Merge pull request #5106 from mailcow/staging

2023-03
Merge pull request #5104 from svengo/patch-4
2023-03-03 17:34:24 +01:00 · 2023-03-03 12:44:00 +01:00 · 2023-03-03 12:41:24 +01:00 · 2023-03-03 12:34:23 +01:00 · 2023-03-03 12:09:14 +01:00 · 2023-03-03 12:04:07 +01:00
230 changed files with 64972 additions and 10991 deletions
--- a/.github/ISSUE_TEMPLATE/Bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/Bug_report.yml
@@ -26,21 +26,21 @@ body:
    attributes:
      label: Description
      description: Please provide a brief description of the bug in 1-2 sentences. If applicable, add screenshots to help explain your problem. Very useful for bugs in mailcow UI.
-      render: text
+      render: plain text
    validations:
      required: true
  - type: textarea
    attributes:
      label: "Logs:"
      description: "Please take a look at the [official documentation](https://docs.mailcow.email/troubleshooting/debug-logs/) and post the last few lines of logs, when the error occurs. For example, docker container logs of affected containers. This will be automatically formatted into code, so no need for backticks."
-      render: text
+      render: plain text
    validations:
      required: true
  - type: textarea
    attributes:
      label: "Steps to reproduce:"
      description: "Please describe the steps to reproduce the bug. Screenshots can be added, if helpful."
-      render: text
+      render: plain text
      placeholder: |-
        1. ...
        2. ...
@@ -117,41 +117,41 @@ body:
    attributes:
      label: "Logs of git diff:"
      description: "#### Output of `git diff origin/master`, any other changes to the code? If so, **please post them**:"
-      render: text
+      render: plain text
    validations:
      required: true
  - type: textarea
    attributes:
      label: "Logs of iptables -L -vn:"
      description: "#### Output of `iptables -L -vn`"
-      render: text
+      render: plain text
    validations:
      required: true
  - type: textarea
    attributes:
      label: "Logs of ip6tables -L -vn:"
      description: "#### Output of `ip6tables -L -vn`"
-      render: text
+      render: plain text
    validations:
      required: true
  - type: textarea
    attributes:
      label: "Logs of iptables -L -vn -t nat:"
      description: "#### Output of `iptables -L -vn -t nat`"
-      render: text
+      render: plain text
    validations:
      required: true
  - type: textarea
    attributes:
      label: "Logs of ip6tables -L -vn -t nat:"
      description: "#### Output of `ip6tables -L -vn -t nat`"
-      render: text
+      render: plain text
    validations:
      required: true
  - type: textarea
    attributes:
      label: "DNS check:"
      description: "#### Output of `docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254` (set the IP accordingly, if you changed the internal mailcow network)"
-      render: text
+      render: plain text
    validations:
      required: true
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -0,0 +1,31 @@
 {
  "enabled": true,
  "timezone": "Europe/Berlin",
  "dependencyDashboard": true,
  "dependencyDashboardTitle": "Renovate Dashboard",
  "commitBody": "Signed-off-by: milkmaker <milkmaker@mailcow.de>",
  "rebaseWhen": "auto",
  "labels": ["renovate"],
  "assignees": [
    "@magiccc"
  ],
  "baseBranches": ["staging"],
  "enabledManagers": ["github-actions", "regex", "docker-compose"],
  "ignorePaths": [
    "data\/web\/inc\/lib\/vendor\/matthiasmullie\/minify\/**"
  ],
  "regexManagers": [
    {
      "fileMatch": ["^helper-scripts\/nextcloud.sh$"],
      "matchStrings": [
        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?( extractVersion=(?<extractVersion>.*?))?\\s.*?_VERSION=(?<currentValue>.*)"
       ]
    },
    {
      "fileMatch": ["(^|/)Dockerfile[^/]*$"],
      "matchStrings": [
        "#\\srenovate:\\sdatasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s(ENV|ARG) .*?_VERSION=(?<currentValue>.*)\\s"
       ]
    }
  ]
 }
--- a/.github/workflows/check_prs_if_on_staging.yml
+++ b/.github/workflows/check_prs_if_on_staging.yml
@@ -10,7 +10,7 @@ jobs:
    if: github.event.pull_request.base.ref != 'staging' #check if the target branch is not staging
    steps:
      - name: Send message
-        uses: thollander/actions-comment-pull-request@main
+        uses: thollander/actions-comment-pull-request@v2.3.1
        with:
          GITHUB_TOKEN: ${{ secrets.CHECKIFPRISSTAGING_ACTION_PAT }}
          message: |
--- a/.github/workflows/close_old_issues_and_prs.yml
+++ b/.github/workflows/close_old_issues_and_prs.yml
@@ -14,7 +14,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Mark/Close Stale Issues and Pull Requests 🗑️
-        uses: actions/stale@v6.0.1
+        uses: actions/stale@v7.0.0
        with:
          repo-token: ${{ secrets.STALE_ACTION_PAT }}
          days-before-stale: 60
--- a/.github/workflows/image_builds.yml
+++ b/.github/workflows/image_builds.yml
@@ -33,13 +33,11 @@ jobs:
        run: |
          curl -sSL https://get.docker.com/ | CHANNEL=stable sudo sh
          sudo service docker start
          sudo curl -L https://github.com/docker/compose/releases/download/v$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
          sudo chmod +x /usr/local/bin/docker-compose
      - name: Prepair Image Builds
        run: |
          cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
      - name: Build Docker Images
        run: |
-          docker-compose build ${image}
+          docker compose build ${image}
        env:
          image: ${{ matrix.images }}
--- a/.github/workflows/integration_tests.yml
+++ b/.github/workflows/integration_tests.yml
@@ -1,63 +0,0 @@
 name: mailcow Integration Tests
 on:
  push:
    branches: [ "master", "staging" ]
  workflow_dispatch:
 permissions:
  contents: read
 jobs:
  integration_tests:
    runs-on: ubuntu-latest
    steps:
      - name: Setup Ansible
        run: |
          export DEBIAN_FRONTEND=noninteractive
          sudo apt-get update
          sudo apt-get install python3 python3-pip git
          sudo pip3 install ansible
      - name: Prepair Test Environment
        run: |
          git clone https://github.com/mailcow/mailcow-integration-tests.git --branch $(curl -sL https://api.github.com/repos/mailcow/mailcow-integration-tests/releases/latest | jq -r '.tag_name') --single-branch .
          ./fork_check.sh
          ./ci.sh
          ./ci-pip-requirements.sh
        env:
          VAULT_PW: ${{ secrets.MAILCOW_TESTS_VAULT_PW }}
          VAULT_FILE: ${{ secrets.MAILCOW_TESTS_VAULT_FILE }}
      - name: Start Integration Test Server
        run: |
          ./fork_check.sh
          ansible-playbook mailcow-start-server.yml --diff
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
          ANSIBLE_HOST_KEY_CHECKING: 'false'
      - name: Setup Integration Test Server
        run: |
          ./fork_check.sh
          sleep 30
          ansible-playbook mailcow-setup-server.yml --private-key id_ssh_rsa --diff
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
          ANSIBLE_HOST_KEY_CHECKING: 'false'
      - name: Run Integration Tests
        run: |
          ./fork_check.sh
          ansible-playbook mailcow-integration-tests.yml --private-key id_ssh_rsa --diff
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
          ANSIBLE_HOST_KEY_CHECKING: 'false'
      - name: Delete Integration Test Server
        if: always()
        run: |
          ./fork_check.sh
          ansible-playbook mailcow-delete-server.yml --diff
        env:
          PY_COLORS: '1'
          ANSIBLE_FORCE_COLOR: '1'
          ANSIBLE_HOST_KEY_CHECKING: 'false'
--- a/.github/workflows/pr_to_nightly.yml
+++ b/.github/workflows/pr_to_nightly.yml
@@ -12,7 +12,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: Run the Action
-        uses: devops-infra/action-pull-request@v0.5.3
+        uses: devops-infra/action-pull-request@v0.5.5
        with:
          github_token: ${{ secrets.PRTONIGHTLY_ACTION_PAT }}
          title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}
--- a/.github/workflows/rebuild_backup_image.yml
+++ b/.github/workflows/rebuild_backup_image.yml
@@ -26,7 +26,7 @@ jobs:
          password: ${{ secrets.BACKUPIMAGEBUILD_ACTION_DOCKERHUB_TOKEN }}
      - name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
        with:
          context: .
          file: data/Dockerfiles/backup/Dockerfile
--- a/.github/workflows/tweet-trigger-publish-release.yml
+++ b/.github/workflows/tweet-trigger-publish-release.yml
@@ -1,20 +0,0 @@
 name: "Tweet trigger release"
 on:
  release:
    types: [published]
 jobs:
  tweet:
    runs-on: ubuntu-latest
    steps:
      - name: "Get Release Tag"
        run:  |
          RELEASE_TAG=$(curl https://api.github.com/repos/mailcow/mailcow-dockerized/releases/latest | jq -r '.tag_name')
      - name: Tweet-trigger-publish-release
        uses: mugi111/tweet-trigger-release@v1.1
        with:
          consumer_key: ${{ secrets.CONSUMER_KEY }}
          consumer_secret: ${{ secrets.CONSUMER_SECRET }}
          access_token_key: ${{ secrets.ACCESS_TOKEN_KEY }}
          access_token_secret: ${{ secrets.ACCESS_TOKEN_SECRET }}
          tweet_body: '$RELEASE_TAG is here! Checkout the GitHub Page for changelog regarding the $RELEASE_TAG Release: github.com/mailcow/mailcow-dockerized/releases/tag/$RELEASE_TAG'
--- a/README.md
+++ b/README.md
@@ -1,8 +1,5 @@
 # mailcow: dockerized - 🐮 + 🐋 = 💕
 ## We stand with 🇺🇦
 [![Mailcow Integration Tests](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml/badge.svg?branch=master)](https://github.com/mailcow/mailcow-dockerized/actions/workflows/integration_tests.yml)
 [![Translation status](https://translate.mailcow.email/widgets/mailcow-dockerized/-/translation/svg-badge.svg)](https://translate.mailcow.email/engage/mailcow-dockerized/)
 [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/mailcow_email.svg?style=social&label=Follow%20%40mailcow_email)](https://twitter.com/mailcow_email)
@@ -36,3 +33,9 @@ Telegram desktop clients are available for [multiple platforms](https://desktop.
 **Important**: mailcow makes use of various open-source software. Please assure you agree with their license before using mailcow.
 Any part of mailcow itself is released under **GNU General Public License, Version 3**.
 mailcow is a registered word mark of The Infrastructure Company GmbH, Parkstr. 42, 47877 Willich, Germany.
 The project is managed and maintained by The Infrastructure Company GmbH.
 Originated from @andryyy (André)
--- a/data/Dockerfiles/acme/Dockerfile
+++ b/data/Dockerfiles/acme/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
--- a/data/Dockerfiles/acme/acme.sh
+++ b/data/Dockerfiles/acme/acme.sh
@@ -213,11 +213,13 @@ while true; do
  done
  ADDITIONAL_WC_ARR+=('autodiscover' 'autoconfig')
  if [[ ${SKIP_IP_CHECK} != "y" ]]; then
  # Start IP detection
  log_f "Detecting IP addresses..."
