Improved code formating

2025-08-20 21:34:11 -07:00 · 2014-07-30 15:34:34 +03:00 · 2014-07-30 15:34:34 +03:00 · 2558fa550d
commit 2558fa550d
parent 2f300aab69
15 changed files with 1723 additions and 1655 deletions
--- a/web/add/cron/index.php
+++ b/web/add/cron/index.php
@ -4,32 +4,19 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'CRON';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-// Header
+// Check POST request
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 if (!empty($_POST['ok'])) {
-    // Check input
+
    // Check empty fields
    if ((!isset($_POST['v_min'])) || ($_POST['v_min'] == '')) $errors[] = __('minute');
    if ((!isset($_POST['v_hour'])) || ($_POST['v_hour'] == '')) $errors[] = __('hour');
    if ((!isset($_POST['v_day'])) || ($_POST['v_day'] == '')) $errors[] = __('day');
    if ((!isset($_POST['v_month'])) || ($_POST['v_month'] == '')) $errors[] = __('month');
    if ((!isset($_POST['v_wday'])) || ($_POST['v_wday'] == '')) $errors[] = __('day of week');
    if ((!isset($_POST['v_cmd'])) || ($_POST['v_cmd'] == '')) $errors[] = __('cmd');
    // Protect input
    $v_min = escapeshellarg($_POST['v_min']);
    $v_hour = escapeshellarg($_POST['v_hour']);
    $v_day = escapeshellarg($_POST['v_day']);
    $v_month = escapeshellarg($_POST['v_month']);
    $v_wday = escapeshellarg($_POST['v_wday']);
    $v_cmd = escapeshellarg($_POST['v_cmd']);
    // Check for errors
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
@ -39,14 +26,24 @@ if (!empty($_POST['ok'])) {
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-    } else {
+    }
-        // Add Cron Job
+
    // Protect input
    $v_min = escapeshellarg($_POST['v_min']);
    $v_hour = escapeshellarg($_POST['v_hour']);
    $v_day = escapeshellarg($_POST['v_day']);
    $v_month = escapeshellarg($_POST['v_month']);
    $v_wday = escapeshellarg($_POST['v_wday']);
    $v_cmd = escapeshellarg($_POST['v_cmd']);
    // Add cron job
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-add-cron-job ".$user." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
        $v_type = $_POST['v_type'];
        $v_charset = $_POST['v_charset'];
        check_return_code($return_var,$output);
        unset($v_password);
        unset($output);
    }
    // Flush field values on success
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('CRON_CREATED_OK');
        unset($v_min);
@ -57,14 +54,18 @@ if (!empty($_POST['ok'])) {
        unset($v_cmd);
        unset($output);
    }
    }
 }
-exec (VESTA_CMD."v-list-database-types 'json'", $output, $return_var);
+// Header
-$db_types = json_decode(implode('', $output), true);
+include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 unset($output);
 // Panel
 top_panel($user,$TAB);
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_cron.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
--- a/web/add/db/index.php
+++ b/web/add/db/index.php
@ -6,24 +6,16 @@ session_start();
 $TAB = 'DB';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-// Header
+// Check POST request
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 $v_db_email = $panel[$user]['CONTACT'];
 if (!empty($_POST['ok'])) {
-    // Check input
+
    // Check empty fields
    if (empty($_POST['v_database'])) $errors[] = __('database');
    if (empty($_POST['v_dbuser'])) $errors[] = __('username');
    if (empty($_POST['v_password'])) $errors[] = __('password');
    if (empty($_POST['v_type'])) $errors[] = __('type');
    if (empty($_POST['v_host'])) $errors[] = __('host');
    if (empty($_POST['v_charset'])) $errors[] = __('charset');
    // Check for errors
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
@ -36,12 +28,18 @@ if (!empty($_POST['ok'])) {
    }
    // Validate email
-    if (!empty($_POST['v_db_email'])) {
+    if ((!empty($_POST['v_db_email'])) && (empty($_SESSION['error_msg']))) {
        if (!filter_var($_POST['v_db_email'], FILTER_VALIDATE_EMAIL)) {
            $_SESSION['error_msg'] = __('Please enter valid email address.');
        }
    }
    // Check password length
    if (empty($_SESSION['error_msg'])) {
        $pw_len = strlen($_POST['v_password']);
        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
    }
    // Protect input
    $v_database = escapeshellarg($_POST['v_database']);
    $v_dbuser = escapeshellarg($_POST['v_dbuser']);
@ -51,39 +49,24 @@ if (!empty($_POST['ok'])) {
    $v_host = $_POST['v_host'];
    $v_db_email = $_POST['v_db_email'];
-    // Check password length
+    // Add database
    if (empty($_SESSION['error_msg'])) {
        $pw_len = strlen($_POST['v_password']);
        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
    }
    if (empty($_SESSION['error_msg'])) {
        // Add Database
        $v_type = escapeshellarg($_POST['v_type']);
        $v_charset = escapeshellarg($_POST['v_charset']);
        $v_host = escapeshellarg($_POST['v_host']);
        exec (VESTA_CMD."v-add-database ".$user." ".$v_database." ".$v_dbuser." ".$v_password." ".$v_type." ".$v_host." ".$v_charset, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
        $v_type = $_POST['v_type'];
        $v_host = $_POST['v_host'];
        $v_charset = $_POST['v_charset'];
        check_return_code($return_var,$output);
        unset($output);
        if ((!empty($v_db_email)) && (empty($_SESSION['error_msg']))) {
            list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"]);
            if ($_POST['v_type'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/";
            if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://".$http_host."/phppgadmin/";
            $to = $v_db_email;
            $subject = __("Database Credentials");
            $hostname = exec('hostname');
            $from = __('MAIL_FROM',$hostname);
            $mailtext = __('DATABASE_READY',$user."_".$_POST['v_database'],$user."_".$_POST['v_dbuser'],$_POST['v_password'],$db_admin_link);
            send_email($to, $subject, $mailtext, $from);
    }
    // Get database manager url
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-list-sys-config json", $output, $return_var);
        $sys = json_decode(implode('', $output), true);
        unset($output);
        list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"] . ":");
        if ($_POST['v_host'] != 'localhost' ) $http_host = $_POST['v_host'];
        if ($_POST['v_type'] == 'mysql') $db_admin = "phpMyAdmin";
@ -92,7 +75,20 @@ if (!empty($_POST['ok'])) {
        if ($_POST['v_type'] == 'pgsql') $db_admin = "phpPgAdmin";
        if ($_POST['v_type'] == 'pgsql') $db_admin_link = "http://".$http_host."/phppgadmin/";
        if (($_POST['v_type'] == 'pgsql') && (!empty($sys['config']['DB_PGA_URL']))) $db_admin_link = $sys['config']['DB_PGA_URL'];
    }
    // Email login credentials
    if ((!empty($v_db_email)) && (empty($_SESSION['error_msg']))) {
        $to = $v_db_email;
        $subject = __("Database Credentials");
        $hostname = exec('hostname');
        $from = __('MAIL_FROM',$hostname);
        $mailtext = __('DATABASE_READY',$user."_".$_POST['v_database'],$user."_".$_POST['v_dbuser'],$_POST['v_password'],$db_admin_link);
        send_email($to, $subject, $mailtext, $from);
    }
    // Flush field values on success
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',$user."_".$_POST['v_database'],$user."_".$_POST['v_database']);
        $_SESSION['ok_msg'] .= " / <a href=".$db_admin_link." target='_blank'>" . __('open %s',$db_admin) . "</a>";
        unset($v_database);
@ -101,13 +97,23 @@ if (!empty($_POST['ok'])) {
        unset($v_type);
        unset($v_charset);
    }
    }
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // Get user email
 $v_db_email = $panel[$user]['CONTACT'];
 // List avaiable database types
 exec (VESTA_CMD."v-list-database-types 'json'", $output, $return_var);
 $db_types = json_decode(implode('', $output), true);
 unset($output);
 // List available database servers
 $db_hosts = array();
 foreach ($db_types as $db_type ) {
    exec (VESTA_CMD."v-list-database-hosts ".$db_type." 'json'", $output, $return_var);
@ -117,7 +123,10 @@ foreach ($db_types as $db_type ) {
    unset($output);
 }
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_db.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
--- a/web/add/dns/index.php
+++ b/web/add/dns/index.php
@ -4,31 +4,15 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'DNS';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-// Header
+// Check POST request for dns domain
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 if (!empty($_POST['ok'])) {
-    // Check input
+
    // Check empty fields
    if (empty($_POST['v_domain'])) $errors[] = __('domain');
    if (empty($_POST['v_ip'])) $errors[] = __('ip');
    // Protect input
    $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
    $v_domain = escapeshellarg($v_domain);
    $v_domain = strtolower($v_domain);
    $v_ip = escapeshellarg($_POST['v_ip']);
    if (!empty($_POST['v_ns1'])) $v_ns1 = escapeshellarg($_POST['v_ns1']);
    if (!empty($_POST['v_ns2'])) $v_ns2 = escapeshellarg($_POST['v_ns2']);
    if (!empty($_POST['v_ns3'])) $v_ns3 = escapeshellarg($_POST['v_ns3']);
    if (!empty($_POST['v_ns4'])) $v_ns4 = escapeshellarg($_POST['v_ns4']);
    // Check for errors
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
@ -38,49 +22,78 @@ if (!empty($_POST['ok'])) {
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-    } else {
+    }
-        // Add DNS
+
    // Protect input
    $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
    $v_domain = escapeshellarg($v_domain);
    $v_domain = strtolower($v_domain);
    $v_ip = escapeshellarg($_POST['v_ip']);
    if (!empty($_POST['v_ns1'])) $v_ns1 = escapeshellarg($_POST['v_ns1']);
    if (!empty($_POST['v_ns2'])) $v_ns2 = escapeshellarg($_POST['v_ns2']);
    if (!empty($_POST['v_ns3'])) $v_ns3 = escapeshellarg($_POST['v_ns3']);
    if (!empty($_POST['v_ns4'])) $v_ns4 = escapeshellarg($_POST['v_ns4']);
    // Add dns domain
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_ip." ".$v_ns1." ".$v_ns2." ".$v_ns3." ".$v_ns4." no", $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
-        // Change Expiriation date
+    // Set expiriation date
    if (empty($_SESSION['error_msg'])) {
        if ((!empty($_POST['v_exp'])) && ($_POST['v_exp'] != date('Y-m-d', strtotime('+1 year')))) {
            $v_exp = escapeshellarg($_POST['v_exp']);
            exec (VESTA_CMD."v-change-dns-domain-exp ".$user." ".$v_domain." ".$v_exp." no", $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
        }
    }
-        // Change TTL
+    // Set ttl
    if (empty($_SESSION['error_msg'])) {
        if ((!empty($_POST['v_ttl'])) && ($_POST['v_ttl'] != '14400') && (empty($_SESSION['error_msg']))) {
            $v_ttl = escapeshellarg($_POST['v_ttl']);
            exec (VESTA_CMD."v-change-dns-domain-ttl ".$user." ".$v_domain." ".$v_ttl." no", $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
        }
        if (empty($_SESSION['error_msg'])) {
            $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
            unset($v_domain);
    }
    // Restart dns server
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
    // Flush field values on success
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',$_POST[v_domain],$_POST[v_domain]);
        unset($v_domain);
    }
 }
-// DNS Record
+
 // Check POST request for dns record
 if (!empty($_POST['ok_rec'])) {
-    // Check input
+
    // Check empty fields
    if (empty($_POST['v_domain'])) $errors[] = 'domain';
    if (empty($_POST['v_rec'])) $errors[] = 'record';
    if (empty($_POST['v_type'])) $errors[] = 'type';
    if (empty($_POST['v_val'])) $errors[] = 'value';
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
                $error_msg = $error;
            } else {
                $error_msg = $error_msg.", ".$error;
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
    }
    // Protect input
    $v_domain = escapeshellarg($_POST['v_domain']);
@ -89,22 +102,15 @@ if (!empty($_POST['ok_rec'])) {
    $v_val = escapeshellarg($_POST['v_val']);
    $v_priority = escapeshellarg($_POST['v_priority']);
-    // Check for errors
+    // Add dns record
-    if (!empty($errors[0])) {
+    if (empty($_SESSION['error_msg'])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
                $error_msg = $error;
