != 'unlimited' ]; then
-        is_format_valid_int $DATABASES 'DATABASES'
+        is_int_format_valid $DATABASES 'DATABASES'
     fi
     if [ "$CRON_JOBS" != 'unlimited' ]; then
-        is_format_valid_int $CRON_JOBS 'CRON_JOBS'
+        is_int_format_valid $CRON_JOBS 'CRON_JOBS'
     fi
     if [ "$DISK_QUOTA" != 'unlimited' ]; then
-        is_format_valid_int $DISK_QUOTA 'DISK_QUOTA'
+        is_int_format_valid $DISK_QUOTA 'DISK_QUOTA'
     fi
     if [ "$BANDWIDTH" != 'unlimited' ]; then
-        is_format_valid_int $BANDWIDTH 'BANDWIDTH'
+        is_int_format_valid $BANDWIDTH 'BANDWIDTH'
     fi
     if [ "$BACKUPS" != 'unlimited' ]; then
-        is_format_valid_int $BACKUPS 'BACKUPS'
+        is_int_format_valid $BACKUPS 'BACKUPS'
     fi
     is_format_valid_shell $SHELL
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }
 
 

bin/v-add-vesta-softaculous

@@ -46,7 +46,7 @@ fi
 #----------------------------------------------------------#
 
 # Cleaning yum cache
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     yum -q clean all
     yum="yum -q -y --noplugins --disablerepo=* --enablerepo=vesta"
 else
@@ -57,7 +57,7 @@ fi
 
 # Updating php pacakge
 if [ -z "$($VESTA/php/bin/php -v|grep 'PHP 5.6')" ]; then
-    if [ -e "/etc/redhat-release" ]; then
+    if [ -d "/etc/sysconfig" ]; then
         $yum -y update vesta-php
         check_result $? "vesta-php package upgrade failed" $E_UPDATE
     else
@@ -67,7 +67,7 @@ if [ -z "$($VESTA/php/bin/php -v|grep 'PHP 5.6')" ]; then
 fi
 
 # Adding vesta-ioncube package
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     rpm -q vesta-ioncube >/dev/null 2>&1
     if [ $? -ne 0 ]; then
         $yum -y install vesta-ioncube >/dev/null 2>&1
@@ -82,7 +82,7 @@ else
 fi
 
 # Adding vesta-softaculous package
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
     rpm -q vesta-softaculous >/dev/null 2>&1
     if [ $? -ne 0 ]; then
         $yum -y install vesta-softaculous >/dev/null 2>&1

bin/v-add-web-domain

@@ -47,6 +47,9 @@ is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_package_full 'WEB_DOMAINS' 'WEB_ALIASES'
 is_domain_new 'web' "$domain,$aliases"
+is_dir_symlink $HOMEDIR/$user/web
+if_dir_exists $HOMEDIR/$user/web/$domain
+is_dir_symlink $HOMEDIR/$user/web/$domain
 if [ ! -z "$ip" ]; then
     is_ip_valid "$ip" "$user"
 else
@@ -62,7 +65,7 @@ fi
 source $USER_DATA/user.conf
 
 # Creating domain directories
-mkdir -p $HOMEDIR/$user/web/$domain \
+sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
       $HOMEDIR/$user/web/$domain/public_html \
       $HOMEDIR/$user/web/$domain/public_shtml \
       $HOMEDIR/$user/web/$domain/document_errors \
@@ -79,7 +82,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
     $HOMEDIR/$user/web/$domain/logs/
 
 # Adding domain skeleton
-cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
+sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
 for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
     sed -i "s/%domain%/$domain/g" $file
 done
@@ -88,9 +91,9 @@ done
 chown -R $user:$user $HOMEDIR/$user/web/$domain
 chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
 chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
-chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
-chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
-chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
+sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
+sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
+sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
 
 # Addding PHP-FPM backend
 if [ ! -z "$WEB_BACKEND" ]; then
@@ -112,9 +115,12 @@ if [ "$aliases" = 'none' ]; then
     ALIAS=''
 else
     ALIAS="www.$domain"
-    if [ ! -z "$aliases" ]; then
-        ALIAS="$ALIAS,$aliases"
+    if [ -z "$aliases" ]; then
+        ALIAS="www.$domain"
+    else
+        ALIAS="$aliases"
     fi
+    
     ip_alias=$(get_ip_alias $domain)
     if [ ! -z "$ip_alias" ]; then
         ALIAS="$ALIAS,$ip_alias"
@@ -133,7 +139,7 @@ if [ ! -z "$PROXY_SYSTEM" ]; then
     if [ -z "$proxy_ext" ]; then
         PROXY_EXT="jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls"
         PROXY_EXT="$PROXY_EXT,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp"
-        PROXY_EXT="$PROXY_EXT,rtf,js,mp3,avi,mpeg,flv,html,htm"
+        PROXY_EXT="$PROXY_EXT,rtf,js,mp3,avi,mpeg,flv,woff,woff2"
     fi
     add_web_config "$PROXY_SYSTEM" "$PROXY_TEMPLATE.tpl"
 fi
@@ -160,6 +166,9 @@ echo "DOMAIN='$domain' IP='$ip' IP6='' ALIAS='$ALIAS' TPL='$WEB_TEMPLATE'\
  STATS='' STATS_USER='' STATS_CRYPT='' U_DISK='0' U_BANDWIDTH='0'\
  SUSPENDED='no' TIME='$time' DATE='$date'" >> $USER_DATA/web.conf
 
+# Install unsigned SSL
+$BIN/v-install-unsigned-ssl "$domain" "no"
+
 # Restarting web server
 $BIN/v-restart-web $restart
 check_result $? "Web restart failed" >/dev/null

bin/v-add-web-domain-proxy

@@ -14,8 +14,7 @@
 user=$1
 domain=$2
 template=$3
-default_extentions="jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,\
-exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,html,htm"
+default_extentions="jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2"
 extentions=${4-$default_extentions}
 restart="$5"
 

bin/v-add-web-domain-ssl

@@ -120,6 +120,42 @@ check_result $? "Web restart failed" >/dev/null
 $BIN/v-restart-proxy $restart
 check_result $? "Proxy restart failed" >/dev/null
 
+# Updating system ssl dependencies
+if [ ! -z "$VESTA_CERTIFICATE" ]; then
+    crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
+    crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
+    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
+        $BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
+    fi
+fi
+if [ ! -z "$MAIL_CERTIFICATE" ]; then
+    crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
+    crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
+    if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
+        $BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
+    fi
+fi
+
+if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
+    hostname=$(hostname)
+    if [ "$hostname" = "$domain" ]; then
+        $BIN/v-update-host-certificate $user $domain
+    fi
+fi
+
+UPDATE_SSL_SCRIPT=''
+source $VESTA/conf/vesta.conf
+if [ ! -z "$UPDATE_SSL_SCRIPT" ]; then
+    eval "$UPDATE_SSL_SCRIPT $user $domain"
+fi
+
+UPDATE_SSL_SCRIPT2=''
+source $VESTA/conf/vesta.conf
+if [ ! -z "$UPDATE_SSL_SCRIPT2" ]; then
+    eval "$UPDATE_SSL_SCRIPT2 $user $domain"
+fi
+
+
 # Logging
 log_history "enabled ssl support for $domain"
 log_event "$OK" "$ARGUMENTS"

bin/v-add-wordpress-admin

@@ -0,0 +1,76 @@
+#!/bin/bash
+# info: Add a WordPress admin user to a specific domain
+# options: DOMAIN USERNAME PASSWORD EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+if [ "$#" -lt 4 ]; then
+    echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+username=$2
+password=$3
+email=$4
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain doesn't exist";
+    exit 1;
+fi
+
+if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo 'Please install WordPress first.'
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+/usr/local/vesta/bin/v-run-wp-cli $domain user create $username $email --role=administrator --user_pass="$password" --skip-plugins --skip-themes;
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;

bin/v-backup-user

@@ -22,6 +22,9 @@ source $VESTA/func/domain.sh
 source $VESTA/func/db.sh
 source $VESTA/conf/vesta.conf
 
+if [ ! -z "$NOW" ]; then
+    BACKUP_LA_LIMIT=50
+fi
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -39,6 +42,13 @@ is_backup_enabled
 #                       Action                             #
 #----------------------------------------------------------#
 
+wait_for_backup_if_it_is_not_time_for_backup
+
+# Override backup path
+if [ ! -z "$OVERRIDE_BACKUP_PATH" ]; then
+    BACKUP=$OVERRIDE_BACKUP_PATH
+fi
+
 # Set backup directory if undefined
 if [ -z "$BACKUP" ]; then
     BACKUP=/backup
@@ -52,24 +62,25 @@ start_time=$(date '+%s')
 subj="$user → backup failed"
 email=$(grep CONTACT $VESTA/data/users/admin/user.conf |cut -f 2 -d \')
 
-# Checking load average
-la=$(cat /proc/loadavg |cut -f 1 -d ' ' |cut -f 1 -d '.')
-i=0
-while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do
-    echo -e "$(date "+%F %T") Load Average $la"
-    sleep 60
-    if [ "$i" -ge "15" ]; then
-        la_error="LoadAverage $la is above threshold"
-        echo "$la_error" |$SENDMAIL -s "$subj" $email $notify
-        sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
-        check_result $E_LA "$la_error"
-    fi
-    la=$(cat /proc/loadavg |cut -f 1 -d ' ' |cut -f 1 -d '.')
-    (( ++i))
-done
+# Validate available disk space (take usage * 2, due to the backup handling)
+let u_account=$(grep "U_DISK=" $VESTA/data/users/$user/user.conf |cut -f 2 -d \')
+let u_disk=$(grep "U_DISK=" $VESTA/data/users/$user/user.conf |cut -f 2 -d \')*2
+let v_disk=$(($(stat -f --format="%a*%S" $BACKUP)))/1024/1024
+
+if [ "$u_disk" -gt "$v_disk" ]; then
+    echo "account size           : $u_account megabytes" |tee $BACKUP/$user.log
+    echo "available space on disk: $v_disk megabytes" |tee $BACKUP/$user.log
+    echo "needed space on disk   : $u_disk megabytes" |tee $BACKUP/$user.log
+    echo "not enough disk space available to perform the backup." |$SENDMAIL -s "$subj" $email $notify
+    check_result $E_LIMIT "not enough disk space available to perform the backup."
+fi
+
+if [ -z "$BACKUP_TEMP" ]; then
+    BACKUP_TEMP=$BACKUP
+fi
 
 # Creating temporary directory
-tmpdir=$(mktemp -p /tmp -d)
+tmpdir=$(mktemp -p $BACKUP_TEMP -d)
 
 if [ "$?" -ne 0 ]; then
     echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify
@@ -132,6 +143,7 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
     i=0
 
     for domain in $web_list; do
+        wait_for_backup_if_it_is_not_time_for_backup
         ((i ++))
         echo -e "$(date "+%F %T") $domain" |tee -a $BACKUP/$user.log
         mkdir -p $tmpdir/web/$domain/conf
@@ -142,6 +154,25 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
         format_domain_idn
         get_domain_values 'web'
 
+        # backuping php-fpm conf file
+        if [[ $TPL == "PHP-FPM-"* ]]; then
+            fpm_tpl_ver=${TPL:8:2}
+            fpm_ver="${TPL:8:1}.${TPL:9:1}"
+            fpm_folder="$fpm_ver/fpm/pool.d"
+            fpm_path="$fpm_ver/fpm/pool.d/$domain.conf"
+            if [[ $TPL == *"-ioncube" ]]; then
+                fpm_folder="$fpm_ver/fpm/pool.d-ioncube"
+                fpm_path="$fpm_ver/fpm/pool.d-ioncube/$domain.conf"
+            fi
+            fpm_original_path="/etc/php/$fpm_path"
+            fpm_dest_path="$tmpdir/web/$domain/php/$fpm_path"
+            fpm_dest_folder="$tmpdir/web/$domain/php/$fpm_folder"
+            if [ -f "$fpm_original_path" ]; then
+                mkdir -p $fpm_dest_folder
+                cp $fpm_original_path $fpm_dest_path
+            fi
+        fi
+        
         # Backup web.conf
         cd $tmpdir/web/$domain/
         conf="$USER_DATA/web.conf"
@@ -212,24 +243,37 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
             cp $USER_DATA/ssl/$domain.* vesta/
         fi
 
+        # Changin dir to documentroot
+        cd $HOMEDIR/$user/web/$domain
+
         # Define exclude arguments
         exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
         set -f
         fargs=()
-        fargs+=(--exclude='logs/*')
+        fargs+=(--exclude='./logs/*')
         if [ ! -z "$exlusion" ]; then
             xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
             for xpath in $xdirs; do
-                fargs+=(--exclude=$xpath/*)
-                echo "$(date "+%F %T") excluding directory $xpath"
-                msg="$msg\n$(date "+%F %T") excluding directory $xpath"
+                # Add ./ at the beginning of the path if the path is in old pattern
+                if [[ $xpath != ./* ]]; then
+                    xpath=(./$xpath)
+                fi
+            
+                if [ -d "$xpath" ]; then
+                    fargs+=(--exclude=$xpath/*)
+                    echo "$(date "+%F %T") excluding directory $xpath"
+                    msg="$msg\n$(date "+%F %T") excluding directory $xpath"
+                else
+                    echo "$(date "+%F %T") excluding file $xpath"
+                    msg="$msg\n$(date "+%F %T") excluding file $xpath"
+                    fargs+=(--exclude=$xpath)
+                fi
             done
         fi
         set +f
 
         # Backup files
-        cd $HOMEDIR/$user/web/$domain
-        tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
+        tar --anchored -cpf- ${fargs[@]} --exclude={'./','../'} . |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
     done
 
     # Print total
@@ -305,6 +349,7 @@ if [ ! -z "$MAIL_SYSTEM" ] && [ "$MAIL" != '*' ]; then
 
     i=0
     for domain in $mail_list; do
+        wait_for_backup_if_it_is_not_time_for_backup
         ((i ++))
         echo -e "$(date "+%F %T") $domain" |tee -a $BACKUP/$user.log
         mkdir -p $tmpdir/mail/$domain/conf
@@ -377,6 +422,7 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
     conf="$USER_DATA/db.conf"
     db_list=$(echo "$db_list" |sed -e "s/  */\ /g" -e "s/^ //")
     for database in $db_list; do
+        wait_for_backup_if_it_is_not_time_for_backup
         ((i ++))
         get_database_values
 
@@ -388,14 +434,34 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then
         grep "DB='$database'" $conf > vesta/db.conf
 
         dump="$tmpdir/db/$database/$database.$TYPE.sql"
+        dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz"
         grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER"
-        case $TYPE in
-            mysql) dump_mysql_database ;;
-            pgsql) dump_pgsql_database ;;
-        esac
+        if [ ! -f "$dumpgz" ]; then
 
-        # Compress dump
-        gzip -$BACKUP_GZIP $dump
+            WAIT_LOOP_ENTERED=0
+            while true
+            do
+                if pgrep -x "mysqldump" > /dev/null
+                then
+                    WAIT_LOOP_ENTERED=1
+                    echo "Wait other mysqldump to finish"
+                    sleep 1
+                else
+                    if [ "$WAIT_LOOP_ENTERED" -eq 1 ]; then
+                        echo "We can use mysqldump now"
+                    fi
+                    break
+                fi
+            done
+
+            case $TYPE in
+                mysql) dump_mysql_database ;;
+                pgsql) dump_pgsql_database ;;
+            esac
+
+            # Compress dump
+            gzip -$BACKUP_GZIP $dump
+        fi
     done
 
     # Print total
@@ -445,26 +511,33 @@ if [ "$USER" != '*' ]; then
     fi
     fargs=()
     for xpath in $(echo "$USER" |tr ',' '\n'); do
-        fargs+=(-not)
-        fargs+=(-path)
-        fargs+=("./$xpath*")
-        echo "$(date "+%F %T") excluding directory $xpath" |\
+        if [ -d "$xpath" ]; then
+            fargs+=(--exclude=$xpath/*)
+            echo "$(date "+%F %T") excluding directory $xpath" |\
             tee -a $BACKUP/$user.log
+        else
+            echo "$(date "+%F %T") excluding file $xpath" |\
+            tee -a $BACKUP/$user.log
+            fargs+=(--exclude=$xpath)
+        fi
     done
 
     IFS=$'\n'
     set -f
     i=0
 
-    for udir in $(ls -a |egrep -v "^conf$|^web$|^dns$|^mail$|^\.\.$|^\.$"); do
+    for udir in $(ls -a |egrep -v "^conf$|^web$|^dns$|^tmp$|^mail$|^\.\.$|^\.$"); do
         exclusion=$(echo "$USER" |tr ',' '\n' |grep "^$udir$")
         if [ -z "$exclusion" ]; then
             ((i ++))
-            udir_list="$udir_list $udir"
+            udir_str=$(echo "$udir" |sed -e "s|'|\\\'|g")
+            udir_list="$udir_list $udir_str"
             echo -e "$(date "+%F %T") adding $udir" |tee -a $BACKUP/$user.log
 
+            wait_for_backup_if_it_is_not_time_for_backup
+
             # Backup files and dirs
-            tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
+            tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
         fi
     done
     set +f
@@ -499,7 +572,7 @@ local_backup(){
     backup_list=$(ls -lrt $BACKUP/ |awk '{print $9}' |grep "^$user\." | grep ".tar")
     backups_count=$(echo "$backup_list" |wc -l)
     if [ "$BACKUPS" -le "$backups_count" ]; then
-        backups_rm_number=$((backups_count - BACKUPS))
+        backups_rm_number=$((backups_count - BACKUPS + 1))
 
         # Removing old backup
         for backup in $(echo "$backup_list" |head -n $backups_rm_number); do
@@ -575,7 +648,7 @@ ftp_backup() {
     fi
 
     # Debug info
-    echo -e "$(date "+%F %T") Remote: ftp://$HOST$BPATH/$user.$backup_new_date.tar"
+    echo -e "$(date "+%F %T") Remote: ftp://$HOST/$BPATH/$user.$backup_new_date.tar"
 
     # Checking ftp connection
     fconn=$(ftpc)
@@ -613,9 +686,19 @@ ftp_backup() {
     else
         backup_list=$(ftpc "cd $BPATH" "ls" |awk '{print $9}' |grep "^$user\.")
     fi
+    if [ ! -z "$ONLY_ONE_FTP_BACKUP" ]; then
+        TEMP_BACKUPS=$BACKUPS
+        BACKUPS=1
+        echo "=== Set BACKUPS=1"
+    fi
+    if [ ! -z "$KEEP_N_FTP_BACKUPS" ]; then
+        TEMP_BACKUPS=$BACKUPS
+        BACKUPS=$KEEP_N_FTP_BACKUPS
+        echo "=== Set BACKUPS=$KEEP_N_FTP_BACKUPS"
+    fi
     backups_count=$(echo "$backup_list" |wc -l)
     if [ "$backups_count" -ge "$BACKUPS" ]; then
-        backups_rm_number=$((backups_count - BACKUPS))
+        backups_rm_number=$((backups_count - BACKUPS + 1))
         for backup in $(echo "$backup_list" |head -n $backups_rm_number); do 
             backup_date=$(echo $backup |sed -e "s/$user.//" -e "s/.tar$//")
             echo -e "$(date "+%F %T") Rotated ftp backup: $backup_date" |\
@@ -627,6 +710,14 @@ ftp_backup() {
             fi
         done
     fi
+    if [ ! -z "$ONLY_ONE_FTP_BACKUP" ]; then
+        BACKUPS=$TEMP_BACKUPS
+        echo "=== Bringing back old value BACKUPS=$BACKUPS"
+    fi
+    if [ ! -z "$KEEP_N_FTP_BACKUPS" ]; then
+        BACKUPS=$TEMP_BACKUPS
+        echo "=== Bringing back old value BACKUPS=$BACKUPS"
+    fi
 
     # Uploading backup archive
     if [ "$localbackup" = 'yes' ]; then
@@ -769,8 +860,18 @@ sftp_backup() {
         backup_list=$(sftpc "cd $BPATH" "ls -l" |awk '{print $9}'|grep "^$user\.")
     fi
     backups_count=$(echo "$backup_list" |wc -l)
+    if [ ! -z "$ONLY_ONE_FTP_BACKUP" ]; then
+        TEMP_BACKUPS=$BACKUPS
+        BACKUPS=1
+        echo "=== Set BACKUPS=1"
+    fi
+    if [ ! -z "$KEEP_N_FTP_BACKUPS" ]; then
+        TEMP_BACKUPS=$BACKUPS
+        BACKUPS=$KEEP_N_FTP_BACKUPS
+        echo "=== Set BACKUPS=$KEEP_N_FTP_BACKUPS"
+    fi
     if [ "$backups_count" -ge "$BACKUPS" ]; then
-        backups_rm_number=$((backups_count - BACKUPS))
+        backups_rm_number=$((backups_count - BACKUPS + 1))
         for backup in $(echo "$backup_list" |head -n $backups_rm_number); do
             backup_date=$(echo $backup |sed -e "s/$user.//" -e "s/.tar.*$//")
             echo -e "$(date "+%F %T") Rotated sftp backup: $backup_date" |\
@@ -782,6 +883,14 @@ sftp_backup() {
             fi
         done
     fi
+    if [ ! -z "$ONLY_ONE_FTP_BACKUP" ]; then
+        BACKUPS=$TEMP_BACKUPS
+        echo "=== Bringing back old value BACKUPS=$BACKUPS"
+    fi
+    if [ ! -z "$KEEP_N_FTP_BACKUPS" ]; then
+        BACKUPS=$TEMP_BACKUPS
+        echo "=== Bringing back old value BACKUPS=$BACKUPS"
+    fi
 
     # Uploading backup archive
     echo "$(date "+%F %T") Uploading $user.$backup_new_date.tar"|tee -a $BACKUP/$user.log

bin/v-backup-user-now

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export ALLOW_BACKUP_ANYTIME='yes'
+export NOW='yes'
+
+nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1

bin/v-backup-users

@@ -4,6 +4,13 @@
 #
 # The function backups all system users.
 