  IPV4=$(get_ipv4)
  IPV6=$(get_ipv6)
  log_f "OK: ${IPV4}, ${IPV6:-"0000:0000:0000:0000:0000:0000:0000:0000"}"
  fi
  #########################################
  # IP and webroot challenge verification #
--- a/data/Dockerfiles/clamd/Dockerfile
+++ b/data/Dockerfiles/clamd/Dockerfile
@@ -1,4 +1,4 @@
-FROM clamav/clamav:0.105.1_base
+FROM clamav/clamav:1.0.1-1_base
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
--- a/data/Dockerfiles/dockerapi/Dockerfile
+++ b/data/Dockerfiles/dockerapi/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
@@ -8,11 +8,15 @@ RUN apk add --update --no-cache python3 \
  py3-pip \
  openssl \
  tzdata \
  py3-psutil \
 && pip3 install --upgrade pip \
  fastapi \
  uvicorn \
  aiodocker \
  docker \
-  flask \
+  redis 
  flask-restful
 COPY docker-entrypoint.sh /app/
 COPY dockerapi.py /app/
-CMD ["python3", "-u", "/app/dockerapi.py"]
+ENTRYPOINT ["/bin/sh", "/app/docker-entrypoint.sh"]
--- a/data/Dockerfiles/dockerapi/docker-entrypoint.sh
+++ b/data/Dockerfiles/dockerapi/docker-entrypoint.sh
@@ -0,0 +1,9 @@
 #!/bin/bash
 `openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
  -keyout /app/dockerapi_key.pem \
  -out /app/dockerapi_cert.pem \
  -subj /CN=dockerapi/O=mailcow \
  -addext subjectAltName=DNS:dockerapi`
 `uvicorn --host 0.0.0.0 --port 443 --ssl-certfile=/app/dockerapi_cert.pem --ssl-keyfile=/app/dockerapi_key.pem dockerapi:app`
--- a/data/Dockerfiles/dockerapi/dockerapi.py
+++ b/data/Dockerfiles/dockerapi/dockerapi.py
@@ -1,233 +1,326 @@
-#!/usr/bin/env python3
+from fastapi import FastAPI, Response, Request
-
+import aiodocker
 from flask import Flask
 from flask_restful import Resource, Api
 from flask import jsonify
 from flask import Response
 from flask import request
 from threading import Thread
 import docker
-import uuid
+import psutil
-import signal
+import sys
 import re
 import time
 import os
-import re
+import json
-import sys
+import asyncio
-import ssl
+import redis
-import socket
+from datetime import datetime
-import subprocess
+import logging
-import traceback
+from logging.config import dictConfig
 docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
 app = Flask(__name__)
 api = Api(app)
-class containers_get(Resource):
+log_config = {
-  def get(self):
+    "version": 1,
-    containers = {}
+    "disable_existing_loggers": False,
    "formatters": {
        "default": {
            "()": "uvicorn.logging.DefaultFormatter",
            "fmt": "%(levelprefix)s %(asctime)s %(message)s",
            "datefmt": "%Y-%m-%d %H:%M:%S",
        },
    },
    "handlers": {
        "default": {
            "formatter": "default",
            "class": "logging.StreamHandler",
            "stream": "ext://sys.stderr",
        },
    },
    "loggers": {
        "api-logger": {"handlers": ["default"], "level": "INFO"},
    },
 }
 dictConfig(log_config)
 containerIds_to_update = []
 host_stats_isUpdating = False
 app = FastAPI()
 logger = logging.getLogger('api-logger')
@app.get("/host/stats")
 async def get_host_update_stats():
  global host_stats_isUpdating
  if host_stats_isUpdating == False:
    asyncio.create_task(get_host_stats())
    host_stats_isUpdating = True
  while True:
    if redis_client.exists('host_stats'):
      break
    await asyncio.sleep(1.5)
  stats = json.loads(redis_client.get('host_stats'))
  return Response(content=json.dumps(stats, indent=4), media_type="application/json")
@app.get("/containers/{container_id}/json")
 async def get_container(container_id : str):
  if container_id and container_id.isalnum():
    try:
-      for container in docker_client.containers.list(all=True):
+      for container in (await async_docker_client.containers.list()):
-        containers.update({container.attrs['Id']: container.attrs})
+        if container._id == container_id:
-      return containers
+          container_info = await container.show()
          return Response(content=json.dumps(container_info, indent=4), media_type="application/json")
      res = {
        "type": "danger",
        "msg": "no container found"
      }
      return Response(content=json.dumps(res, indent=4), media_type="application/json")
    except Exception as e:
-      return jsonify(type='danger', msg=str(e))
+      res = {
        "type": "danger",
        "msg": str(e)
      }
      return Response(content=json.dumps(res, indent=4), media_type="application/json")
  else:
    res = {
      "type": "danger",
      "msg": "no or invalid id defined"
    }
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
-class container_get(Resource):
+@app.get("/containers/json")
-  def get(self, container_id):
+async def get_containers():
-    if container_id and container_id.isalnum():
+  containers = {}
-      try:
+  try:
-        for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+    for container in (await async_docker_client.containers.list()):
-          return container.attrs
+      container_info = await container.show()
-      except Exception as e:
+      containers.update({container_info['Id']: container_info})
-          return jsonify(type='danger', msg=str(e))
+    return Response(content=json.dumps(containers, indent=4), media_type="application/json")
-    else:
+  except Exception as e:
-      return jsonify(type='danger', msg='no or invalid id defined')
+    res = {
      "type": "danger",
      "msg": str(e)
    }
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
-class container_post(Resource):
+@app.post("/containers/{container_id}/{post_action}")
-  def post(self, container_id, post_action):
+async def post_containers(container_id : str, post_action : str, request: Request):
-    if container_id and container_id.isalnum() and post_action:
+  try : 
-      try:
+    request_json = await request.json()
-        """Dispatch container_post api call"""
+  except Exception as err:
-        if post_action == 'exec':
+    request_json = {}
          if not request.json or not 'cmd' in request.json:
            return jsonify(type='danger', msg='cmd is missing')
          if not request.json or not 'task' in request.json:
            return jsonify(type='danger', msg='task is missing')
-          api_call_method_name = '__'.join(['container_post', str(post_action), str(request.json['cmd']), str(request.json['task']) ])
+  if container_id and container_id.isalnum() and post_action:
-        else:
+    try:
-          api_call_method_name = '__'.join(['container_post', str(post_action) ])
+      """Dispatch container_post api call"""
      if post_action == 'exec':
        if not request_json or not 'cmd' in request_json:
          res = {
            "type": "danger",
            "msg": "cmd is missing"
          }
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        if not request_json or not 'task' in request_json:
          res = {
            "type": "danger",
            "msg": "task is missing"
          }
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-        api_call_method = getattr(self, api_call_method_name, lambda container_id: jsonify(type='danger', msg='container_post - unknown api call'))
+        api_call_method_name = '__'.join(['container_post', str(post_action), str(request_json['cmd']), str(request_json['task']) ])
      else:
        api_call_method_name = '__'.join(['container_post', str(post_action) ])
      docker_utils = DockerUtils(sync_docker_client)
      api_call_method = getattr(docker_utils, api_call_method_name, lambda container_id: Response(content=json.dumps({'type': 'danger', 'msg':'container_post - unknown api call' }, indent=4), media_type="application/json"))
-        print("api call: %s, container_id: %s" % (api_call_method_name, container_id))
+      logger.info("api call: %s, container_id: %s" % (api_call_method_name, container_id))
-        return api_call_method(container_id)
+      return api_call_method(container_id, request_json)
-      except Exception as e:
+    except Exception as e:
-        print("error - container_post: %s" % str(e))
+      logger.error("error - container_post: %s" % str(e))
-        return jsonify(type='danger', msg=str(e))
+      res = {
        "type": "danger",
        "msg": str(e)
      }
      return Response(content=json.dumps(res, indent=4), media_type="application/json")
-    else:
+  else:
-      return jsonify(type='danger', msg='invalid container id or missing action')
+    res = {
      "type": "danger",
      "msg": "invalid container id or missing action"
    }
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
@app.post("/container/{container_id}/stats/update")
 async def post_container_update_stats(container_id : str):
  global containerIds_to_update
  # start update task for container if no task is running
  if container_id not in containerIds_to_update:
    asyncio.create_task(get_container_stats(container_id))
    containerIds_to_update.append(container_id)
  while True:
    if redis_client.exists(container_id + '_stats'):
      break
    await asyncio.sleep(1.5)
  stats = json.loads(redis_client.get(container_id + '_stats'))
  return Response(content=json.dumps(stats, indent=4), media_type="application/json")
 class DockerUtils:
  def __init__(self, docker_client):
    self.docker_client = docker_client
  # api call: container_post - post_action: stop
-  def container_post__stop(self, container_id):
+  def container_post__stop(self, container_id, request_json):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
      container.stop()
    return jsonify(type='success', msg='command completed successfully')
    res = { 'type': 'success', 'msg': 'command completed successfully'}
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: start
-  def container_post__start(self, container_id):
+  def container_post__start(self, container_id, request_json):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
      container.start()
    return jsonify(type='success', msg='command completed successfully')
    res = { 'type': 'success', 'msg': 'command completed successfully'}
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: restart
-  def container_post__restart(self, container_id):
+  def container_post__restart(self, container_id, request_json):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
      container.restart()
    return jsonify(type='success', msg='command completed successfully')
    res = { 'type': 'success', 'msg': 'command completed successfully'}
    return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: top
-  def container_post__top(self, container_id):
+  def container_post__top(self, container_id, request_json):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
-      return jsonify(type='success', msg=container.top())
+      res = { 'type': 'success', 'msg': container.top()}
-
+      return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: stats
-  def container_post__stats(self, container_id):
+  def container_post__stats(self, container_id, request_json):
-    for container in docker_client.containers.list(all=True, filters={"id": container_id}):
+    for container in self.docker_client.containers.list(all=True, filters={"id": container_id}):
      for stat in container.stats(decode=True, stream=True):
-        return jsonify(type='success', msg=stat )
+        res = { 'type': 'success', 'msg': stat}
-
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: mailq - task: delete
-  def container_post__exec__mailq__delete(self, container_id):
+  def container_post__exec__mailq__delete(self, container_id, request_json):
-    if 'items' in request.json:
+    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
        flagged_qids = ['-d %s' % i for i in filtered_qids]
        sanitized_string = str(' '.join(flagged_qids));
-
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
        for container in docker_client.containers.list(filters={"id": container_id}):
          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
          return exec_run_handler('generic', postsuper_r)
  # api call: container_post - post_action: exec - cmd: mailq - task: hold
-  def container_post__exec__mailq__hold(self, container_id):
+  def container_post__exec__mailq__hold(self, container_id, request_json):
-    if 'items' in request.json:
+    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
        flagged_qids = ['-h %s' % i for i in filtered_qids]
        sanitized_string = str(' '.join(flagged_qids));
-
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
        for container in docker_client.containers.list(filters={"id": container_id}):
          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
          return exec_run_handler('generic', postsuper_r)
  # api call: container_post - post_action: exec - cmd: mailq - task: cat
-  def container_post__exec__mailq__cat(self, container_id):
+  def container_post__exec__mailq__cat(self, container_id, request_json):
-    if 'items' in request.json:
+    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
        sanitized_string = str(' '.join(filtered_qids));
-        for container in docker_client.containers.list(filters={"id": container_id}):
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
          postcat_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postcat -q " + sanitized_string], user='postfix')
        if not postcat_return:
          postcat_return = 'err: invalid'
        return exec_run_handler('utf8_text_only', postcat_return)
   # api call: container_post - post_action: exec - cmd: mailq - task: unhold
-  def container_post__exec__mailq__unhold(self, container_id):
+  def container_post__exec__mailq__unhold(self, container_id, request_json):
-    if 'items' in request.json:
+    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
        flagged_qids = ['-H %s' % i for i in filtered_qids]
        sanitized_string = str(' '.join(flagged_qids));
-
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
        for container in docker_client.containers.list(filters={"id": container_id}):
          postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
          return exec_run_handler('generic', postsuper_r)
  # api call: container_post - post_action: exec - cmd: mailq - task: deliver
-  def container_post__exec__mailq__deliver(self, container_id):
+  def container_post__exec__mailq__deliver(self, container_id, request_json):
-    if 'items' in request.json:
+    if 'items' in request_json:
      r = re.compile("^[0-9a-fA-F]+$")
-      filtered_qids = filter(r.match, request.json['items'])
+      filtered_qids = filter(r.match, request_json['items'])
      if filtered_qids:
        flagged_qids = ['-i %s' % i for i in filtered_qids]
-
+        for container in self.docker_client.containers.list(filters={"id": container_id}):
        for container in docker_client.containers.list(filters={"id": container_id}):
          for i in flagged_qids:
            postqueue_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postqueue " + i], user='postfix')
            # todo: check each exit code
-          return jsonify(type='success', msg=str("Scheduled immediate delivery"))
+          res = { 'type': 'success', 'msg': 'Scheduled immediate delivery'}
-
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-
+          
  # api call: container_post - post_action: exec - cmd: mailq - task: list
-  def container_post__exec__mailq__list(self, container_id):
+  def container_post__exec__mailq__list(self, container_id, request_json):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
      mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
      return exec_run_handler('utf8_text_only', mailq_return)
  # api call: container_post - post_action: exec - cmd: mailq - task: flush
-  def container_post__exec__mailq__flush(self, container_id):
+  def container_post__exec__mailq__flush(self, container_id, request_json):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
      postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
      return exec_run_handler('generic', postqueue_r)
  # api call: container_post - post_action: exec - cmd: mailq - task: super_delete
-  def container_post__exec__mailq__super_delete(self, container_id):
+  def container_post__exec__mailq__super_delete(self, container_id, request_json):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
      postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
      return exec_run_handler('generic', postsuper_r)
  # api call: container_post - post_action: exec - cmd: system - task: fts_rescan
-  def container_post__exec__system__fts_rescan(self, container_id):
+  def container_post__exec__system__fts_rescan(self, container_id, request_json):
-    if 'username' in request.json:
+    if 'username' in request_json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request.json['username'].replace("'", "'\\''") + "'"], user='vmail')
+        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -u '" + request_json['username'].replace("'", "'\\''") + "'"], user='vmail')
        if rescan_return.exit_code == 0:
-          return jsonify(type='success', msg='fts_rescan: rescan triggered')
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
-          return jsonify(type='warning', msg='fts_rescan error')
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
-
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
-    if 'all' in request.json:
+    if 'all' in request_json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
        rescan_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm fts rescan -A"], user='vmail')
        if rescan_return.exit_code == 0:
-          return jsonify(type='success', msg='fts_rescan: rescan triggered')
+          res = { 'type': 'success', 'msg': 'fts_rescan: rescan triggered'}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
-          return jsonify(type='warning', msg='fts_rescan error')
+          res = { 'type': 'warning', 'msg': 'fts_rescan error'}
-
+          return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: system - task: df
-  def container_post__exec__system__df(self, container_id):
+  def container_post__exec__system__df(self, container_id, request_json):
-    if 'dir' in request.json:
+    if 'dir' in request_json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request.json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
+        df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request_json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
        if df_return.exit_code == 0:
          return df_return.output.decode('utf-8').rstrip()
        else:
          return "0,0,0,0,0,0"
  # api call: container_post - post_action: exec - cmd: system - task: mysql_upgrade
-  def container_post__exec__system__mysql_upgrade(self, container_id):
+  def container_post__exec__system__mysql_upgrade(self, container_id, request_json):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_upgrade -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "'\n"], user='mysql')
      if sql_return.exit_code == 0:
        matched = False
@@ -235,103 +328,96 @@ class container_post(Resource):
          if 'is already upgraded to' in line:
            matched = True
        if matched:
-          return jsonify(type='success', msg='mysql_upgrade: already upgraded', text=sql_return.output.decode('utf-8'))
+          res = { 'type': 'success', 'msg':'mysql_upgrade: already upgraded', 'text': sql_return.output.decode('utf-8')}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
          container.restart()
-          return jsonify(type='warning', msg='mysql_upgrade: upgrade was applied', text=sql_return.output.decode('utf-8'))
+          res = { 'type': 'warning', 'msg':'mysql_upgrade: upgrade was applied', 'text': sql_return.output.decode('utf-8')}
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
      else:
-        return jsonify(type='error', msg='mysql_upgrade: error running command', text=sql_return.output.decode('utf-8'))
+        res = { 'type': 'error', 'msg': 'mysql_upgrade: error running command', 'text': sql_return.output.decode('utf-8')}
-
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: system - task: mysql_tzinfo_to_sql
-  def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id):
+  def container_post__exec__system__mysql_tzinfo_to_sql(self, container_id, request_json):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
      sql_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/mysql_tzinfo_to_sql /usr/share/zoneinfo | /bin/sed 's/Local time zone must be set--see zic manual page/FCTY/' | /usr/bin/mysql -uroot -p'" + os.environ['DBROOT'].replace("'", "'\\''") + "' mysql \n"], user='mysql')
      if sql_return.exit_code == 0:
-        return jsonify(type='info', msg='mysql_tzinfo_to_sql: command completed successfully', text=sql_return.output.decode('utf-8'))
+        res = { 'type': 'info', 'msg': 'mysql_tzinfo_to_sql: command completed successfully', 'text': sql_return.output.decode('utf-8')}
        return Response(content=json.dumps(res, indent=4), media_type="application/json")
      else:
-        return jsonify(type='error', msg='mysql_tzinfo_to_sql: error running command', text=sql_return.output.decode('utf-8'))
+        res = { 'type': 'error', 'msg': 'mysql_tzinfo_to_sql: error running command', 'text': sql_return.output.decode('utf-8')}
-
+        return Response(content=json.dumps(res, indent=4), media_type="application/json")
  # api call: container_post - post_action: exec - cmd: reload - task: dovecot
-  def container_post__exec__reload__dovecot(self, container_id):
+  def container_post__exec__reload__dovecot(self, container_id, request_json):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/dovecot reload"])
      return exec_run_handler('generic', reload_return)
  # api call: container_post - post_action: exec - cmd: reload - task: postfix
-  def container_post__exec__reload__postfix(self, container_id):
+  def container_post__exec__reload__postfix(self, container_id, request_json):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
      reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
      return exec_run_handler('generic', reload_return)
  # api call: container_post - post_action: exec - cmd: reload - task: nginx
-  def container_post__exec__reload__nginx(self, container_id):
+  def container_post__exec__reload__nginx(self, container_id, request_json):
-    for container in docker_client.containers.list(filters={"id": container_id}):
+    for container in self.docker_client.containers.list(filters={"id": container_id}):
      reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
      return exec_run_handler('generic', reload_return)
  # api call: container_post - post_action: exec - cmd: sieve - task: list
-  def container_post__exec__sieve__list(self, container_id):
+  def container_post__exec__sieve__list(self, container_id, request_json):
-    if 'username' in request.json:
+    if 'username' in request_json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"])
+        sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/bin/doveadm sieve list -u '" + request_json['username'].replace("'", "'\\''") + "'"])
        return exec_run_handler('utf8_text_only', sieve_return)
  # api call: container_post - post_action: exec - cmd: sieve - task: print
-  def container_post__exec__sieve__print(self, container_id):
+  def container_post__exec__sieve__print(self, container_id, request_json):
-    if 'username' in request.json and 'script_name' in request.json:
+    if 'username' in request.json and 'script_name' in request_json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request.json['username'].replace("'", "'\\''") + "' '" + request.json['script_name'].replace("'", "'\\''") + "'"]  
+        cmd = ["/bin/bash", "-c", "/usr/bin/doveadm sieve get -u '" + request_json['username'].replace("'", "'\\''") + "' '" + request_json['script_name'].replace("'", "'\\''") + "'"]  
        sieve_return = container.exec_run(cmd)
        return exec_run_handler('utf8_text_only', sieve_return)
  # api call: container_post - post_action: exec - cmd: maildir - task: cleanup
-  def container_post__exec__maildir__cleanup(self, container_id):
+  def container_post__exec__maildir__cleanup(self, container_id, request_json):
-    if 'maildir' in request.json:
+    if 'maildir' in request_json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        sane_name = re.sub(r'\W+', '', request.json['maildir'])
+        sane_name = re.sub(r'\W+', '', request_json['maildir'])
-        cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
+        cmd = ["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request_json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"]
        maildir_cleanup = container.exec_run(cmd, user='vmail')
        return exec_run_handler('generic', maildir_cleanup)
  # api call: container_post - post_action: exec - cmd: rspamd - task: worker_password
-  def container_post__exec__rspamd__worker_password(self, container_id):
+  def container_post__exec__rspamd__worker_password(self, container_id, request_json):
-    if 'raw' in request.json:
+    if 'raw' in request_json:
-      for container in docker_client.containers.list(filters={"id": container_id}):
+      for container in self.docker_client.containers.list(filters={"id": container_id}):
-        cmd = "/usr/bin/rspamadm pw -e -p '" + request.json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
+        cmd = "/usr/bin/rspamadm pw -e -p '" + request_json['raw'].replace("'", "'\\''") + "' 2> /dev/null"
        cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
        matched = False
        for line in cmd_response.split("\n"):
          if '$2$' in line:
            hash = line.strip()
            hash_out = re.search('\$2\$.+$', hash).group(0)
            rspamd_passphrase_hash = re.sub('[^0-9a-zA-Z\$]+', '', hash_out.rstrip())
            rspamd_password_filename = "/etc/rspamd/override.d/worker-controller-password.inc"
            cmd = '''/bin/echo 'enable_password = "%s";' > %s && cat %s''' % (rspamd_passphrase_hash, rspamd_password_filename, rspamd_password_filename)
            cmd_response = exec_cmd_container(container, cmd, user="_rspamd")
            if rspamd_passphrase_hash.startswith("$2$") and rspamd_passphrase_hash in cmd_response:
              container.restart()
              matched = True
        if matched:
-            return jsonify(type='success', msg='command completed successfully')
+          res = { 'type': 'success', 'msg': 'command completed successfully' }
          logger.info('success changing Rspamd password')
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
        else:
-            return jsonify(type='danger', msg='command did not complete')
+          logger.error('failed changing Rspamd password')
          res = { 'type': 'danger', 'msg': 'command did not complete' }
          return Response(content=json.dumps(res, indent=4), media_type="application/json")
 def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
  def recv_socket_data(c_socket, timeout):
    c_socket.setblocking(0)
-    total_data=[];
+    total_data=[]
-    data='';
+    data=''
    begin=time.time()
    while True:
      if total_data and time.time()-begin > timeout:
@@ -351,6 +437,7 @@ def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
      except:
        pass
    return ''.join(total_data)
  try :
    socket = container.exec_run([shell_cmd], stdin=True, socket=True, user=user).output._sock
@@ -360,60 +447,93 @@ def exec_cmd_container(container, cmd, user, timeout=2, shell_cmd="/bin/bash"):
    data = recv_socket_data(socket, timeout)
    socket.close()
    return data
  except Exception as e:
-    print("error - exec_cmd_container: %s" % str(e))
+    logger.error("error - exec_cmd_container: %s" % str(e))
    traceback.print_exc(file=sys.stdout)
 def exec_run_handler(type, output):
  if type == 'generic':
    if output.exit_code == 0:
-      return jsonify(type='success', msg='command completed successfully')
+      res = { 'type': 'success', 'msg': 'command completed successfully' }
      return Response(content=json.dumps(res, indent=4), media_type="application/json")
    else:
-      return jsonify(type='danger', msg='command failed: ' + output.output.decode('utf-8'))
+      res = { 'type': 'danger', 'msg': 'command failed: ' + output.output.decode('utf-8') }
      return Response(content=json.dumps(res, indent=4), media_type="application/json")
  if type == 'utf8_text_only':
-    r = Response(response=output.output.decode('utf-8'), status=200, mimetype="text/plain")
+    return Response(content=output.output.decode('utf-8'), media_type="text/plain")
    r.headers["Content-Type"] = "text/plain; charset=utf-8"
    return r
-class GracefulKiller:
+async def get_host_stats(wait=5):
-  kill_now = False
+  global host_stats_isUpdating
  def __init__(self):
    signal.signal(signal.SIGINT, self.exit_gracefully)
    signal.signal(signal.SIGTERM, self.exit_gracefully)
  def exit_gracefully(self, signum, frame):
    self.kill_now = True
 def create_self_signed_cert():
    process = subprocess.Popen(
      "openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout /app/dockerapi_key.pem -out /app/dockerapi_cert.pem -subj /CN=dockerapi/O=mailcow -addext subjectAltName=DNS:dockerapi".split(),
      stdout = subprocess.PIPE, stderr = subprocess.PIPE, shell=False
    )
    process.wait()
 def startFlaskAPI():
  create_self_signed_cert()
  try:
-    ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+    system_time = datetime.now()
-    ctx.check_hostname = False
+    host_stats = {
-    ctx.load_cert_chain(certfile='/app/dockerapi_cert.pem', keyfile='/app/dockerapi_key.pem')
+      "cpu": {
-  except:
+        "cores": psutil.cpu_count(),
-    print ("Cannot initialize TLS, retrying in 5s...")