            } else {
                $error_msg = $error_msg.", ".$error;
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
    } else {
        // Add DNS Record
        exec (VESTA_CMD."v-add-dns-record ".$user." ".$v_domain." ".$v_rec." ".$v_type." ".$v_val." ".$v_priority, $output, $return_var);
        $v_type = $_POST['v_type'];
        check_return_code($return_var,$output);
        unset($output);
        $v_type = $_POST['v_type'];
    }
    // Flush field values on success
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',$_POST[v_rec],$_POST[v_domain]);
        unset($v_domain);
@ -112,11 +118,20 @@ if (!empty($_POST['ok_rec'])) {
        unset($v_val);
        unset($v_priority);
    }
    }
 }
-if ((empty($_GET['domain'])) && (empty($_POST['domain'])))  {
+
-    if ((empty($v_ns1)) && (empty($v_ns2))) {
+// Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // Display body for dns domain
 if (empty($_GET['domain'])) {
    if (empty($v_ttl)) $v_ttl = 14400;
    if (empty($v_exp)) $v_exp = date('Y-m-d', strtotime('+1 year'));
    if (empty($v_ns1)) {
        exec (VESTA_CMD."v-list-user-ns ".$user." json", $output, $return_var);
        $nameservers = json_decode(implode('', $output), true);
        $v_ns1 = $nameservers[0];
@ -125,17 +140,18 @@ if ((empty($_GET['domain'])) && (empty($_POST['domain'])))  {
        $v_ns4 = $nameservers[3];
        unset($output);
    }
    if (empty($v_ttl)) $v_ttl = 14400;
    if (empty($v_exp)) $v_exp = date('Y-m-d', strtotime('+1 year'));
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_dns.html');
-    unset($_SESSION['error_msg']);
+}
-    unset($_SESSION['ok_msg']);
+
-} else {
+// Display body for dns record
 if (!empty($_GET['domain'])) {
    $v_domain = $_GET['domain'];
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_dns_rec.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
--- a/web/add/ip/index.php
+++ b/web/add/ip/index.php
@ -4,41 +4,23 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'IP';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-// Header
+// Check user
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+if ($_SESSION['user'] != 'admin') {
    header("Location: /list/user");
    exit;
 }
-// Panel
+// Check POST request
-top_panel($user,$TAB);
+if (!empty($_POST['ok'])) {
-// Are you admin?
+    // Check empty fields
 if ($_SESSION['user'] == 'admin') {
    if (!empty($_POST['ok'])) {
        // Check input
    if (empty($_POST['v_ip'])) $errors[] = __('ip address');
    if (empty($_POST['v_netmask'])) $errors[] = __('netmask');
    if (empty($_POST['v_interface'])) $errors[] = __('interface');
    if (empty($_POST['v_owner'])) $errors[] = __('assigned user');
        // Protect input
        $v_ip = escapeshellarg($_POST['v_ip']);
        $v_netmask = escapeshellarg($_POST['v_netmask']);
        $v_name = escapeshellarg($_POST['v_name']);
        $v_nat = escapeshellarg($_POST['v_nat']);
        $v_interface = $_POST['v_interface'];
        $v_shared = $_POST['v_shared'];
        if ($v_shared == 'on') {
            $ip_status = 'shared';
        } else {
            $ip_status = 'dedicated';
            $v_dedicated = 'yes';
        }
        $v_owner = $_POST['v_owner'];
        // Check for errors
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
@ -48,15 +30,36 @@ if ($_SESSION['user'] == 'admin') {
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
-        } else {
+    }
-            // Add IP
+
    // Protect input
    $v_ip = escapeshellarg($_POST['v_ip']);
    $v_netmask = escapeshellarg($_POST['v_netmask']);
    $v_name = escapeshellarg($_POST['v_name']);
    $v_nat = escapeshellarg($_POST['v_nat']);
    $v_interface = escapeshellarg($_POST['v_interface']);
-            $v_owner = $_POST['v_owner'];
+    $v_owner = escapeshellarg($_POST['v_owner']);
    $v_shared = $_POST['v_shared'];
    // Check shared checkmark
    if ($v_shared == 'on') {
        $ip_status = 'shared';
    } else {
        $ip_status = 'dedicated';
        $v_dedicated = 'yes';
    }
    // Add IP
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface."  ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var);
            $v_owner = $_POST['v_owner'];
            $v_interface = $_POST['v_interface'];
        check_return_code($return_var,$output);
        unset($output);
        $v_owner = $_POST['v_owner'];
        $v_interface = $_POST['v_interface'];
    }
    // Flush field values on success
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('IP_CREATED_OK',$_POST['v_ip'],$_POST['v_ip']);
        unset($v_ip);
@ -64,20 +67,30 @@ if ($_SESSION['user'] == 'admin') {
        unset($v_name);
        unset($v_nat);
    }
        }
    }
    exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
    $interfaces = json_decode(implode('', $output), true);
    unset($output);
    exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
    $users = json_decode(implode('', $output), true);
    unset($output);
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_ip.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // List network interfaces
 exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var);
 $interfaces = json_decode(implode('', $output), true);
 unset($output);
 // List users
 exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
 $users = json_decode(implode('', $output), true);
 unset($output);
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_ip.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
--- a/web/add/mail/index.php
+++ b/web/add/mail/index.php
@ -4,41 +4,15 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'MAIL';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
-// Panel
+// Check POST request for mail domain
 top_panel($user,$TAB);
 // Mail Domain
 if (!empty($_POST['ok'])) {
    // Check empty fields
    if (empty($_POST['v_domain'])) $errors[] = __('domain');
    if (!empty($_POST['v_antispam'])) {
        $v_antispam = 'yes';
    } else {
        $v_antispam = 'no';
    }
    if (!empty($_POST['v_antivirus'])) {
        $v_antivirus = 'yes';
    } else {
        $v_antivirus = 'no';
    }
    if (!empty($_POST['v_dkim'])) {
        $v_dkim = 'yes';
    } else {
        $v_dkim = 'no';
    }
    // Protect input
    $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
    $v_domain = escapeshellarg($v_domain);
    $v_domain = strtolower($v_domain);
    // Check for errors
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
@ -48,27 +22,66 @@ if (!empty($_POST['ok'])) {
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
    }
    // Check antispam option
    if (!empty($_POST['v_antispam'])) {
        $v_antispam = 'yes';
    } else {
        $v_antispam = 'no';
    }
    // Check antivirus option
    if (!empty($_POST['v_antivirus'])) {
        $v_antivirus = 'yes';
    } else {
        $v_antivirus = 'no';
    }
    // Check dkim option
    if (!empty($_POST['v_dkim'])) {
        $v_dkim = 'yes';
    } else {
        $v_dkim = 'no';
    }
    // Set domain name to lowercase and remove www prefix
    $v_domain = preg_replace("/^www./i", "", $_POST['v_domain']);
    $v_domain = escapeshellarg($v_domain);
    $v_domain = strtolower($v_domain);
    // Add mail domain
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-add-mail-domain ".$user." ".$v_domain." ".$v_antispam." ".$v_antivirus." ".$v_dkim, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
    // Flush field values on success
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('MAIL_DOMAIN_CREATED_OK',$_POST['v_domain'],$_POST['v_domain']);
        unset($v_domain);
    }
    }
 }
-// Mail Account
+// Check POST request for mail account
 if (!empty($_POST['ok_acc'])) {
-    // Check input
+
    // Check empty fields
    if (empty($_POST['v_domain'])) $errors[] = __('domain');
    if (empty($_POST['v_account'])) $errors[] = __('account');
    if (empty($_POST['v_password'])) $errors[] = __('password');
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
                $error_msg = $error;
            } else {
                $error_msg = $error_msg.", ".$error;
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
    }
    // Protect input
    $v_domain = escapeshellarg($_POST['v_domain']);
@ -78,25 +91,15 @@ if (!empty($_POST['ok_acc'])) {
    $v_quota = escapeshellarg($_POST['v_quota']);
    $v_aliases = $_POST['v_aliases'];
    $v_fwd = $_POST['v_fwd'];
    if (empty($_POST['v_quota'])) $v_quota = 0;
    if ((!empty($_POST['v_quota'])) || (!empty($_POST['v_aliases'])) || (!empty($_POST['v_fwd'])) ) $v_adv = 'yes';
    // Check for errors
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
                $error_msg = $error;
            } else {
                $error_msg = $error_msg.", ".$error;
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
    } else {
    // Add Mail Account
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-add-mail-account ".$user." ".$v_domain." ".$v_account." ".$v_password." ".$v_quota, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
    // Add Aliases
    if ((!empty($_POST['v_aliases'])) && (empty($_SESSION['error_msg']))) {
@ -110,12 +113,12 @@ if (!empty($_POST['ok_acc'])) {
            if (empty($_SESSION['error_msg'])) {
                exec (VESTA_CMD."v-add-mail-account-alias ".$user." ".$v_domain." ".$v_account." ".$alias, $output, $return_var);
                check_return_code($return_var,$output);
                }
                unset($output);
            }
        }
    }
-        // Add Forwads
+    // Add Forwarders
    if ((!empty($_POST['v_fwd'])) && (empty($_SESSION['error_msg']))) {
        $vfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
        $vfwd = preg_replace("/,/", " ", $vfwd);
@ -127,26 +130,30 @@ if (!empty($_POST['ok_acc'])) {
            if (empty($_SESSION['error_msg'])) {
                exec (VESTA_CMD."v-add-mail-account-forward ".$user." ".$v_domain." ".$v_account." ".$forward, $output, $return_var);
                check_return_code($return_var,$output);
                }
                unset($output);
            }
        }
    }
    // Add fwd_only flag
    if ((!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-add-mail-account-fwd-only ".$user." ".$v_domain." ".$v_account, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
        }
    // Get webmail url
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-list-sys-config json", $output, $return_var);
        $sys = json_decode(implode('', $output), true);
        unset($output);
        list($http_host, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
        $webmail = "http://".$http_host."/webmail/";
        if (!empty($sys['config']['MAIL_URL'])) $webmail = $sys['config']['MAIL_URL'];
    }
    // Flush field values on success
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',strtolower($_POST['v_account']),$_POST[v_domain],strtolower($_POST['v_account']),$_POST[v_domain]);
        $_SESSION['ok_msg'] .= " / <a href=".$webmail." target='_blank'>" . __('open webmail') . "</a>";
        unset($v_account);
@ -156,21 +163,28 @@ if (!empty($_POST['ok_acc'])) {
        unset($v_fwd);
        unset($v_quota);
    }
    }
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
-if ((empty($_GET['domain'])) && (empty($_POST['domain'])))  {
+// Panel
-    $v_domain = (isset($_GET['domain'])?$_GET['domain']:'');
+top_panel($user,$TAB);
 // Display body for mail domain
 if (empty($_GET['domain']))  {
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_mail.html');
-    unset($_SESSION['error_msg']);
+}
-    unset($_SESSION['ok_msg']);
+
-} else {
+// Display body for mail account
 if (!empty($_GET['domain']))  {
    $v_domain = $_GET['domain'];
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_mail_acc.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
--- a/web/add/package/index.php
+++ b/web/add/package/index.php
@ -4,22 +4,19 @@ error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'PACKAGE';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-if (empty($_SESSION['user'])) {
+// Check user
-    header("Location: /login/");
+if ($_SESSION['user'] != 'admin') {
    header("Location: /list/user");
    exit;
 }
-// Header
+// Check POST request
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+if (!empty($_POST['ok'])) {
-// Panel
+    // Check empty fields
 top_panel($user,$TAB);
 // Are you admin?