+scriptname="v-backup-users"
+for pid in $(pidof -x "$scriptname"); do
+    if [ $pid != $$ ]; then
+        echo "[$(date)] : $scriptname : Process is already running with PID $pid"
+        exit 1
+    fi
+done
 
 #----------------------------------------------------------#
 #                    Variable&Function                     #
@@ -17,28 +24,64 @@ source /etc/profile
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
 
+ALLOW_MYSQL_REPAIR=1
+
+if [ $# -ge 1 ]; then
+    ALLOW_MYSQL_REPAIR=$1
+fi
+
 
 #----------------------------------------------------------#
 #                       Action                             #
 #----------------------------------------------------------#
 
-$BIN/v-check-vesta-license >/dev/null
+log=$VESTA/log/backup.log
+
+# $BIN/v-check-vesta-license >/dev/null
+
+touch $log
+if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
+    mv $log $log-`date +"%Y-%m-%d--%H:%M:%S"`
+fi
+
+# Auto-repair all databases before backuping all accounts
+if [ $ALLOW_MYSQL_REPAIR -eq 1 ]; then
+    nice -n 19 ionice -c 3 mysqlrepair --all-databases --check --auto-repair >> $log 2>&1
+fi
 
 if [ -z "$BACKUP_SYSTEM" ]; then
     exit
 fi
+FINAL_STATUS='OK'
+i_am_in_backup_all_users=1
 for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+    wait_for_backup_if_it_is_not_time_for_backup
     check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf)
-    log=$VESTA/log/backup.log
     if [ ! -z "$check_suspend" ]; then
         echo -e "================================" >> $log
         echo -e "$user" >> $log
         echo -e "--------------------------------\n" >> $log
-        $BIN/v-backup-user $user >> $log 2>&1
+        i_am_in_backup_all_users=0
+        nice -n 19 ionice -c 3 $BIN/v-backup-user $user >> $log 2>&1
+        STATUS=$?
+        if [ $STATUS -ne 0 ]; then
+            FINAL_STATUS='CONTAINS ERRORS !!!'
+        fi
+        i_am_in_backup_all_users=1
         echo -e "\n--------------------------------\n\n" >> $log
     fi
 done
 
+if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then
+    cat $log |$SENDMAIL -s "Full backup report for $HOSTNAME; status=$FINAL_STATUS" "$NOTIFY_ADMIN_FULL_BACKUP" 'yes'
+fi
+if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP2" ]; then
+    cat $log |$SENDMAIL -s "Full backup report for $HOSTNAME; status=$FINAL_STATUS" "$NOTIFY_ADMIN_FULL_BACKUP2" 'yes'
+fi
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#

bin/v-blacklist-email-account

@@ -0,0 +1,102 @@
+#!/bin/bash
+# info: Add a specific email address to exim4 and spamassassin blacklist
+# usage: v-blacklist-email-account EMAIL
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+DENY_SENDERS_FILE="/etc/exim4/deny_senders"
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if an entry already exists in a file
+check_entry_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to add an entry to a file
+add_entry_to_file() {
+    local entry=$1
+    local file=$2
+    echo "$entry" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 1 ]; then
+    echo "Usage: v-blacklist-email EMAIL"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+EMAIL=$1
+
+# Validate email format
+if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+    echo "Invalid email address format."
+    exit 1
+fi
+
+# Prepare entries for Exim4 and SpamAssassin
+EXIM_ENTRY="$EMAIL"
+SPAMASSASSIN_ENTRY="blacklist_from $EMAIL"
+
+#----------------------------------------------------------#
+#                   Exim4 Blacklist                        #
+#----------------------------------------------------------#
+
+echo "Updating $DENY_SENDERS_FILE..."
+if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then
+    add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE"
+    echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE."
+else
+    echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE."
+fi
+
+#----------------------------------------------------------#
+#                SpamAssassin Blacklist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then
+    add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"
+    echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE."
+fi
+
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0

bin/v-blacklist-email-domain

@@ -0,0 +1,133 @@
+#!/bin/bash
+# info: Add a domain to exim4 and spamassassin blacklist
+# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO)
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Determine Debian version and set SpamAssassin service name
+release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+if [ "$release" -lt 12 ]; then
+    SPAMD_SERVICE="spamassassin.service"
+else
+    SPAMD_SERVICE="spamd.service"
+fi
+
+DENY_SENDERS_FILE="/etc/exim4/deny_senders"
+SPAMASSASSIN_FILE="/etc/spamassassin/local.cf"
+
+# Flags to track changes
+SPAMASSASSIN_CHANGED=false
+
+# Function to check if a domain already exists in a file
+check_domain_exists() {
+    local domain=$1
+    local file=$2
+    grep -qE "^${domain}$" "$file"
+}
+
+# Function to check if a SpamAssassin entry already exists
+check_spamassassin_exists() {
+    local entry=$1
+    local file=$2
+    grep -qF "$entry" "$file"
+}
+
+# Function to add domain to file
+add_domain_to_file() {
+    local domain=$1
+    local file=$2
+    echo "$domain" >> "$file"
+}
+
+# Display usage if no arguments are provided
+if [ $# -lt 2 ]; then
+    echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DOMAIN=$1
+SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO)
+
+# Validate SUBDOMAIN parameter
+if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then
+    echo "Invalid parameter for SUBDOMAIN. Use YES or NO."
+    exit 1
+fi
+
+# Prepare entries for Exim4
+EXIM_ENTRY_MAIN="$DOMAIN"
+EXIM_ENTRY_SUB="*.$DOMAIN"
+
+# Prepare entries for SpamAssassin
+SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}"
+SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN"
+
+#----------------------------------------------------------#
+#                   Exim4 Blacklist                        #
+#----------------------------------------------------------#
+
+echo "Updating $DENY_SENDERS_FILE..."
+if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then
+    add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"
+    echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE."
+else
+    echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE."
+fi
+
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then
+        add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"
+        echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE."
+    else
+        echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE."
+    fi
+fi
+
+#----------------------------------------------------------#
+#                SpamAssassin Blacklist                    #
+#----------------------------------------------------------#
+
+echo "Updating $SPAMASSASSIN_FILE..."
+if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then
+    add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"
+    echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE."
+    SPAMASSASSIN_CHANGED=true
+else
+    echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE."
+fi
+
+if [ "$SUBDOMAIN" == "YES" ]; then
+    if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then
+        add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"
+        echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE."
+        SPAMASSASSIN_CHANGED=true
+    else
+        echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE."
+    fi
+fi
+
+if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then
+    systemctl restart "$SPAMD_SERVICE"
+    echo "SpamAssassin service ($SPAMD_SERVICE) restarted."
+fi
+
+#----------------------------------------------------------#
+#                       Done                               #
+#----------------------------------------------------------#
+
+exit 0

bin/v-change-database-owner

@@ -60,6 +60,10 @@ if [ ! -z "$check_db" ]; then
     exit $E_EXISTS
 fi
 
+if [ ! -d "/backup" ]; then
+  echo "There is no /backup folder, creating it now..."
+  mkdir /backup
+fi
 
 #----------------------------------------------------------#
 #                       Action                             #

bin/v-change-database-password-for-all-wordpress

@@ -0,0 +1,65 @@
+#!/bin/bash
+# info: change db password to all wordpress databases
+# options:
+#
+# The command is used for changing db password to all wordpress databases on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+only_user='';
+if [ ! -z "$1" ]; then
+    only_user=$1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+touch /root/remember-db-user-pass.txt
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    if [ ! -z "$only_user" ]; then
+        if [ "$only_user" != "$user" ]; then
+            continue;
+        fi
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+            /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user
+            echo "--------------------------------"
+        fi
+    done
+
+    if [ ! -z "$only_user" ]; then
+        break;
+    fi
+
+done
+
+# cat /root/remember-db-user-pass.txt
+if [ -f "/root/remember-db-user-pass.txt" ]; then
+    rm /root/remember-db-user-pass.txt
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-change-database-password-for-wordpress

@@ -0,0 +1,132 @@
+#!/bin/bash
+# info: change database password for wordpress
+# options:
+#
+# The command is used for changing database password for wordpress.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+if [ -z "$user" ]; then
+    echo "ERROR: Domain $domain not found"
+    exit 1;
+fi
+
+if [ ! -d "/home/$user" ]; then
+    echo "ERROR: User $user doesn't exist";
+    exit 1;
+fi
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "ERROR: Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
+    echo "=== Domain: $domain"
+    wp_config_path="/home/$user/web/$domain/public_html/wp-config.php"
+    if grep -q $'\r' $wp_config_path; then
+        echo "=== removing CRLF from wp-config.php"
+        tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path
+        chown $user:$user $wp_config_path
+    fi
+    db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+")
+    db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+")
+    if [ -z "$db_name" ]; then
+        db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+")
+    fi
+    if [ -z "$db_user" ]; then
+        db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+")
+    fi
+    new_password=''
+    found_existing_password=0
+    if [ -f "/root/remember-db-user-pass.txt" ]; then
+        db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt)
+        if [ -n "$db_user_pass" ]; then
+            new_password=$(echo "$db_user_pass" | cut -d':' -f2)
+            echo "= Using existing password for $db_user"
+            found_existing_password=1
+        fi
+    fi
+
+    if [ -z "$new_password" ]; then
+        new_password=$(generate_password)
+    fi
+
+    echo "DB name: $db_name"
+    echo "DB user: $db_user"
+    echo "New DB password: $new_password"
+    if [ $found_existing_password -eq 0 ]; then
+        touch /root/remember-db-user-pass.txt
+        echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt
+        chown root:root /root/remember-db-user-pass.txt
+        chmod 600 /root/remember-db-user-pass.txt
+    fi
+    /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password"
+    if [ $? -ne 0 ]; then
+        echo "*************** ERROR: Failed to change database password ***************"
+        exit 1;
+    fi
+    line="define('DB_PASSWORD', '$new_password');"
+    chattr -i $wp_config_path
+    sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path
+    new_password_line=$(grep "DB_PASSWORD" $wp_config_path)
+    echo "New DB password line: $new_password_line"
+    if [ "$new_password_line" != "$line" ]; then
+        echo "*************** ERROR: line in wp-config.php is not what we expected ***************"
+        echo "Expected: $line"
+        echo "Actual  : $new_password_line"
+        echo "*************** ERROR: Please check wp-config.php manually ***************"
+        exit 1;
+    fi
+else
+    echo "ERROR: WP-config.php not found"
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit 0;

bin/v-change-dir-www

@@ -0,0 +1,71 @@
+#!/bin/bash
+# info: Change directory to the public_html folder of a domain
+# usage: source v-cd-www DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+    echo "This script must be sourced to change the current directory."
+    echo "Usage: source v-cd-www DOMAIN"
+    exit 1
+fi
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    return 1
+fi
+
+# Importing system environment
+source /etc/profile
+PATH=$PATH:/usr/local/vesta/bin && export PATH
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+
+if [ -z "$user" ]; then
+    echo "Domain $domain doesn't exist"
+    return 1
+fi
+
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "User $user doesn't exist"
+    return 1
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Domain $domain doesn't have a public_html directory"
+    return 1
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+cd "/home/$user/web/$domain/public_html"
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+return 0

bin/v-change-domain-owner

@@ -35,6 +35,9 @@ if [ "$owner" = "$user" ]; then
     exit
 fi
 
+USER_DATA=$VESTA/data/users/$owner
+is_object_unsuspended 'user' 'USER' "$owner"
+USER_DATA=$VESTA/data/users/$user
 
 #----------------------------------------------------------#
 #                       Action                             #
@@ -57,11 +60,11 @@ if [ ! -z "$web_data" ]; then
         ssl_key=$VESTA/data/users/$owner/ssl/$domain.key
         ssl_ca=$VESTA/data/users/$owner/ssl/$domain.ca
         ssl_pem=$VESTA/data/users/$owner/ssl/$domain.pem
-        mv $ssl_crt $VESTA/data/users/$user/ssl/
-        mv $ssl_key $VESTA/data/users/$user/ssl/
-        mv $ssl_ca $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1
-        mv $ssl_pem $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1
-        rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
+        cp $ssl_crt $VESTA/data/users/$user/ssl/
+        cp $ssl_key $VESTA/data/users/$user/ssl/
+        cp $ssl_ca $VESTA/data/users/$user/ssl/ > /dev/null 2>&1
+        cp $ssl_pem $VESTA/data/users/$user/ssl/ > /dev/null 2>&1
+        # rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
     fi
 
     # Check ftp user account
@@ -79,10 +82,23 @@ if [ ! -z "$web_data" ]; then
     # Move data
     mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/
 
+    if [ -d "/hdd/home/$owner/web/$domain" ]; then
+        $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain
+    fi
+
     # Change ownership
     find $HOMEDIR/$user/web/$domain -user $owner \
         -exec chown -h $user:$user {} \;
 
+    if [ "$SSL" = 'yes' ]; then
+        sleep 10
+        rm $ssl_crt
+        rm $ssl_key
+        rm $ssl_ca > /dev/null 2>&1
+        rm $ssl_pem > /dev/null 2>&1
+        rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.*
+    fi
+
     # Rebuild config
     $BIN/v-unsuspend-web-domain $user $domain no >> /dev/null 2>&1
     $BIN/v-rebuild-web-domains $owner no
@@ -140,6 +156,10 @@ if [ ! -z "$mail_data" ]; then
     # Move data
     mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/
 
+    if [ -d "/hdd/home/$owner/mail/$domain" ]; then
+        $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain
+    fi
+
     # Change ownership
     find $HOMEDIR/$user/mail/$domain -user $owner \
         -exec chown -h $user {} \;

bin/v-change-firewall-rule

@@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'"
 str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'"
 str="$str TIME='$time' DATE='$date'"
 
+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Deleting old rule
 sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf
 
@@ -74,6 +76,14 @@ sort_fw_rules
 # Updating system firewall
 $BIN/v-update-firewall
 
+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then
+        NEWIP=$ip
+        parse_object_kv_list_non_eval "$oldvalues"
+        sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-change-sys-config-value

@@ -28,6 +28,7 @@ PATH="$PATH:/usr/local/sbin:/sbin:/usr/sbin:/root/bin"
 check_args '2' "$#" 'KEY VALUE'
 is_format_valid 'key'
 
+format_no_quotes "$value" 'value'
 
 #----------------------------------------------------------#
 #                       Action                             #

bin/v-change-sys-hostname

@@ -31,18 +31,16 @@ is_format_valid 'domain'
 
 hostname $domain
 
-# RHEL/CentOS
-if [ -e "/etc/redhat-release" ]; then
+if [ -d "/etc/sysconfig" ]; then
+    # RHEL/CentOS/Amazon
     touch /etc/sysconfig/network
     if [ -z "$(grep HOSTNAME /etc/sysconfig/network)" ]; then
         echo "HOSTNAME='$domain'" >> /etc/sysconfig/network
     else
         sed -i "s/HOSTNAME=.*/HOSTNAME='$domain'/" /etc/sysconfig/network
     fi
-fi
-
-# Debian/Ubuntu
-if [ ! -e "/etc/redhat-release" ]; then
+else
+    # Debian/Ubuntu
     echo "$domain" > /etc/hostname
 fi
 

bin/v-change-sys-ip-nat

@@ -34,48 +34,72 @@ is_ip_valid "$ip"
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Changing nat ip
+# Updating IP
 if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then
     sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip
+    old=''
+    new=$nat_ip
 else
-    update_ip_value '$NAT' "$nat_ip"
-fi
-
-# Check ftp system
-if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
-
-    # Find configuration
-    if [ -e '/etc/vsftpd/vsftpd.conf' ]; then
-        conf='/etc/vsftpd/vsftpd.conf'
-    fi
-
-    if [ -e '/etc/vsftpd.conf' ]; then
-        conf='/etc/vsftpd.conf'
-    fi
-
-    # Update config
-    if [ -z "$(grep pasv_address $conf)" ]; then
-        if [ ! -z "$nat_ip" ]; then
-            echo "pasv_address=$nat_ip" >> $conf
-        fi
-    else
-        if [ ! -z "$nat_ip" ]; then
-            sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
-        else
-            sed -i "/pasv_address/d" $conf
-        fi
+    old=$(get_ip_value '$NAT')
+    new=$nat_ip
+    sed -i "s/NAT=.*/NAT='$new'/" $VESTA/data/ips/$ip
+    if [ -z "$nat_ip" ]; then
+        new=$ip
     fi
 fi
 
+# Updating WEB configs
+if [ ! -z "$old" ] && [ ! -z "$WEB_SYSTEM" ]; then
+    sed -i "s/$old/$new/" $VESTA/data/users/*/web.conf
+    for user in $(ls $VESTA/data/users/); do
+        $BIN/v-rebuild-web-domains $user no
+    done
+    $BIN/v-restart-dns $restart
+fi
+
+# Updating DNS configs
+if [ ! -z "$old" ] && [ ! -z "$DNS_SYSTEM" ]; then
+    sed -i "s/$old/$new/" $VESTA/data/users/*/dns.conf
+    sed -i "s/$old/$new/" $VESTA/data/users/*/dns/*.conf
+    for user in $(ls $VESTA/data/users/); do
+        $BIN/v-rebuild-dns-domains $user no
+    done
+    $BIN/v-restart-dns $restart
+fi
+
+# Updating FTP
+if [ ! -z "$old" ] && [ ! -z "$FTP_SYSTEM" ]; then
+    conf=$(find /etc -name $FTP_SYSTEM.conf)
+    if [ -e "$conf" ]; then
+        sed -i "s/$old/$new/g" $conf
+        if [ "$FTP_SYSTEM" = 'vsftpd' ]; then
+            check_pasv=$(grep pasv_address $conf)
+            if [ -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
+                echo "pasv_address=$nat_ip" >> $conf
+            fi
+            if [ ! -z "$check_pasv" ] && [ -z "$nat_ip" ]; then
+                sed -i "/pasv_address/d" $conf
+            fi
+            if [ ! -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then
+                sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf
+            fi
+        fi
+    fi
+    $BIN/v-restart-ftp $restart
+fi
+
+# Updating firewall
+if [ ! -z "$old" ] && [ ! -z "$FIREWALL_SYSTEM" ]; then
+    sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf
+    $BIN/v-update-firewall
+fi
+
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 
-# Restart ftp server
-$BIN/v-restart-ftp $restart
-check_result $? "FTP restart failed" >/dev/null
-
 # Logging
 log_history "changed associated nat address on $ip to $nat_ip" '' 'admin'
 log_event "$OK" "$ARGUMENTS"

bin/v-change-sys-service-config

@@ -95,13 +95,21 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
 
     if [ "$service" = 'php' ]; then
         if [ "$WEB_SYSTEM" = "nginx" ]; then
-            service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p)
+            if [ $(ps --no-headers -o comm 1) == systemd ]; then
+                service=$(systemctl | grep -o -E "php.*fpm.*\.service")
+                service=${service//.service/}
+            else
+                service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
+            fi
         else
             service=$WEB_SYSTEM
         fi
     fi
 