+        "usage": psutil.cpu_percent()
-    time.sleep(5)
+      },
-  app.run(debug=False, host='0.0.0.0', port=443, threaded=True, ssl_context=ctx)
+      "memory": {
        "total": psutil.virtual_memory().total,
        "usage": psutil.virtual_memory().percent,
        "swap": psutil.swap_memory()
      },
      "uptime": time.time() - psutil.boot_time(),
      "system_time": system_time.strftime("%d.%m.%Y %H:%M:%S")
    }
-api.add_resource(containers_get, '/containers/json')
+    redis_client.set('host_stats', json.dumps(host_stats), ex=10)
-api.add_resource(container_get,  '/containers/<string:container_id>/json')
+  except Exception as e:
-api.add_resource(container_post, '/containers/<string:container_id>/<string:post_action>')
+    res = {
      "type": "danger",
      "msg": str(e)
    }
-if __name__ == '__main__':
+  await asyncio.sleep(wait)
-  api_thread = Thread(target=startFlaskAPI)
+  host_stats_isUpdating = False
-  api_thread.daemon = True
+  
-  api_thread.start()
+async def get_container_stats(container_id, wait=5, stop=False):
-  killer = GracefulKiller()
+  global containerIds_to_update
-  while True:
+
-    time.sleep(1)
+  if container_id and container_id.isalnum():
-    if killer.kill_now:
+    try:
-      break
+      for container in (await async_docker_client.containers.list()):
-  print ("Stopping dockerapi-mailcow")
+        if container._id == container_id:
          res = await container.stats(stream=False)
          if redis_client.exists(container_id + '_stats'):
            stats = json.loads(redis_client.get(container_id + '_stats'))
          else:
            stats = []
          stats.append(res[0])
          if len(stats) > 3:
            del stats[0]
          redis_client.set(container_id + '_stats', json.dumps(stats), ex=60)
    except Exception as e:
      res = {
        "type": "danger",
        "msg": str(e)
      }
  else:
    res = {
      "type": "danger",
      "msg": "no or invalid id defined"
    }
  await asyncio.sleep(wait)
  if stop == True:
    # update task was called second time, stop
    containerIds_to_update.remove(container_id)
  else:
    # call update task a second time
    await get_container_stats(container_id, wait=0, stop=True)
 if os.environ['REDIS_SLAVEOF_IP'] != "":
  redis_client = redis.Redis(host=os.environ['REDIS_SLAVEOF_IP'], port=os.environ['REDIS_SLAVEOF_PORT'], db=0)
 else:
  redis_client = redis.Redis(host='redis-mailcow', port=6379, db=0)
 sync_docker_client = docker.DockerClient(base_url='unix://var/run/docker.sock', version='auto')
 async_docker_client = aiodocker.Docker(url='unix:///var/run/docker.sock')
 logger.info('DockerApi started')
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -2,9 +2,12 @@ FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DOVECOT=2.3.19.1
+# renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
 ARG DOVECOT=2.3.20
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
 ENV LC_ALL C
-ENV GOSU_VERSION 1.14
+
 # Add groups and users before installing Dovecot to not break compatibility
 RUN groupadd -g 5000 vmail \
@@ -18,6 +21,7 @@ RUN groupadd -g 5000 vmail \
  && touch /etc/default/locale \
  && apt-get update \
  && apt-get -y --no-install-recommends install \
  build-essential \
  apt-transport-https \
  ca-certificates \
  cpanminus \
@@ -58,6 +62,7 @@ RUN groupadd -g 5000 vmail \
  libproc-processtable-perl \
  libreadonly-perl \
  libregexp-common-perl \
  libssl-dev \
  libsys-meminfo-perl \
  libterm-readkey-perl \
  libtest-deep-perl \
@@ -107,6 +112,8 @@ RUN groupadd -g 5000 vmail \
  && apt-get autoclean \
  && rm -rf /var/lib/apt/lists/* \
  && rm -rf /tmp/* /var/tmp/* /root/.cache/
 # imapsync dependencies
 RUN cpan Crypt::OpenSSL::PKCS12
 COPY trim_logs.sh /usr/local/bin/trim_logs.sh
 COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh
--- a/data/Dockerfiles/dovecot/imapsync
+++ b/data/Dockerfiles/dovecot/imapsync
@@ -8492,6 +8492,7 @@ sub xoauth2
        require HTML::Entities ;
        require JSON ;
        require JSON::WebToken::Crypt::RSA ;
        require Crypt::OpenSSL::PKCS12;
        require Crypt::OpenSSL::RSA ;
        require Encode::Byte ;
        require IO::Socket::SSL ;
@@ -8532,8 +8533,9 @@ sub xoauth2
            $sync->{ debug } and myprint( "Service account: $iss\nKey file: $keyfile\nKey password: $keypass\n");
-            # Get private key from p12 file (would be better in perl...)
+            # Get private key from p12 file
-            $key = `openssl pkcs12 -in "$keyfile" -nodes -nocerts -passin pass:$keypass -nomacver`;
+            my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file($keyfile);
            $key = $pkcs12->private_key($keypass);
            $sync->{ debug } and myprint( "Private key:\n$key\n");
        }
--- a/data/Dockerfiles/dovecot/imapsync_runner.pl
+++ b/data/Dockerfiles/dovecot/imapsync_runner.pl
@@ -51,8 +51,8 @@ sub sig_handler {
  die "sig_handler received signal, preparing to exit...\n";
 };
-open my $file, '<', "/etc/sogo/sieve.creds";
+open my $file, '<', "/etc/sogo/sieve.creds"; 
-my $creds = <$file>;
+my $creds = <$file>; 
 close $file;
 my ($master_user, $master_pass) = split /:/, $creds;
 my $sth = $dbh->prepare("SELECT id,
@@ -166,17 +166,11 @@ while ($row = $sth->fetchrow_arrayref()) {
      $success = 1;
    }
-    $keep_job_active = 1;
+    $update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, success = ?, exit_status = ? WHERE id = ?");
    if (defined $exit_status && $exit_status eq "EXIT_AUTHENTICATION_FAILURE_USER1") {
      $keep_job_active = 0;
    }
    $update = $dbh->prepare("UPDATE imapsync SET returned_text = ?, success = ?, exit_status = ?, active = ? WHERE id = ?");
    $update->bind_param( 1, ${stdout} );
    $update->bind_param( 2, ${success} );
    $update->bind_param( 3, ${exit_status} );
-    $update->bind_param( 4, ${keep_job_active} );
+    $update->bind_param( 4, ${id} );
    $update->bind_param( 5, ${id} );
    $update->execute();
  } catch {
    $update = $dbh->prepare("UPDATE imapsync SET returned_text = 'Could not start or finish imapsync', success = 0 WHERE id = ?");
--- a/data/Dockerfiles/netfilter/Dockerfile
+++ b/data/Dockerfiles/netfilter/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ENV XTABLES_LIBDIR /usr/lib/xtables
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -97,9 +97,9 @@ def refreshF2bregex():
    f2bregex[3] = 'warning: .*\[([0-9a-f\.:]+)\]: SASL .+ authentication failed: (?!.*Connection lost to authentication server).+'
    f2bregex[4] = 'warning: non-SMTP command from .*\[([0-9a-f\.:]+)]:.+'
    f2bregex[5] = 'NOQUEUE: reject: RCPT from \[([0-9a-f\.:]+)].+Protocol error.+'
-    f2bregex[6] = '-login: Disconnected \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
+    f2bregex[6] = '-login: Disconnected.+ \(auth failed, .+\): user=.*, method=.+, rip=([0-9a-f\.:]+),'
-    f2bregex[7] = '-login: Aborted login \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[7] = '-login: Aborted login.+ \(auth failed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
-    f2bregex[8] = '-login: Aborted login \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
+    f2bregex[8] = '-login: Aborted login.+ \(tried to use disallowed .+\): user=.+, rip=([0-9a-f\.:]+), lip.+'
    f2bregex[9] = 'SOGo.+ Login from \'([0-9a-f\.:]+)\' for user .+ might not have worked'
    f2bregex[10] = '([0-9a-f\.:]+) \"GET \/SOGo\/.* HTTP.+\" 403 .+'
    r.set('F2B_REGEX', json.dumps(f2bregex, ensure_ascii=False))
@@ -359,21 +359,28 @@ def snat4(snat_target):
        chain = iptc.Chain(table, 'POSTROUTING')
        table.autocommit = False
        new_rule = get_snat4_rule()
-        for position, rule in enumerate(chain.rules):
+
-          match = all((
+        if not chain.rules:
-            new_rule.get_src() == rule.get_src(),
+          # if there are no rules in the chain, insert the new rule directly
-            new_rule.get_dst() == rule.get_dst(),
+          logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
-            new_rule.target.parameters == rule.target.parameters,
+          chain.insert_rule(new_rule)
-            new_rule.target.name == rule.target.name
+        else:
-          ))
+          for position, rule in enumerate(chain.rules):
-          if position == 0:
+            match = all((
-            if not match:
+              new_rule.get_src() == rule.get_src(),
-              logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
+              new_rule.get_dst() == rule.get_dst(),
-              chain.insert_rule(new_rule)
+              new_rule.target.parameters == rule.target.parameters,
-          else:
+              new_rule.target.name == rule.target.name
-            if match:
+            ))
-              logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
+            if position == 0:
-              chain.delete_rule(rule)
+              if not match:
                logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')
                chain.insert_rule(new_rule)
            else:
              if match:
                logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')
                chain.delete_rule(rule)
        table.commit()
        table.autocommit = True
      except:
--- a/data/Dockerfiles/olefy/Dockerfile
+++ b/data/Dockerfiles/olefy/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 WORKDIR /app
--- a/data/Dockerfiles/phpfpm/Dockerfile
+++ b/data/Dockerfiles/phpfpm/Dockerfile
@@ -1,12 +1,18 @@
-FROM php:8.1-fpm-alpine3.16
+FROM php:8.1-fpm-alpine3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
-ENV APCU_PECL 5.1.22
+# renovate: datasource=github-tags depName=krakjoe/apcu versioning=semver-coerced
-ENV IMAGICK_PECL 3.7.0
+ARG APCU_PECL_VERSION=5.1.22
-ENV MAILPARSE_PECL 3.1.4
+# renovate: datasource=github-tags depName=Imagick/imagick versioning=semver-coerced
-ENV MEMCACHED_PECL 3.2.0
+ARG IMAGICK_PECL_VERSION=3.7.0
-ENV REDIS_PECL 5.3.7
+# renovate: datasource=github-tags depName=php/pecl-mail-mailparse versioning=semver-coerced
-ENV COMPOSER 2.4.4
+ARG MAILPARSE_PECL_VERSION=3.1.4
 # renovate: datasource=github-tags depName=php-memcached-dev/php-memcached versioning=semver-coerced
 ARG MEMCACHED_PECL_VERSION=3.2.0
 # renovate: datasource=github-tags depName=phpredis/phpredis versioning=semver-coerced
 ARG REDIS_PECL_VERSION=5.3.7
 # renovate: datasource=github-tags depName=composer/composer versioning=semver-coerced
 ARG COMPOSER_VERSION=2.5.4
 RUN apk add -U --no-cache autoconf \
  aspell-dev \
@@ -55,11 +61,11 @@ RUN apk add -U --no-cache autoconf \
  samba-client \
  zlib-dev \
  tzdata \
-  && pecl install mailparse-${MAILPARSE_PECL} \
+  && pecl install APCu-${APCU_PECL_VERSION} \
-  && pecl install redis-${REDIS_PECL} \
+  && pecl install imagick-${IMAGICK_PECL_VERSION} \
-  && pecl install memcached-${MEMCACHED_PECL} \
+  && pecl install mailparse-${MAILPARSE_PECL_VERSION} \
-  && pecl install APCu-${APCU_PECL} \
+  && pecl install memcached-${MEMCACHED_PECL_VERSION} \
-  && pecl install imagick-${IMAGICK_PECL} \
+  && pecl install redis-${REDIS_PECL_VERSION} \
  && docker-php-ext-enable apcu imagick memcached mailparse redis \
  && pecl clear-cache \
  && docker-php-ext-configure intl \