 if ($_SESSION['user'] == 'admin') {
    if (!empty($_POST['ok'])) {
        // Check input
    if (empty($_POST['v_package'])) $errors[] = __('package');
    if (empty($_POST['v_web_template'])) $errors[] = __('web template');
    if (empty($_POST['v_proxy_template'])) $errors[] = __('proxy template');
@ -38,7 +35,16 @@ if ($_SESSION['user'] == 'admin') {
    if (!isset($_POST['v_bandwidth'])) $errors[] = __('bandwidth');
    if (empty($_POST['v_ns1'])) $errors[] = __('ns1');
    if (empty($_POST['v_ns2'])) $errors[] = __('ns2');
-
+    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
                $error_msg = $error;
            } else {
                $error_msg = $error_msg.", ".$error;
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
    }
    // Protect input
    $v_package = escapeshellarg($_POST['v_package']);
@ -68,22 +74,16 @@ if ($_SESSION['user'] == 'admin') {
    $v_time = escapeshellarg(date('H:i:s'));
    $v_date = escapeshellarg(date('Y-m-d'));
-        // Check for errors
+    // Create temporary dir
-        if (!empty($errors[0])) {
+    if (empty($_SESSION['error_msg'])) {
            foreach ($errors as $i => $error) {
                if ( $i == 0 ) {
                    $error_msg = $error;
                } else {
                    $error_msg = $error_msg.", ".$error;
                }
            }
            $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
        } else {
        exec ('mktemp -d', $output, $return_var);
        $tmpdir = $output[0];
        check_return_code($return_var,$output);
        unset($output);
    }
-            // Create package
+    // Create package file
    if (empty($_SESSION['error_msg'])) {
        $pkg = "WEB_TEMPLATE=".$v_web_template."\n";
        $pkg .= "PROXY_TEMPLATE=".$v_proxy_template."\n";
        $pkg .= "DNS_TEMPLATE=".$v_dns_template."\n";
@ -103,10 +103,10 @@ if ($_SESSION['user'] == 'admin') {
        $pkg .= "TIME=".$v_time."\n";
        $pkg .= "DATE=".$v_date."\n";
            // Write package
        $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
        fwrite($fp, $pkg);
        fclose($fp);
    }
    // Add new package
    if (empty($_SESSION['error_msg'])) {
@ -119,60 +119,66 @@ if ($_SESSION['user'] == 'admin') {
    exec ('rm -rf '.$tmpdir, $output, $return_var);
    unset($output);
-            // Check output
+    // Flush field values on success
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('PACKAGE_CREATED_OK',$_POST['v_package'],$_POST['v_package']);
        unset($v_package);
    }
        }
    }
    exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
    check_error($return_var);
    $web_templates = json_decode(implode('', $output), true);
    unset($output);
    exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
    check_error($return_var);
    $proxy_templates = json_decode(implode('', $output), true);
    unset($output);
    exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
    check_error($return_var);
    $dns_templates = json_decode(implode('', $output), true);
    unset($output);
    exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
    check_error($return_var);
    $shells = json_decode(implode('', $output), true);
    unset($output);
    // Set default values
    if (empty($v_web_template)) $v_web_template = 'default';
    if (empty($v_proxy_template)) $v_proxy_template = 'default';
    if (empty($v_dns_template)) $v_dns_template = 'default';
    if (empty($v_shell)) $v_shell = 'nologin';
    if (empty($v_web_domains)) $v_web_domains = "'0'";
    if (empty($v_web_aliases)) $v_web_aliases = "'0'";
    if (empty($v_dns_domains)) $v_dns_domains = "'0'";
    if (empty($v_dns_records)) $v_dns_records = "'0'";
    if (empty($v_mail_domains)) $v_mail_domains = "'0'";
    if (empty($v_mail_accounts)) $v_mail_accounts = "'0'";
    if (empty($v_databases)) $v_databases = "'0'";
    if (empty($v_cron_jobs)) $v_cron_jobs = "'0'";
    if (empty($v_backups)) $v_backups = "'0'";
    if (empty($v_disk_quota)) $v_disk_quota = "'0'";
    if (empty($v_bandwidth)) $v_bandwidth = "'0'";
    if (empty($v_ns1)) $v_ns1 = 'ns1.example.ltd';
    if (empty($v_ns2)) $v_ns2 = 'ns2.example.ltd';
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_package.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // List web temmplates
 exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
 $web_templates = json_decode(implode('', $output), true);
 unset($output);
 // List web templates for proxy
 exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
 $proxy_templates = json_decode(implode('', $output), true);
 unset($output);
 // List DNS templates
 exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
 $dns_templates = json_decode(implode('', $output), true);
 unset($output);
 // List system shells
 exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
 $shells = json_decode(implode('', $output), true);
 unset($output);
 // Set default values
 if (empty($v_web_template)) $v_web_template = 'default';
 if (empty($v_proxy_template)) $v_proxy_template = 'default';
 if (empty($v_dns_template)) $v_dns_template = 'default';
 if (empty($v_shell)) $v_shell = 'nologin';
 if (empty($v_web_domains)) $v_web_domains = "'0'";
 if (empty($v_web_aliases)) $v_web_aliases = "'0'";
 if (empty($v_dns_domains)) $v_dns_domains = "'0'";
 if (empty($v_dns_records)) $v_dns_records = "'0'";
 if (empty($v_mail_domains)) $v_mail_domains = "'0'";
 if (empty($v_mail_accounts)) $v_mail_accounts = "'0'";
 if (empty($v_databases)) $v_databases = "'0'";
 if (empty($v_cron_jobs)) $v_cron_jobs = "'0'";
 if (empty($v_backups)) $v_backups = "'0'";
 if (empty($v_disk_quota)) $v_disk_quota = "'0'";
 if (empty($v_bandwidth)) $v_bandwidth = "'0'";
 if (empty($v_ns1)) $v_ns1 = 'ns1.example.ltd';
 if (empty($v_ns2)) $v_ns2 = 'ns2.example.ltd';
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_package.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
--- a/web/add/user/index.php
+++ b/web/add/user/index.php
@ -1,47 +1,28 @@
 <?php
 // Init
 error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'USER';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-if (empty($_SESSION['user'])) {
+// Check user
-    header("Location: /login/");
+if ($_SESSION['user'] != 'admin') {
    header("Location: /list/user");
    exit;
 }
-// Header
+// Check POST request
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+if (!empty($_POST['ok'])) {
-// Panel
+    // Check empty fields
 top_panel($user,$TAB);
 // Are you admin?