-    service $service restart >/dev/null 2>&1
+    for single_service in $service; do
+        service $single_service restart >/dev/null 2>&1
+    done <<< "$service"
+
     if [ $? -ne 0 ]; then
         for config in $dst; do
             cat $config.vst.back > $config

bin/v-change-user-package

@@ -16,6 +16,7 @@ force=$3
 
 # Includes
 source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
 source $VESTA/conf/vesta.conf
 
 is_package_avalable() {
@@ -23,7 +24,7 @@ is_package_avalable() {
     usr_data=$(cat $USER_DATA/user.conf)
     IFS=$'\n'
     for key in $usr_data; do
-        eval ${key%%=*}=${key#*=}
+        parse_object_kv_list_non_eval $key
     done
 
     WEB_DOMAINS='0'
@@ -35,7 +36,7 @@ is_package_avalable() {
 
     pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\
         grep -v DATE)
-    eval $pkg_data
+    parse_object_kv_list_non_eval $pkg_data
 
     # Checking usage agains package limits
     if [ "$WEB_DOMAINS" != 'unlimited' ]; then
@@ -73,11 +74,15 @@ is_package_avalable() {
             check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage"
         fi
     fi
+
+    is_web_template_valid $WEB_TEMPLATE
+    is_dns_template_valid $DNS_TEMPLATE
+    is_proxy_template_valid $PROXY_TEMPLATE
 }
 
 change_user_package() {
-    eval $(cat $USER_DATA/user.conf)
-    eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
+    parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf)
+    parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
     echo "FNAME='$FNAME'
 LNAME='$LNAME'
 PACKAGE='$package'

bin/v-change-user-password

@@ -13,6 +13,10 @@
 user=$1
 password=$2; HIDE=2
 
+# Importing system enviroment as we run this script
+# mostly by cron wich not read it by itself
+source /etc/profile
+
 # Includes
 source $VESTA/func/main.sh
 source $VESTA/conf/vesta.conf
@@ -22,6 +26,9 @@ source $VESTA/conf/vesta.conf
 #                    Verifications                         #
 #----------------------------------------------------------#
 
+if [ "$user" = "root" ]; then
+    check_result $E_FORBIDEN "Changing root password is forbiden"
+fi
 check_args '2' "$#" 'USER PASSWORD'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
@@ -37,6 +44,10 @@ is_password_valid
 echo "$user:$password" | /usr/sbin/chpasswd
 md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)
 
+if [ "$user" = 'admin' ] && [ -e "$VESTA/web/reset.admin" ]; then
+    rm -f $VESTA/web/reset.admin
+fi
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-change-user-rkey

@@ -0,0 +1,60 @@
+#!/bin/bash
+# info: change user rkey
+# options: USER
+#
+# The function changes user's RKEY value.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+if [ "$user" = "root" ]; then
+    check_result $E_FORBIDEN "Changing root password is forbiden"
+fi
+
+check_args '1' "$#" 'USER'
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+hash=$(generate_password)
+d=$(date +%s)
+
+# Changing RKEY value
+update_user_value "$user" '$RKEY' "$hash"
+
+#check if RKEYEXP exists
+if [ -z "$(grep RKEYEXP $USER_DATA/user.conf)" ]; then
+    sed -i "s/^RKEY/RKEYEXP='$d'\nRKEY/g" $USER_DATA/user.conf
+else
+    update_user_value "$user" '$RKEYEXP' "$d"
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_history "changed rkey"
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-change-vesta-port

@@ -0,0 +1,61 @@
+#!/bin/bash
+# info: change vesta port
+# options: port
+#
+# Function will change vesta port
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+port=$1
+
+if [ -z "$VESTA" ]; then
+    VESTA="/usr/local/vesta"
+fi
+
+# Get current vesta port by reading nginx.conf
+oldport=$(grep 'listen' $VESTA/nginx/conf/nginx.conf | awk '{print $2}' | sed "s|;||")
+if [ -z "$oldport" ]; then
+    oldport=8083
+fi
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+# Checking permissions
+if [ "$(id -u)" != '0' ]; then
+    check_result $E_FORBIDEN "You must be root to execute this script"
+fi
+
+check_args '1' "$#" 'PORT'
+is_int_format_valid "$port" 'port number'
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf
+sed -i "s|$oldport ssl;|$port ssl;|g" $VESTA/nginx/conf/nginx.conf
+if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then
+    sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php
+fi
+sed -i "s|'$oldport'|'$port'|g" $VESTA/data/firewall/rules.conf
+$VESTA/bin/v-update-firewall
+systemctl restart fail2ban.service
+sed -i "s| $oldport | $port |g" /etc/iptables.rules
+systemctl restart vesta
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit 0;

bin/v-change-web-domain-ip

@@ -49,7 +49,7 @@ is_ip_valid "$ip" "$user"
 # Preparing variables for vhost replace
 get_domain_values 'web'
 old=$(get_real_ip $IP)
-new=$ip
+new=$(get_real_ip $ip)
 
 # Replacing vhost
 replace_web_config "$WEB_SYSTEM" "$TPL.tpl"

bin/v-change-web-domain-proxy-tpl

@@ -14,8 +14,7 @@ user=$1
 domain=$2
 domain_idn=$2
 template=$3
-default_extentions="jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,\
-exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,html,htm"
+default_extentions="jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2"
 extentions=${4-$default_extentions}
 restart="$5"
 

bin/v-change-wordpress-admin-passwords

@@ -0,0 +1,201 @@
+#!/bin/bash
+# info: interactively delete or change WordPress admin passwords for a given domain
+# options: DOMAIN
+#
+# d  → delete user  (with content reassignment)
+# c  → change password (random 10-char alnum)
+# s  → skip
+# x  → exit
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+# WP-CLI wrapper
+if [ ! -z "$PHP" ]; then
+    WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+else
+    WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+fi
+
+# random 10-char password
+gen_pass() { tr -dc 'A-Za-z0-9' </dev/urandom | head -c 10; }
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+echo
+echo "WordPress administrators for $DOMAIN:"
+echo "-------------------------------------"
+
+if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
+    rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+fi
+
+RUN="$WP_RUN user list --role=administrator --fields=ID,user_login,user_email --format=csv --skip-plugins --skip-themes"
+ADMIN_LIST_CSV=$(eval "$RUN")
+
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    echo "return code: $return_code"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+ADMIN_LIST_CSV=$(echo "$ADMIN_LIST_CSV" | tail -n +2)
+
+[ -z "$ADMIN_LIST_CSV" ] && { echo "No administrator accounts found."; exit 0; }
+
+DEFAULT_USER=""
+
+printf "%-6s %-20s %s\n" "ID" "Username" "Email"
+while IFS=',' read -r PID PLOGIN PEMAIL; do
+    printf "%-6s %-20s %s\n" "$PID" "$PLOGIN" "$PEMAIL"
+    if [ "$PID" = "1" ]; then
+        DEFAULT_USER="$PLOGIN"
+    fi
+done <<< "$ADMIN_LIST_CSV"
+
+echo
+echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit."
+
+# interactive loop
+while IFS=',' read -r ID LOGIN EMAIL; do
+    [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN"
+    while true; do
+        echo "-------------------------------------"
+        read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty
+        skip=0;
+        case "$ACT" in
+            [Dd]* )
+                # read -r -p "Really DELETE \"$TARGET\" ?   (y/n, default: y) " CONF < /dev/tty
+                CONF="y"
+                if [[ ! "$CONF" =~ ^[Nn]$ ]]; then
+                    # build an array of OTHER admin usernames
+                    mapfile -t OTHER_USERS < <(echo "$ADMIN_LIST_CSV" | awk -F',' -v cur="$ID" '$1!=cur {print $2}')
+                    if [ "${#OTHER_USERS[@]}" -eq 0 ]; then
+                        echo "Cannot delete the only administrator account."
+                        break
+                    fi
+                    if [ "$DEFAULT_USER" = "" ]; then
+                        DEFAULT_USER="${OTHER_USERS[0]}"
+                    fi
+                    echo "Available admin usernames for reassignment: ${OTHER_USERS[*]}"
+                    while true; do
+                        read -r -p "Reassign content to which username? [default: $DEFAULT_USER, s: skip] " REASSIGN < /dev/tty
+                        REASSIGN=${REASSIGN:-$DEFAULT_USER}
+                        DEFAULT_USER=$REASSIGN
+                        if printf '%s\n' "${OTHER_USERS[@]}" | grep -qx "$REASSIGN"; then
+                            break
+                        fi
+                        if [[ "$REASSIGN" =~ ^[Ss]$ ]]; then
+                            echo "Skipping reassignment."
+                            skip=1;
+                            break
+                        fi
+                        if [[ "$REASSIGN" =~ ^[0-9]+$ ]]; then
+                            break
+                        fi
+                        echo "Invalid username. Please choose one of: ${OTHER_USERS[*]}"
+                    done
+                    if [ $skip -eq 1 ]; then
+                        break
+                    fi
+                    # delete by username, reassign by username
+                    RUN="$WP_RUN user delete $ID --reassign=$REASSIGN --yes --skip-plugins --skip-themes"
+                    eval "$RUN"
+                    if [ $? -eq 0 ]; then
+                        echo "$TARGET deleted (content reassigned to $REASSIGN)."
+                    else
+                        cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+                        echo "Failed to delete $TARGET."
+                    fi
+                else
+                    echo "Deletion cancelled."
+                fi
+                break
+                ;;
+            [Cc]* )
+                NEW_PASS=$(gen_pass)
+                RUN="$WP_RUN user update $ID --user_pass=$NEW_PASS --skip-plugins --skip-themes"
+                eval "$RUN"
+                if [ $? -eq 0 ]; then
+                    echo "Password for username '$TARGET' changed to: $NEW_PASS"
+                    echo "Password for username '$TARGET' changed to: $NEW_PASS" >> /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                    chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                    chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+                else
+                    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+                    echo "Failed to change password for $TARGET."
+                fi
+                break
+                ;;
+            [Ss]* )
+                echo "Skipping $TARGET."
+                break
+                ;;
+            [Xx]* )
+                echo "Exiting."
+                exit 0
+                ;;
+            * ) echo "Please answer d, c, s, or x." ;;
+        esac
+    done
+done <<< "$ADMIN_LIST_CSV"
+
+if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then
+    echo ""
+    echo ""
+    echo "-------------------------------------"
+    echo "For website $DOMAIN - new wp-admin passwords have been set."
+    echo "-------------------------------------"
+    cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+    echo "-------------------------------------"
+    echo ""
+    echo ""
+    read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty
+    if [ -z "$SAVE_PASSWORDS" ]; then
+        SAVE_PASSWORDS="n"
+    fi
+    if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then
+        rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt
+    fi
+fi
+
+#----------------------------------------------------------#
+#        flush cache and refresh all security salts        #
+#----------------------------------------------------------#
+
+echo "-------------------------------------"
+echo
+echo "Flushing cache and refreshing salts..."
+
+RUN="$WP_RUN cache flush"
+eval "$RUN"
+RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force"
+eval "$RUN"
+RUN="$WP_RUN config shuffle-salts"
+eval "$RUN"
+
+echo "Cache flushed and salts refreshed."
+
+echo
+echo "Done."
+
+exit 0

bin/v-check-api-key

@@ -0,0 +1,45 @@
+#!/bin/bash
+# info: check api key
+# options: KEY
+#
+# The function checks a key file in /usr/local/vesta/data/keys/
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+if [ -z "$1" ]; then
+    echo "Error: key missmatch"
+    exit 9
+fi
+key=$(basename $1)
+ip=${2-127.0.0.1}
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+if [[ -z $key || ${#key} -lt 16 ]]; then
+    echo "Error: not valid keys"
+    echo "$date $time api $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ ! -e $VESTA/data/keys/$key ]; then
+    echo "Error: key missmatch"
+    echo "$date $time api $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+echo "$date $time api $ip successfully launched" >> $VESTA/log/auth.log
+
+exit

bin/v-check-letsencrypt-domain

@@ -1,162 +0,0 @@
-#!/bin/bash
-# info: check letsencrypt domain
-# options: USER DOMAIN
-#
-# The function check and validates domain with LetsEncript
-
-
-#----------------------------------------------------------#
-#                    Variable&Function                     #
-#----------------------------------------------------------#
-
-# Argument definition
-user=$1
-domain=$2
-
-# Includes
-source $VESTA/func/main.sh
-source $VESTA/conf/vesta.conf
-
-# encode base64
-encode_base64() {
-    cat |base64 |tr '+/' '-_' |tr -d '\r\n='
-}
-
-# Additional argument formatting
-format_domain_idn
-
-
-#----------------------------------------------------------#
-#                    Verifications                         #
-#----------------------------------------------------------#
-
-check_args '2' "$#" 'USER DOMAIN'
-is_format_valid 'user' 'domain'
-is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
-is_object_valid 'user' 'USER' "$user"
-is_object_unsuspended 'user' 'USER' "$user"
-if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
-    check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
-fi
-rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
-if [ -z "$rdomain" ]; then
-    check_result $E_NOTEXIST "domain $domain doesn't exist"
-fi
-
-
-#----------------------------------------------------------#
-#                       Action                             #
-#----------------------------------------------------------#
-
-source $USER_DATA/ssl/le.conf
-api='https://acme-v01.api.letsencrypt.org'
-r_domain=$(echo "$rdomain" |cut -f 2 -d \')
-key="$USER_DATA/ssl/user.key"
-exponent="$EXPONENT"
-modulus="$MODULUS"
-thumb="$THUMB"
-
-# Defining JWK header
-header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
-header='{"alg":"RS256","jwk":'"$header"'}'
-
-# Requesting nonce
-nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
-
-# Defining ACME query (request challenge)
-query='{"resource":"new-authz","identifier"'
-query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
-
-# Sending request to LetsEncrypt API
-answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
-
-# Checking http answer status
-status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
-if [[ "$status" -ne "201" ]]; then
-    check_result $E_CONNECT "LetsEncrypt challenge request $status"
-fi
-
-# Parsing domain nonce,token and uri
-nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
-protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
-token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
-uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
-
-# Adding location wrapper for request challenge
-if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
-    conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
-    sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
-    if [ ! -e "$conf" ]; then
-        echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
-        echo '    default_type text/plain;' >> $conf
-        echo '    return 200 "$1.'$thumb'";' >> $conf
-        echo '}' >> $conf
-    fi
-    if [ ! -e "$sconf" ]; then
-        ln -s "$conf" "$sconf"
-    fi
-else
-    acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
-    if [ ! -d "$acme" ]; then
-        mkdir -p $acme
-    fi
-    echo "$token.$thumb" > $acme/$token
-    chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
-fi
-
-# Restarting web server
-if [ -z "$PROXY_SYSTEM" ]; then
-    $BIN/v-restart-web
-    check_result $? "Proxy restart failed" >/dev/null
-else
-    $BIN/v-restart-proxy
-    $BIN/v-restart-web
-    check_result $? "Web restart failed" >/dev/null
-fi
-
-# Defining ACME query (request validation)
-query='{"resource":"challenge","type":"http-01","keyAuthorization"'
-query=$query':"'$token.$thumb'","token":"'$token'"}'
-payload=$(echo -n "$query" |encode_base64)
-signature=$(printf "%s" "$protected.$payload" |\
-    openssl dgst -sha256 -binary -sign "$key" |encode_base64)
-data='{"header":'"$header"',"protected":"'"$protected"'",'
-data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
-
-# Sending request to LetsEncrypt API
-answer=$(curl -s -i -d "$data" "$uri")
-
-# Checking domain validation status
-i=1
-status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
-location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
-while [ "$status" = 'pending' ]; do
-    answer=$(curl -s -i "$location")
-    detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
-    status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
-    sleep 1
-    i=$((i + 1))
-    if [ "$i" -gt 60 ]; then
-        check_result $E_CONNECT "$detail"
-    fi
-done
-if [ "$status" = 'invalid' ]; then
-    detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
-    check_result $E_CONNECT "$detail"
-fi
-
-
-#----------------------------------------------------------#
-#                       Vesta                              #
-#----------------------------------------------------------#
-
-# Logging
-log_event "$OK" "$ARGUMENTS"
-
-exit

bin/v-check-user-hash

@@ -0,0 +1,100 @@
+#!/bin/bash
+# info: check user hash
+# options: USER HASH [IP]
+#
+# The function verifies user hash
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+hash=$2; HIDE=2
+ip=${3-127.0.0.1}
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+check_args '2' "$#" 'USER HASH'
+is_format_valid 'user'
+
+# Checking user
+if [ ! -d "$VESTA/data/users/$user" ] && [ "$user" != 'root' ]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+# Checking user hash
+is_hash_valid
+
+# Checking empty hash
+if [[ -z "$hash" ]]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+
+# Parsing user's salt
+shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
+
+if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
+then
+    salt=$(echo "$shadow" |cut -f 3 -d \$)
+    method=$(echo "$shadow" |cut -f 2 -d \$)
+    if [ "$method" -eq '1' ]; then
+        method='md5'
+    elif [ "$method" -eq '6' ]; then
+        method='sha-512'
+    else
+        echo "Error: password missmatch"
+        echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+        exit 9
+    fi
+else
+    salt=${shadow:0:2}
+    method='des'
+fi
+
+# Checking salt
+if [ -z "$salt" ]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+# Comparing hashes
+if [[ "$shadow" != "$hash" ]]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+echo "$date $time $user $ip successfully logged in" >> $VESTA/log/auth.log
+
+exit

bin/v-check-user-password

@@ -82,7 +82,8 @@ if [ -z "$salt" ]; then
 fi
 
 # Generating hash
-hash=$($BIN/v-generate-password-hash $method $salt <<< $password)
+set -o noglob
+hash=$($BIN/v-generate-password-hash $method $salt <<< "$password")
 if [[ -z "$hash" ]]; then
     echo "Error: password missmatch"
     echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log

bin/v-check-vesta-license

@@ -42,7 +42,7 @@ for str in $modules; do
     license=$(echo "$str" |cut -f 2 -d \')
     if [ ! -z "$license" ]; then
         v_host='https://vestacp.com/checkout'
-        answer=$(curl -s "$v_host/check.php?licence_key=$license&module=$module")
+        answer=$(curl --max-time 60 -s "$v_host/check.php?licence_key=$license&module=$module")
         check_result $? "cant' connect to vestacp.com " 0
         echo "$module $license $answer"
         if [[ "$answer" != '0' ]]; then

bin/v-clean-garbage

@@ -0,0 +1,133 @@
+#!/bin/bash
+# info: Clean all unnecessary files like logs
+# options: NONE
+#
+# The function is cleaning all unnecessary files like logs
+
+#----------------------------------------------------------#
+#           Verifications & Variable & Function            #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+echo "===== Before cleaning ====="
+df -h
+echo "==========================="
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# turn off tailf watcher process
+if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
+    kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}')
+fi
+if [ -f "/usr/local/bin/tailf_exim.php" ]; then
+    kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}')
+fi
+
+find /tmp/ -type f -mtime +7 -delete
+rm /var/backups/* > /dev/null 2>&1
+rm /var/cache/apt/archives/* > /dev/null 2>&1
+cd /var/log
+truncate -s 0 xferlog lastlog faillog btmp syslog;
+find /var/log/ -name "*.log" -not -path "/var/log/apt/*" -type f -exec truncate -s 0 {} \;
+find /var/log/ -name "*.err" -type f -exec truncate -s 0 {} \;
+find /var/log/ -name "errors" -type f -exec truncate -s 0 {} \;
+find /var/log/ -name "*.info" -type f -exec truncate -s 0 {} \;
+find /var/log/ -name "*.warn" -type f -exec truncate -s 0 {} \;
+find /var/log/ -type f -name "*.1" -delete
+find /var/log/ -type f -name "*.2" -delete
+find /var/log/ -type f -name "*.3" -delete
+find /var/log/ -type f -name "*.4" -delete
+find /var/log/ -type f -name "*.5" -delete
+find /var/log/ -type f -name "*.6" -delete
+find /var/log/ -type f -name "*.7" -delete
+find /var/log/ -type f -name "*.8" -delete
+find /var/log/ -type f -name "*.9" -delete
+find /var/log/ -name "*.gz" -type f -delete
+find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \;
+find /usr/local/vesta/log/ -type f -not -name "*.log" -delete
+find /var/log/exim4/ -type f -exec truncate -s 0 {} \;
+truncate -s 0 /*.log > /dev/null 2>&1
+rm /panic-*.log > /dev/null 2>&1
+rm /var/log/panic-*.log > /dev/null 2>&1
+
+clean_home() {
+    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete > /dev/null 2>&1
+    find $1/ -name '.wp-cli' -type d -exec rm -rf {} \; > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/aiowps_backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/envato-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/ai1wm-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1
+    find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1
+    nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1
+    nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \;
+    nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \;
+    nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \;
+}
+
+clean_home "/home"
+if [ -d "/hdd/home" ]; then
+    clean_home "/hdd/home"
+fi
+
+# Cleaning fail2ban database
+fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')
+if [ $fail2ban_running -eq 1 ]; then
+    systemctl stop fail2ban
+fi
+if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
+    rm /var/lib/fail2ban/fail2ban.sqlite3
+    if [ -f "/etc/nginx/conf.d/block.conf" ]; then
+        truncate -s 0 /etc/nginx/conf.d/block.conf
+        nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
+        if [ $nginx_running -eq 1 ]; then
+            systemctl restart nginx
+        fi
+    fi
+fi
+if [ $fail2ban_running -eq 1 ]; then
+    systemctl start fail2ban
+fi
+
+# turn on tailf watcher process
+if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then
+    nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log 2>&1 &
+fi
+if [ -f "/usr/local/bin/tailf_exim.php" ]; then
+    nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 &
+fi
+
+exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim')
+if [ $exim_installed -gt 0 ]; then
+    systemctl restart exim4
+fi
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+echo ""
+echo "***** Garbage cleaned *****"
+echo ""
+echo "===== After cleaning ======"
+df -h
+echo "==========================="
+
+
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-clear-fail2ban