@@ -72,7 +78,7 @@ RUN apk add -U --no-cache autoconf \
  && docker-php-ext-install -j 4 exif gd gettext intl ldap opcache pcntl pdo pdo_mysql pspell soap sockets zip bcmath gmp \
  && docker-php-ext-configure imap --with-imap --with-imap-ssl \
  && docker-php-ext-install -j 4 imap \
-  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER} \
+  && curl --silent --show-error https://getcomposer.org/installer | php -- --version=${COMPOSER_VERSION} \
  && mv composer.phar /usr/local/bin/composer \
  && chmod +x /usr/local/bin/composer \
  && apk del --purge autoconf \
@@ -102,4 +108,4 @@ COPY ./docker-entrypoint.sh /
 ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD ["php-fpm"]
+CMD ["php-fpm"]
--- a/data/Dockerfiles/rspamd/Dockerfile
+++ b/data/Dockerfiles/rspamd/Dockerfile
@@ -26,6 +26,7 @@ RUN apt-get update && apt-get install -y \
 COPY settings.conf /etc/rspamd/settings.conf
 COPY metadata_exporter.lua /usr/share/rspamd/plugins/metadata_exporter.lua
 COPY set_worker_password.sh /set_worker_password.sh
 COPY docker-entrypoint.sh /docker-entrypoint.sh
 ENTRYPOINT ["/docker-entrypoint.sh"]
--- a/data/Dockerfiles/rspamd/set_worker_password.sh
+++ b/data/Dockerfiles/rspamd/set_worker_password.sh
@@ -0,0 +1,12 @@
 #!/bin/bash
 password_file='/etc/rspamd/override.d/worker-controller-password.inc'
 password_hash=`/usr/bin/rspamadm pw -e -p $1`
 echo 'enable_password = "'$password_hash'";' > $password_file
 if grep -q "$password_hash" "$password_file"; then
    echo "OK"
 else
    echo "ERROR"
 fi
--- a/data/Dockerfiles/sogo/Dockerfile
+++ b/data/Dockerfiles/sogo/Dockerfile
@@ -3,8 +3,9 @@ LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 ARG DEBIAN_FRONTEND=noninteractive
 ARG SOGO_DEBIAN_REPOSITORY=http://packages.sogo.nu/nightly/5/debian/
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
 ENV LC_ALL C
 ENV GOSU_VERSION 1.14
 # Prerequisites
 RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
--- a/data/Dockerfiles/solr/Dockerfile
+++ b/data/Dockerfiles/solr/Dockerfile
@@ -2,7 +2,8 @@ FROM solr:7.7-slim
 USER root
-ENV GOSU_VERSION 1.11
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
 COPY solr.sh /
 COPY solr-config-7.7.0.xml /
--- a/data/Dockerfiles/unbound/Dockerfile
+++ b/data/Dockerfiles/unbound/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
--- a/data/Dockerfiles/watchdog/Dockerfile
+++ b/data/Dockerfiles/watchdog/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16
+FROM alpine:3.17
 LABEL maintainer "André Peters <andre.peters@servercow.de>"
 # Installation
--- a/data/conf/rspamd/custom/bulk_header.map
+++ b/data/conf/rspamd/custom/bulk_header.map
@@ -3,7 +3,6 @@
 /.*episerver.*/i
 /.*supergewinne.*/i
 /List-Unsubscribe.*nbps\.eu/i
 /X-Mailer: AWeber.*/i
 /.*regiofinder.*/i
 /.*EmailSocket.*/i
 /List-Unsubscribe:.*respread.*/i
--- a/data/conf/rspamd/local.d/multimap.conf
+++ b/data/conf/rspamd/local.d/multimap.conf
@@ -159,8 +159,8 @@ BAZAAR_ABUSE_CH {
 }
 URLHAUS_ABUSE_CH {
-  type = "url";
+  type = "selector";
-  filter = "full";
+  selector = "urls";
  map = "https://urlhaus.abuse.ch/downloads/text_online/";
  score = 10.0;
 }
@@ -175,7 +175,7 @@ BAD_SUBJECT_00 {
  type = "header";
  header = "subject";
  regexp = true;
-  map = "http://nullnull.org/bad-subject-regex.txt";
+  map = "http://fuzzy.mailcow.email/bad-subject-regex.txt";
  score = 6.0;
  symbols_set = ["BAD_SUBJECT_00"];
 }
--- a/data/conf/rspamd/meta_exporter/pushover.php
+++ b/data/conf/rspamd/meta_exporter/pushover.php
@@ -54,6 +54,7 @@ $rcpts    = $headers['X-Rspamd-Rcpt'];
 $sender   = $headers['X-Rspamd-From'];
 $ip       = $headers['X-Rspamd-Ip'];
 $subject  = $headers['X-Rspamd-Subject'];
 $messageid= $json_body->message_id;
 $priority = 0;
 $symbols_array = json_decode($headers['X-Rspamd-Symbols'], true);
@@ -245,13 +246,13 @@ foreach ($rcpt_final_mailboxes as $rcpt_final) {
      "token" => $api_data['token'],
      "user" => $api_data['key'],
      "title" => sprintf("%s", str_replace(
-        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}'), 
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '{MSG_ID}'),
-        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address), $title)
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, $messageid), $title)
      ),
      "priority" => $priority,
      "message" => sprintf("%s", str_replace(
-        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '\n'),
+        array('{SUBJECT}', '{SENDER}', '{SENDER_NAME}', '{SENDER_ADDRESS}', '{TO_NAME}', '{TO_ADDRESS}', '{MSG_ID}', '\n'),
-        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, PHP_EOL), $text)
+        array($subject, $sender, $sender_name, $sender_address, $to_name, $to_address, $messageid, PHP_EOL), $text)
      ),
      "sound" => $attributes['sound'] ?? "pushover"
    );
--- a/data/web/_status.502.html
+++ b/data/web/_status.502.html
@@ -13,12 +13,12 @@
    Please check the logs or contact support if the error persists.</p>
    <h2>Quick debugging</h2>
    <p>Check Nginx and PHP logs:</p>
-    <pre>docker-compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
+    <pre>docker compose logs --tail=200 php-fpm-mailcow nginx-mailcow</pre>
    <p>Make sure your SQL credentials in mailcow.conf (a link to .env) do fit your initialized SQL volume. If you see an access denied, you might have the wrong mailcow.conf:</p>
-    <pre>source mailcow.conf ; docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
+    <pre>source mailcow.conf ; docker compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}</pre>
    <p>In case of a previous failed installation, create a backup of your existing data, followed by removing all volumes and starting over (<b>NEVER</b> do this with a production system, it will remove <b>ALL</b> data):</p>
    <pre>BACKUP_LOCATION=/tmp/ ./helper-scripts/backup_and_restore.sh backup all</pre>
-    <pre>docker-compose down --volumes ; docker-compose up -d</pre>
+    <pre>docker compose down --volumes ; docker compose up -d</pre>
    <p>Make sure your timezone is correct. Use "America/New_York" for example, do not use spaces. Check <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones">here</a> for a list.</p>
    <br>Click to learn more about <a style="color:red;text-decoration:none;" href="https://mailcow.github.io/mailcow-dockerized-docs/#get-support" target="_blank">getting support.</a>
  </body>
--- a/data/web/admin.php
+++ b/data/web/admin.php
@@ -10,9 +10,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
 $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $tfa_data = get_tfa();
 $fido2_data = fido2(array("action" => "get_friendly_names"));
 if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CACHE')) {
  $_SESSION['gal'] = json_decode($license_cache, true);
 }
 $js_minifier->add('/web/js/site/admin.js');
 $js_minifier->add('/web/js/presets/rspamd.js');
@@ -83,15 +80,12 @@ foreach ($RSPAMD_MAPS['regex'] as $rspamd_regex_desc => $rspamd_regex_map) {
  ];
 }
 $template = 'admin.twig';
 $template_data = [
  'tfa_data' => $tfa_data,
  'tfa_id' => @$_SESSION['tfa_id'],
  'fido2_cid' => @$_SESSION['fido2_cid'],
  'fido2_data' => $fido2_data,
  'gal' => @$_SESSION['gal'],
  'license_guid' => license('guid'),
  'api' => [
    'ro' => admin_api('ro', 'get'),
    'rw' => admin_api('rw', 'get'),
@@ -109,9 +103,11 @@ $template_data = [
  'rsettings' => $rsettings,
  'rspamd_regex_maps' => $rspamd_regex_maps,
  'logo_specs' => customize('get', 'main_logo_specs'),
  'ip_check' => customize('get', 'ip_check'),
  'password_complexity' => password_complexity('get'),
  'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
  'lang_admin' => json_encode($lang['admin']),
  'lang_datatables' => json_encode($lang['datatables'])
 ];
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
--- a/data/web/api/openapi.yaml
+++ b/data/web/api/openapi.yaml
@@ -699,6 +699,38 @@ paths:
                  type: string
              type: object
      summary: Create Domain Admin user
  /api/v1/add/sso/domain-admin:
    post:
      responses:
        "401":
          $ref: "#/components/responses/Unauthorized"
        "200":
          content:
            application/json:
              examples:
                response:
                  value:
                    token: "591F6D-5C3DD2-7455CD-DAF1C1-AA4FCC"
          description: OK
          headers: { }
      tags:
        - Single Sign-On
      description: >-
        Using this endpoint you can issue a token for Domain Admin user. This token can be used for
        autologin Domain Admin user by using query_string var sso_token={token}. Token expiration time is 30s
      operationId: Issue Domain Admin SSO token
      requestBody:
        content:
          application/json:
            schema:
              example:
                username: testadmin
              properties:
                username:
                  description: the username for the admin user
                  type: object
              type: object
      summary: Issue Domain Admin SSO token
  /api/v1/edit/da-acl:
    post:
      responses:
@@ -1999,7 +2031,7 @@ paths:
                - domain.tld
                - domain2.tld
              properties:
-                items: 
+                items:
                  type: array
                  items:
                    type: string
@@ -2993,7 +3025,7 @@ paths:
            application/json:
              schema:
                type: array
-                items: 
+                items:
                  type: object
                  properties:
                    log:
@@ -5586,6 +5618,8 @@ tags:
    description: Manage DKIM keys
  - name: Domain admin
    description: Create or udpdate domain admin users
  - name: Single Sign-On
    description: Issue tokens for users
  - name: Address Rewriting
    description: Create BCC maps or recipient maps
  - name: Outgoing TLS Policy Map Overrides
--- a/data/web/css/build/001-bootstrap.min.css
+++ b/data/web/css/build/001-bootstrap.min.css
--- a/data/web/css/build/002-breakpoint.min.css
+++ b/data/web/css/build/002-breakpoint.min.css
@@ -1 +1 @@
-@media (max-width:1050px){.navbar-header{float:none}.navbar-left,.navbar-nav,.navbar-right{float:none!important}.navbar-toggle{display:block}.navbar-collapse{border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,.1)}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-collapse.collapse{display:none!important}.navbar-nav{margin-top:7.5px}.navbar-nav>li{float:none}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px}.collapse.in{display:block!important}.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}}
+@media (max-width:1050px){.navbar-header{float:none}.navbar-left,.navbar-nav,.navbar-right{float:none!important}.navbar-toggle{display:block}.navbar-collapse{border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,.1)}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-nav{margin-top:7.5px}.navbar-nav>li{float:none}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px}.collapse.in{display:block!important}.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}}
--- a/data/web/css/build/003-bootstrap-select.css
+++ b/data/web/css/build/003-bootstrap-select.css
@@ -0,0 +1,487 @@
 /*!