 if ($_SESSION['user'] == 'admin') {
    if (!empty($_POST['ok'])) {
        // Check input
    if (empty($_POST['v_username'])) $errors[] = __('user');
    if (empty($_POST['v_password'])) $errors[] = __('password');
    if (empty($_POST['v_package'])) $errrors[] = __('package');
    if (empty($_POST['v_email'])) $errors[] = __('email');
    if (empty($_POST['v_fname'])) $errors[] = __('first name');
    if (empty($_POST['v_lname'])) $errors[] = __('last name');
        // Protect input
        $v_username = escapeshellarg($_POST['v_username']);
        $v_password = escapeshellarg($_POST['v_password']);
        $v_email = escapeshellarg($_POST['v_email']);
        $v_package = escapeshellarg($_POST['v_package']);
        $v_language = escapeshellarg($_POST['v_language']);
        $v_fname = escapeshellarg($_POST['v_fname']);
        $v_lname = escapeshellarg($_POST['v_lname']);
        $v_notify = $_POST['v_notify'];
        // Validate email
        if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
            $_SESSION['error_msg'] = __('Please enter valid email address.');
        }
        // Check for errors
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
@ -53,22 +34,48 @@ if ($_SESSION['user'] == 'admin') {
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
    }
    // Validate email
    if ((empty($_SESSION['error_msg'])) && (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL))) {
        $_SESSION['error_msg'] = __('Please enter valid email address.');
    }
    // Check password length
    if (empty($_SESSION['error_msg'])) {
        $pw_len = strlen($_POST['v_password']);
        if ($pw_len < 6 ) $_SESSION['error_msg'] = __('Password is too short.',$error_msg);
    }
    // Protect input
    $v_username = escapeshellarg($_POST['v_username']);
    $v_password = escapeshellarg($_POST['v_password']);
    $v_email = escapeshellarg($_POST['v_email']);
    $v_package = escapeshellarg($_POST['v_package']);
    $v_language = escapeshellarg($_POST['v_language']);
    $v_fname = escapeshellarg($_POST['v_fname']);
    $v_lname = escapeshellarg($_POST['v_lname']);
    $v_notify = $_POST['v_notify'];
    // Add user
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-add-user ".$v_username." ".$v_password." ".$v_email." ".$v_package." ".$v_fname." ".$v_lname, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
    // Set language
    if (empty($_SESSION['error_msg'])) {
        exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
-                if (!empty($v_notify)) {
+        check_return_code($return_var,$output);
        unset($output);
    }
    // Send email to the new user
    if ((empty($_SESSION['error_msg'])) && (!empty($v_notify))) {
        $to = $_POST['v_notify'];
        $subject = _translate($_POST['v_language'],"Welcome to Vesta Control Panel");
        $hostname = exec('hostname');
        unset($output);
        $from = _translate($_POST['v_language'],'MAIL_FROM',$hostname);
        if (!empty($_POST['v_fname'])) {
            $mailtext = _translate($_POST['v_language'],'GREETINGS_GORDON_FREEMAN',$_POST['v_fname'],$_POST['v_lname']);
@ -79,8 +86,10 @@ if ($_SESSION['user'] == 'admin') {
        send_email($to, $subject, $mailtext, $from);
    }
-                $_SESSION['ok_msg'] = __('USER_CREATED_OK',$_POST[v_username],$_POST[v_username]);
+    // Flush field values on success
-                $_SESSION['ok_msg'] .= " / <a href=/login/?loginas=".$_POST[v_username].">" . __('login as') ." ".$_POST[v_username]. "</a>";
+    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('USER_CREATED_OK',$_POST['v_username'],$_POST['v_username']);
        $_SESSION['ok_msg'] .= " / <a href=/login/?loginas=".$_POST['v_username'].">" . __('login as') ." ".$_POST['v_username']. "</a>";
        unset($v_username);
        unset($v_password);
        unset($v_email);
@ -88,23 +97,32 @@ if ($_SESSION['user'] == 'admin') {
        unset($v_lname);
        unset($v_notify);
    }
            unset($output);
        }
    }
    exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
    check_error($return_var);
    $data = json_decode(implode('', $output), true);
    unset($output);
    exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
    $languages = json_decode(implode('', $output), true);
    unset($output);
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_user.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // List hosting packages
 exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
 check_error($return_var);
 $data = json_decode(implode('', $output), true);
 unset($output);
 // List languages
 exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
 $languages = json_decode(implode('', $output), true);
 unset($output);
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/add_user.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
--- a/web/edit/backup/exclusions/index.php
+++ b/web/edit/backup/exclusions/index.php
@ -3,72 +3,69 @@
 error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'BACKUP EXCLUSIONS';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=escapeshellarg($_GET['user']);
 }
 // List backup exclustions
 exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var);
 check_return_code($return_var,$output);
-if (empty($_SESSION['error_msg'])) {
+$data = json_decode(implode('', $output), true);
-    $data = json_decode(implode('', $output), true);
+unset($output);
    unset($output);
    $v_username = $user;
-    foreach ($data['WEB'] as $key => $value) {
+// Parse web
 $v_username = $user;
 foreach ($data['WEB'] as $key => $value) {
    if (!empty($value)){
        $v_web .= $key . ":" . $value. "\n";
    } else {
        $v_web .= $key . "\n";
    }
-    }
+}
-    foreach ($data['DNS'] as $key => $value) {
+// Parse dns
 foreach ($data['DNS'] as $key => $value) {
    if (!empty($value)){
        $v_dns .= $key . ":" . $value. "\n";
    } else {
        $v_dns .= $key . "\n";
    }
-    }
+}
-    foreach ($data['MAIL'] as $key => $value) {
+// Parse mail
 foreach ($data['MAIL'] as $key => $value) {
    if (!empty($value)){
        $v_mail .= $key . ":" . $value. "\n";
    } else {
        $v_mail .= $key . "\n";
    }
-    }
+}
-    foreach ($data['DB'] as $key => $value) {
+// Parse databases
 foreach ($data['DB'] as $key => $value) {
    if (!empty($value)){
        $v_db .= $key . ":" . $value. "\n";
    } else {
        $v_db .= $key . "\n";
    }
-    }
+}
-    foreach ($data['USER'] as $key => $value) {
+// Parse user directories
 foreach ($data['USER'] as $key => $value) {
    if (!empty($value)){
        $v_userdir .= $key . ":" . $value. "\n";
    } else {
        $v_userdir .= $key . "\n";
    }
-    }
+}
    // Action
    if (!empty($_POST['save'])) {
 // Check POST request
 if (!empty($_POST['save'])) {
    $v_web = $_POST['v_web'];
    $v_web_tmp = str_replace("\r\n", ",", $_POST['v_web']);
    $v_web_tmp = rtrim($v_web_tmp, ",");
@ -99,20 +96,36 @@ if (empty($_SESSION['error_msg'])) {
    $v_userdir_tmp = rtrim($v_userdir_tmp, ",");
    $v_userdir_tmp = "USER=" . escapeshellarg($v_userdir_tmp);
    // Create temporary exeption list on a filesystem
    exec ('mktemp', $mktemp_output, $return_var);
    $tmp = $mktemp_output[0];
    $fp = fopen($tmp, 'w');
    fwrite($fp, $v_web_tmp . "\n" . $v_dns_tmp . "\n" . $v_mail_tmp . "\n" .  $v_db_tmp . "\n" . $v_userdir_tmp . "\n");
    fclose($fp);
    unset($mktemp_output);
    // Save changes
    exec (VESTA_CMD."v-update-user-backup-exclusions ".$user." ".$tmp, $output, $return_var);
    check_return_code($return_var,$output);
    unset($output);
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __("Changes has been saved.");
    }
    }
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_backup_exclusions.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
--- a/web/edit/cron/index.php
+++ b/web/edit/cron/index.php
@ -3,73 +3,79 @@
 error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'CRON';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Edit as someone else?
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=escapeshellarg($_GET['user']);
 }
 // Check job id
 if (empty($_GET['job'])) {
    header("Location: /list/cron/");
    exit;
 }
 // List cron job
 $v_job = escapeshellarg($_GET['job']);
 exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var);
 check_return_code($return_var,$output);
 $data = json_decode(implode('', $output), true);
 unset($output);
 // Parse cron job
 $v_username = $user;
 $v_job = $_GET['job'];
 $v_min = $data[$v_job]['MIN'];
 $v_hour = $data[$v_job]['HOUR'];
 $v_day = $data[$v_job]['DAY'];
 $v_month = $data[$v_job]['MONTH'];
 $v_wday = $data[$v_job]['WDAY'];
 $v_cmd = $data[$v_job]['CMD'];
 $v_date = $data[$v_job]['DATE'];
 $v_time = $data[$v_job]['TIME'];
 $v_suspended = $data[$v_job]['SUSPENDED'];
 if ( $v_suspended == 'yes' ) {
    $v_status =  'suspended';
 } else {
    $v_status =  'active';
 }
 // Check POST request
 if (!empty($_POST['save'])) {
    $v_username = $user;
    $v_min = escapeshellarg($_POST['v_min']);
    $v_hour = escapeshellarg($_POST['v_hour']);
    $v_day = escapeshellarg($_POST['v_day']);
    $v_month = escapeshellarg($_POST['v_month']);
    $v_wday = escapeshellarg($_POST['v_wday']);
    $v_cmd = escapeshellarg($_POST['v_cmd']);
    // Save changes
    exec (VESTA_CMD."v-change-cron-job ".$v_username." ".$v_job." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
    check_return_code($return_var,$output);
    unset($output);
    $v_cmd = $_POST['v_cmd'];
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __("Changes has been saved.");
    }
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
-// Edit as someone else?
+// Display body
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=escapeshellarg($_GET['user']);
 }
 // Check user argument?
 if (empty($_GET['job'])) {
    header("Location: /list/cron/");
    exit;
 }
 $v_job = escapeshellarg($_GET['job']);
 exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var);
 check_return_code($return_var,$output);
 if (empty($_SESSION['error_msg'])) {
    $data = json_decode(implode('', $output), true);
    unset($output);
    $v_username = $user;
    $v_job = $_GET['job'];
    $v_min = $data[$v_job]['MIN'];
    $v_hour = $data[$v_job]['HOUR'];
    $v_day = $data[$v_job]['DAY'];
    $v_month = $data[$v_job]['MONTH'];
    $v_wday = $data[$v_job]['WDAY'];
    $v_cmd = $data[$v_job]['CMD'];
    $v_date = $data[$v_job]['DATE'];
    $v_time = $data[$v_job]['TIME'];
    $v_suspended = $data[$v_job]['SUSPENDED'];
    if ( $v_suspended == 'yes' ) {
        $v_status =  'suspended';
    } else {
        $v_status =  'active';
    }
    // Action
    if (!empty($_POST['save'])) {
        $v_username = $user;
        // Change job
        if (($v_min != $_POST['v_min']) || ($v_hour != $_POST['v_hour']) || ($v_day != $_POST['v_day']) || ($v_month != $_POST['v_month']) || ($v_wday != $_POST['v_wday']) || ($v_cmd != $_POST['v_cmd']) &&(empty($_SESSION['error_msg']))) {
            $v_min = escapeshellarg($_POST['v_min']);
            $v_hour = escapeshellarg($_POST['v_hour']);
            $v_day = escapeshellarg($_POST['v_day']);
            $v_month = escapeshellarg($_POST['v_month']);
            $v_wday = escapeshellarg($_POST['v_wday']);
            $v_cmd = escapeshellarg($_POST['v_cmd']);
            exec (VESTA_CMD."v-change-cron-job ".$v_username." ".$v_job." ".$v_min." ".$v_hour." ".$v_day." ".$v_month." ".$v_wday." ".$v_cmd, $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
            $v_cmd = $_POST['v_cmd'];
        }
        if (empty($_SESSION['error_msg'])) {
            $_SESSION['ok_msg'] = __("Changes has been saved.");
        }
    }
 }
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_cron.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
--- a/web/edit/db/index.php
+++ b/web/edit/db/index.php
@ -3,8 +3,8 @@
 error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'DB';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Header
@ -13,6 +13,7 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // Check database id
 if (empty($_GET['database'])) {
    header("Location: /list/db/");
    exit;
@ -23,69 +24,63 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=escapeshellarg($_GET['user']);
 }
 // List datbase
 $v_database = escapeshellarg($_GET['database']);
 exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var);
 check_return_code($return_var,$output);
-if (empty($_SESSION['error_msg'])) {
+$data = json_decode(implode('', $output), true);
-    $data = json_decode(implode('', $output), true);
+unset($output);
-    unset($output);
+
-    $v_username = $user;
+// Parse database
-    $v_database = $_GET['database'];
+$v_username = $user;
-    $v_dbuser = $data[$v_database]['DBUSER'];
+$v_database = $_GET['database'];
-    $v_password = "••••••••";
+$v_dbuser = $data[$v_database]['DBUSER'];
-    $v_host = $data[$v_database]['HOST'];
+$v_password = "••••••••";
-    $v_type = $data[$v_database]['TYPE'];
+$v_host = $data[$v_database]['HOST'];
-    $v_charset = $data[$v_database]['CHARSET'];
+$v_type = $data[$v_database]['TYPE'];
-    $v_date = $data[$v_database]['DATE'];
+$v_charset = $data[$v_database]['CHARSET'];
-    $v_time = $data[$v_database]['TIME'];
+$v_date = $data[$v_database]['DATE'];
-    $v_suspended = $data[$v_database]['SUSPENDED'];
+$v_time = $data[$v_database]['TIME'];
-    if ( $v_suspended == 'yes' ) {
+$v_suspended = $data[$v_database]['SUSPENDED'];
 if ( $v_suspended == 'yes' ) {
    $v_status =  'suspended';
-    } else {
+} else {
    $v_status =  'active';
-    }
+}
-    // Action
+// Check POST request
-    if (!empty($_POST['save'])) {
+if (!empty($_POST['save'])) {
    $v_username = $user;
-        // Change database username
+    // Change database user
    if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
        $v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
        $v_dbuser = escapeshellarg($v_dbuser);
            if ($v_password != $_POST['v_password']) {
                // Change username and password
                $v_password = escapeshellarg($_POST['v_password']);
                exec (VESTA_CMD."v-change-database-user ".$v_username." ".$v_database." ".$v_dbuser." ".$v_password, $output, $return_var);
                check_return_code($return_var,$output);
                unset($output);
                $v_dbuser = $user."_".preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
                $v_password = "••••••••";
                $v_pw_changed = 'yes';
            } else {
                // Change only username
        exec (VESTA_CMD."v-change-database-user ".$v_username." ".$v_database." ".$v_dbuser, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
        $v_dbuser = $user."_".preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);
    }
        }
-        // Change only database password
+    // Change database password
-        if (($v_password != $_POST['v_password']) && (!isset($v_pw_changed)) && (empty($_SESSION['error_msg']))) {
+    if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
        $v_password = escapeshellarg($_POST['v_password']);
        exec (VESTA_CMD."v-change-database-password ".$v_username." ".$v_database." ".$v_password, $output, $return_var);
        check_return_code($return_var,$output);
        $v_password = "••••••••";
        unset($output);
    }
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('Changes has been saved.');
    }
    }
 }
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_db.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
--- a/web/edit/dns/index.php
+++ b/web/edit/dns/index.php
@ -3,17 +3,11 @@
 error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'DNS';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-// Header
+// Check domain name
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // Check user argument?