@@ -0,0 +1,59 @@
+#!/bin/bash
+# info: Clean fail2ban database
+# options: NONE
+#
+# The function is cleaning fail2ban database
+
+#----------------------------------------------------------#
+#           Verifications & Variable & Function            #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# check if fail2ban is installed
+fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban')
+if [ $fail2ban_installed -eq 0 ]; then
+    echo "Fail2ban is not installed"
+    exit 1
+fi
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Cleaning fail2ban database
+fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running')
+if [ $fail2ban_running -eq 1 ]; then
+    echo "== Stopping fail2ban"
+    systemctl stop fail2ban
+fi
+if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then
+    echo "== Cleaning fail2ban database"
+    rm /var/lib/fail2ban/fail2ban.sqlite3
+    if [ -f "/etc/nginx/conf.d/block.conf" ]; then
+        echo "== Cleaning nginx block.conf"
+        truncate -s 0 /etc/nginx/conf.d/block.conf
+        nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running')
+        if [ $nginx_running -eq 1 ]; then
+            echo "== Restarting nginx"
+            systemctl restart nginx
+        fi
+    fi
+fi
+if [ $fail2ban_running -eq 1 ]; then
+    echo "== Starting fail2ban"
+    systemctl start fail2ban
+fi
+
+echo "== Done, fail2ban database cleaned"
+
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-clone-website

@@ -0,0 +1,467 @@
+#!/bin/bash
+# info: Migration tool that will copy whole site from one (sub)domain to another (sub)domain (on the same server)
+# options: FROM_DOMAIN TO_DOMAIN
+#
+# Migration tool that will copy whole site from one (sub)domain to another (sub)domain (on the same server), changing URL in database (it's careful with serialized arrays in database).
+# Useful for making staging copy in one command-line.
+# Automatic detection of WordPress, automaticaly read DB user, DB name, DB pass, automatic cloning to new database, automatic changing wp-config.php file.
+
+if [ $# -lt 2 ]; then
+    echo "USAGE: v-clone-website FROM_DOMAIN TO_DOMAIN"
+    echo "Available parameters:"
+    echo "--DATABASE_SUFIX=... (will be added to database name)"
+    echo "--TO_DATABASE=... (this will override --TO_DATABASE_NAME, --TO_DATABASE_USERNAME and --DATABASE_SUFIX)"
+    echo "--FROM_DATABASE_NAME=..."
+    echo "--FROM_DATABASE_USERNAME=..."
+    echo "--FROM_DATABASE_PASSWORD=..."
+    echo "--CONFIG_FILE=..."
+    echo "--TO_USER=..."
+    echo "--TO_DATABASE_NAME=..."
+    echo "--TO_DATABASE_USERNAME=..."
+    echo "--TO_DATABASE_PASSWORD=..."
+    echo "--SITE_SUBFOLDER=..."
+    echo "--EXCLUDE_UPLOADS=1 (or do not set it)"
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+FROM_DOMAIN=$1
+TO_DOMAIN=$2
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner "$FROM_DOMAIN")
+if [ -z "$user" ]; then
+    echo "Error: domain $FROM_DOMAIN does not exists"
+    exit 2
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/db.sh
+source /usr/local/vesta/conf/vesta.conf
+
+FROM_DATABASE_NAME=''
+FROM_DATABASE_USERNAME=''
+FROM_DATABASE_PASSWORD=''
+FROM_CONFIG_FILE=''
+TO_DATABASE_NAME=''
+TO_DATABASE_USERNAME=''
+TO_DATABASE_PASSWORD=''
+DATABASE_SUFIX='_migrated'
+SITE_SUBFOLDER=''
+SEARCH_FOR_CONFIGS_DATABASE_NAME=''
+SEARCH_FOR_CONFIGS_DATABASE_USERNAME=''
+
+if [ ! -z "$MAX_DBUSER_LEN" ] && [ "$MAX_DBUSER_LEN" -ge 80  ]; then
+    DATABASE_SUFIX=''
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+# check_args '2' "$#" 'FROM_DOMAIN TO_DOMAIN'
+is_domain_format_valid "$FROM_DOMAIN"
+is_domain_format_valid "$TO_DOMAIN"
+
+FROM_USER=$user
+
+# take --parameters
+source /usr/local/vesta/func/handle_parameters.sh
+
+if [ -z "$SITE_SUBFOLDER" ]; then
+    r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain "$FROM_DOMAIN")
+else
+    r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain "$FROM_DOMAIN" "$SITE_SUBFOLDER")
+fi
+#echo $r
+#exit
+eval $r
+
+# take --parameters
+source /usr/local/vesta/func/handle_parameters.sh
+
+FROM_FOLDER=$SITE_FOLDER
+
+if [ ! -z "$CONFIG_FILE" ]; then
+    FROM_CONFIG_FILE=$CONFIG_FILE
+fi
+if [ ! -z "$FROM_CONFIG_FILE" ]; then
+    FROM_CONFIG_FILE_FULL_PATH="$FROM_FOLDER/$FROM_CONFIG_FILE"
+fi
+if [ ! -z "$CONFIG_FILE_FULL_PATH" ]; then
+    FROM_CONFIG_FILE_FULL_PATH=$CONFIG_FILE_FULL_PATH
+fi
+
+if [ ! -f "$FROM_CONFIG_FILE_FULL_PATH" ]; then
+    echo "Error: FROM_CONFIG_FILE_FULL_PATH $FROM_CONFIG_FILE_FULL_PATH does not exists"
+    exit 3
+fi
+
+IT_IS_WP=0
+if [ "$CMS_TYPE" = "wordpress" ]; then
+    IT_IS_WP=1
+fi
+
+if [ -z "$FROM_DATABASE_NAME" ]; then
+    FROM_DATABASE_NAME=$DATABASE_NAME
+fi
+if [ -z "$FROM_DATABASE_USERNAME" ]; then
+    FROM_DATABASE_USERNAME=$DATABASE_USERNAME
+fi
+if [ -z "$FROM_DATABASE_PASSWORD" ]; then
+    FROM_DATABASE_PASSWORD=$DATABASE_PASSWORD
+fi
+
+if [ -z "$FROM_DATABASE_NAME" ]; then
+    echo "Error: FROM_DATABASE_NAME is empty"
+    exit 4
+fi
+if [ -z "$FROM_DATABASE_USERNAME" ]; then
+    echo "Error: FROM_DATABASE_USERNAME is empty"
+    exit 5
+fi
+if [ -z "$FROM_DATABASE_PASSWORD" ]; then
+    echo "Error: FROM_DATABASE_PASSWORD is empty"
+    exit 6
+fi
+
+DB_EXISTS=$(check_if_database_exists "$user" "$FROM_DATABASE_NAME")
+if [ "$DB_EXISTS" = "no" ]; then
+    echo "Error: database $FROM_DATABASE_NAME does not exists"
+    exit 7
+fi
+
+FROM_DATABASE_NAME_WITHOUT_PREFIX=$(get_database_name_without_user_prefix "$FROM_USER" "$FROM_DATABASE_NAME")
+FROM_DATABASE_USERNAME_WITHOUT_PREFIX=$(get_database_name_without_user_prefix "$FROM_USER" "$FROM_DATABASE_USERNAME")
+
+FROM_DOMAIN_HAS_SSL=0
+if [ -f "/home/$FROM_USER/conf/web/ssl.$FROM_DOMAIN.ca" ]; then
+    FROM_DOMAIN_HAS_SSL=1
+fi
+
+FROM_DOMAIN_TPL=$(/usr/local/vesta/bin/v-list-web-domain "$FROM_USER" "$FROM_DOMAIN" | grep 'TEMPLATE:' | awk '{print $2}')
+FROM_DOMAIN_PROXY_TPL=$(/usr/local/vesta/bin/v-list-web-domain "$FROM_USER" "$FROM_DOMAIN" | grep 'PROXY:' | awk '{print $2}')
+FROM_DOMAIN_PROXY_EXT=$(/usr/local/vesta/bin/v-list-web-domain "$FROM_USER" "$FROM_DOMAIN" | grep 'PROXY EXT:' | cut -d ' ' -f8- | sed "s# #,#g")
+
+# ----------- TO -------------
+
+CREATE_TO_USER=0
+CREATE_TO_DOMAIN=0
+
+if [ -z "$TO_USER" ]; then
+    TO_USER=$(/usr/local/vesta/bin/v-search-domain-owner "$TO_DOMAIN")
+    if [ -z "$TO_USER" ]; then
+        TO_USER=$FROM_USER
+        CREATE_TO_DOMAIN=1
+    fi
+else
+    if [ ! -d "/home/$TO_USER" ]; then
+        CREATE_TO_USER=1
+    fi
+    if [ ! -d "/home/$TO_USER/web/$TO_DOMAIN/public_html" ]; then
+        CREATE_TO_DOMAIN=1
+    fi
+fi
+
+TO_FOLDER="/home/$TO_USER/web/$TO_DOMAIN/public_html"
+CHECK_PUBLIC_SHTML=$(/usr/local/vesta/bin/v-list-web-domain "$TO_USER" "$TO_DOMAIN" | grep 'SSL:' | grep -c 'single')
+if [ $CHECK_PUBLIC_SHTML -eq 1 ]; then
+    TO_FOLDER="/home/$TO_USER/web/$TO_DOMAIN/public_shtml"
+fi
+if [ ! -z "$SITE_SUBFOLDER" ]; then
+    TO_FOLDER="$TO_FOLDER/$SITE_SUBFOLDER"
+fi
+
+TO_CONFIG_FILE_FULL_PATH="$TO_FOLDER/$FROM_CONFIG_FILE"
+
+if [ ! -z "$MAX_DBUSER_LEN" ] && [ "$MAX_DBUSER_LEN" -ge 80  ] && [ -z "$DATABASE_SUFIX" ]; then
+    TO_DATABASE_NAME=$(echo "$TO_DOMAIN" | sed 's#\.#_#g')
+    TO_DATABASE_NAME="${TO_USER}_$TO_DATABASE_NAME"
+    TO_DATABASE_USERNAME=$TO_DATABASE_NAME
+else
+    LENGTH_OF_DATABASE_SUFIX=${#DATABASE_SUFIX}
+    if [ -z "$TO_DATABASE_NAME" ]; then
+        LENGTH_OF_TO_DATABASE_NAME=${#FROM_DATABASE_NAME}
+        START_FROM=$((LENGTH_OF_TO_DATABASE_NAME-LENGTH_OF_DATABASE_SUFIX))
+        CHECK_PREFIX=${FROM_DATABASE_NAME:START_FROM}
+        if [ "$CHECK_PREFIX" = "${DATABASE_SUFIX}" ]; then
+            TO_DATABASE_NAME="${TO_USER}_${FROM_DATABASE_NAME_WITHOUT_PREFIX}"
+            LENGTH_OF_TO_DATABASE_NAME=${#TO_DATABASE_NAME}
+            CUT_TO=$((LENGTH_OF_TO_DATABASE_NAME-LENGTH_OF_DATABASE_SUFIX))
+            TO_DATABASE_NAME=${TO_DATABASE_NAME:0:CUT_TO}
+        else
+            TO_DATABASE_NAME="${TO_USER}_${FROM_DATABASE_NAME_WITHOUT_PREFIX}${DATABASE_SUFIX}"
+        fi
+    fi
+    if [ -z "$TO_DATABASE_USERNAME" ]; then
+        LENGTH_OF_TO_DATABASE_USERNAME=${#FROM_DATABASE_USERNAME}
+        START_FROM=$((LENGTH_OF_TO_DATABASE_USERNAME-LENGTH_OF_DATABASE_SUFIX))
+        CHECK_PREFIX=${FROM_DATABASE_USERNAME:START_FROM}
+        if [ "$CHECK_PREFIX" = "${DATABASE_SUFIX}" ]; then
+            TO_DATABASE_USERNAME="${TO_USER}_${FROM_DATABASE_USERNAME_WITHOUT_PREFIX}"
+            LENGTH_OF_TO_DATABASE_USERNAME=${#TO_DATABASE_USERNAME}
+            CUT_TO=$((LENGTH_OF_TO_DATABASE_USERNAME-LENGTH_OF_DATABASE_SUFIX))
+            TO_DATABASE_USERNAME=${TO_DATABASE_USERNAME:0:CUT_TO}
+        else
+            TO_DATABASE_USERNAME="${TO_USER}_${FROM_DATABASE_USERNAME_WITHOUT_PREFIX}${DATABASE_SUFIX}"
+        fi
+    fi
+fi
+
+if [ ! -z "$TO_DATABASE" ]; then
+    TO_DATABASE_USERNAME=$TO_DATABASE
+    TO_DATABASE_NAME=$TO_DATABASE
+fi
+if [ -z "$TO_DATABASE_PASSWORD" ]; then
+    TO_DATABASE_PASSWORD=$FROM_DATABASE_PASSWORD
+fi
+if [ -z "$TO_DATABASE_NAME" ]; then
+    echo "Error: TO_DATABASE_NAME $TO_DATABASE_NAME is empty"
+    exit 10
+fi
+if [ -z "$TO_DATABASE_USERNAME" ]; then
+    echo "Error: TO_DATABASE_USERNAME $TO_DATABASE_USERNAME is empty"
+    exit 11
+fi
+if [ -z "$TO_DATABASE_PASSWORD" ]; then
+    echo "Error: TO_DATABASE_PASSWORD $TO_DATABASE_PASSWORD is empty"
+    exit 12
+fi
+
+TO_DATABASE_NAME_WITHOUT_PREFIX=$(get_database_name_without_user_prefix "$TO_USER" "$TO_DATABASE_NAME")
+TO_DATABASE_USERNAME_WITHOUT_PREFIX=$(get_database_name_without_user_prefix "$TO_USER" "$TO_DATABASE_USERNAME")
+
+
+TO_DOMAIN_HAS_SSL=0
+if [ -f "/home/$TO_USER/conf/web/ssl.$TO_DOMAIN.ca" ]; then
+    TO_DOMAIN_HAS_SSL=1
+fi
+SHOULD_INSTALL_SSL=0
+if [ $FROM_DOMAIN_HAS_SSL -eq 1 ] && [ $TO_DOMAIN_HAS_SSL -eq 0 ]; then
+    SHOULD_INSTALL_SSL=1
+fi
+
+FROM_FPM_VER=""
+if [[ $FROM_DOMAIN_TPL == "PHP-FPM-"* ]]; then
+    FROM_FPM_TPL_VER=${FROM_DOMAIN_TPL:8:2}
+    FROM_FPM_VER="${FROM_DOMAIN_TPL:8:1}.${FROM_DOMAIN_TPL:9:1}"
+fi
+
+# ----------- CHECK -------------
+
+if [ $IT_IS_WP -eq 0 ]; then
+    if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then
+        if [ ! -f "/usr/bin/git" ]; then
+            apt-get update > /dev/null 2>&1
+            apt-get -y install git > /dev/null 2>&1
+        fi
+        cd /root
+        git clone https://github.com/interconnectit/Search-Replace-DB.git
+    fi
+fi
+
+CREATE_TO_DATABASE=0
+object=$(grep "DB='$TO_DATABASE_NAME'" $VESTA/data/users/$TO_USER/db.conf)
+if [ -z "$object" ]; then
+    CREATE_TO_DATABASE=1
+fi
+
+# ----------- PRINT -------------
+
+echo "==============================================================================="
+echo "FROM_DOMAIN    = $FROM_DOMAIN"
+echo "TO_DOMAIN      = $TO_DOMAIN"
+echo "FROM_USER      = $FROM_USER"
+echo "TO_USER        = $TO_USER"
+echo "SITE_SUBFOLDER = $SITE_SUBFOLDER"
+echo "FROM_FOLDER    = $FROM_FOLDER"
+echo "TO_FOLDER      = $TO_FOLDER"
+echo "CMS_TYPE       = $CMS_TYPE"
+echo "IT_IS_WP       = $IT_IS_WP"
+echo "CONFIG_FILE    = $CONFIG_FILE"
+echo "FROM_CONFIG_FILE_FULL_PATH = $FROM_CONFIG_FILE_FULL_PATH"
+echo "TO_CONFIG_FILE_FULL_PATH   = $TO_CONFIG_FILE_FULL_PATH"
+echo "FROM_DATABASE_NAME = $FROM_DATABASE_NAME"
+echo "TO_DATABASE_NAME   = $TO_DATABASE_NAME"
+echo "FROM_DATABASE_USERNAME = $FROM_DATABASE_USERNAME"
+echo "TO_DATABASE_USERNAME   = $TO_DATABASE_USERNAME"
+echo "FROM_DATABASE_PASSWORD = $FROM_DATABASE_PASSWORD"
+echo "TO_DATABASE_PASSWORD   = $TO_DATABASE_PASSWORD"
+echo "FROM_DATABASE_NAME_WITHOUT_PREFIX = $FROM_DATABASE_NAME_WITHOUT_PREFIX"
+echo "TO_DATABASE_NAME_WITHOUT_PREFIX   = $TO_DATABASE_NAME_WITHOUT_PREFIX"
+echo "FROM_DATABASE_USERNAME_WITHOUT_PREFIX = $FROM_DATABASE_USERNAME_WITHOUT_PREFIX"
+echo "TO_DATABASE_USERNAME_WITHOUT_PREFIX   = $TO_DATABASE_USERNAME_WITHOUT_PREFIX"
+echo "DATABASE_SUFIX        = $DATABASE_SUFIX"
+echo "CREATE_TO_USER        = $CREATE_TO_USER"
+echo "CREATE_TO_DOMAIN      = $CREATE_TO_DOMAIN"
+echo "CREATE_TO_DATABASE    = $CREATE_TO_DATABASE"
+echo "SHOULD_INSTALL_SSL    = $SHOULD_INSTALL_SSL"
+echo "FROM_DOMAIN_TPL       = $FROM_DOMAIN_TPL"
+echo "FROM_FPM_VER          = $FROM_FPM_VER"
+echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL"
+echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT"
+echo "SEARCH_FOR_CONFIGS_DATABASE_NAME     = $SEARCH_FOR_CONFIGS_DATABASE_NAME"
+echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME"
+echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS"
+echo "==============================================================================="
+read -p "=== Press Enter to continue ==="
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ $CREATE_TO_USER -eq 1 ]; then
+    pass=$(vesta_generate_pass 10)
+    echo "=== Create user $TO_USER, pass=$pass"
+    /usr/local/vesta/bin/v-add-user "$TO_USER" "$pass" "info@$TO_DOMAIN" "default" "Cloned" "site"
+fi
+
+if [ $CREATE_TO_DOMAIN -eq 1 ]; then
+    echo "=== Create domain $TO_DOMAIN"
+    /usr/local/vesta/bin/v-add-domain "$TO_USER" "$TO_DOMAIN"
+    rm $TO_FOLDER/index.html
+fi
+
+if [ $SHOULD_INSTALL_SSL -eq 1 ]; then
+    echo "=== Installing LetsEncrypt for domain $TO_DOMAIN"
+    /usr/local/vesta/bin/v-add-letsencrypt-domain "$TO_USER" "$TO_DOMAIN" "www.$TO_DOMAIN" "yes"
+    if [ $? -ne 0 ]; then
+        echo "=== LetsEncrypt installation failed"
+    fi
+fi
+
+if [ ! -z "$FROM_DOMAIN_TPL" ]; then
+    echo "=== Set $FROM_DOMAIN_TPL template to domain $TO_DOMAIN"
+    /usr/local/vesta/bin/v-change-web-domain-tpl "$TO_USER" "$TO_DOMAIN" "$FROM_DOMAIN_TPL" "yes"
+fi
+if [ "$SITE_SUBFOLDER" = ".." ]; then
+    if [ ! -z "$FROM_FPM_VER" ]; then
+        POOLD_FILE="/etc/php/$FROM_FPM_VER/fpm/pool.d/$TO_DOMAIN.conf"
+        echo "=== Removing public_html from open_basedir in $POOLD_FILE"
+        sed -i "s|/public_html:|:|g" $POOLD_FILE
+        sed -i "s|/public_shtml:|:|g" $POOLD_FILE
+        systemctl restart php${FROM_FPM_VER}-fpm
+    fi
+fi
+
+if [ ! -z "$FROM_DOMAIN_PROXY_TPL" ]; then
+    echo "=== Set $FROM_DOMAIN_PROXY_TPL proxy template to domain $TO_DOMAIN"
+    /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$TO_USER" "$TO_DOMAIN" "$FROM_DOMAIN_PROXY_TPL" "$FROM_DOMAIN_PROXY_EXT" "yes"
+fi
+
+if [ $CREATE_TO_DATABASE -eq 1 ]; then
+    echo "=== Create database $TO_DATABASE_NAME"
+    /usr/local/vesta/bin/v-add-database "$TO_USER" "$TO_DATABASE_NAME_WITHOUT_PREFIX" "$TO_DATABASE_USERNAME_WITHOUT_PREFIX" "$TO_DATABASE_PASSWORD" 'mysql' 'localhost' 'utf8'
+fi
+
+echo "=== Dumping database $FROM_DATABASE_NAME"
+if [ -d "/root/temp" ]; then
+    rm -rf /root/temp
+fi
+mkdir -p /root/temp
+cd /root/temp
+mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql
+echo "=== Importing to database $TO_DATABASE_NAME"
+mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql
+rm $FROM_DATABASE_NAME.sql
+
+EXCLUDE=''
+if [ ! -z "$EXCLUDE_UPLOADS" ]; then
+    EXCLUDE="--exclude '/wp-content/uploads/*'"
+fi
+
+echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER"
+if [ "$SITE_SUBFOLDER" != ".." ]; then
+    run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/"
+    echo "====== Executing: $run"
+    eval $run
+else
+    run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/"
+    echo "====== Executing: $run"
+    eval $run
+fi
+echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER"
+chown -R $TO_USER:$TO_USER $TO_FOLDER
+
+replace_php_config_value "${FROM_DATABASE_NAME}" "${TO_DATABASE_NAME}" "$TO_CONFIG_FILE_FULL_PATH" "yes"
+replace_php_config_value "${FROM_DATABASE_USERNAME}" "${TO_DATABASE_USERNAME}" "$TO_CONFIG_FILE_FULL_PATH" "yes"
+replace_php_config_value "${FROM_DATABASE_PASSWORD}" "${TO_DATABASE_PASSWORD}" "$TO_CONFIG_FILE_FULL_PATH" "yes"
+
+echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN by searching in folder $TO_FOLDER"
+REGEXP_FROM_DOMAIN="${FROM_DOMAIN//\./\\.}"
+grep -rl "$REGEXP_FROM_DOMAIN" $TO_FOLDER | xargs sed -i "s#$REGEXP_FROM_DOMAIN#$TO_DOMAIN#g"
+if [ "$FROM_USER" != "$TO_USER" ]; then
+    echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ by searching in folder $TO_FOLDER"
+    grep -rl "/home/$FROM_USER/" $TO_FOLDER | xargs sed -i "s#/home/$FROM_USER/#/home/$TO_USER/#g"
+fi
+if [ ! -z "$SEARCH_FOR_CONFIGS_DATABASE_NAME" ]; then
+    echo "=== Replacing ${FROM_DATABASE_NAME} to ${TO_DATABASE_NAME} by searching in folder $TO_FOLDER [SEARCH_FOR_CONFIGS_DATABASE_NAME]"
+    grep -rl "${FROM_DATABASE_NAME}" $TO_FOLDER | xargs sed -i "s#${FROM_DATABASE_NAME}#${TO_DATABASE_NAME}#g"
+fi
+if [ ! -z "$SEARCH_FOR_CONFIGS_DATABASE_USERNAME" ]; then
+    DO_SEARCH_FOR_CONFIGS_DATABASE_USERNAME=1;
+    if [ ! -z "$SEARCH_FOR_CONFIGS_DATABASE_NAME" ] && [ "$SEARCH_FOR_CONFIGS_DATABASE_NAME" = "$SEARCH_FOR_CONFIGS_DATABASE_USERNAME" ]; then
+        DO_SEARCH_FOR_CONFIGS_DATABASE_USERNAME=0
+    fi
+    if [ $DO_SEARCH_FOR_CONFIGS_DATABASE_USERNAME -eq 1 ]; then
+        echo "=== Replacing ${FROM_DATABASE_USERNAME} to ${TO_DATABASE_USERNAME} by searching in folder $TO_FOLDER [SEARCH_FOR_CONFIGS_DATABASE_USERNAME]"
+        grep -rl "${FROM_DATABASE_USERNAME}" $TO_FOLDER | xargs sed -i "s#${FROM_DATABASE_USERNAME}#${TO_DATABASE_USERNAME}#g"
+    fi
+fi
+
+if [ $IT_IS_WP -eq 0 ]; then
+    echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME"
+    php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "$FROM_DOMAIN" -r "$TO_DOMAIN"
+    if [ "$FROM_USER" != "$TO_USER" ]; then
+        echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME"
+        php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/"
+    fi
+else
+    echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME"
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
+    if [ "$FROM_USER" != "$TO_USER" ]; then
+        echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME"
+        /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes;
+    fi
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN cache flush --skip-plugins --skip-themes;
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins --skip-themes;
+    /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts --skip-plugins --skip-themes;
+fi
+
+# ----------- Update Wordfence WAF Path -------------
+
+# Path to .user.ini file in the new domain directory
+user_ini="/home/$TO_USER/web/$TO_DOMAIN/public_html/.user.ini"
+
+# Check if .user.ini exists
+if [ -f "$user_ini" ]; then
+    echo "Updating .user.ini with new path..."
+
+    # Change path from old domain to new domain
+    sed -i "s|/home/.*/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" $user_ini
+
+    # Check if replacement was successful and update .user.ini
+    if [ $? -eq 0 ]; then
+        echo ".user.ini updated successfully."
+    else
+        echo "Failed to update .user.ini file."
+    fi
+fi
+
+echo "===== DONE ===="
+echo "You can visit http://$TO_DOMAIN/"
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-commander