 * Bootstrap-select v1.14.0-beta2 (https://developer.snapappointments.com/bootstrap-select)
 *
 * Copyright 2012-2021 SnapAppointments, LLC
 * Licensed under MIT (https://github.com/snapappointments/bootstrap-select/blob/master/LICENSE)
 */
@-webkit-keyframes bs-notify-fadeOut {
  0% {
    opacity: 0.9;
  }
  100% {
    opacity: 0;
  }
 }
@-o-keyframes bs-notify-fadeOut {
  0% {
    opacity: 0.9;
  }
  100% {
    opacity: 0;
  }
 }
@keyframes bs-notify-fadeOut {
  0% {
    opacity: 0.9;
  }
  100% {
    opacity: 0;
  }
 }
 select.bs-select-hidden,
 .bootstrap-select > select.bs-select-hidden,
 select.selectpicker {
  display: none !important;
 }
 .bootstrap-select {
  width: 220px \0;
  /*IE9 and below*/
  vertical-align: middle;
 }
 .bootstrap-select > .dropdown-toggle {
  position: relative;
  width: 100%;
  text-align: right;
  white-space: nowrap;
  display: -webkit-inline-box;
  display: -webkit-inline-flex;
  display: -ms-inline-flexbox;
  display: inline-flex;
  -webkit-box-align: center;
  -webkit-align-items: center;
      -ms-flex-align: center;
          align-items: center;
  -webkit-box-pack: justify;
  -webkit-justify-content: space-between;
      -ms-flex-pack: justify;
          justify-content: space-between;
 }
 .bootstrap-select > .dropdown-toggle:after {
  margin-top: -1px;
 }
 .bootstrap-select > .dropdown-toggle.bs-placeholder,
 .bootstrap-select > .dropdown-toggle.bs-placeholder:hover,
 .bootstrap-select > .dropdown-toggle.bs-placeholder:focus,
 .bootstrap-select > .dropdown-toggle.bs-placeholder:active {
  color: #999;
 }
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-primary,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-secondary,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-success,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-danger,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-info,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-dark,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-primary:hover,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-secondary:hover,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-success:hover,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-danger:hover,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-info:hover,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-dark:hover,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-primary:focus,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-secondary:focus,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-success:focus,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-danger:focus,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-info:focus,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-dark:focus,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-primary:active,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-secondary:active,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-success:active,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-danger:active,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-info:active,
 .bootstrap-select > .dropdown-toggle.bs-placeholder.btn-dark:active {
  color: rgba(255, 255, 255, 0.5);
 }
 .bootstrap-select > select {
  position: absolute !important;
  bottom: 0;
  left: 50%;
  display: block !important;
  width: 0.5px !important;
  height: 100% !important;
  padding: 0 !important;
  opacity: 0 !important;
  border: none;
  z-index: 0 !important;
 }
 .bootstrap-select > select.mobile-device {
  top: 0;
  left: 0;
  display: block !important;
  width: 100% !important;
  z-index: 2 !important;
 }
 .has-error .bootstrap-select .dropdown-toggle,
 .error .bootstrap-select .dropdown-toggle,
 .bootstrap-select.is-invalid .dropdown-toggle,
 .was-validated .bootstrap-select select:invalid + .dropdown-toggle {
  border-color: #b94a48;
 }
 .bootstrap-select.is-valid .dropdown-toggle,
 .was-validated .bootstrap-select select:valid + .dropdown-toggle {
  border-color: #28a745;
 }
 .bootstrap-select.fit-width {
  width: auto !important;
 }
 .bootstrap-select:not([class*="col-"]):not([class*="form-control"]):not(.input-group-btn) {
  width: 220px;
 }
 .bootstrap-select > select.mobile-device:focus + .dropdown-toggle,
 .bootstrap-select .dropdown-toggle:focus {
  outline: thin dotted #333333 !important;
  outline: 5px auto -webkit-focus-ring-color !important;
  outline-offset: -2px;
 }
 .bootstrap-select.form-control {
  margin-bottom: 0;
  padding: 0;
  border: none;
  height: auto;
 }
 :not(.input-group) > .bootstrap-select.form-control:not([class*="col-"]) {
  width: 100%;
 }
 .bootstrap-select.form-control.input-group-btn {
  float: none;
  z-index: auto;
 }
 .form-inline .bootstrap-select,
 .form-inline .bootstrap-select.form-control:not([class*="col-"]) {
  width: auto;
 }
 .bootstrap-select:not(.input-group-btn),
 .bootstrap-select[class*="col-"] {
  float: none;
  display: inline-block;
  margin-left: 0;
 }
 .bootstrap-select.dropdown-menu-right,
 .bootstrap-select[class*="col-"].dropdown-menu-right,
 .row .bootstrap-select[class*="col-"].dropdown-menu-right {
  float: right;
 }
 .form-inline .bootstrap-select,
 .form-horizontal .bootstrap-select,
 .form-group .bootstrap-select {
  margin-bottom: 0;
 }
 .form-group-lg .bootstrap-select.form-control,
 .form-group-sm .bootstrap-select.form-control {
  padding: 0;
 }
 .form-group-lg .bootstrap-select.form-control .dropdown-toggle,
 .form-group-sm .bootstrap-select.form-control .dropdown-toggle {
  height: 100%;
  font-size: inherit;
  line-height: inherit;
  border-radius: inherit;
 }
 .bootstrap-select.form-control-sm .dropdown-toggle,
 .bootstrap-select.form-control-lg .dropdown-toggle {
  font-size: inherit;
  line-height: inherit;
  border-radius: inherit;
 }
 .bootstrap-select.form-control-sm .dropdown-toggle {
  padding: 0.25rem 0.5rem;
 }
 .bootstrap-select.form-control-lg .dropdown-toggle {
  padding: 0.5rem 1rem;
 }
 .form-inline .bootstrap-select .form-control {
  width: 100%;
 }
 .bootstrap-select.disabled,
 .bootstrap-select > .disabled {
  cursor: not-allowed;
 }
 .bootstrap-select.disabled:focus,
 .bootstrap-select > .disabled:focus {
  outline: none !important;
 }
 .bootstrap-select.bs-container {
  position: absolute;
  top: 0;
  left: 0;
  height: 0 !important;
  padding: 0 !important;
 }
 .bootstrap-select.bs-container .dropdown-menu {
  z-index: 1060;
 }
 .bootstrap-select .dropdown-toggle .filter-option {
  position: static;
  top: 0;
  left: 0;
  float: left;
  height: 100%;
  width: 100%;
  text-align: left;
  overflow: hidden;
  -webkit-box-flex: 0;
  -webkit-flex: 0 1 auto;
      -ms-flex: 0 1 auto;
          flex: 0 1 auto;
 }
 .bs3.bootstrap-select .dropdown-toggle .filter-option {
  padding-right: inherit;
 }
 .input-group .bs3-has-addon.bootstrap-select .dropdown-toggle .filter-option {
  position: absolute;
  padding-top: inherit;
  padding-bottom: inherit;
  padding-left: inherit;
  float: none;
 }
 .input-group .bs3-has-addon.bootstrap-select .dropdown-toggle .filter-option .filter-option-inner {
  padding-right: inherit;
 }
 .bootstrap-select .dropdown-toggle .filter-option-inner-inner {
  overflow: hidden;
 }
 .bootstrap-select .dropdown-toggle .filter-expand {
  width: 0 !important;
  float: left;
  opacity: 0 !important;
  overflow: hidden;
 }
 .bootstrap-select .dropdown-toggle .caret {
  position: absolute;
  top: 50%;
  right: 12px;
  margin-top: -2px;
  vertical-align: middle;
 }
 .bootstrap-select .dropdown-toggle .bs-select-clear-selected {
  position: relative;
  display: block;
  margin-right: 5px;
  text-align: center;
 }
 .bs3.bootstrap-select .dropdown-toggle .bs-select-clear-selected {
  padding-right: inherit;
 }
 .bootstrap-select .dropdown-toggle .bs-select-clear-selected span {
  position: relative;
  top: -webkit-calc(((-1em / 1.5) + 1ex) / 2);
  top: calc(((-1em / 1.5) + 1ex) / 2);
  pointer-events: none;
 }
 .bs3.bootstrap-select .dropdown-toggle .bs-select-clear-selected span {
  top: auto;
 }
 .bootstrap-select .dropdown-toggle.bs-placeholder .bs-select-clear-selected {
  display: none;
 }
 .input-group .bootstrap-select.form-control .dropdown-toggle {
  border-radius: inherit;
 }
 .bootstrap-select[class*="col-"] .dropdown-toggle {
  width: 100%;
 }
 .bootstrap-select .dropdown-menu {
  min-width: 100%;
  -webkit-box-sizing: border-box;
     -moz-box-sizing: border-box;
          box-sizing: border-box;
 }
 .bootstrap-select .dropdown-menu > .inner:focus {
  outline: none !important;
 }
 .bootstrap-select .dropdown-menu.inner {
  position: static;
  float: none;
  border: 0;
  padding: 0;
  margin: 0;
  border-radius: 0;
  -webkit-box-shadow: none;
          box-shadow: none;
 }
 .bootstrap-select .dropdown-menu li {
  position: relative;
 }
 .bootstrap-select .dropdown-menu li.active small {
  color: rgba(255, 255, 255, 0.5) !important;
 }
 .bootstrap-select .dropdown-menu li.disabled a {
  cursor: not-allowed;
 }
 .bootstrap-select .dropdown-menu li a {
  cursor: pointer;
  -webkit-user-select: none;
     -moz-user-select: none;
      -ms-user-select: none;
          user-select: none;
 }
 .bootstrap-select .dropdown-menu li a.opt {
  position: relative;
  padding-left: 2.25em;
 }
 .bootstrap-select .dropdown-menu li a span.check-mark {
  display: none;
 }
 .bootstrap-select .dropdown-menu li a span.text {
  display: inline-block;
 }
 .bootstrap-select .dropdown-menu li small {
  padding-left: 0.5em;
 }
 .bootstrap-select .dropdown-menu .notify {
  position: absolute;
  bottom: 5px;
  width: 96%;
  margin: 0 2%;
  min-height: 26px;
  padding: 3px 5px;
  background: #f5f5f5;
  border: 1px solid #e3e3e3;
  -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05);
          box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.05);
  pointer-events: none;
  opacity: 0.9;
  -webkit-box-sizing: border-box;
     -moz-box-sizing: border-box;
          box-sizing: border-box;
 }
 .bootstrap-select .dropdown-menu .notify.fadeOut {
  -webkit-animation: 300ms linear 750ms forwards bs-notify-fadeOut;
       -o-animation: 300ms linear 750ms forwards bs-notify-fadeOut;
          animation: 300ms linear 750ms forwards bs-notify-fadeOut;
 }
 .bootstrap-select .no-results {
  padding: 3px;
  background: #f5f5f5;
  margin: 0 5px;
  white-space: nowrap;
 }
 .bootstrap-select.fit-width .dropdown-toggle .filter-option {
  position: static;
  display: inline;
  padding: 0;
 }
 .bootstrap-select.fit-width .dropdown-toggle .filter-option-inner,
 .bootstrap-select.fit-width .dropdown-toggle .filter-option-inner-inner {
  display: inline;
 }
 .bootstrap-select.fit-width .dropdown-toggle .bs-caret:before {
  content: '\00a0';
 }
 .bootstrap-select.fit-width .dropdown-toggle .caret {
  position: static;
  top: auto;
  margin-top: -1px;
 }
 .bootstrap-select.show-tick .dropdown-menu .selected span.check-mark {
  position: absolute;
  display: inline-block;
  right: 15px;
  top: 5px;
 }
 .bootstrap-select.show-tick .dropdown-menu li a span.text {
  margin-right: 34px;
 }
 .bootstrap-select .bs-ok-default:after {
  content: '';
  display: block;
  width: 0.5em;
  height: 1em;
  border-style: solid;
  border-width: 0 0.26em 0.26em 0;
  -webkit-transform-style: preserve-3d;
          transform-style: preserve-3d;
  -webkit-transform: rotate(45deg);
      -ms-transform: rotate(45deg);
       -o-transform: rotate(45deg);
          transform: rotate(45deg);
 }
 .bootstrap-select.show-menu-arrow.open > .dropdown-toggle,
 .bootstrap-select.show-menu-arrow.show > .dropdown-toggle {
  z-index: 1061;
 }
 .bootstrap-select.show-menu-arrow .dropdown-toggle .filter-option:before {
  content: '';
  border-left: 7px solid transparent;
  border-right: 7px solid transparent;
  border-bottom: 7px solid rgba(204, 204, 204, 0.2);
  position: absolute;
  bottom: -4px;
  left: 9px;
  display: none;
 }
 .bootstrap-select.show-menu-arrow .dropdown-toggle .filter-option:after {
  content: '';
  border-left: 6px solid transparent;
  border-right: 6px solid transparent;
  border-bottom: 6px solid white;
  position: absolute;
  bottom: -4px;
  left: 10px;
  display: none;
 }
 .bootstrap-select.show-menu-arrow.dropup .dropdown-toggle .filter-option:before {
  bottom: auto;
  top: -4px;
  border-top: 7px solid rgba(204, 204, 204, 0.2);
  border-bottom: 0;
 }
 .bootstrap-select.show-menu-arrow.dropup .dropdown-toggle .filter-option:after {
  bottom: auto;
  top: -4px;
  border-top: 6px solid white;
  border-bottom: 0;
 }