 if (empty($_GET['domain'])) {
    header("Location: /list/dns/");
    exit;
@ -24,14 +18,15 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=escapeshellarg($_GET['user']);
 }
-// Check domain
+// List dns domain
 if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
    $v_domain = escapeshellarg($_GET['domain']);
    exec (VESTA_CMD."v-list-dns-domain ".$user." ".$v_domain." json", $output, $return_var);
    check_return_code($return_var,$output);
    if (empty($_SESSION['error_msg'])) {
    $data = json_decode(implode('', $output), true);
    unset($output);
    // Parse dns domain
    $v_username = $user;
    $v_domain = $_GET['domain'];
    $v_ip = $data[$v_domain]['IP'];
@ -47,87 +42,23 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
    } else {
        $v_status =  'active';
    }
    // List dns templates
    exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
    $templates = json_decode(implode('', $output), true);
    unset($output);
-    }
+}
-    // Action
+// List dns record
-    if (!empty($_POST['save'])) {
+if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
        $v_domain = escapeshellarg($_POST['v_domain']);
        // IP
        if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
            $v_ip = escapeshellarg($_POST['v_ip']);
            exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
            check_return_code($return_var,$output);
            $restart_dns = 'yes';
            unset($output);
        }
        // Template
        if (( $_SESSION['user'] == 'admin') && ($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
            $v_template = escapeshellarg($_POST['v_template']);
            exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
            $restart_dns = 'yes';
        }
        // SOA
        if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) {
            $v_soa = escapeshellarg($_POST['v_soa']);
            exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
            $restart_dns = 'yes';
        }
        // EXP
        if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) {
            $v_exp = escapeshellarg($_POST['v_exp']);
            exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
            $restart_dns = 'yes';
        }
        // TTL
        if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) {
            $v_ttl = escapeshellarg($_POST['v_ttl']);
            exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
            $restart_dns = 'yes';
        }
        // Restart dns
        if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
            exec (VESTA_CMD."v-restart-dns", $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
        }
        if (empty($_SESSION['error_msg'])) {
            $_SESSION['ok_msg'] = __('Changes has been saved.');
        }
    }
    if ($_SESSION['user'] == 'admin') {
        include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_dns.html');
    } else {
        include($_SERVER['DOCUMENT_ROOT'].'/templates/user/edit_dns.html');
    }
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 } else {
    $v_domain = escapeshellarg($_GET['domain']);
    $v_record_id = escapeshellarg($_GET['record_id']);
    exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var);
    check_return_code($return_var,$output);
    if (empty($_SESSION['error_msg'])) {
    $data = json_decode(implode('', $output), true);
    unset($output);
    // Parse dns record
    $v_username = $user;
    $v_domain = $_GET['domain'];
    $v_record_id = $_GET['record_id'];
@ -143,44 +74,138 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
    }
    $v_date = $data[$v_record_id]['DATE'];
    $v_time = $data[$v_record_id]['TIME'];
 }
 // Check POST request for dns domain
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['record_id']))) {
    $v_domain = escapeshellarg($_POST['v_domain']);
    // Change domain IP
    if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) {
        $v_ip = escapeshellarg($_POST['v_ip']);
        exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var);
        check_return_code($return_var,$output);
        $restart_dns = 'yes';
        unset($output);
    }
-    // Action
+    // Change domain template
-    if (!empty($_POST['save'])) {
+    if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) {
        $v_template = escapeshellarg($_POST['v_template']);
        exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
        $restart_dns = 'yes';
    }
    // Change SOA record
    if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) {
        $v_soa = escapeshellarg($_POST['v_soa']);
        exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
        $restart_dns = 'yes';
    }
    // Change expiriation date
    if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) {
        $v_exp = escapeshellarg($_POST['v_exp']);
        exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
    // Change domain ttl
    if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) {
        $v_ttl = escapeshellarg($_POST['v_ttl']);
        exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
        $restart_dns = 'yes';
    }
    // Restart dns server
    if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('Changes has been saved.');
    }
 }
 // Check POST request for dns record
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['record_id']))) {
    // Protect input
    $v_domain = escapeshellarg($_POST['v_domain']);
    $v_record_id = escapeshellarg($_POST['v_record_id']);
    // Change dns record
    if (($v_val != $_POST['v_val']) || ($v_priority != $_POST['v_priority']) && (empty($_SESSION['error_msg']))) {
        $v_val = escapeshellarg($_POST['v_val']);
        $v_priority = escapeshellarg($_POST['v_priority']);
        exec (VESTA_CMD."v-change-dns-record ".$v_username." ".$v_domain." ".$v_record_id." ".$v_val." ".$v_priority, $output, $return_var);
        check_return_code($return_var,$output);
        $v_val = $_POST['v_val'];
            $restart_dns = 'yes';
        unset($output);
        $restart_dns = 'yes';
    }
    // Change dns record id
    if (($_GET['record_id'] != $_POST['v_record_id']) && (empty($_SESSION['error_msg']))) {
        $v_old_record_id = escapeshellarg($_GET['record_id']);
        exec (VESTA_CMD."v-change-dns-record-id ".$v_username." ".$v_domain." ".$v_old_record_id." ".$v_record_id, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
        $restart_dns = 'yes';
    }
    // Restart dns server
    if (!empty($restart_dns) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-restart-dns", $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('Changes has been saved.');
    }
    // Change url if record id was changed
    if ((empty($_SESSION['error_msg'])) && ($_GET['record_id'] != $_POST['v_record_id'])) {
        header("Location: /edit/dns/?domain=".$_GET['domain']."&record_id=".$_POST['v_record_id']);
        exit;
    }
    }
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_dns_rec.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // Display body for dns domain
 if ((!empty($_GET['domain'])) && (empty($_GET['record_id'])))  {
    if ($_SESSION['user'] == 'admin') {
        include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_dns.html');
    } else {
        include($_SERVER['DOCUMENT_ROOT'].'/templates/user/edit_dns.html');
    }
 }
 // List dns record
 if ((!empty($_GET['domain'])) && (!empty($_GET['record_id'])))  {
    // Display body for dns record
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_dns_rec.html');
 }
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
--- a/web/edit/ip/index.php
+++ b/web/edit/ip/index.php
@ -3,56 +3,55 @@
 error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'IP';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
-// Header
+// Check user
-include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
+if ($_SESSION['user'] != 'admin') {
    header("Location: /list/user");
    exit;
 }
-// Panel
+// Check ip argument
-top_panel($user,$TAB);
+if (empty($_GET['ip'])) {
 // Are you admin?
 if ($_SESSION['user'] == 'admin') {
    // Check user argument?
    if (empty($_GET['ip'])) {
    header("Location: /list/ip/");
    exit;
-    }
+}
-    $v_ip = escapeshellarg($_GET['ip']);
+// List ip
-    exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var);
+$v_ip = escapeshellarg($_GET['ip']);
-    check_return_code($return_var,$output);
+exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var);
-    if (empty($_SESSION['error_msg'])) {
+check_return_code($return_var,$output);
-        $data = json_decode(implode('', $output), true);
+$data = json_decode(implode('', $output), true);
-        unset($output);
+unset($output);
-        $v_username = $user;
+
-        $v_ip = $_GET['ip'];
+// Parse ip
-        $v_netmask = $data[$v_ip]['NETMASK'];
+$v_username = $user;
-        $v_interace = $data[$v_ip]['INTERFACE'];
+$v_ip = $_GET['ip'];
-        $v_name = $data[$v_ip]['NAME'];
+$v_netmask = $data[$v_ip]['NETMASK'];
-        $v_nat = $data[$v_ip]['NAT'];
+$v_interace = $data[$v_ip]['INTERFACE'];
-        $v_ipstatus = $data[$v_ip]['STATUS'];
+$v_name = $data[$v_ip]['NAME'];
-        if ($v_ipstatus == 'dedicated') $v_dedicated = 'yes';
+$v_nat = $data[$v_ip]['NAT'];
-        $v_owner = $data[$v_ip]['OWNER'];
+$v_ipstatus = $data[$v_ip]['STATUS'];
-        $v_date = $data[$v_ip]['DATE'];
+if ($v_ipstatus == 'dedicated') $v_dedicated = 'yes';
-        $v_time = $data[$v_ip]['TIME'];
+$v_owner = $data[$v_ip]['OWNER'];
-        $v_suspended = $data[$v_ip]['SUSPENDED'];
+$v_date = $data[$v_ip]['DATE'];
-        if ( $v_suspended == 'yes' ) {
+$v_time = $data[$v_ip]['TIME'];
 $v_suspended = $data[$v_ip]['SUSPENDED'];
 if ( $v_suspended == 'yes' ) {
    $v_status =  'suspended';
-        } else {
+} else {
    $v_status =  'active';
-        }
+}
-        exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
+// List users
-        $users = json_decode(implode('', $output), true);
+exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var);
-        unset($output);
+$users = json_decode(implode('', $output), true);
 unset($output);
-        // Action
+// Check POST request
-        if (!empty($_POST['save'])) {
+if (!empty($_POST['save'])) {
            $v_username = $user;
    $v_ip = escapeshellarg($_POST['v_ip']);
    // Change Status
@ -78,7 +77,7 @@ if ($_SESSION['user'] == 'admin') {
        unset($output);
    }
-            // Change Name
+    // Change associated domain
    if (($v_name != $_POST['v_name']) && (empty($_SESSION['error_msg']))) {
        $v_name = escapeshellarg($_POST['v_name']);
        exec (VESTA_CMD."v-change-sys-ip-name ".$v_ip." ".$v_name, $output, $return_var);
@ -86,7 +85,7 @@ if ($_SESSION['user'] == 'admin') {
        unset($output);
    }
-            // Change Nat
+    // Change NAT address
    if (($v_nat != $_POST['v_nat']) && (empty($_SESSION['error_msg']))) {
        $v_nat = escapeshellarg($_POST['v_nat']);
        exec (VESTA_CMD."v-change-sys-ip-nat ".$v_ip." ".$v_nat, $output, $return_var);
@ -94,16 +93,24 @@ if ($_SESSION['user'] == 'admin') {
        unset($output);
    }
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('Changes has been saved.');
    }
        }
    }
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_ip.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_ip.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
--- a/web/edit/mail/index.php
+++ b/web/edit/mail/index.php
@ -3,8 +3,8 @@
 error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'MAIL';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Header
@ -13,7 +13,7 @@ include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
-// Check user argument?