@@ -0,0 +1,634 @@
+#!/bin/bash
+
+numargs=$#
+
+SHOWHEADER=0
+if [ $numargs -eq 0 ]; then
+    SHOWHEADER=1
+fi
+if [ $numargs -eq 1 ] && [ "$1" = "q" ]; then
+    SHOWHEADER=1
+fi
+
+
+source /etc/profile
+PATH=$PATH:/usr/local/vesta/bin && export PATH
+if [ $SHOWHEADER -eq 1 ]; then
+    echo "======================= mvVesta-commander ================================"
+fi
+
+if [ -f /root/kernelupdate ]; then
+    rm /root/kernelupdate
+fi
+apt_updated=0
+apt_upgraded=0
+quit_on_empty=0
+
+if [ $SHOWHEADER -eq 1 ]; then
+    hostname
+    if [ -f "/root/current-status.txt" ]; then
+        echo "------------------ WAS LONG TIME AGO ------------------"
+        cat /root/current-status.txt
+        truncate -s 0 /root/current-status.txt
+    fi
+    echo -n 'Debian ' >> /root/current-status.txt && cat /etc/debian_version >> /root/current-status.txt
+    php -v | grep '^PHP' >> /root/current-status.txt
+    /usr/local/vesta/bin/v-list-sys-services >> /root/current-status.txt
+    /usr/local/vesta/bin/v-list-sys-web-status | grep "Server MPM:" >> /root/current-status.txt
+    w | grep 'load average' >> /root/current-status.txt
+    df -h | grep "/$" >> /root/current-status.txt
+
+    echo "------------------------ NOW ------------------------"
+    cat /root/current-status.txt
+    echo "-----------------------------------------------------"
+    echo "(press 'h' for help)"
+    echo ""
+fi
+
+check_status() {
+    echo "=============================================================="
+    hostname
+    echo "------------------------ WAS ------------------------"
+    cat /root/current-status.txt
+    echo "------------------------ NOW ------------------------"
+    hostname
+    echo -n 'Debian ' && cat /etc/debian_version
+    php -v | grep '^PHP'
+    /usr/local/vesta/bin/v-list-sys-services
+    /usr/local/vesta/bin/v-list-sys-web-status | grep "Server MPM:"
+    w | grep 'load average'
+    df -h | grep "/$"
+    echo "-----------------------------------------------------"
+}
+
+myhelp() {
+    echo "---------- Press: -----------"
+    echo "a  = Activate Email rate limit"
+    echo "b  = bash"
+    echo "c  = check status"
+    echo "d  = df -h"
+    echo "e  = make sure Apache is in mpm_event"
+    echo "f  = free -h"
+    echo "g  = apt-get upgrade"
+    echo "h  = help"
+    echo "m  = install php-memcached"
+    echo "p  = set version of php as default"
+    echo "q  = quit"
+    echo "r  = reboot"
+    echo "s  = download sury.org apt-get key"
+    echo "n  = download nginx gpg key"
+    echo "freexian = add Freexian repository"
+    echo "t  = clean the trash"
+    echo "u  = apt-get update"
+    echo "v  = update myVesta"
+    echo "vo = update myVesta without 'apt-get update'"
+    echo "w  = w"
+    echo "-----------------------------"
+    echo "inst v                = install myVesta"
+    echo "inst p                = install multi-php"
+    echo "inst pgw              = install php-gate"
+    echo "inst r                = install new Roundcube"
+    echo "inst memcached        = install memcached"
+    echo "inst redis            = install Redis"
+    echo "inst nginx-rate-limit = install nginx-rate-limit templates"
+    echo "dis fb   = stop and disable fail2ban"
+    echo "dis dove = stop and disable dovecot"
+    echo "dis spam = stop and disable spamassassin"
+    echo "dis clam = stop and disable ClamAV"
+    echo "p 7.0    = set default php 7.0"
+    echo "p 7.3    = set default php 7.3"
+    echo "p 7.4    = set default php 7.4"
+    echo "p def    = set proper default php"
+    echo "e def    = set mpm_event if needed"
+    echo "m def    = install php-memcached if needed"
+    echo "check fc = check if FreshClam is up"
+    echo "-----------------------------"
+    echo "enable-ssh-root-password-login = Allow root password authentication via SSH"
+    echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub"
+    echo "-----------------------------"
+}
+
+apt_update() {
+    echo "============================="
+    echo "== running: apt-get update"
+    release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+    if [ "$release" -lt 10 ]; then
+        apt-get update
+    else
+        apt-get update --allow-releaseinfo-change
+    fi
+    apt_updated=1
+}
+
+COUNTER=0
+HAS_PARAMETERS=0
+
+while true
+do
+
+    COUNTER=$((COUNTER + 1))
+    if [ $COUNTER -le $numargs ]; then
+        HAS_PARAMETERS=1
+        answer=$1
+        shift
+    else
+        if [ $HAS_PARAMETERS -eq 1 ]; then
+            exit;
+        fi
+        read -p 'What to do: ' answer
+    fi
+
+    if [ "$answer" = 'prompt' ] || [ "$answer" = 'PROMPT' ]; then
+        echo "============================="
+        echo "hostname: $HOSTNAME"
+        read -p 'What to do [or press Enter to continue]: ' answer
+    fi
+    
+    if [ "$answer" = '' ] && [ $quit_on_empty -eq 1 ]; then
+        answer='q'
+    fi
+
+    if [ "$answer" = 'quit-on-empty' ]; then
+        echo "== the script will quit on next enter"
+        quit_on_empty=1
+        HAS_PARAMETERS=0
+    fi
+
+
+    if [ "$answer" = 'a' ] || [ "$answer" = 'A' ]; then
+    mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup
+    cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template
+
+    touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour
+    touch /etc/exim4/limit_per_email_account_max_recipients
+    touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour
+    touch /etc/exim4/limit_per_hosting_account_max_recipients
+
+    check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template
+    fi
+
+    check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template
+    fi
+
+    check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup)
+    if [ "$check_grep" -eq 0 ]; then
+        sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template
+    fi
+
+    systemctl restart exim4
+    echo "Email rate limit activated."
+    fi
+
+
+
+    if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then
+        apt_update
+    fi
+
+    if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then
+        echo "============================="
+        echo "== running: apt-get upgrade"
+        
+        if [ $apt_upgraded -eq 0 ]; then
+            cp /var/log/apt/history.log /var/log/apt/history-`date +"%Y%m%d%H%M%S"`.log
+            truncate -s 0 /var/log/apt/history.log
+        fi
+        
+        apt-get -y --with-new-pkgs upgrade
+        apt-get -y dist-upgrade
+        apt_upgraded=1
+        
+        kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log)
+        dbusupdate=$(grep -c ' dbus:a' /var/log/apt/history.log)
+        if [ $kernelupdate -gt 0 ] || [ $dbusupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then
+            touch /root/kernelupdate
+            echo "== kernel is updated, reboot is required!"
+        fi
+    fi
+
+    if [ "$answer" = 'c' ] || [ "$answer" = 'C' ]; then
+        check_status
+    fi
+
+    if [ "$answer" = 's' ] || [ "$answer" = 'S' ]; then
+        if [ -f "/etc/apt/trusted.gpg.d/php.gpg" ]; then
+            echo "============================="
+            echo "== renewing sury.org gpg key"
+            wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
+        fi
+    fi
+
+    if [ "$answer" = 'n' ] || [ "$answer" = 'N' ]; then
+        if [ -f "/etc/apt/sources.list.d/nginx.list" ]; then
+            echo "============================="
+            echo "== renewing nginx gpg key"
+            apt-get update
+            apt-get -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
+            curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
+            echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
+        fi
+    fi
+
+    if [ "$answer" = 'freexian' ] || [ "$answer" = 'FREEXIAN' ]; then
+        if [ "$release" -lt 11 ]; then
+            echo "============================="
+            echo "== adding Freexian repository"
+            apt-get update
+            apt-get install lsb-release
+            wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb
+            cat /etc/apt/sources.list
+            mv /etc/apt/sources.list /etc/apt/sources.list.old
+            echo "deb http://deb.freexian.com/extended-lts `lsb_release -cs` main contrib non-free" > /etc/apt/sources.list
+            rm /etc/apt/sources.list.d/hetzner*
+        else
+            echo "== Freexian is not supported on Debian 11 or higher"
+        fi
+    fi
+
+    if [ "$answer" = 'e def' ] || [ "$answer" = 'E DEF' ]; then
+        release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+        echo "============================="
+        echo "== checking if we need mpm_event mode"
+        echo "== detected Debian $release"
+        if [ "$release" -eq 10 ] || [ "$release" -eq 11 ] || [ -f "/root/switch-apache-to-event-mode.sh" ]; then
+            isevent=$(/usr/local/vesta/bin/v-list-sys-web-status | grep -c "Server MPM: event")
+            if [ $isevent -eq 0 ]; then
+                echo "== Apache should be switched to mpm_event mode"
+                answer='e'
+            else
+                echo "== Apache is already in mpm_event mode"
+            fi
+        fi
+        
+    fi
+    if [ "$answer" = 'e' ] || [ "$answer" = 'E' ]; then
+        echo "============================="
+        echo "== switching to mpm_event mode"
+        apt-get -y remove libapache2-mod-php*
+        a2dismod ruid2
+        a2dismod suexec
+        a2dismod php5.6
+        a2dismod php7.0
+        a2dismod php7.1
+        a2dismod php7.2
+        a2dismod php7.3
+        a2dismod php7.4
+        a2dismod php8.0
+        a2dismod php8.1
+        a2dismod php8.2
+        a2dismod mpm_prefork
+        a2enmod mpm_event
+        systemctl restart apache2
+    fi
+
+    if [ "$answer" = 'dis fb' ] || [ "$answer" = 'DIS FB' ]; then
+        echo "============================="
+        echo "== disabling fail2ban"
+        systemctl stop fail2ban
+        systemctl disable fail2ban
+        systemctl status fail2ban
+    fi
+
+    if [ "$answer" = 'dis dove' ] || [ "$answer" = 'DIS DOVE' ]; then
+        echo "============================="
+        echo "== disabling dovecot"
+        systemctl stop dovecot.service
+        systemctl stop dovecot.socket
+        systemctl disable dovecot.service
+    fi
+
+    if [ "$answer" = 'dis clam' ] || [ "$answer" = 'DIS CLAM' ]; then
+        echo "============================="
+        echo "== disabling ClamAV"
+        systemctl stop clamav-daemon.service
+        systemctl disable clamav-daemon.service
+
+        systemctl stop clamav-daemon.socket
+        systemctl disable clamav-daemon.socket
+
+        systemctl stop clamav-freshclam.service
+        systemctl disable clamav-freshclam.service
+
+        sed -i "s/^CLAMD =/#CLAMD =/g" /etc/exim4/exim4.conf.template
+        systemctl restart exim4
+    fi
+
+    if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then
+        echo "============================="
+        echo "== disabling SpamAssassin"
+        release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+        if [ "$release" -lt 12 ]; then
+            systemctl stop spamassassin.service
+            systemctl disable spamassassin.service
+        else
+            systemctl stop spamd.service
+            systemctl disable spamd.service
+        fi
+
+        sed -i "s/^SPAMASSASSIN =/#SPAMASSASSIN =/g" /etc/exim4/exim4.conf.template
+        sed -i "s/^SPAM_SCORE =/#SPAM_SCORE =/g" /etc/exim4/exim4.conf.template
+        systemctl restart exim4
+    fi
+
+    if [ "$answer" = 'p' ] || [ "$answer" = 'P' ]; then
+        echo "============================="
+        echo "== changing default php version"
+        update-alternatives --config php
+        echo "--- NEW ---"
+        php -v | grep '^PHP'
+    fi
+
+    if [ "$answer" = 'p 7.0' ] || [ "$answer" = 'P 7.0' ]; then
+        echo "============================="
+        echo "== changing default php version to 7.0"
+        update-alternatives --set php /usr/bin/php7.0
+        echo "--- NEW ---"
+        php -v | grep '^PHP'
+    fi
+
+    if [ "$answer" = 'p 7.3' ] || [ "$answer" = 'P 7.3' ]; then
+        echo "============================="
+        echo "== changing default php version to 7.3"
+        update-alternatives --set php /usr/bin/php7.3
+        echo "--- NEW ---"
+        php -v | grep '^PHP'
+    fi
+
+    if [ "$answer" = 'p 7.4' ] || [ "$answer" = 'P 7.4' ]; then
+        echo "============================="
+        echo "== changing default php version to 7.4"
+        update-alternatives --set php /usr/bin/php7.4
+        echo "--- NEW ---"
+        php -v | grep '^PHP'
+    fi
+
+    if [ "$answer" = 'p def' ] || [ "$answer" = 'P DEF' ]; then
+        echo "============================="
+        echo "== checking if we need to change default php version"
+        automode=$(update-alternatives --display php | grep -c 'auto mode')
+        echo "============================="
+        if [ $automode -ge 1 ]; then
+            echo "=== php auto mode detected"
+            release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+            echo "== detected Debian $release"
+            if [ "$release" -eq 8 ]; then
+                echo "== set default php 5"
+                update-alternatives --set php /usr/bin/php5
+            fi
+            if [ "$release" -eq 9 ]; then
+                echo "== set default php 7.0"
+                update-alternatives --set php /usr/bin/php7.0
+            fi
+            if [ "$release" -eq 10 ]; then
+                echo "== set default php 7.3"
+                update-alternatives --set php /usr/bin/php7.3
+            fi
+            if [ "$release" -eq 11 ]; then
+                echo "== set default php 7.4"
+                update-alternatives --set php /usr/bin/php7.4
+            fi
+            echo "--- NEW ---"
+            php -v | grep '^PHP'
+        else
+            echo "== php is already in manual mode"
+            php -v | grep '^PHP'
+        fi
+    fi
+
+
+    if [ "$answer" = 'v' ] || [ "$answer" = 'V' ]; then
+        echo "============================="
+        echo "== updating myVesta"
+        if [ -f "/usr/local/vesta/bin/v-update-myvesta" ]; then
+            /usr/local/vesta/bin/v-update-myvesta
+        else
+            number_of_files=$(ls /var/cache/apt/archives/vesta_.* 2>/dev/null | wc -l)
+            if [ $number_of_files -gt 0 ]; then
+                rm /var/cache/apt/archives/vesta_* > /dev/null 2>&1
+            fi
+            apt-get update -o Dir::Etc::sourcelist="sources.list.d/vesta.list" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0"  > /usr/local/vesta/log/update-$package.log 2>&1
+            apt-get install --reinstall vesta
+        fi
+    fi
+
+    if [ "$answer" = 'vo' ] || [ "$answer" = 'VO' ]; then
+        echo "============================="
+        echo "== updating myVesta (without 'apt-get update')"
+        number_of_files=$(ls /var/cache/apt/archives/vesta_.* 2>/dev/null | wc -l)
+        if [ $number_of_files -gt 0 ]; then
+            rm /var/cache/apt/archives/vesta_* > /dev/null 2>&1
+        fi
+        apt-get install --reinstall vesta
+    fi
+
+    if [ "$answer" = 'vor' ] || [ "$answer" = 'VOR' ]; then
+        echo "============================="
+        echo "== updating myVesta (without apt-get update and without reinstall)"
+        number_of_files=$(ls /var/cache/apt/archives/vesta_.* 2>/dev/null | wc -l)
+        if [ $number_of_files -gt 0 ]; then
+            rm /var/cache/apt/archives/vesta_* > /dev/null 2>&1
+        fi
+        apt-get install vesta
+    fi
+
+    if [ "$answer" = 't' ] || [ "$answer" = 'T' ]; then
+        echo "============================="
+        echo "== cleaning trash"
+        df -m
+        echo "------"
+        ps -Af | grep tailf | grep -v "grep tailf"
+        echo "------"
+        /usr/local/vesta/bin/v-clean-garbage
+        echo "--------------"
+        df -m
+        echo "--------------"
+        ps -Af | grep tailf | grep -v "grep tailf"
+    fi
+
+    if [ "$answer" = 'm def' ] || [ "$answer" = 'M DEF' ]; then
+        phpupdate=$(grep -c 'php' /var/log/apt/history.log)
+        if [ $phpupdate -gt 0 ]; then
+            answer='m'
+        fi
+    fi
+
+    if [ "$answer" = 'm' ] || [ "$answer" = 'M' ]; then
+        echo "============================="
+        echo "== installing php-memcache modules"
+        apt-get install -y $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ")
+        apt-get install -y $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ")
+    fi
+
+    if [ "$answer" = 'd' ] || [ "$answer" = 'D' ]; then
+        echo "============================="
+        echo "== running: df -h"
+        df -h
+    fi
+
+    if [ "$answer" = 'f' ] || [ "$answer" = 'F' ]; then
+        echo "============================="
+        echo "== running: free -h"
+        free -h
+    fi
+
+    if [ "$answer" = 'w' ] || [ "$answer" = 'W' ]; then
+        echo "== running: free -h"
+        w
+    fi
+
+    if [ "$answer" = 'inst p' ] || [ "$answer" = 'INST P' ]; then
+        echo "============================="
+        echo "== installing new PHP versions"
+        cd /root
+        wget -nv -O /root/vesta-inst-php.sh https://c.myvestacp.com/tools/multi-php-install.sh
+        chmod u+x ./vesta-inst-php.sh
+        mcedit ./vesta-inst-php.sh
+        sudo ./vesta-inst-php.sh
+    fi
+
+    if [ "$answer" = 'inst pgw' ] || [ "$answer" = 'INST PGW' ]; then
+        echo "============================="
+        echo "== Installing phpgate"
+        wget -nv http://dl.myvestacp.com/vesta/install-phpgate.sh -O /root/install-phpgate.sh
+        chmod u+x /root/install-phpgate.sh
+        /root/install-phpgate.sh
+    fi
+
+    if [ "$answer" = 'inst memcache' ] || [ "$answer" = 'inst memcached' ] || [ "$answer" = 'INST MEMCACHE' ] || [ "$answer" = 'INST MEMCACHED' ]; then
+        echo "============================="
+        echo "== Installing memcached"
+        memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
+        apt-get update
+        apt-get -y install memcached 
+        apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ")
+        apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ")
+        if [ $memory -lt 15000000 ]; then
+            sed -i "s/-m 64/-m 256/" /etc/memcached.conf
+        else
+            sed -i "s/-m 64/-m 1024/" /etc/memcached.conf
+        fi
+        systemctl restart memcached
+        echo "== memcached installed."
+        echo "-----------------------"
+    fi
+
+    if [ "$answer" = 'inst redis' ] || [ "$answer" = 'INST REDIS' ]; then
+        echo "============================="
+        echo "== Installing Redis"
+        memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9])
+        apt-get update
+        apt-get install -y redis-server
+        apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-redis ")
+
+        sed -i "s|^supervised no|supervised systemd|g" /etc/redis/redis.conf
+        sed -i "s|^save |# save |g" /etc/redis/redis.conf
+        sed -i 's|^# save ""|save ""|g' /etc/redis/redis.conf
+        if [ $memory -lt 15000000 ]; then
+            sed -i "s|^# maxmemory .*|maxmemory 256m|g" /etc/redis/redis.conf
+        else
+            sed -i "s|^# maxmemory .*|maxmemory 1g|g" /etc/redis/redis.conf
+        fi
+        sed -i "s|^# maxmemory-policy .*|maxmemory-policy allkeys-lru|g" /etc/redis/redis.conf
+        systemctl restart redis
+        redis-cli info memory
+        echo "== Redis installed."
+        echo "-------------------"
+    fi
+
+    if [ "$answer" = 'inst nginx-rate-limit' ] || [ "$answer" = 'INST NGINX-RATE-LIMIT' ]; then
+        echo "============================="
+        echo "== Installing inst nginx-rate-limit templates"
+        curl -O https://c.myvestacp.com/tools/rate-limit-tpl/install_rate_limit_tpl.sh
+        bash install_rate_limit_tpl.sh
+        echo "== nginx-rate-limit templates installed."
+        echo "-------------------"
+    fi
+
+    if [ "$answer" = 'check fc' ] || [ "$answer" = 'CHECK FC' ]; then
+        echo "== Checking if FreshClam is up"
+        clamavup=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-daemon' | grep -c 'running')
+        freshclamdown=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-freshclam' | grep -c 'off')
+        if [ $clamavup -eq 1 ] && [ $freshclamdown -eq 1 ]; then
+            echo "== Starting FreshClam"
+            systemctl enable clamav-freshclam.service
+            systemctl start clamav-freshclam.service
+        fi
+    fi
+    
+    if [ "$answer" = 'enable-ssh-root-password-login' ] || [ "$answer" = 'ENABLE-SSH-ROOT-PASSWORD-LOGIN' ]; then
+        sed -i "s|^PermitRootLogin .*|PermitRootLogin yes|g" /etc/ssh/sshd_config
+        sed -i "s|^#PermitRootLogin .*|PermitRootLogin yes|g" /etc/ssh/sshd_config
+        systemctl restart sshd
+        echo "--- New settings ---"
+        grep '^PermitRoot' /etc/ssh/sshd_config
+        echo "--------------------"
+        echo "Port 22 opened in Firewall for all IP addresses."
+        /usr/local/vesta/bin/v-unsuspend-firewall-rule "11"
+        echo "--------------------"
+        echo "Type 'passwd' in the terminal to set the root password."
+        echo "--------------------"
+    fi
+
+    if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then
+        echo "============================="
+        echo "== Rebooting the server"
+        reboot
+    fi
+
+    if [ "$answer" = 'b' ] || [ "$answer" = 'B' ]; then
+        echo "============================="
+        echo "== Running bash"
+        bash
+    fi
+
+    if [ "$answer" = 'q' ] || [ "$answer" = 'Q' ]; then
+        echo "============================="
+        echo "== Exiting... bye bye :)"
+        exit 0
+    fi
+
+    if [ "$answer" = 'h' ] || [ "$answer" = 'H' ]; then
+        myhelp
+    fi
+
+    if [ "$answer" = 'inst v' ] || [ "$answer" = 'INST V' ]; then
+        echo "============================="
+        echo "== installing myVesta"
+        release=$(cat /etc/debian_version | tr "." "\n" | head -n1)
+        if [ "$release" -lt 10 ]; then
+            apt-get update
+        else
+            apt-get update --allow-releaseinfo-change
+        fi
+        apt-get -y --with-new-pkgs upgrade && apt-get -y dist-upgrade
+        apt-get -y install curl wget mc git sudo dnsutils screen
+        cd ~
+        curl -O http://c.myvestacp.com/vst-install-debian.sh
+        sudo bash vst-install-debian.sh
+        source /etc/profile
+        PATH=$PATH:/usr/local/vesta/bin && export PATH
+    fi
+
+    if [ "$answer" = 'inst r' ] || [ "$answer" = 'INST R' ]; then
+        echo "============================="
+        echo "== Installing new Roundcube"
+        wget -nv https://c.myvestacp.com/tools/install-new-roundcube.sh -O /root/install-new-roundcube.sh
+        chmod u+x /root/install-new-roundcube.sh
+        mcedit /root/install-new-roundcube.sh
+        /root/install-new-roundcube.sh
+    fi
+
+    if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then
+        if [ ! -f "/root/.ssh/id_rsa.pub" ]; then
+            ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null
+        fi
+        echo "=== YOUR id_rsa.pub IS BELOW ==="
+        cat /root/.ssh/id_rsa.pub
+        echo "======"
+    fi
+
+done