 .bootstrap-select.show-menu-arrow.pull-right .dropdown-toggle .filter-option:before {
  right: 12px;
  left: auto;
 }
 .bootstrap-select.show-menu-arrow.pull-right .dropdown-toggle .filter-option:after {
  right: 13px;
  left: auto;
 }
 .bootstrap-select.show-menu-arrow.open > .dropdown-toggle .filter-option:before,
 .bootstrap-select.show-menu-arrow.show > .dropdown-toggle .filter-option:before,
 .bootstrap-select.show-menu-arrow.open > .dropdown-toggle .filter-option:after,
 .bootstrap-select.show-menu-arrow.show > .dropdown-toggle .filter-option:after {
  display: block;
 }
 .bs-searchbox,
 .bs-actionsbox,
 .bs-donebutton {
  padding: 4px 8px;
 }
 .bs-actionsbox {
  width: 100%;
  -webkit-box-sizing: border-box;
     -moz-box-sizing: border-box;
          box-sizing: border-box;
 }
 .bs-actionsbox .btn-group {
  display: block;
 }
 .bs-actionsbox .btn-group button {
  width: 50%;
 }
 .bs-donebutton {
  float: left;
  width: 100%;
  -webkit-box-sizing: border-box;
     -moz-box-sizing: border-box;
          box-sizing: border-box;
 }
 .bs-donebutton .btn-group {
  display: block;
 }
 .bs-donebutton .btn-group button {
  width: 100%;
 }
 .bs-searchbox + .bs-actionsbox {
  padding: 0 8px 4px;
 }
 .bs-searchbox .form-control {
  margin-bottom: 0;
  width: 100%;
  float: none;
 }
 /*# sourceMappingURL=bootstrap-select.css.map */
--- a/data/web/css/build/003-bootstrap-select.min.css
+++ b/data/web/css/build/003-bootstrap-select.min.css
--- a/data/web/css/build/006-footable.bootstrap.min.css
+++ b/data/web/css/build/006-footable.bootstrap.min.css
@@ -1,323 +0,0 @@
 table.footable-details,
 table.footable > thead > tr.footable-filtering > th div.form-group {
  margin-bottom: 0;
 }
 table.footable,
 table.footable-details {
  position: relative;
  width: 100%;
  border-spacing: 0;
  border-collapse: collapse;
 }
 table.footable-hide-fouc {
  display: none;
 }
 table > tbody > tr > td > span.footable-toggle {
  margin-right: 8px;
  opacity: 0.3;
 }
 table > tbody > tr > td > span.footable-toggle.last-column {
  margin-left: 8px;
  float: right;
 }
 table.table-condensed > tbody > tr > td > span.footable-toggle {
  margin-right: 5px;
 }
 table.footable-details > tbody > tr > th:nth-child(1) {
  min-width: 40px;
  width: 120px;
 }
 table.footable-details > tbody > tr > td:nth-child(2) {
  word-break: break-all;
 }
 table.footable-details > tbody > tr:first-child > td,
 table.footable-details > tbody > tr:first-child > th,
 table.footable-details > tfoot > tr:first-child > td,
 table.footable-details > tfoot > tr:first-child > th,
 table.footable-details > thead > tr:first-child > td,
 table.footable-details > thead > tr:first-child > th {
  border-top-width: 0;
 }
 table.footable-details.table-bordered > tbody > tr:first-child > td,
 table.footable-details.table-bordered > tbody > tr:first-child > th,
 table.footable-details.table-bordered > tfoot > tr:first-child > td,
 table.footable-details.table-bordered > tfoot > tr:first-child > th,
 table.footable-details.table-bordered > thead > tr:first-child > td,
 table.footable-details.table-bordered > thead > tr:first-child > th {
  border-top-width: 1px;
 }
 div.footable-loader {
  vertical-align: middle;
  text-align: center;
  height: 300px;
  position: relative;
 }
 div.footable-loader > span.fooicon {
  display: inline-block;
  opacity: 0.3;
  font-size: 30px;
  line-height: 32px;
  width: 32px;
  height: 32px;
  margin-top: -16px;
  margin-left: -16px;
  position: absolute;
  top: 50%;
  left: 50%;
  -webkit-animation: fooicon-spin-r 2s infinite linear;
  animation: fooicon-spin-r 2s infinite linear;
 }
 table.footable > tbody > tr.footable-empty > td {
  vertical-align: middle;
  text-align: center;
  font-size: 30px;
 }
 table.footable > tbody > tr > td,
 table.footable > tbody > tr > th {
  display: none;
 }
 table.footable > tbody > tr.footable-detail-row > td,
 table.footable > tbody > tr.footable-detail-row > th,
 table.footable > tbody > tr.footable-empty > td,
 table.footable > tbody > tr.footable-empty > th {
  display: table-cell;
 }
@-webkit-keyframes fooicon-spin-r {
  0% {
    -webkit-transform: rotate(0);
    transform: rotate(0);
  }
  100% {
    -webkit-transform: rotate(359deg);
    transform: rotate(359deg);
  }
 }
@keyframes fooicon-spin-r {
  0% {
    -webkit-transform: rotate(0);
    transform: rotate(0);
  }
  100% {
    -webkit-transform: rotate(359deg);
    transform: rotate(359deg);
  }
 }
 .fooicon {
  position: relative;
  top: 0px;
  display: inline-block;
  font-family: "bootstrap-icons" !important;
  font-style: normal;
  font-weight: 400;
  line-height: 1;
  -webkit-font-smoothing: antialiased;
  -moz-osx-font-smoothing: grayscale;
 }
@-moz-document url-prefix() {
  .fooicon {
    top: 2px;
  }
 }
 .fooicon:after,
 .fooicon:before {
  -webkit-box-sizing: border-box;
  -moz-box-sizing: border-box;
  box-sizing: border-box;
 }
 .fooicon-loader:before {
  content: "\f130";
 }
 .fooicon-plus:before {
  content: "\f4fd";
 }
 .fooicon-minus:before {
  content: "\f2e9";
 }
 .fooicon-search:before {
  content: "\f52a";
 }
 .fooicon-remove:before {
  content: "\f62a";
 }
 .fooicon-sort:before {
  content: "\f3c6";
 }
 .fooicon-sort-asc:before {
  content: "\f575";
 }
 .fooicon-sort-desc:before {
  content: "\f57b";
 }
 .fooicon-pencil:before {
  content: "\f4c9";
 }
 .fooicon-trash:before {
  content: "\f62a";
 }
 .fooicon-eye-close:before {
  content: "\f33f";
 }
 .fooicon-flash:before {
  content: "\f46e";
 }
 .fooicon-cog:before {
  content: "\f3e2";
 }
 .fooicon-stats:before {
  content: "\f359";
 }
 table.footable > thead > tr.footable-filtering > th {
  border-bottom-width: 1px;
  font-weight: 400;
 }
 .footable-filtering-external.footable-filtering-right,
 table.footable.footable-filtering-right > thead > tr.footable-filtering > th,
 table.footable > thead > tr.footable-filtering > th {
  text-align: right;
 }
 .footable-filtering-external.footable-filtering-left,
 table.footable.footable-filtering-left > thead > tr.footable-filtering > th {
  text-align: left;
 }
 .footable-filtering-external.footable-filtering-center,
 .footable-paging-external.footable-paging-center,
 table.footable-paging-center > tfoot > tr.footable-paging > td,
 table.footable.footable-filtering-center > thead > tr.footable-filtering > th,
 table.footable > tfoot > tr.footable-paging > td {
  text-align: center;
 }
 table.footable > thead > tr.footable-filtering > th div.form-group + div.form-group {
  margin-top: 5px;
 }
 table.footable > thead > tr.footable-filtering > th div.input-group {
  width: 100%;
 }
 .footable-filtering-external ul.dropdown-menu > li > a.checkbox,
 table.footable > thead > tr.footable-filtering > th ul.dropdown-menu > li > a.checkbox {
  margin: 0;
  display: block;
  position: relative;
 }
 .footable-filtering-external ul.dropdown-menu > li > a.checkbox > label,
 table.footable > thead > tr.footable-filtering > th ul.dropdown-menu > li > a.checkbox > label {
  display: block;
  padding-left: 20px;
 }
 .footable-filtering-external ul.dropdown-menu > li > a.checkbox input[type="checkbox"],
 table.footable > thead > tr.footable-filtering > th ul.dropdown-menu > li > a.checkbox input[type="checkbox"] {
  position: absolute;
  margin-left: -20px;
 }
@media (min-width: 768px) {
  table.footable > thead > tr.footable-filtering > th div.input-group {
    width: auto;
  }
  table.footable > thead > tr.footable-filtering > th div.form-group {
    margin-left: 2px;
    margin-right: 2px;
  }
  table.footable > thead > tr.footable-filtering > th div.form-group + div.form-group {
    margin-top: 0;
  }
 }
 table.footable > tbody > tr > td.footable-sortable,
 table.footable > tbody > tr > th.footable-sortable,
 table.footable > tfoot > tr > td.footable-sortable,
 table.footable > tfoot > tr > th.footable-sortable,
 table.footable > thead > tr > td.footable-sortable,
 table.footable > thead > tr > th.footable-sortable {
  position: relative;
  padding-right: 30px;
  cursor: pointer;
 }
 td.footable-sortable > span.fooicon,
 th.footable-sortable > span.fooicon {
  position: absolute;
  right: 6px;
  top: 50%;
  margin-top: -7px;
  opacity: 0;
  transition: opacity 0.3s ease-in;
 }
 td.footable-sortable.footable-asc > span.fooicon,
 td.footable-sortable.footable-desc > span.fooicon,
 td.footable-sortable:hover > span.fooicon,
 th.footable-sortable.footable-asc > span.fooicon,
 th.footable-sortable.footable-desc > span.fooicon,
 th.footable-sortable:hover > span.fooicon {
  opacity: 1;
 }
 table.footable-sorting-disabled td.footable-sortable.footable-asc > span.fooicon,
 table.footable-sorting-disabled td.footable-sortable.footable-desc > span.fooicon,
 table.footable-sorting-disabled td.footable-sortable:hover > span.fooicon,
 table.footable-sorting-disabled th.footable-sortable.footable-asc > span.fooicon,
 table.footable-sorting-disabled th.footable-sortable.footable-desc > span.fooicon,
 table.footable-sorting-disabled th.footable-sortable:hover > span.fooicon {
  opacity: 0;
  visibility: hidden;
 }
 .footable-paging-external ul.pagination,
 table.footable > tfoot > tr.footable-paging > td > ul.pagination {
  margin: 10px 0 0;
 }
 .footable-paging-external span.label,
 table.footable > tfoot > tr.footable-paging > td > span.label {
  display: inline-block;
  margin: 0 0 10px;
  padding: 4px 10px;
 }
 .footable-paging-external.footable-paging-left,
 table.footable-paging-left > tfoot > tr.footable-paging > td {
  text-align: left;
 }
 .footable-paging-external.footable-paging-right,
 table.footable-editing-right td.footable-editing,
 table.footable-editing-right tr.footable-editing,
 table.footable-paging-right > tfoot > tr.footable-paging > td {
  text-align: right;
 }
 ul.pagination > li.footable-page {
  display: none;
 }
 ul.pagination > li.footable-page.visible {
  display: inline;
 }
 td.footable-editing {
  width: 90px;
  max-width: 90px;
 }
 table.footable-editing-no-delete td.footable-editing,
 table.footable-editing-no-edit td.footable-editing,
 table.footable-editing-no-view td.footable-editing {
  width: 70px;
  max-width: 70px;
 }
 table.footable-editing-no-delete.footable-editing-no-view td.footable-editing,
 table.footable-editing-no-edit.footable-editing-no-delete td.footable-editing,
 table.footable-editing-no-edit.footable-editing-no-view td.footable-editing {
  width: 50px;
  max-width: 50px;
 }
 table.footable-editing-no-edit.footable-editing-no-delete.footable-editing-no-view td.footable-editing,
 table.footable-editing-no-edit.footable-editing-no-delete.footable-editing-no-view th.footable-editing {
  width: 0;
  max-width: 0;
  display: none !important;
 }
 table.footable-editing-left td.footable-editing,
 table.footable-editing-left tr.footable-editing {
  text-align: left;
 }
 table.footable-editing button.footable-add,
 table.footable-editing button.footable-hide,
 table.footable-editing-show button.footable-show,
 table.footable-editing.footable-editing-always-show button.footable-hide,
 table.footable-editing.footable-editing-always-show button.footable-show,
 table.footable-editing.footable-editing-always-show.footable-editing-no-add tr.footable-editing {
  display: none;
 }
 table.footable-editing.footable-editing-always-show button.footable-add,
 table.footable-editing.footable-editing-show button.footable-add,
 table.footable-editing.footable-editing-show button.footable-hide {
  display: inline-block;
 }
--- a/data/web/css/build/007-languages.min.css
+++ b/data/web/css/build/007-languages.min.css
--- a/data/web/css/build/008-animate.min.css
+++ b/data/web/css/build/008-animate.min.css
--- a/data/web/css/build/009-numberedtextarea.min.css
+++ b/data/web/css/build/009-numberedtextarea.min.css
--- a/data/web/css/build/010-jquery.jqplot.min.css
+++ b/data/web/css/build/010-jquery.jqplot.min.css
--- a/data/web/css/build/011-datatables.css
+++ b/data/web/css/build/011-datatables.css
@@ -0,0 +1,687 @@
 /*
 * This combined file was created by the DataTables downloader builder:
 *   https://datatables.net/download
 *
 * To rebuild or modify this file with the latest versions of the included
 * software please visit:
 *   https://datatables.net/download/#bs5/dt-1.13.1/r-2.4.0/sl-1.5.0
 *
 * Included libraries:
 *   DataTables 1.13.1, Responsive 2.4.0, Select 1.5.0
 */
@charset "UTF-8";
 table.dataTable td.dt-control {
  text-align: center;
  cursor: pointer;
 }
 table.dataTable td.dt-control:before {
  height: 1em;
  width: 1em;
  margin-top: -9px;
  display: inline-block;