+// Check domain argument
 if (empty($_GET['domain'])) {
    header("Location: /list/mail/");
    exit;
@ -23,16 +23,16 @@ if (empty($_GET['domain'])) {
 if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
    $user=escapeshellarg($_GET['user']);
 }
 $v_username = $user;
-// Check domain
+// List mail domain
 if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
    $v_domain = escapeshellarg($_GET['domain']);
    exec (VESTA_CMD."v-list-mail-domain ".$user." ".$v_domain." json", $output, $return_var);
    check_return_code($return_var,$output);
    if (empty($_SESSION['error_msg'])) {
    $data = json_decode(implode('', $output), true);
    unset($output);
-        $v_username = $user;
+
    // Parse domain
    $v_domain = $_GET['domain'];
    $v_antispam = $data[$v_domain]['ANTISPAM'];
    $v_antivirus = $data[$v_domain]['ANTIVIRUS'];
@ -46,92 +46,17 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
    } else {
        $v_status =  'active';
    }
-    }
+}
-    // Action
+// List mail account
-    if (!empty($_POST['save'])) {
+if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
        $v_domain = escapeshellarg($_POST['v_domain']);
        // Antispam
        if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
            exec (VESTA_CMD."v-delete-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
            check_return_code($return_var,$output);
            $v_antispam = 'no';
            unset($output);
        }
        if (($v_antispam == 'no') && (!empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
            exec (VESTA_CMD."v-add-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
            check_return_code($return_var,$output);
            $v_antispam = 'yes';
            unset($output);
        }
        // Antivirus
        if (($v_antivirus == 'yes') && (empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
            exec (VESTA_CMD."v-delete-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
            check_return_code($return_var,$output);
            $v_antivirus = 'no';
            unset($output);
        }
        if (($v_antivirus == 'no') && (!empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
            exec (VESTA_CMD."v-add-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
            check_return_code($return_var,$output);
            $v_antivirus = 'yes';
            unset($output);
        }
        if (empty($_SESSION['error_msg'])) {
            $_SESSION['ok_msg'] = __('Changes has been saved.');
        }
        // DKIM
        if (($v_dkim == 'yes') && (empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
            exec (VESTA_CMD."v-delete-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
            check_return_code($return_var,$output);
            $v_dkim = 'no';
            unset($output);
        }
        if (($v_dkim == 'no') && (!empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
            exec (VESTA_CMD."v-add-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
            check_return_code($return_var,$output);
            $v_dkim = 'yes';
            unset($output);
        }
        // Catchall
        if ((!empty($v_catchall)) && (empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
            exec (VESTA_CMD."v-delete-mail-domain-catchall ".$v_username." ".$v_domain, $output, $return_var);
            check_return_code($return_var,$output);
            $v_catchall = '';
            unset($output);
        }
        if ((!empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
            if ($v_catchall != $_POST['v_catchall']) {
                $v_catchall = escapeshellarg($_POST['v_catchall']);
                exec (VESTA_CMD."v-change-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
                check_return_code($return_var,$output);
                unset($output);
            }
        }
        if ((empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
            $v_catchall = escapeshellarg($_POST['v_catchall']);
            exec (VESTA_CMD."v-add-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
        }
        if (empty($_SESSION['error_msg'])) {
            $_SESSION['ok_msg'] = __('Changes has been saved.');
        }
    }
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_mail.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 } else {
    $v_username = $user;
    $v_domain = escapeshellarg($_GET['domain']);
    $v_account = escapeshellarg($_GET['account']);
    exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var);
    check_return_code($return_var,$output);
    if (empty($_SESSION['error_msg'])) {
    $data = json_decode(implode('', $output), true);
    unset($output);
    // Parse mail account
    $v_username = $user;
    $v_domain = $_GET['domain'];
    $v_account = $_GET['account'];
@ -143,12 +68,6 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
    $v_fwd_only = $data[$v_account]['FWD_ONLY'];
    $v_quota = $data[$v_account]['QUOTA'];
    $v_autoreply = $data[$v_account]['AUTOREPLY'];
        if ( $v_autoreply == 'yes' ) {
            exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var);
            $autoreply_str = json_decode(implode('', $output), true);
            unset($output);
            $v_autoreply_message = $autoreply_str[$v_account]['MSG'];
        }
    $v_suspended = $data[$v_account]['SUSPENDED'];
    if ( $v_suspended == 'yes' ) {
        $v_status =  'suspended';
@ -157,13 +76,107 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
    }
    $v_date = $data[$v_account]['DATE'];
    $v_time = $data[$v_account]['TIME'];
    // Parse autoreply
    if ( $v_autoreply == 'yes' ) {
        exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var);
        $autoreply_str = json_decode(implode('', $output), true);
        unset($output);
        $v_autoreply_message = $autoreply_str[$v_account]['MSG'];
    }
 }
 // Check POST request for mail domain
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['account']))) {
    $v_domain = escapeshellarg($_POST['v_domain']);
    // Delete antispam
    if (($v_antispam == 'yes') && (empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-delete-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
        check_return_code($return_var,$output);
        $v_antispam = 'no';
        unset($output);
    }
-    // Action
+    // Add antispam
-    if (!empty($_POST['save'])) {
+    if (($v_antispam == 'no') && (!empty($_POST['v_antispam'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-add-mail-domain-antispam ".$v_username." ".$v_domain, $output, $return_var);
        check_return_code($return_var,$output);
        $v_antispam = 'yes';
        unset($output);
    }
    // Delete antivirus
    if (($v_antivirus == 'yes') && (empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-delete-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
        check_return_code($return_var,$output);
        $v_antivirus = 'no';
        unset($output);
    }
    // Add antivirs
    if (($v_antivirus == 'no') && (!empty($_POST['v_antivirus'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-add-mail-domain-antivirus ".$v_username." ".$v_domain, $output, $return_var);
        check_return_code($return_var,$output);
        $v_antivirus = 'yes';
        unset($output);
    }
    // Delete DKIM
    if (($v_dkim == 'yes') && (empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-delete-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
        check_return_code($return_var,$output);
        $v_dkim = 'no';
        unset($output);
    }
    // Add DKIM
    if (($v_dkim == 'no') && (!empty($_POST['v_dkim'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-add-mail-domain-dkim ".$v_username." ".$v_domain, $output, $return_var);
        check_return_code($return_var,$output);
        $v_dkim = 'yes';
        unset($output);
    }
    // Delete catchall
    if ((!empty($v_catchall)) && (empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-delete-mail-domain-catchall ".$v_username." ".$v_domain, $output, $return_var);
        check_return_code($return_var,$output);
        $v_catchall = '';
        unset($output);
    }
    // Change catchall address
    if ((!empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
        if ($v_catchall != $_POST['v_catchall']) {
            $v_catchall = escapeshellarg($_POST['v_catchall']);
            exec (VESTA_CMD."v-change-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
        }
    }
    // Add catchall
    if ((empty($v_catchall)) && (!empty($_POST['v_catchall'])) && (empty($_SESSION['error_msg']))) {
        $v_catchall = escapeshellarg($_POST['v_catchall']);
        exec (VESTA_CMD."v-add-mail-domain-catchall ".$v_username." ".$v_domain." ".$v_catchall, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
    }
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('Changes has been saved.');
    }
 }
 // Check POST request for mail account
 if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['account']))) {
    $v_domain = escapeshellarg($_POST['v_domain']);
    $v_account = escapeshellarg($_POST['v_account']);
-        // Password
+
    // Change password
    if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
        $v_password = escapeshellarg($_POST['v_password']);
        exec (VESTA_CMD."v-change-mail-account-password ".$v_username." ".$v_domain." ".$v_account." ".$v_password, $output, $return_var);
@ -172,7 +185,7 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
        unset($output);
    }
-        // Quota
+    // Change quota
    if (($v_quota != $_POST['v_quota']) && (empty($_SESSION['error_msg']))) {
        if (empty($_POST['v_quota'])) {
            $v_quota = 0; 
@ -184,7 +197,7 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
        unset($output);
    }
-        // Aliases
+    // Change account aliases
    if (empty($_SESSION['error_msg'])) {
        $waliases = preg_replace("/\n/", " ", $_POST['v_aliases']);
        $waliases = preg_replace("/,/", " ", $waliases);
@ -209,7 +222,8 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
            }
        }
    }
-        // Forwarders
+
    // Change forwarders
    if (empty($_SESSION['error_msg'])) {
        $wfwd = preg_replace("/\n/", " ", $_POST['v_fwd']);
        $wfwd = preg_replace("/,/", " ", $wfwd);
@ -235,13 +249,15 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
        }
    }
-        // FWD_ONLY flag
+    // Delete FWD_ONLY flag
    if (($v_fwd_only == 'yes') && (empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-delete-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
        check_return_code($return_var,$output);
        unset($output);
        $v_fwd_only = '';
    }
    // Add FWD_ONLY flag
    if (($v_fwd_only != 'yes') && (!empty($_POST['v_fwd_only'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-add-mail-account-fwd-only ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
        check_return_code($return_var,$output);
@ -249,7 +265,7 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
        $v_fwd_only = 'yes';
    }
-        // Autoreply
+    // Delete autoreply
    if (($v_autoreply == 'yes') && (empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
        exec (VESTA_CMD."v-delete-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account, $output, $return_var);
        check_return_code($return_var,$output);
@ -257,19 +273,10 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
        $v_autoreply = 'no';
        $v_autoreply_message = '';
    }
-        if (($v_autoreply == 'yes') && (!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
+
    // Add autoreply
    if ((!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
        if ( $v_autoreply_message != str_replace("\r\n", "\n", $_POST['v_autoreply_message'])) {
                $v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
                $v_autoreply_message = escapeshellarg($v_autoreply_message);
                exec (VESTA_CMD."v-add-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account." ".$v_autoreply_message, $output, $return_var);
                check_return_code($return_var,$output);
                unset($output);
                $v_autoreply_message = $_POST['v_autoreply_message'];
            }
        }
        if (($v_autoreply == 'no') && (!empty($_POST['v_autoreply'])) && (empty($_SESSION['error_msg']))) {
            if (empty($_POST['v_autoreply_message'])) $_SESSION['error_msg'] = $_SESSION['error_msg'] = __('Field "%s" can not be blank.','atoreply');
            if (empty($_SESSION['error_msg'])) {
            $v_autoreply_message = str_replace("\r\n", "\n", $_POST['v_autoreply_message']);
            $v_autoreply_message = escapeshellarg($v_autoreply_message);
            exec (VESTA_CMD."v-add-mail-account-autoreply ".$v_username." ".$v_domain." ".$v_account." ".$v_autoreply_message, $output, $return_var);
@ -280,15 +287,25 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
        }
    }
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('Changes has been saved.');
    }
    }
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_mail_acc.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Display body for mail domain
 if ((!empty($_GET['domain'])) && (empty($_GET['account'])))  {
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_mail.html');
 }
 // Display body for mail account
 if ((!empty($_GET['domain'])) && (!empty($_GET['account'])))  {
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_mail_acc.html');
 }
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
--- a/web/edit/package/index.php
+++ b/web/edit/package/index.php
@ -3,82 +3,81 @@
 error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'PACKAGE';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
-// Panel
+// Check user
-top_panel($user,$TAB);
+if ($_SESSION['user'] != 'admin') {
    header("Location: /list/user");
    exit;
 }
-// Are you admin?