bin/v-copy-fs-file

@@ -43,7 +43,7 @@ fi
 # Checking destination path
 rpath=$(readlink -f "$dst_file")
 if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
-    echo "Error: ivalid destination path $dst_file"
+    echo "Error: invalid destination path $dst_file"
     exit 2
 fi
 

bin/v-deactivate-vesta-license

@@ -35,7 +35,7 @@ check_args '2' "$#" 'MODULE LICENSE'
 
 # Activating license
 v_host='https://vestacp.com/checkout'
-answer=$(curl -s $v_host/cancel.php?licence_key=$license)
+answer=$(curl --max-time 60 -s $v_host/cancel.php?licence_key=$license)
 check_result $? "cant' connect to vestacp.com " $E_CONNECT
 
 # Checking server answer

bin/v-delete-database-of-domain

@@ -0,0 +1,69 @@
+#!/bin/bash
+# info: delete database if domain has database
+# options: DOMAIN
+#
+# The function for deleting database if domain has database
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+RET=$OK
+
+# echo "================================="
+r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain)
+# echo $r
+eval $r
+# echo "================================="
+
+if [ ! -z "$DATABASE_NAME" ]; then
+    echo "=== v-delete-database $USER $DATABASE_NAME"
+    /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME
+    if [ $? -ne 0 ]; then
+        echo "=== v-delete-database failed"
+        RET=$E_NOTEXIST
+    fi
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+log_event "$RET" "$ARGUMENTS"
+
+exit

bin/v-delete-domain

@@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user"
 if [ ! -z "$WEB_SYSTEM" ]; then
     str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
     if [  ! -z "$str" ]; then
+        $BIN/v-delete-database-of-domain $domain
         domain_found='yes'
         $BIN/v-delete-web-domain $user $domain 'no'
-        check_result $? "can't suspend web" > /dev/null
+        check_result $? "can't delete web" > /dev/null
     fi
 fi
 
@@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then
     if [  ! -z "$str" ]; then
         domain_found='yes'
         $BIN/v-delete-dns-domain $user $domain 'no'
-        check_result $? "can't suspend dns" > /dev/null
+        check_result $? "can't delete dns" > /dev/null
     fi
 fi
 
@@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then
     if [  ! -z "$str" ]; then
         domain_found='yes'
         $BIN/v-delete-mail-domain $user $domain
-        check_result $? "can't suspend mail" > /dev/null
+        check_result $? "can't delete mail" > /dev/null
     fi
 fi
 

bin/v-delete-firewall-ban

@@ -53,6 +53,11 @@ $iptables -D fail2ban-$chain $b 2>/dev/null
 # Changing permissions
 chmod 660 $conf
 
+# nginx deny rules conf
+if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then
+    sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf
+    systemctl reload nginx
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-delete-firewall-rule

@@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule"
 #                       Action                             #
 #----------------------------------------------------------#
 
+oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf)
+
 # Deleting rule
 sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf
 
 # Updating system firewall
 $BIN/v-update-firewall
 
+if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then
+    parse_object_kv_list_non_eval "$oldvalues"
+    if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then
+        sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf
+        systemctl restart nginx
+    fi
+fi
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v-delete-inactive-wordpress-plugins-and-themes

@@ -0,0 +1,165 @@
+#!/bin/bash
+# info: delete inactive WordPress plugins and themes
+# options: DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+# WP-CLI wrapper
+if [ ! -z "$PHP" ]; then
+    WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+else
+    WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes"
+fi
+
+quarantined=0;
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+echo "Inactive WordPress plugins for $DOMAIN:"
+echo "-------------------------------------"
+
+RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes"
+PLUGINS_LIST_CSV=$(eval "$RUN")
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    echo "return code: $return_code"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2)
+
+DEACTIVATED_PLUGINS_LIST_CSV=""
+
+if [ ! -z "$PLUGINS_LIST_CSV" ]; then
+    printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update"
+    while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+        if [ "$STATUS" = "inactive" ]; then
+            printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE"
+            DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME"
+        fi
+    done <<< "$PLUGINS_LIST_CSV"
+else
+    echo "No plugins found."
+fi
+
+if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then
+    echo ""
+    read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
+    if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
+        while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+            if [ "$STATUS" = "inactive" ]; then
+                folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME"
+                file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php"
+                if [ -d "$folder" ] || [ -f "$file" ]; then
+                    destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN"
+                    if [ -d "$folder" ]; then
+                        source_path="$folder"
+                        destination_path="$destination_base_folder/$NAME"
+                    elif [ -f "$file" ]; then
+                        source_path="$file"
+                        destination_path="$destination_base_folder/$NAME.php"
+                    fi
+                    mkdir -p $destination_base_folder
+                    chown $USER:$USER $destination_base_folder
+                    mv $source_path $destination_path
+                    if [ -d "$destination_path" ]; then
+                        echo "= Folder $source_path moved to $destination_path"
+                        quarantined=1;
+                    fi
+                    if [ -f "$destination_path" ]; then
+                        echo "= File $source_path moved to $destination_path"
+                        quarantined=1;
+                    fi
+                else
+                    echo "=== ERROR: Folder $folder or file $file not found - it does not exist?"
+                fi
+            fi
+        done <<< "$PLUGINS_LIST_CSV"
+    fi
+fi
+
+echo ""
+echo "Inactive WordPress themes for $DOMAIN:"
+echo "-------------------------------------"
+
+RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes"
+THEMES_LIST_CSV=$(eval "$RUN")
+return_code=$?
+
+if [ $return_code -ne 0 ]; then
+    echo "WP-CLI error:"
+    echo "return code: $return_code"
+    cat /home/$USER/web/$DOMAIN/wp-cli-error.log
+    exit $return_code
+fi
+
+THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2)
+
+DEACTIVATED_THEMES_LIST_CSV=""
+
+if [ ! -z "$THEMES_LIST_CSV" ]; then
+    printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update"
+    while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+        if [ "$STATUS" = "inactive" ]; then
+            printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE"
+            DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME"
+        fi
+    done <<< "$THEMES_LIST_CSV"
+else
+    echo "No themes found."
+fi
+
+if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then
+    echo ""
+    read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
+    if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
+        while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do
+            if [ "$STATUS" = "inactive" ]; then
+                folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME"
+                if [ -d "$folder" ]; then
+                    destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN"
+                    source_path="$folder"
+                    destination_path="$destination_base_folder/$NAME"
+                    mkdir -p $destination_base_folder
+                    chown $USER:$USER $destination_base_folder
+                    mv $source_path $destination_path
+                    if [ -d "$destination_path" ]; then
+                        echo "= Folder $source_path moved to $destination_path"
+                        quarantined=1;
+                    fi
+                else
+                    echo "=== ERROR: Folder $folder not found - it does not exist?"
+                fi
+            fi
+        done <<< "$THEMES_LIST_CSV"
+    fi
+fi
+
+echo ""
+if [ $quarantined -eq 1 ]; then
+    echo "= All deactivated plugins and themes moved to quarantine."
+    echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN"
+else
+    echo "= No deactivated plugins or themes found."
+fi
+exit 0;

bin/v-delete-mail-account

@@ -53,6 +53,7 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
 
     sed -i "/^$account@$domain_idn:/d" $HOMEDIR/$user/conf/mail/$domain/aliases
     sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
+    sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/accounts
     rm -rf $HOMEDIR/$user/mail/$domain/$account
 fi
 

bin/v-delete-mail-domain

@@ -51,12 +51,15 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
     rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn
     rm -rf $HOMEDIR/$user/conf/mail/$domain
     rm -rf $HOMEDIR/$user/mail/$domain_idn
+    if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then
+        rm -rf /hdd/home/$user/mail/$domain_idn
+    fi
 fi
 
 # Deleting dkim dns record
 if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
     records=$($BIN/v-list-dns-records $user $domain plain)
-    dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
+    dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1)
     for id in $dkim_records; do
         $BIN/v-delete-dns-record $user $domain $id
     done

bin/v-delete-mail-domain-dkim

@@ -48,7 +48,7 @@ fi
 # Deleting dns record
 if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
     records=$($BIN/v-list-dns-records $user $domain plain)
-    dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ')
+    dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}')
     for id in $dkim_records; do
         $BIN/v-delete-dns-record $user $domain $id
     done

bin/v-delete-mails

@@ -0,0 +1,127 @@
+#!/bin/bash
+# info: delete old emails (by mtime) for user/domain/account, with optional scope
+# usage:   v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE
+# SCOPE:   all    – clean every Maildir folder (cur, new, tmp, custom subfolders)
+#          trash  – clean only Trash/Junk/Spam folders
+
+# load Vesta functions & config
+source "$VESTA/func/main.sh"
+source "$VESTA/conf/vesta.conf"
+
+# read arguments
+user="$1"
+domain="$2"
+account="$3"
+mtime="$4"
+scope="$5"
+
+# verify argument count
+check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE'
+
+# validate scope
+if [[ "$scope" != "all" && "$scope" != "trash" ]]; then
+  echo "ERROR: SCOPE must be 'all' or 'trash'."
+  exit 1
+fi
+
+# validate logical combinations
+if [[ "$user" == "all" ]]; then
+  if [[ "$domain" != "all" || "$account" != "all" ]]; then
+    echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'."
+    exit 1
+  fi
+elif [[ "$domain" == "all" && "$account" != "all" ]]; then
+  echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'."
+  exit 1
+fi
+
+# build a detailed summary for the warning
+declare -a summary_parts
+if [[ "$user" == "all" ]]; then
+  summary_parts+=("all users")
+else
+  summary_parts+=("user '$user'")
+fi
+
+if [[ "$domain" == "all" ]]; then
+  summary_parts+=("all domains")
+else
+  summary_parts+=("domain '$domain'")
+fi
+
+if [[ "$account" == "all" ]]; then
+  summary_parts+=("all accounts")
+else
+  summary_parts+=("account '$account'")
+fi
+
+# join with commas
+summary=$(printf ", %s" "${summary_parts[@]}")
+summary=${summary:2}
+
+# only warn if any of them is 'all' or if mtime is 'all'
+if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then
+  echo "WARNING: This will delete emails older than '$mtime' days for ${summary}."
+  read -p "Are you sure? (yes/no): " confirm
+  [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; }
+fi
+
+# function to delete emails
+delete_emails() {
+  local u="$1" d="$2" a="$3"
+  local maildir="/home/$u/mail/$d/$a"
+
+  [[ ! -d "$maildir" ]] && return
+
+  echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime"
+
+  # build find predicates
+  if [[ "$scope" == "all" ]]; then
+    folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" )
+  else
+    folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" )
+  fi
+
+  # assemble and run find
+  if [[ "$mtime" == "all" ]]; then
+    find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null
+  else
+    find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null
+  fi
+}
+
+# collect users
+if [[ "$user" == "all" ]]; then
+  users=$(v-list-users plain | awk '{print $1}')
+else
+  users="$user"
+fi
+
+# iterate through users, domains, accounts
+for u in $users; do
+  if [[ "$domain" == "all" ]]; then
+    domains=$(v-list-mail-domains "$u" plain | awk '{print $1}')
+  else
+    domains="$domain"
+  fi
+
+  for d in $domains; do
+    if [[ "$account" == "all" ]]; then
+      accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}')
+    else
+      accounts="$account"
+    fi
+
+    for a in $accounts; do
+      delete_emails "$u" "$d" "$a"
+    done
+  done
+done
+
+# restart dovecot to refresh mailbox state
+systemctl restart dovecot
+
+# log the action (status first, then message)
+log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account"
+
+exit 0

bin/v-delete-sys-mail-ssl

@@ -0,0 +1,75 @@
+#!/bin/bash
+# info: delete sys vesta user ssl certificate
+# options: NONE
+#
+# The script disables user domain ssl synchronization
+
+
+#----------------------------------------------------------#
+#                  Variable & Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+vst_crt="$VESTA/ssl/certificate.crt"
+vst_key="$VESTA/ssl/certificate.key"
+
+# Updating mail certificate
+case $MAIL_SYSTEM in
+    exim)           conf='/etc/exim/exim.conf';;
+    exim4)          conf='/etc/exim4/exim4.conf.template';;
+esac
+if [ -e "$conf" ]; then
+    sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
+        -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
+fi
+
+# Updating imap certificate
+conf="/etc/dovecot/conf.d/10-ssl.conf"
+if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
+    sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
+        -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
+fi
+
+# Moving old certificates
+if [ -e "$VESTA/ssl/mail.crt" ]; then
+    mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
+fi
+if [ -e "VESTA/ssl/mail.key" ]; then
+    mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
+fi
+
+# Updating vesta.conf value
+sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Restarting services
+if [ "$restart" != 'no' ]; then
+    if [ ! -z "$MAIL_SYSTEM" ]; then
+        $BIN/v-restart-service $MAIL_SYSTEM
+    fi
+    if [ ! -z "$IMAP_SYSTEM" ]; then
+        $BIN/v-restart-service $IMAP_SYSTEM
+    fi
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-delete-sys-vesta-ssl