+// Check package argument
-if ($_SESSION['user'] == 'admin') {
+if (empty($_GET['package'])) {
    // Check user argument?
    if (empty($_GET['package'])) {
    header("Location: /list/package/");
    exit;
-    }
+}
    $v_package = escapeshellarg($_GET['package']);
    exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var);
    check_return_code($return_var,$output);
    if (empty($_SESSION['error_msg'])) {
        $data = json_decode(implode('', $output), true);
        unset($output);
        $v_package = $_GET['package'];
        $v_web_template = $data[$v_package]['WEB_TEMPLATE'];
        $v_proxy_template = $data[$v_package]['PROXY_TEMPLATE'];
        $v_dns_template = $data[$v_package]['DNS_TEMPLATE'];
        $v_web_domains = $data[$v_package]['WEB_DOMAINS'];
        $v_web_aliases = $data[$v_package]['WEB_ALIASES'];
        $v_dns_domains = $data[$v_package]['DNS_DOMAINS'];
        $v_dns_records = $data[$v_package]['DNS_RECORDS'];
        $v_mail_domains = $data[$v_package]['MAIL_DOMAINS'];
        $v_mail_accounts = $data[$v_package]['MAIL_ACCOUNTS'];
        $v_databases = $data[$v_package]['DATABASES'];
        $v_cron_jobs = $data[$v_package]['CRON_JOBS'];
        $v_disk_quota = $data[$v_package]['DISK_QUOTA'];
        $v_bandwidth = $data[$v_package]['BANDWIDTH'];
        $v_shell = $data[$v_package]['SHELL'];
        $v_ns = $data[$v_package]['NS'];
        $nameservers = explode(", ", $v_ns);
        $v_ns1 = $nameservers[0];
        $v_ns2 = $nameservers[1];
        $v_ns3 = $nameservers[2];
        $v_ns4 = $nameservers[3];
        $v_backups = $data[$v_package]['BACKUPS'];
        $v_date = $data[$v_package]['DATE'];
        $v_time = $data[$v_package]['TIME'];
        $v_status =  'active';
-        exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
+// List package
-        check_error($return_var);
+$v_package = escapeshellarg($_GET['package']);
-        $web_templates = json_decode(implode('', $output), true);
+exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var);
-        unset($output);
+$data = json_decode(implode('', $output), true);
 unset($output);
-        exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
+// Parse package
-        check_error($return_var);
+$v_package = $_GET['package'];
-        $proxy_templates = json_decode(implode('', $output), true);
+$v_web_template = $data[$v_package]['WEB_TEMPLATE'];
-        unset($output);
+$v_proxy_template = $data[$v_package]['PROXY_TEMPLATE'];
 $v_dns_template = $data[$v_package]['DNS_TEMPLATE'];
 $v_web_domains = $data[$v_package]['WEB_DOMAINS'];
 $v_web_aliases = $data[$v_package]['WEB_ALIASES'];
 $v_dns_domains = $data[$v_package]['DNS_DOMAINS'];
 $v_dns_records = $data[$v_package]['DNS_RECORDS'];
 $v_mail_domains = $data[$v_package]['MAIL_DOMAINS'];
 $v_mail_accounts = $data[$v_package]['MAIL_ACCOUNTS'];
 $v_databases = $data[$v_package]['DATABASES'];
 $v_cron_jobs = $data[$v_package]['CRON_JOBS'];
 $v_disk_quota = $data[$v_package]['DISK_QUOTA'];
 $v_bandwidth = $data[$v_package]['BANDWIDTH'];
 $v_shell = $data[$v_package]['SHELL'];
 $v_ns = $data[$v_package]['NS'];
 $nameservers = explode(", ", $v_ns);
 $v_ns1 = $nameservers[0];
 $v_ns2 = $nameservers[1];
 $v_ns3 = $nameservers[2];
 $v_ns4 = $nameservers[3];
 $v_backups = $data[$v_package]['BACKUPS'];
 $v_date = $data[$v_package]['DATE'];
 $v_time = $data[$v_package]['TIME'];
 $v_status =  'active';
-        exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
+// List web templates
-        check_error($return_var);
+exec (VESTA_CMD."v-list-web-templates json", $output, $return_var);
-        $dns_templates = json_decode(implode('', $output), true);
+$web_templates = json_decode(implode('', $output), true);
-        unset($output);
+unset($output);
-        exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
+// List proxy templates
-        check_error($return_var);
+exec (VESTA_CMD."v-list-web-templates-proxy json", $output, $return_var);
-        $shells = json_decode(implode('', $output), true);
+$proxy_templates = json_decode(implode('', $output), true);
-        unset($output);
+unset($output);
-        // Action
+// List dns templates
-        if (!empty($_POST['save'])) {
+exec (VESTA_CMD."v-list-dns-templates json", $output, $return_var);
-            // Check input
+$dns_templates = json_decode(implode('', $output), true);
 unset($output);
 // List shels
 exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
 $shells = json_decode(implode('', $output), true);
 unset($output);
 // Check POST request
 if (!empty($_POST['save'])) {
    // Check empty fields
    if (empty($_POST['v_package'])) $errors[] = __('package');
    if (empty($_POST['v_web_template'])) $errors[] = __('web template');
    if (empty($_POST['v_proxy_template'])) $errors[] = __('proxy template');
@ -97,6 +96,16 @@ if ($_SESSION['user'] == 'admin') {
    if (!isset($_POST['v_bandwidth'])) $errors[] = __('bandwidth');
    if (empty($_POST['v_ns1'])) $errors[] = __('ns1');
    if (empty($_POST['v_ns2'])) $errors[] = __('ns2');
    if (!empty($errors[0])) {
        foreach ($errors as $i => $error) {
            if ( $i == 0 ) {
                $error_msg = $error;
            } else {
                $error_msg = $error_msg.", ".$error;
            }
        }
        $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
    }
    // Protect input
    $v_package = escapeshellarg($_POST['v_package']);
@ -126,22 +135,12 @@ if ($_SESSION['user'] == 'admin') {
    $v_time = escapeshellarg(date('H:i:s'));
    $v_date = escapeshellarg(date('Y-m-d'));
-            // Check for errors
+    // Create temprorary directory
            if (!empty($errors[0])) {
                foreach ($errors as $i => $error) {
                    if ( $i == 0 ) {
                        $error_msg = $error;
                    } else {
                        $error_msg = $error_msg.", ".$error;
                    }
                }
                $_SESSION['error_msg'] = __('Field "%s" can not be blank.',$error_msg);
            } else {
    exec ('mktemp -d', $output, $return_var);
    $tmpdir = $output[0];
    unset($output);
-                // Create package
+    // Save package file on a fs
    $pkg = "WEB_TEMPLATE=".$v_web_template."\n";
    $pkg .= "PROXY_TEMPLATE=".$v_proxy_template."\n";
    $pkg .= "DNS_TEMPLATE=".$v_dns_template."\n";
@ -160,20 +159,16 @@ if ($_SESSION['user'] == 'admin') {
    $pkg .= "BACKUPS=".$v_backups."\n";
    $pkg .= "TIME=".$v_time."\n";
    $pkg .= "DATE=".$v_date."\n";
                // Write package
    $fp = fopen($tmpdir."/".$_POST['v_package'].".pkg", 'w');
    fwrite($fp, $pkg);
    fclose($fp);
-                // Rewrite package
+    // Save changes
                if (empty($_SESSION['error_msg'])) {
    exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var);
    check_return_code($return_var,$output);
    unset($output);
                }
-                // Remove tmpdir
+    // Remove temporary dir
    exec ('rm -rf '.$tmpdir, $output, $return_var);
    unset($output);
@ -182,17 +177,25 @@ if ($_SESSION['user'] == 'admin') {
    check_return_code($return_var,$output);
    unset($output);
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('Changes has been saved.');
    }
            }
        }
    }
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_package.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
 // Panel
 top_panel($user,$TAB);
 // Display body
 include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_package.html');
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');
--- a/web/edit/user/index.php
+++ b/web/edit/user/index.php
@ -3,68 +3,76 @@
 error_reporting(NULL);
 ob_start();
 session_start();
 $TAB = 'USER';
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
 // Header
 include($_SERVER['DOCUMENT_ROOT'].'/templates/header.html');
-// Are you admin?
+// Check user argument
-if ($_SESSION['user'] == 'admin') {
+if (empty($_GET['user'])) {
    // Check user argument?
    if (empty($_GET['user'])) {
    header("Location: /list/user/");
    exit;
-    }
+}
-    // Check user
+// Edit as someone else?
-    $v_username = escapeshellarg($_GET['user']);
+if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
-    exec (VESTA_CMD."v-list-user ".$v_username." json", $output, $return_var);
+    $user=$_GET['user'];
-    check_return_code($return_var,$output);
+    $v_username=$_GET['user'];
-    if (empty($_SESSION['error_msg'])) {
+} else {
-        $data = json_decode(implode('', $output), true);
+    $user=$_SESSION['user'];
-        unset($output);
+    $v_username=$_SESSION['user'];
-        $v_username = $_GET['user'];
+}
-        $v_password = "••••••••";
+
-        $v_email = $data[$v_username]['CONTACT'];
+// List user
-        $v_package = $data[$v_username]['PACKAGE'];
+exec (VESTA_CMD."v-list-user ".$v_username." json", $output, $return_var);
-        $v_language = $data[$v_username]['LANGUAGE'];
+check_return_code($return_var,$output);
-        $v_fname = $data[$v_username]['FNAME'];
+$data = json_decode(implode('', $output), true);
-        $v_lname = $data[$v_username]['LNAME'];
+unset($output);
-        $v_shell = $data[$v_username]['SHELL'];
+
-        $v_ns = $data[$v_username]['NS'];
+// Parse user
-        $nameservers = explode(", ", $v_ns);
+$v_password = "••••••••";
-        $v_ns1 = $nameservers[0];
+$v_email = $data[$v_username]['CONTACT'];
-        $v_ns2 = $nameservers[1];
+$v_package = $data[$v_username]['PACKAGE'];
-        $v_ns3 = $nameservers[2];
+$v_language = $data[$v_username]['LANGUAGE'];
-        $v_ns4 = $nameservers[3];
+$v_fname = $data[$v_username]['FNAME'];
-        $v_suspended = $data[$v_username]['SUSPENDED'];
+$v_lname = $data[$v_username]['LNAME'];
-        if ( $v_suspended == 'yes' ) {
+$v_shell = $data[$v_username]['SHELL'];
 $v_ns = $data[$v_username]['NS'];
 $nameservers = explode(", ", $v_ns);
 $v_ns1 = $nameservers[0];
 $v_ns2 = $nameservers[1];
 $v_ns3 = $nameservers[2];
 $v_ns4 = $nameservers[3];
 $v_suspended = $data[$v_username]['SUSPENDED'];
 if ( $v_suspended == 'yes' ) {
    $v_status =  'suspended';
-        } else {
+} else {
    $v_status =  'active';
-        }
+}
-        $v_time = $data[$v_username]['TIME'];
+$v_time = $data[$v_username]['TIME'];
-        $v_date = $data[$v_username]['DATE'];
+$v_date = $data[$v_username]['DATE'];
-        exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
+// List packages
-        $packages = json_decode(implode('', $output), true);
+exec (VESTA_CMD."v-list-user-packages json", $output, $return_var);
-        unset($output);
+$packages = json_decode(implode('', $output), true);
 unset($output);
-        exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
+// List lanugages
-        $languages = json_decode(implode('', $output), true);
+exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
-        unset($output);
+$languages = json_decode(implode('', $output), true);
 unset($output);
-        exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
+// List shells
-        $shells = json_decode(implode('', $output), true);
+exec (VESTA_CMD."v-list-sys-shells json", $output, $return_var);
-        unset($output);
+$shells = json_decode(implode('', $output), true);
-    }
+unset($output);
-    // Action
+// Are you admin?
-    if (!empty($_POST['save'])) {
+
-        $v_username = escapeshellarg($_POST['v_username']);
+// Check POST request
 if (!empty($_POST['save'])) {
    // Change password
    if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
@ -75,8 +83,8 @@ if ($_SESSION['user'] == 'admin') {
        unset($output);
    }
-        // Change package
+    // Change package (admin only)
-        if (($v_package != $_POST['v_package']) && (empty($_SESSION['error_msg']))) {
+    if (($v_package != $_POST['v_package']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
        $v_package = escapeshellarg($_POST['v_package']);
        exec (VESTA_CMD."v-change-user-package ".$v_username." ".$v_package, $output, $return_var);
        check_return_code($return_var,$output);
@ -92,8 +100,8 @@ if ($_SESSION['user'] == 'admin') {
        unset($output);
    }
-        // Change shell
+    // Change shell (admin only)
-        if (($v_shell != $_POST['v_shell']) && (empty($_SESSION['error_msg']))) {
+    if (($v_shell != $_POST['v_shell']) && ($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
        $v_shell = escapeshellarg($_POST['v_shell']);
        exec (VESTA_CMD."v-change-user-shell ".$v_username." ".$v_shell, $output, $return_var);
        check_return_code($return_var,$output);
@ -102,19 +110,19 @@ if ($_SESSION['user'] == 'admin') {
    // Change contact email
    if (($v_email != $_POST['v_email']) && (empty($_SESSION['error_msg']))) {
            // Validate email
        if (!filter_var($_POST['v_email'], FILTER_VALIDATE_EMAIL)) {
            $_SESSION['error_msg'] = __('Please enter valid email address.');
        } else {
            $v_email = escapeshellarg($_POST['v_email']);
            exec (VESTA_CMD."v-change-user-contact ".$v_username." ".$v_email, $output, $return_var);
            check_return_code($return_var,$output);
            }
            unset($output);
        }
    }
-        // Change Name
+    // Change full name (admin only)
-        if (($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname']) && (empty($_SESSION['error_msg']))) {
+    if (($v_fname != $_POST['v_fname']) || ($v_lname != $_POST['v_lname'])) {
        if (($_SESSION['user'] == 'admin') && (empty($_SESSION['error_msg']))) {
            $v_fname = escapeshellarg($_POST['v_fname']);
            $v_lname = escapeshellarg($_POST['v_lname']);
            exec (VESTA_CMD."v-change-user-name ".$v_username." ".$v_fname." ".$v_lname, $output, $return_var);
@ -123,97 +131,6 @@ if ($_SESSION['user'] == 'admin') {
            $v_fname = $_POST['v_fname'];
            $v_lname = $_POST['v_lname'];
        }
        // Change NameServers
        if (($v_ns1 != $_POST['v_ns1']) || ($v_ns2 != $_POST['v_ns2']) || ($v_ns3 != $_POST['v_ns3']) || ($v_ns4 != $_POST['v_ns4']) && (empty($_SESSION['error_msg']))) {
            $v_ns1 = escapeshellarg($_POST['v_ns1']);
            $v_ns2 = escapeshellarg($_POST['v_ns2']);
            $v_ns3 = escapeshellarg($_POST['v_ns3']);
            $v_ns4 = escapeshellarg($_POST['v_ns4']);
            $ns_cmd = VESTA_CMD."v-change-user-ns ".$v_username." ".$v_ns1." ".$v_ns2;
            if (!empty($_POST['v_ns3'])) $ns_cmd = $ns_cmd." ".$v_ns3;
            if (!empty($_POST['v_ns4'])) $ns_cmd = $ns_cmd." ".$v_ns4;
            exec ($ns_cmd, $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
        }
        if (empty($_SESSION['error_msg'])) {
            $_SESSION['ok_msg'] = __('Changes has been saved.');
        }
    }
    // Panel
    top_panel($user,$TAB);
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_user.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 } else {
    // Check user argument?
    if (empty($_GET['user'])) {
        header("Location: /list/user/");
        exit;
    }
    // Check user
    $v_username = $user;
    exec (VESTA_CMD."v-list-user ".$v_username." json", $output, $return_var);
    check_return_code($return_var,$output);
    if (empty($_SESSION['error_msg'])) {
        $data = json_decode(implode('', $output), true);
        unset($output);
        $v_password = "••••••••";
        $v_email = $data[$v_username]['CONTACT'];
        $v_fname = $data[$v_username]['FNAME'];
        $v_lname = $data[$v_username]['LNAME'];
        $v_language = $data[$v_username]['LANGUAGE'];
        $v_ns = $data[$v_username]['NS'];
        $nameservers = explode(", ", $v_ns);
        $v_ns1 = $nameservers[0];
        $v_ns2 = $nameservers[1];
        $v_ns3 = $nameservers[2];
        $v_ns4 = $nameservers[3];
        $v_suspended = $data[$v_username]['SUSPENDED'];
        if ( $v_suspended == 'yes' ) {
            $v_status =  'suspended';
        } else {
            $v_status =  'active';
        }
        $v_time = $data[$v_username]['TIME'];
        $v_date = $data[$v_username]['DATE'];
        exec (VESTA_CMD."v-list-sys-languages json", $output, $return_var);
        $languages = json_decode(implode('', $output), true);
        unset($output);
    }
    // Action
    if (!empty($_POST['save'])) {
        // Change password
        if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
            $v_password = escapeshellarg($_POST['v_password']);
            exec (VESTA_CMD."v-change-user-password ".$v_username." ".$v_password, $output, $return_var);
            check_return_code($return_var,$output);
            $v_password = "••••••••";
            unset($output);
        }
        // Change language
        if (($v_language != $_POST['v_language']) && (empty($_SESSION['error_msg']))) {
            $v_language = escapeshellarg($_POST['v_language']);
            exec (VESTA_CMD."v-change-user-language ".$v_username." ".$v_language, $output, $return_var);
            check_return_code($return_var,$output);
            if (empty($_SESSION['error_msg'])) $_SESSION['language'] = $_POST['v_language'];
            unset($output);
        }
        // Change contact email
        if (($v_email != $_POST['v_email']) && (empty($_SESSION['error_msg']))) {
            $v_email = escapeshellarg($_POST['v_email']);
            exec (VESTA_CMD."v-change-user-contact ".$v_username." ".$v_email, $output, $return_var);
            check_return_code($return_var,$output);
            unset($output);
    }
    // Change NameServers
@ -230,17 +147,25 @@ if ($_SESSION['user'] == 'admin') {
        unset($output);
    }
    // Set success message
    if (empty($_SESSION['error_msg'])) {
        $_SESSION['ok_msg'] = __('Changes has been saved.');
    }
    }
    // Panel
    top_panel($user,$TAB);
    include($_SERVER['DOCUMENT_ROOT'].'/templates/user/edit_user.html');
    unset($_SESSION['error_msg']);
    unset($_SESSION['ok_msg']);
 }
 // Panel
 top_panel($user,$TAB);
 // Display body
 if ($_SESSION['user'] == 'admin') {
    include($_SERVER['DOCUMENT_ROOT'].'/templates/admin/edit_user.html');
 } else {
    include($_SERVER['DOCUMENT_ROOT'].'/templates/user/edit_user.html');
 }
 // Flush session messages
 unset($_SESSION['error_msg']);
 unset($_SESSION['ok_msg']);
 // Footer
 include($_SERVER['DOCUMENT_ROOT'].'/templates/footer.html');