@@ -0,0 +1,37 @@
+#!/bin/bash
+# info: delete sys vesta user ssl certificate
+# options: NONE
+#
+# The script disables user domain ssl synchronization
+
+
+#----------------------------------------------------------#
+#                  Variable & Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Updating vesta.conf value
+sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-delete-user

@@ -94,6 +94,9 @@ fi
 # Deleting user directories
 chattr -i $HOMEDIR/$user/conf
 rm -rf $HOMEDIR/$user
+if [ -d "/hdd/home/$user" ]; then
+    rm -rf /hdd/home/$user
+fi
 rm -f /var/spool/mail/$user
 rm -f /var/spool/cron/$user
 rm -f /var/spool/cron/crontabs/$user

bin/v-delete-user-favourites

@@ -32,6 +32,8 @@ case $system in
     DNS_REC)    is_format_valid 'id' ;;
     *)          is_format_valid 'object'
 esac
+
+is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 

bin/v-delete-web-domain

@@ -56,6 +56,31 @@ fi
 get_domain_values 'web'
 local_ip=$(get_real_ip $IP)
 
+# Deleting FPM conf
+fpmconf="/etc/php5/fpm/pool.d/$domain.conf"
+if [ -f "$fpmconf" ]; then
+    rm $fpmconf
+    echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
+fi
+
+for PHPV in /etc/php/*; do
+    if [ -d "${PHPV}" ]; then
+        # PHPVER=$(basename ${PHPV})
+        POOLD="${PHPV}/fpm/pool.d"
+        fpmconf="$POOLD/$domain.conf"
+        if [ -f "$fpmconf" ]; then
+            rm $fpmconf
+            echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
+        fi
+        POOLD="${PHPV}/fpm/pool.d-ioncube"
+        fpmconf="$POOLD/$domain.conf"
+        if [ -f "$fpmconf" ]; then
+            rm $fpmconf
+            echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log
+        fi
+    fi
+done
+
 # Deleting domain from web.conf
 sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf
 
@@ -105,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error*
 
 # Deleting directory
 rm -rf $HOMEDIR/$user/web/$domain
+if [ -d "/hdd/home/$user/web/$domain" ]; then
+    rm -rf /hdd/home/$user/web/$domain
+fi
 
 
 #----------------------------------------------------------#

bin/v-delete-web-domain-ssl

@@ -57,8 +57,14 @@ fi
 
 # Deleting old certificate
 tmpdir=$(mktemp -p $HOMEDIR/$user/web/$domain/private -d)
-rm -f $HOMEDIR/$user/conf/web/ssl.$domain.*
-mv $USER_DATA/ssl/$domain.* $tmpdir
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.ca
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.crt
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.key
+rm -f $HOMEDIR/$user/conf/web/ssl.$domain.pem
+mv $USER_DATA/ssl/$domain.ca $tmpdir
+mv $USER_DATA/ssl/$domain.crt $tmpdir
+mv $USER_DATA/ssl/$domain.key $tmpdir
+mv $USER_DATA/ssl/$domain.pem $tmpdir
 chown -R $user:$user $tmpdir
 
 

bin/v-delete-wordpress-uploads-php-files

@@ -0,0 +1,64 @@
+#!/bin/bash
+# info: delete PHP files from WordPress uploads folder
+# options: DOMAIN
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; }
+source /etc/profile
+
+DOMAIN="$1"
+[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; }
+
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; }
+
+WP_PATH="/home/$USER/web/$DOMAIN/public_html"
+[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; }
+
+quarantined=0;
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+cd "$WP_PATH" || exit 1
+
+files=$(find wp-content/uploads/ -type f -name "*.php")
+
+if [ -z "$files" ]; then
+    echo "= No PHP files found in WordPress uploads folder."
+    exit 0;
+fi
+
+echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :"
+echo "-------------------------------------"
+echo "$files"
+echo "-------------------------------------"
+
+read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty
+if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then
+    for file in $files; do
+        source_file="/home/$USER/web/$DOMAIN/public_html/$file"
+        destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file"
+        destination_folder=$(dirname "$destination_file")
+        mkdir -p "$destination_folder"
+        chown $USER:$USER "$destination_folder"
+        mv "$source_file" "$destination_file"
+        echo "= File $source_file moved to $destination_file"
+        quarantined=1;
+    done
+    chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN"
+fi
+
+echo ""
+if [ $quarantined -eq 1 ]; then
+    echo "= All PHP files moved to quarantine."
+    echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN"
+else
+    echo "= No PHP files found in WordPress uploads folder."
+fi
+
+exit 0;

bin/v-desinfect-wordpress

@@ -0,0 +1,86 @@
+#!/bin/bash
+# info: disinfect a WordPress site with several maintenance commands
+# options: DOMAIN
+
+# -------------------------------------------------------- #
+#                    variables and checks                  #
+# -------------------------------------------------------- #
+
+if [ "$(whoami)" != "root" ]; then
+    echo "You must be root to run this command."
+    exit 1
+fi
+
+# make sure all Vesta helper scripts are reachable
+export PATH="/usr/local/vesta/bin:$PATH"
+source /etc/profile
+
+domain="$1"
+if [ -z "$domain" ]; then
+    echo "Usage: v-desinfect-wp DOMAIN"
+    exit 1
+fi
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain")
+if [ -z "$user" ]; then
+    echo "Domain $domain does not exist."
+    exit 1
+fi
+
+if [ ! -f "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ]; then
+    echo "= WordFence CLI is not installed. Installing..."
+    /usr/local/vesta/bin/v-install-wordfence-cli
+fi
+
+# absolute paths to maintenance scripts, in desired order
+declare -a tasks=(
+    "/usr/local/vesta/bin/v-change-database-password-for-wordpress"
+    "/usr/local/vesta/bin/v-change-wordpress-admin-passwords"
+    "/usr/local/vesta/bin/v-fix-wordpress-core"
+    "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes"
+    "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files"
+    "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
+    "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
+)
+
+# -------------------------------------------------------- #
+#                    execution strategy                    #
+# -------------------------------------------------------- #
+
+echo
+read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty
+
+if [[ "$run_all" =~ ^[Yy]$ ]]; then
+    echo "Running all maintenance steps for $domain"
+    automatic=true
+else
+    echo
+    echo "Selective mode. You will be asked for each step."
+    automatic=false
+fi
+
+for cmd in "${tasks[@]}"; do
+    if [ ! -x "$cmd" ]; then
+        echo "Command $cmd not found or not executable, skipping."
+        continue
+    fi
+
+    if [ "$automatic" = false ]; then
+        while true; do
+            read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty
+            case "$yn" in
+                [Yy]* ) break ;;
+                [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;;
+                * )     echo "Please answer y or n." ;;
+            esac
+        done
+    fi
+
+    echo
+    echo "=== $(basename "$cmd") $domain ==="
+    "$cmd" "$domain"
+done
+
+echo
+echo "Done."
+exit 0

bin/v-df-snapshot-diff

@@ -0,0 +1,102 @@
+#!/bin/bash
+# info: Make a diff between two snapshots of the disk usage
+# options: FILE1 FILE2
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Let's declare three associative arrays
+declare -A FILE1
+declare -A FILE2
+declare -A FILED
+
+file1=$1
+file2=$2
+
+if [[ ! "$file1" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then
+    file1="/usr/local/vesta/data/df/$file1"
+fi
+
+if [[ ! "$file2" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then
+    file2="/usr/local/vesta/data/df/$file2"
+fi
+
+if [ ! -f "$file1" ]; then
+    echo "File $file1 not found"
+    exit 1
+fi
+
+if [ ! -f "$file2" ]; then
+    echo "File $file2 not found"
+    exit 1
+fi
+
+timestamp=$(date +%Y-%m-%d-%H-%M-%S)
+mkdir -p /usr/local/vesta/data/df-diff
+file0="/usr/local/vesta/data/df-diff/diff-$timestamp.txt"
+file0s="/usr/local/vesta/data/df-diff/diff-size-sorted-$timestamp.txt"
+file0f="/usr/local/vesta/data/df-diff/diff-folder-sorted-$timestamp.txt"
+touch $file0
+
+# Let's load the first file and fill the array FILE1
+while IFS=$'\t' read SIZE DIRECTORY; do
+    # Skip blank lines or lines that are not in the correct format
+    [[ -z "$DIRECTORY" ]] && continue
+    [[ "$DIRECTORY" = "total" ]] && continue
+    # Insert values into the array
+    FILE1["$DIRECTORY"]="$SIZE"
+done < "$file1"
+
+# Let's load the second file and fill the array FILE2
+while IFS=$'\t' read SIZE DIRECTORY; do
+    # Skip blank lines or lines that are not in the correct format
+    [[ -z "$DIRECTORY" ]] && continue
+    [[ "$DIRECTORY" = "total" ]] && continue
+    # Insert values into the array
+    FILE2["$DIRECTORY"]="$SIZE"
+done < "$file2"
+
+# We iterate through FILE1 and look for the matching key in FILE2
+for k in "${!FILE1[@]}"; do
+    if [[ -v FILE2["$k"] ]]; then
+        # If there is the same folder (KEY) in FILE2
+        DIFF=$(( ${FILE2[$k]} - ${FILE1[$k]} ))
+        FILED["$k"]=$DIFF
+        echo -e "${DIFF}\t${k}" >> $file0
+    else
+        # If the folder (KEY) is not found in FILE2
+        FILED["$k"]=${FILE1["$k"]}
+        echo -e "${FILE1["$k"]}\t${k}" >> $file0
+    fi
+done
+
+# sorted by size
+sort -nr -k1,1 $file0 > $file0s
+
+# sorted by folders
+while IFS=$'\t' read SIZE DIRECTORY; do
+    [[ -z "$DIRECTORY" ]] && continue
+    [[ "$DIRECTORY" = "total" ]] && continue
+    echo -e "$DIRECTORY\t${FILED["$DIRECTORY"]}" >> $file0f
+done < "$file2"
+
+chmod 600 $file0 $file0s $file0f
+chown root:root $file0 $file0s $file0f
+
+echo "Done."
+echo "You can do:"
+echo "mcview $file0"
+echo "mcview $file0s"
+echo "mcview $file0f"
+echo "--------------------------------"
+echo "Here is the first 30 lines of the diff, sorted by size (descending, in MB):"
+head -n 30 $file0s
+echo "--------------------------------"
+echo "Here is the first 30 lines of the diff, sorted by folders (in MB):"
+head -n 30 $file0f
+echo "--------------------------------"
+
+exit 0

bin/v-df-snapshot-logs-cleaner

@@ -0,0 +1,11 @@
+#!/bin/bash
+# info: Clean up old snapshots of the disk usage
+# options: NONE
+
+folder="/usr/local/vesta/data/df"
+mkdir -p $folder
+find $folder -type f -mtime +30 -delete
+
+folder="/usr/local/vesta/data/df-diff"
+mkdir -p $folder
+find $folder -type f -mtime +30 -delete

bin/v-df-snapshot-make

@@ -0,0 +1,52 @@
+#!/bin/bash
+# info: Make a snapshot of the disk usage
+# options: NONE
+
+folder="/usr/local/vesta/data/df"
+
+mkdir -p $folder
+timestamp=$(date +%Y-%m-%d-%H-%M-%S)
+
+du --max-depth=1 -m -x / > $folder/snapshot-$timestamp.txt
+
+du --max-depth=6 -m -x /home > $folder/snapshot-temp.txt
+for i in {2..7}; do
+    while IFS= read -r line; do
+        count=0
+        for (( j=0; j<${#line}; j++ )); do
+            if [[ ${line:j:1} == "/" ]]; then
+                ((count++))
+            fi
+        done
+        if [ $count -eq $i ]; then
+            printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt
+        fi
+    done < $folder/snapshot-temp.txt
+done
+rm $folder/snapshot-temp.txt
+
+if [ -d "/hdd" ]; then
+    du --max-depth=7 -m -x /hdd > $folder/snapshot-temp.txt
+    for i in {1..8}; do
+        while IFS= read -r line; do
+            count=0
+            for (( j=0; j<${#line}; j++ )); do
+                if [[ ${line:j:1} == "/" ]]; then
+                    ((count++))
+                fi
+            done
+            if [ $count -eq $i ]; then
+                printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt
+            fi
+        done < $folder/snapshot-temp.txt
+    done
+    rm $folder/snapshot-temp.txt
+fi
+
+du --max-depth=1 -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt
+du --max-depth=1 -m -x /var/log >> $folder/snapshot-$timestamp.txt
+
+chmod 600 $folder/snapshot-$timestamp.txt
+chown root:root $folder/snapshot-$timestamp.txt
+
+exit 0

bin/v-edit-domain-php-ini

@@ -0,0 +1,90 @@
+#!/bin/bash
+# info: Edit php.ini for certain domain
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    # echo "Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain)
+
+if [ -z "$fpm_ver" ]; then
+    echo "PHP version for domain $domain could not be determined."
+    exit 1
+fi
+
+config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf"
+
+if command -v mcedit >/dev/null; then
+    mcedit "$config_file"
+else
+    nano "$config_file"
+fi
+
+echo "Restarting PHP-FPM service for PHP version ${fpm_ver}"
+systemctl restart php${fpm_ver}-fpm
+if [ $? -ne 0 ]; then
+    systemctl status php${fpm_ver}-fpm
+    echo "========================="
+    echo ""
+    echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!"
+    echo ""
+    exit $E_RESTART;
+else
+    echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully."
+fi
+echo ""
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;

bin/v-edit-php-ini

@@ -0,0 +1,70 @@
+#!/bin/bash
+# info: Edit php.ini for a specific PHP version
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# List available PHP versions and store them into an array
+mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php)
+
+echo "Available PHP versions:"
+PS3="Please select the PHP version you want to edit php.ini for: "
+
+select php_version in "${php_versions[@]}"; do
+    if [[ -n $php_version ]]; then
+        break
+    else
+        echo "Invalid choice. Please try again."
+    fi
+done
+
+# Define path to the php.ini file
+php_ini_path="/etc/php/${php_version}/fpm/php.ini"
+
+# Check if php.ini exists for the selected version
+if [[ ! -f "$php_ini_path" ]]; then
+    echo "The php.ini file for the selected PHP version ($php_version) does not exist."
+    exit 1
+fi
+
+# Determine the text editor to use
+if command -v mcedit >/dev/null 2>&1; then
+    editor_cmd="mcedit"
+elif command -v nano >/dev/null 2>&1; then
+    editor_cmd="nano"
+else
+    echo "No supported text editor found. Please install 'mcedit' or 'nano'."
+    exit 1
+fi
+
+# Open php.ini for the chosen PHP version in the selected editor
+echo "Opening $php_ini_path in editor $editor_cmd..."
+$editor_cmd "$php_ini_path"
+
+# Restart the PHP-FPM service for the selected version
+echo "Restarting the PHP-FPM service for PHP version $php_version..."
+systemctl restart php${php_version}-fpm
+if [ $? -ne 0 ]; then
+    systemctl status php${php_version}-fpm
+    echo "========================="
+    echo ""
+    echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!"
+    echo ""
+    exit $E_RESTART;
+else
+    echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully."
+fi
+
+#----------------------------------------------------------#
+#                       Exit                               #
+#----------------------------------------------------------#
+
+exit 0;

bin/v-ensure-poold-folders-not-empty

@@ -0,0 +1,31 @@
+#!/bin/bash
+# info: ensure that pool.d folders are not empty
+# options: 
+#
+# The function ensure that pool.d folders are not empty
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+ensure_poold_folders_not_empty
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-extract-fs-archive

@@ -82,7 +82,7 @@ fi
 # Extracting ziped archive
 if [ ! -z "$(echo $src_file |grep -i  '.zip')" ]; then
     sudo -u $user mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
+    sudo -u $user unzip -o "$src_file" -d "$dst_dir" >/dev/null 2>&1
     rc=$?
 fi
 

bin/v-file-replace-string

@@ -0,0 +1,17 @@
+#!/usr/bin/php
+<?php
+
+include ("/usr/local/vesta/func/main.php");
+include ("/usr/local/vesta/func/string.php");
+
+myvesta_check_args (3, 'find replace file');
+
+echo "Find: ".$find."\n";
+echo "Replace: ".$replace."\n";
+echo "File: ".$file."\n";
+
+$r=myvesta_replace_in_file($find, $replace, $file);
+
+if ($r) echo "Replacing done!\n";
+
+myvesta_exit(0);

bin/v-fix-php-ini-disable-functions

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1;
+fi
+
+if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi;
+
+echo "=== Fixing php.ini files to have the correct disable_functions line"
+
+export NOTFOUNDVAL="exec,system,passthru,shell_exec"
+export LINEBEGINSWITH="disable_functions ="
+export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen"
+
+find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _
+
+export NOTFOUNDVAL2="^$LINEBEGINSWITH"
+export REMOVELINETHATCONTAINS=$LINEBEGINSWITH
+
+find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _
+
+if [ -f "/tmp/patched" ]; then
+    rm /tmp/patched
+
+    echo "== Restarting all PHP-FPM services"
+    systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart
+
+    echo "=== Everything done."
+else
+    echo "=== Everything is already correct."
+fi
+
+exit 0;

bin/v-fix-user-permissions

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+# info:
+# This script will fix files permissions for desired user (if ownership is lost or files have wrong chmod)
+
+# options: user
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ] && [ "$whoami" != "admin" ] ; then
+    echo "You must be root or admin to execute this script";
+    exit 1;
+fi
+
+# Argument definition
+user=$1
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'USER'
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+find /home/$user/conf/mail/ -type d -exec chown Debian-exim:mail {} \;
+find /home/$user/conf/mail/*/ -type f -exec chown Debian-exim:mail {} \;
+find /home/$user/conf/mail/*/ -name "passwd" -type f -exec chown dovecot:mail {} \;
+
+find /home/$user/mail/ -type d -exec chown $user:mail {} \;
+find /home/$user/mail/*/ -type d -exec chown $user:mail {} \;
+find /home/$user/mail/*/ -type f -exec chown $user:mail {} \;
+find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \;
+find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \;
+find /home/$user/mail/*/ -type f -exec chmod u+rw {} \;
+find /home/$user/mail/*/ -type f -exec chmod g+rw {} \;
+find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \;
+
+find /home/$user/conf/dns/ -type f -exec chown root:bind {} \;
+find /home/$user/conf/ -type d -exec chown root:root {} \;
+
+for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+    /usr/local/vesta/bin/v-fix-website-permissions $domain $user
+    echo "--------------------------------"
+done
+
+echo "Done, permissions fixed for user: $user"
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-fix-website-permissions

@@ -0,0 +1,161 @@
+#!/bin/bash
+# info: Fixing chown and chmod permissions for a website
+# options: DOMAIN [USER]
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/conf/vesta.conf
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "Error: Folder /home/$user doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Going to domain directory
+cd /home/$USER/web/$domain
+
+# Ownership check
+if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
+    owner=$(stat -c '%U' "public_html/index.php")
+    if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
+        echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
+        exit 1
+    fi
+fi
+
+echo "Updating permissions and ownership for /home/$USER/web/$domain/"
+
+php_chmod_allowed=1
+if [ -f "/home/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+
+# === General files and directories permissions ===
+if [ "$php_chmod_allowed" -eq 1 ]; then
+    # New way of fixing permissions
+    # Fixing permissions
+    find public_html/ -type d ! -perm 755 -exec chmod 755 {} +
+    find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} +
+
+    # Fixing ownership
+    find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} +
+    find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
+else
+    # Old way of fixing permissions
+    # Fixing permissions
+    find public_html/ -type d ! -perm 755 -exec chmod 755 {} +
+    find public_html/ -type f ! -perm 644 -exec chmod 644 {} +
+
+    # Fixing ownership
+    find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} +
+    find public_html/ -type f ! -user $USER -exec chown $USER:$USER {} +
+fi
+
+# === PHP and .env permissions ===
+if [ "$php_chmod_allowed" -eq 1 ]; then
+    php_chmod="600"
+
+    if [ "$WEB_SYSTEM" = 'nginx' ]; then
+        php_chmod="644"
+    fi
+
+    if [ -f "/home/php_chmod" ]; then
+        php_chmod=$(cat /home/php_chmod)
+    fi
+    if [ -f "/home/$USER/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/$domain/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/$domain/php_chmod)
+    fi
+
+    # Setting chmod 600 for all .php and .env files
+    echo "= Setting chmod $php_chmod for all .php and .env files"
+    # Fixing permissions
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} +
+    # Fixing ownership
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
+fi
+
+# === Symlinks ownership ===
+symlink_chown_allowed=1
+if [ -f "/home/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+if [ -f "/home/$USER/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+if [ -f "/home/$USER/web/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+if [ -f "/home/$USER/web/$domain/symlink_chown_disabled" ]; then
+    symlink_chown_allowed=0
+fi
+
+if [ "$symlink_chown_allowed" -eq 1 ]; then
+    find -type l ! -user $USER -exec chown -h $USER:$USER {} +
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+echo "Permissions for $domain have been successfully updated."
+
+exit 0

bin/v-fix-website-permissions-for-all-websites

@@ -0,0 +1,41 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        /usr/local/vesta/bin/v-fix-website-permissions $domain $user
+        echo "--------------------------------"
+    done
+
+done
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-fix-website-permissions-for-all-websites-only-php

@@ -0,0 +1,44 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+touch /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
+truncate -s 0 /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        /usr/local/vesta/bin/v-fix-website-permissions-only-php $domain $user >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log 2>&1
+        echo "--------------------------------" >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log
+    done
+
+done
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-fix-website-permissions-only-php

@@ -0,0 +1,121 @@
+#!/bin/bash
+# info: Fixing PHP and .env permissions and ownership for a website
+# options: DOMAIN [USER]
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Argument definition
+domain=$1
+
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/conf/vesta.conf
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    echo "Error: Folder /home/$user doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Going to domain directory
+cd /home/$USER/web/$domain
+
+# Ownership check
+if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then
+    owner=$(stat -c '%U' "public_html/index.php")
+    if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
+        echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
+        exit 1
+    fi
+fi
+
+echo "Updating PHP and .env permissions and ownership for /home/$USER/web/$domain/"
+
+php_chmod_allowed=1
+if [ -f "/home/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then
+    php_chmod_allowed=0
+fi
+
+# === PHP and .env permissions ===
+if [ "$php_chmod_allowed" -eq 1 ]; then
+    php_chmod="600"
+
+    if [ "$WEB_SYSTEM" = 'nginx' ]; then
+        php_chmod="644"
+    fi
+
+    if [ -f "/home/php_chmod" ]; then
+        php_chmod=$(cat /home/php_chmod)
+    fi
+    if [ -f "/home/$USER/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/php_chmod)
+    fi
+    if [ -f "/home/$USER/web/$domain/php_chmod" ]; then
+        php_chmod=$(cat /home/$USER/web/$domain/php_chmod)
+    fi
+
+    # Setting chmod 600 for all .php and .env files
+    echo "= Setting chmod $php_chmod for all .php and .env files"
+    # Fixing permissions
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} +
+    # Fixing ownership
+    find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} +
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+echo "PHP and .env permissions and ownership for $domain have been successfully updated."
+
+exit 0

bin/v-fix-wordpress-core

@@ -0,0 +1,115 @@
+#!/bin/bash
+# info: fix compromised wp-admin and wp-includes
+# options: DOMAIN [CACHE_DIR]
+#
+# Replaces wp-admin and wp-includes with clean copies that match
+# the WordPress core version detected on the site.
+#
+# Example:
+#   v-fix-wp-core example.com
+#   v-fix-wp-core example.com /srv/wp-cache
+
+#----------------------------------------------------------#
+#                    Variable & Function                   #
+#----------------------------------------------------------#
+
+# Arguments
+DOMAIN="$1"
+CACHE_DIR="${2-/srv/wp-cache}"       # default cache location
+
+QUARANTINE_DIR="/srv/wp-quarantine"
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+check_args '1' "$#" 'DOMAIN [CACHE_DIR]'
+is_format_valid 'domain'
+
+#----------------------------------------------------------#
+#                         Action                           #
+#----------------------------------------------------------#
+
+TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)"  # temp workspace
+trap 'rm -rf "$TMP_DIR"' EXIT
+
+# 1etermine WP version
+if [ -z "$PHP" ]; then
+    WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
+else
+    WP_VERSION="$(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')"
+fi
+
+check_result $? "cannot detect WP version" > /dev/null
+if [ -z "$WP_VERSION" ]; then
+    check_result 1 "empty WP version string"
+fi
+echo "Detected WordPress version $WP_VERSION"
+
+# 2ind site owner and path
+USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")"
+check_result $? "cannot find domain owner" > /dev/null
+SITE_PATH="/home/$USER/web/$DOMAIN/public_html"
+if [ ! -d "$SITE_PATH" ]; then
+    check_result 1 "site path $SITE_PATH does not exist"
+fi
+
+# ensure cached core is present
+CACHE_PATH="$CACHE_DIR/$WP_VERSION"
+if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then
+    echo "Cache for $WP_VERSION missing, downloading ZIP..."
+
+    mkdir -p "$CACHE_PATH"
+    ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip"
+    ZIP_FILE="$TMP_DIR/wp.zip"
+
+    curl -fSL "$ZIP_URL" -o "$ZIP_FILE"
+    check_result $? "download failed" > /dev/null
+
+    unzip -q "$ZIP_FILE" -d "$TMP_DIR"
+    check_result $? "unzip failed" > /dev/null
+
+    mv "$TMP_DIR/wordpress/wp-admin"    "$CACHE_PATH/"
+    mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/"
+    cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/"
+fi
+
+# backup current core folders
+TIMESTAMP="$(date +%Y%m%d%H%M%S)"
+BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP"
+mkdir -p "$BACKUP_DIR"
+mv "$SITE_PATH/wp-admin"    "$BACKUP_DIR/"
+mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/"
+
+for f in "$SITE_PATH"/*.php; do
+    [[ $(basename "$f") == "wp-config.php" ]] && continue
+    mv "$f" "$BACKUP_DIR/"
+done
+if [ -f "$SITE_PATH/.user.ini" ]; then
+    mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/"
+fi
+
+# chown -R www-data:www-data "$BACKUP_DIR"
+check_result $? "backup failed" > /dev/null
+echo "Old core folders moved to $BACKUP_DIR"
+
+# deploy clean core
+rsync -a --delete "$CACHE_PATH/wp-admin/"    "$SITE_PATH/wp-admin/"
+rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/"
+check_result $? "rsync failed" > /dev/null
+
+for corephp in "$CACHE_PATH"/*.php; do
+    base=$(basename "$corephp")
+    [ "$base" = "wp-config.php" ] && continue
+    rsync -a "$corephp" "$SITE_PATH/$base"
+done
+
+# fix permissions
+SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN
+# chown -R www-data:www-data "$BACKUP_DIR"
+
+echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN"
+exit

bin/v-generate-api-key

@@ -23,6 +23,7 @@ HASH=$(keygen)
 
 if [ ! -d ${KEYS} ]; then
   mkdir ${KEYS}
+  chmod 0770 ${KEYS}
 fi
 
 if [[ -e ${KEYS}${HASH} ]] ; then

bin/v-generate-ssl-cert

@@ -67,7 +67,7 @@ fi
 
 args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
 check_args '7' "$#" "$args_usage"
-is_format_valid 'domain_alias' 'format'
+is_format_valid 'domain' 'alias' 'format'
 
 
 #----------------------------------------------------------#

bin/v-get-database-credentials-of-domain

@@ -0,0 +1,181 @@
+#!/bin/bash
+
+# info: get database credentials and other basic data of domain
+# options: DOMAIN [SUBFOLDER]
+#
+# The function get database credentials and other basic data of domain.
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Argument definition
+DOMAIN=$1
+SUBFOLDER=''
+if [ $# -gt 1 ]; then
+    SUBFOLDER=$2
+fi
+
+# Importing system environment
+source /etc/profile
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/db.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN [SUBFOLDER]'
+is_domain_format_valid "$DOMAIN"
+
+USER=$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")
+if [ -z "$USER" ]; then
+    echo "Error: domain $DOMAIN does not exists"
+    exit 2
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+PUBLIC_HTML='public_html';
+CHECK_PUBLIC_SHTML=$(/usr/local/vesta/bin/v-list-web-domain "$USER" "$DOMAIN" | grep 'SSL:' | grep -c 'single')
+if [ $CHECK_PUBLIC_SHTML -eq 1 ]; then
+    PUBLIC_HTML='public_shtml';
+fi
+SITE_FOLDER="/home/$USER/web/$DOMAIN/$PUBLIC_HTML"
+
+if [ ! -z "$SUBFOLDER" ]; then
+    SITE_FOLDER="${SITE_FOLDER}/${SUBFOLDER}"
+fi
+
+CMS_TYPE=''
+
+if [ -f "$SITE_FOLDER/wp-config.php" ]; then
+    CMS_TYPE='wordpress'
+    CONFIG_FILE="wp-config.php"
+    CONFIG_FILE_FULL_PATH="$SITE_FOLDER/$CONFIG_FILE"
+fi
+if [ -f "$SITE_FOLDER/configuration.php" ]; then
+    CMS_TYPE='joomla'
+    CONFIG_FILE="configuration.php"
+    CONFIG_FILE_FULL_PATH="$SITE_FOLDER/$CONFIG_FILE"
+fi
+if [ -f "$SITE_FOLDER/system/engine/model.php" ]; then
+    check_grep=$(grep -c 'OpenCart' $SITE_FOLDER/system/engine/model.php)
+    if [ "$check_grep" -gt 0 ]; then
+        CMS_TYPE='opencart'
+        CONFIG_FILE="$PUBLIC_HTML/config.php"
+        SUBFOLDER='..'
+        SITE_FOLDER="${SITE_FOLDER}/.."
+        CONFIG_FILE_FULL_PATH="$SITE_FOLDER/$CONFIG_FILE"
+    fi
+fi
+
+if [ "$CMS_TYPE" = "wordpress" ]; then
+    CONFIG_FILE_FULL_PATH_BACKUP="${CONFIG_FILE_FULL_PATH}_backup"
+    cp $CONFIG_FILE_FULL_PATH $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|//.*$||g" $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|\"|'|g" $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|('|( '|g" $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|');|' );|g" $CONFIG_FILE_FULL_PATH_BACKUP
+    DATABASE_NAME=$(grep 'DB_NAME' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//")
+    DATABASE_USERNAME=$(grep 'DB_USER' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//")
+    DATABASE_PASSWORD=$(grep 'DB_PASSWORD' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//")
+    DATABASE_HOSTNAME=$(grep 'DB_HOST' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//")
+    rm $CONFIG_FILE_FULL_PATH_BACKUP
+fi
+
+if [ "$CMS_TYPE" = "joomla" ]; then
+    CONFIG_FILE_FULL_PATH_BACKUP="${CONFIG_FILE_FULL_PATH}_backup"
+    cp $CONFIG_FILE_FULL_PATH $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|//.*$||g" $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|='|= '|g" $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|= '| = '|g" $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|  =| =|g" $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|';$|'|g" $CONFIG_FILE_FULL_PATH_BACKUP
+    DATABASE_NAME=$(grep 'public $db ' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $4}' | sed -e "s/^'//" -e "s/'$//")
+    DATABASE_USERNAME=$(grep 'public $user ' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $4}' | sed -e "s/^'//" -e "s/'$//")
+    DATABASE_PASSWORD=$(grep 'public $password ' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $4}' | sed -e "s/^'//" -e "s/'$//")
+    DATABASE_HOSTNAME=$(grep 'public $host ' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $4}' | sed -e "s/^'//" -e "s/'$//")
+    rm $CONFIG_FILE_FULL_PATH_BACKUP
+fi
+
+if [ "$CMS_TYPE" = "opencart" ]; then
+    CONFIG_FILE_FULL_PATH_BACKUP="${CONFIG_FILE_FULL_PATH}_backup"
+    cp $CONFIG_FILE_FULL_PATH $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|//.*$||g" $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|('|( '|g" $CONFIG_FILE_FULL_PATH_BACKUP
+    sed -i "s|');|' );|g" $CONFIG_FILE_FULL_PATH_BACKUP
+    DATABASE_NAME=$(grep 'DB_DATABASE' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//")
+    DATABASE_USERNAME=$(grep 'DB_USERNAME' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//")
+    DATABASE_PASSWORD=$(grep 'DB_PASSWORD' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//")
+    DATABASE_HOSTNAME=$(grep 'DB_HOST' $CONFIG_FILE_FULL_PATH_BACKUP | awk '{print $3}' | sed -e "s/^'//" -e "s/'$//")
+    rm $CONFIG_FILE_FULL_PATH_BACKUP
+fi
+
+
+if [ ! -z "$DATABASE_NAME" ]; then
+    DATABASE_NAME_WITHOUT_USER_PREFIX=$(get_database_name_without_user_prefix "$USER" "$DATABASE_NAME")
+fi
+if [ ! -z "$DATABASE_USERNAME" ]; then
+    DATABASE_USERNAME_WITHOUT_USER_PREFIX=$(get_database_name_without_user_prefix "$USER" "$DATABASE_USERNAME")
+fi
+
+DATABASE_NAME_WITHOUT_USER_PREFIX=$(escape_shell_quote $DATABASE_NAME_WITHOUT_USER_PREFIX)
+echo "DATABASE_NAME_WITHOUT_USER_PREFIX=$DATABASE_NAME_WITHOUT_USER_PREFIX"
+
+DATABASE_USERNAME_WITHOUT_USER_PREFIX=$(escape_shell_quote $DATABASE_USERNAME_WITHOUT_USER_PREFIX)
+echo "DATABASE_USERNAME_WITHOUT_USER_PREFIX=$DATABASE_USERNAME_WITHOUT_USER_PREFIX"
+
+DATABASE_NAME=$(escape_shell_quote $DATABASE_NAME)
+echo "DATABASE_NAME=$DATABASE_NAME"
+
+DATABASE_USERNAME=$(escape_shell_quote $DATABASE_USERNAME)
+echo "DATABASE_USERNAME=$DATABASE_USERNAME"
+
+DATABASE_PASSWORD=$(escape_shell_quote $DATABASE_PASSWORD)
+echo "DATABASE_PASSWORD=$DATABASE_PASSWORD"
+
+DATABASE_HOSTNAME=$(escape_shell_quote $DATABASE_HOSTNAME)
+echo "DATABASE_HOSTNAME=$DATABASE_HOSTNAME"
+
+CONFIG_FILE_FULL_PATH=$(escape_shell_quote $CONFIG_FILE_FULL_PATH)
+echo "CONFIG_FILE_FULL_PATH=$CONFIG_FILE_FULL_PATH"
+
+CONFIG_FILE=$(escape_shell_quote $CONFIG_FILE)
+echo "CONFIG_FILE=$CONFIG_FILE"
+
+CMS_TYPE=$(escape_shell_quote $CMS_TYPE)
+echo "CMS_TYPE=$CMS_TYPE"
+
+SITE_FOLDER=$(escape_shell_quote $SITE_FOLDER)
+echo "SITE_FOLDER=$SITE_FOLDER"
+
+SUBFOLDER=$(escape_shell_quote $SUBFOLDER)
+echo "SITE_SUBFOLDER=$SUBFOLDER"
+
+USER=$(escape_shell_quote $USER)
+echo "SITE_USER=$USER"
+
+if [ "$CMS_TYPE" = "'opencart'" ]; then
+    echo "SEARCH_FOR_CONFIGS_DATABASE_NAME=1"
+    echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME=1"
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-get-dns-config

@@ -0,0 +1,70 @@
+#!/bin/bash
+# info: Get domain DNS config.db file content
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    # echo "Domain doesn't exist";
+    exit 1;
+fi
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+DNS_FILE="/home/$user/conf/dns/$domain.db"
+
+if [ -f "$DNS_FILE" ]; then
+    cat "$DNS_FILE"
+else
+    echo "DNS configuration file for $domain does not exist."
+    exit 1
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 0;

bin/v-get-php-version-of-domain

@@ -0,0 +1,72 @@
+#!/bin/bash
+# info: Check PHP version used for certain domain
+# options: DOMAIN 
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+whoami=$(whoami)
+if [ "$whoami" != "root" ]; then
+    echo "You must be root to execute this script"
+    exit 1
+fi
+
+# Importing system environment
+source /etc/profile
+
+SILENT_MODE=1
+
+# Argument definition
+domain=$1
+
+user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+USER=$user
+
+# Includes
+source /usr/local/vesta/func/main.sh
+source /usr/local/vesta/func/domain.sh
+
+if [ -z "$user" ]; then
+    check_result $E_NOTEXIST "domain $domain doesn't exist"
+fi
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'DOMAIN'
+is_format_valid 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+
+if [ ! -d "/home/$user" ]; then
+    # echo "User doesn't exist";
+    exit 1;
+fi
+
+if [ ! -d "/home/$user/web/$domain/public_html" ]; then
+    # echo "Domain doesn't exist";
+    exit 1;
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+
+TPL=$(/usr/local/vesta/bin/v-list-web-domain $user $domain shell | grep 'TEMPLATE:' | awk '{print $2}')
+if [[ $TPL == "PHP-FPM-"* ]]; then
+    fpm_tpl_ver=${TPL:8:2}
+    fpm_ver="${TPL:8:1}.${TPL:9:1}"
+    echo "$fpm_ver"
+    exit 0;
+fi
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit 1;

bin/v-get-user-salt

@@ -0,0 +1,118 @@
+#!/bin/bash
+# info: get user salt
+# options: USER [IP] [FORMAT]
+#
+# The function provides users salt
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+ip=${2-127.0.0.1}
+format=${3-shell}
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/conf/vesta.conf
+
+time_n_date=$(date +'%T %F')
+time=$(echo "$time_n_date" |cut -f 1 -d \ )
+date=$(echo "$time_n_date" |cut -f 2 -d \ )
+
+# JSON list function
+json_list() {
+    echo '{'
+    echo '    "'$user'": {
+        "METHOD": "'$method'",
+        "SALT": "'$salt'",
+        "TIME": "'$time'",
+        "DATE": "'$date'"
+        }'
+    echo '}'
+}
+
+# SHELL list function
+shell_list() {
+    echo "METHOD:         $method"
+    echo "SALT:           $salt"
+}
+
+# PLAIN list function
+plain_list() {
+    echo -e "$method\t$salt"
+}
+
+# CSV list function
+csv_list() {
+    echo "METHOD,SALT"
+    echo "$method, $salt"
+}
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+
+check_args '1' "$#" 'USER [IP] [SALT]'
+is_format_valid 'user'
+
+# Checking user
+if [ ! -d "$VESTA/data/users/$user" ]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Parsing user's salt
+shadow=$(grep "^$user:" /etc/shadow | cut -f 2 -d :)
+
+if echo "$shadow" | grep -qE '^\$[0-9a-z]+\$[^\$]+\$'
+then
+    salt=$(echo "$shadow" |cut -f 3 -d \$)
+    method=$(echo "$shadow" |cut -f 2 -d \$)
+    if [ "$method" -eq '1' ]; then
+        method='md5'
+    elif [ "$method" -eq '6' ]; then
+        method='sha-512'
+    else
+        echo "Error: password missmatch"
+        echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+        exit 9
+    fi
+else
+    salt=${shadow:0:2}
+    method='des'
+fi
+
+if [ -z "$salt" ]; then
+    echo "Error: password missmatch"
+    echo "$date $time $user $ip failed to login" >> $VESTA/log/auth.log
+    exit 9
+fi
+
+
+# Listing data
+case $format in
+    json)   json_list ;;
+    plain)  plain_list ;;
+    csv)    csv_list ;;
+    shell)  shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+
+exit

bin/v-grep

@@ -0,0 +1,27 @@
+#!/bin/bash
+# info: calling myvesta_grep PHP function
+# options: PARAMETERS
+#
+# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression)
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+
+if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then
+    STDIN=$(cat -)
+    if [ ! -z "$STDIN" ]; then
+        shift;
+        echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@"
+        exit $?
+    fi
+fi
+
+if [ "$1" == "--stdin" ]; then
+    shift;
+    php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@"
+else
+    php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@"
+fi
+exit $?