  color: white;
  border: 0.15em solid white;
  border-radius: 1em;
  box-shadow: 0 0 0.2em #444;
  box-sizing: content-box;
  text-align: center;
  text-indent: 0 !important;
  font-family: "Courier New", Courier, monospace;
  line-height: 1em;
  content: "+";
  background-color: #31b131;
 }
 table.dataTable tr.dt-hasChild td.dt-control:before {
  content: "-";
  background-color: #d33333;
 }
 table.dataTable thead > tr > th.sorting, table.dataTable thead > tr > th.sorting_asc, table.dataTable thead > tr > th.sorting_desc, table.dataTable thead > tr > th.sorting_asc_disabled, table.dataTable thead > tr > th.sorting_desc_disabled,
 table.dataTable thead > tr > td.sorting,
 table.dataTable thead > tr > td.sorting_asc,
 table.dataTable thead > tr > td.sorting_desc,
 table.dataTable thead > tr > td.sorting_asc_disabled,
 table.dataTable thead > tr > td.sorting_desc_disabled {
  cursor: pointer;
  position: relative;
  padding-right: 26px;
 }
 table.dataTable thead > tr > th.sorting:before, table.dataTable thead > tr > th.sorting:after, table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_asc:after, table.dataTable thead > tr > th.sorting_desc:before, table.dataTable thead > tr > th.sorting_desc:after, table.dataTable thead > tr > th.sorting_asc_disabled:before, table.dataTable thead > tr > th.sorting_asc_disabled:after, table.dataTable thead > tr > th.sorting_desc_disabled:before, table.dataTable thead > tr > th.sorting_desc_disabled:after,
 table.dataTable thead > tr > td.sorting:before,
 table.dataTable thead > tr > td.sorting:after,
 table.dataTable thead > tr > td.sorting_asc:before,
 table.dataTable thead > tr > td.sorting_asc:after,
 table.dataTable thead > tr > td.sorting_desc:before,
 table.dataTable thead > tr > td.sorting_desc:after,
 table.dataTable thead > tr > td.sorting_asc_disabled:before,
 table.dataTable thead > tr > td.sorting_asc_disabled:after,
 table.dataTable thead > tr > td.sorting_desc_disabled:before,
 table.dataTable thead > tr > td.sorting_desc_disabled:after {
  position: absolute;
  display: block;
  opacity: 0.125;
  right: 10px;
  line-height: 9px;
  font-size: 0.8em;
 }
 table.dataTable thead > tr > th.sorting:before, table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:before, table.dataTable thead > tr > th.sorting_asc_disabled:before, table.dataTable thead > tr > th.sorting_desc_disabled:before,
 table.dataTable thead > tr > td.sorting:before,
 table.dataTable thead > tr > td.sorting_asc:before,
 table.dataTable thead > tr > td.sorting_desc:before,
 table.dataTable thead > tr > td.sorting_asc_disabled:before,
 table.dataTable thead > tr > td.sorting_desc_disabled:before {
  bottom: 50%;
  content: "▲";
 }
 table.dataTable thead > tr > th.sorting:after, table.dataTable thead > tr > th.sorting_asc:after, table.dataTable thead > tr > th.sorting_desc:after, table.dataTable thead > tr > th.sorting_asc_disabled:after, table.dataTable thead > tr > th.sorting_desc_disabled:after,
 table.dataTable thead > tr > td.sorting:after,
 table.dataTable thead > tr > td.sorting_asc:after,
 table.dataTable thead > tr > td.sorting_desc:after,
 table.dataTable thead > tr > td.sorting_asc_disabled:after,
 table.dataTable thead > tr > td.sorting_desc_disabled:after {
  top: 50%;
  content: "▼";
 }
 table.dataTable thead > tr > th.sorting_asc:before, table.dataTable thead > tr > th.sorting_desc:after,
 table.dataTable thead > tr > td.sorting_asc:before,
 table.dataTable thead > tr > td.sorting_desc:after {
  opacity: 0.6;
 }
 table.dataTable thead > tr > th.sorting_desc_disabled:after, table.dataTable thead > tr > th.sorting_asc_disabled:before,
 table.dataTable thead > tr > td.sorting_desc_disabled:after,
 table.dataTable thead > tr > td.sorting_asc_disabled:before {
  display: none;
 }
 table.dataTable thead > tr > th:active,
 table.dataTable thead > tr > td:active {
  outline: none;
 }
 div.dataTables_scrollBody table.dataTable thead > tr > th:before, div.dataTables_scrollBody table.dataTable thead > tr > th:after,
 div.dataTables_scrollBody table.dataTable thead > tr > td:before,
 div.dataTables_scrollBody table.dataTable thead > tr > td:after {
  display: none;
 }
 div.dataTables_processing {
  position: absolute;
  top: 50%;
  left: 50%;
  width: 200px;
  margin-left: -100px;
  margin-top: -26px;
  text-align: center;
  padding: 2px;
 }
 div.dataTables_processing > div:last-child {
  position: relative;
  width: 80px;
  height: 15px;
  margin: 1em auto;
 }
 div.dataTables_processing > div:last-child > div {
  position: absolute;
  top: 0;
  width: 13px;
  height: 13px;
  border-radius: 50%;
  background: rgba(13, 110, 253, 0.9);
  animation-timing-function: cubic-bezier(0, 1, 1, 0);
 }
 div.dataTables_processing > div:last-child > div:nth-child(1) {
  left: 8px;
  animation: datatables-loader-1 0.6s infinite;
 }
 div.dataTables_processing > div:last-child > div:nth-child(2) {
  left: 8px;
  animation: datatables-loader-2 0.6s infinite;
 }
 div.dataTables_processing > div:last-child > div:nth-child(3) {
  left: 32px;
  animation: datatables-loader-2 0.6s infinite;
 }
 div.dataTables_processing > div:last-child > div:nth-child(4) {
  left: 56px;
  animation: datatables-loader-3 0.6s infinite;
 }
@keyframes datatables-loader-1 {
  0% {
    transform: scale(0);
  }
  100% {
    transform: scale(1);
  }
 }
@keyframes datatables-loader-3 {
  0% {
    transform: scale(1);
  }
  100% {
    transform: scale(0);
  }
 }
@keyframes datatables-loader-2 {
  0% {
    transform: translate(0, 0);
  }
  100% {
    transform: translate(24px, 0);
  }
 }
 table.dataTable.nowrap th, table.dataTable.nowrap td {
  white-space: nowrap;
 }
 table.dataTable th.dt-left,
 table.dataTable td.dt-left {
  text-align: left;
 }
 table.dataTable th.dt-center,
 table.dataTable td.dt-center,
 table.dataTable td.dataTables_empty {
  text-align: center;
 }
 table.dataTable th.dt-right,
 table.dataTable td.dt-right {
  text-align: right;
 }
 table.dataTable th.dt-justify,
 table.dataTable td.dt-justify {
  text-align: justify;
 }
 table.dataTable th.dt-nowrap,
 table.dataTable td.dt-nowrap {
  white-space: nowrap;
 }
 table.dataTable thead th,
 table.dataTable thead td,
 table.dataTable tfoot th,
 table.dataTable tfoot td {
  text-align: left;
 }
 table.dataTable thead th.dt-head-left,
 table.dataTable thead td.dt-head-left,
 table.dataTable tfoot th.dt-head-left,
 table.dataTable tfoot td.dt-head-left {
  text-align: left;
 }
 table.dataTable thead th.dt-head-center,
 table.dataTable thead td.dt-head-center,
 table.dataTable tfoot th.dt-head-center,
 table.dataTable tfoot td.dt-head-center {
  text-align: center;
 }
 table.dataTable thead th.dt-head-right,
 table.dataTable thead td.dt-head-right,
 table.dataTable tfoot th.dt-head-right,
 table.dataTable tfoot td.dt-head-right {
  text-align: right;
 }
 table.dataTable thead th.dt-head-justify,
 table.dataTable thead td.dt-head-justify,
 table.dataTable tfoot th.dt-head-justify,
 table.dataTable tfoot td.dt-head-justify {
  text-align: justify;
 }
 table.dataTable thead th.dt-head-nowrap,
 table.dataTable thead td.dt-head-nowrap,
 table.dataTable tfoot th.dt-head-nowrap,
 table.dataTable tfoot td.dt-head-nowrap {
  white-space: nowrap;
 }
 table.dataTable tbody th.dt-body-left,
 table.dataTable tbody td.dt-body-left {
  text-align: left;
 }
 table.dataTable tbody th.dt-body-center,
 table.dataTable tbody td.dt-body-center {
  text-align: center;
 }
 table.dataTable tbody th.dt-body-right,
 table.dataTable tbody td.dt-body-right {
  text-align: right;
 }
 table.dataTable tbody th.dt-body-justify,
 table.dataTable tbody td.dt-body-justify {
  text-align: justify;
 }
 table.dataTable tbody th.dt-body-nowrap,
 table.dataTable tbody td.dt-body-nowrap {
  white-space: nowrap;
 }
 /*! Bootstrap 5 integration for DataTables
 *
 * ©2020 SpryMedia Ltd, all rights reserved.
 * License: MIT datatables.net/license/mit
 */
 table.dataTable {
  clear: both;
  margin-top: 6px !important;
  margin-bottom: 6px !important;
  max-width: none !important;
  border-collapse: separate !important;
  border-spacing: 0;
 }
 table.dataTable td,
 table.dataTable th {
  -webkit-box-sizing: content-box;
  box-sizing: content-box;
 }
 table.dataTable td.dataTables_empty,
 table.dataTable th.dataTables_empty {
  text-align: center;
 }
 table.dataTable.nowrap th,
 table.dataTable.nowrap td {
  white-space: nowrap;
 }
 table.dataTable.table-striped > tbody > tr:nth-of-type(2n+1) > * {
  box-shadow: none;
 }
 table.dataTable > tbody > tr {
  background-color: transparent;
 }
 table.dataTable > tbody > tr.selected > * {
  box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.9);
  color: white;
 }
 table.dataTable > tbody > tr.selected a {
  color: #090a0b;
 }
 table.dataTable.table-striped > tbody > tr.odd > * {
  box-shadow: inset 0 0 0 9999px rgba(0, 0, 0, 0.05);
 }
 table.dataTable.table-striped > tbody > tr.odd.selected > * {
  box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.95);
 }
 table.dataTable.table-hover > tbody > tr:hover > * {
  box-shadow: inset 0 0 0 9999px rgba(0, 0, 0, 0.075);
 }
 table.dataTable.table-hover > tbody > tr.selected:hover > * {
  box-shadow: inset 0 0 0 9999px rgba(13, 110, 253, 0.975);
 }
 div.dataTables_wrapper div.dataTables_length label {
  font-weight: normal;
  text-align: left;
  white-space: nowrap;
 }
 div.dataTables_wrapper div.dataTables_length select {
  width: auto;
  display: inline-block;
 }
 div.dataTables_wrapper div.dataTables_filter {
  text-align: right;
 }
 div.dataTables_wrapper div.dataTables_filter label {
  font-weight: normal;
  white-space: nowrap;
  text-align: left;
 }
 div.dataTables_wrapper div.dataTables_filter input {
  margin-left: 0.5em;
  display: inline-block;
  width: auto;
 }
 div.dataTables_wrapper div.dataTables_info {
  padding-top: 0.85em;
 }
 div.dataTables_wrapper div.dataTables_paginate {
  margin: 0;
  white-space: nowrap;
  text-align: right;
 }
 div.dataTables_wrapper div.dataTables_paginate ul.pagination {
  margin: 2px 0;
  white-space: nowrap;
  justify-content: flex-end;
 }
 div.dataTables_wrapper div.dt-row {
  position: relative;
 }
 div.dataTables_scrollHead table.dataTable {
  margin-bottom: 0 !important;
 }
 div.dataTables_scrollBody > table {
  border-top: none;
  margin-top: 0 !important;
  margin-bottom: 0 !important;
 }
 div.dataTables_scrollBody > table > thead .sorting:before,
 div.dataTables_scrollBody > table > thead .sorting_asc:before,
 div.dataTables_scrollBody > table > thead .sorting_desc:before,
 div.dataTables_scrollBody > table > thead .sorting:after,
 div.dataTables_scrollBody > table > thead .sorting_asc:after,
 div.dataTables_scrollBody > table > thead .sorting_desc:after {
  display: none;
 }
 div.dataTables_scrollBody > table > tbody tr:first-child th,
 div.dataTables_scrollBody > table > tbody tr:first-child td {
  border-top: none;
 }
 div.dataTables_scrollFoot > .dataTables_scrollFootInner {
  box-sizing: content-box;
 }
 div.dataTables_scrollFoot > .dataTables_scrollFootInner > table {
  margin-top: 0 !important;
  border-top: none;
 }
@media screen and (max-width: 767px) {
  div.dataTables_wrapper div.dataTables_length,
 div.dataTables_wrapper div.dataTables_filter,
 div.dataTables_wrapper div.dataTables_info,
 div.dataTables_wrapper div.dataTables_paginate {
    text-align: center;
  }
  div.dataTables_wrapper div.dataTables_paginate ul.pagination {
    justify-content: center !important;
  }
 }
 table.dataTable.table-sm > thead > tr > th:not(.sorting_disabled) {
  padding-right: 20px;
 }
 table.table-bordered.dataTable {
  border-right-width: 0;
 }
 table.table-bordered.dataTable thead tr:first-child th,
 table.table-bordered.dataTable thead tr:first-child td {
  border-top-width: 1px;
 }
 table.table-bordered.dataTable th,
 table.table-bordered.dataTable td {
  border-left-width: 0;
 }
 table.table-bordered.dataTable th:first-child, table.table-bordered.dataTable th:first-child,
 table.table-bordered.dataTable td:first-child,
 table.table-bordered.dataTable td:first-child {
  border-left-width: 1px;
 }
 table.table-bordered.dataTable th:last-child, table.table-bordered.dataTable th:last-child,
 table.table-bordered.dataTable td:last-child,
 table.table-bordered.dataTable td:last-child {
  border-right-width: 1px;
 }
 table.table-bordered.dataTable th,
 table.table-bordered.dataTable td {
  border-bottom-width: 1px;
 }
 div.dataTables_scrollHead table.table-bordered {
  border-bottom-width: 0;
 }
 div.table-responsive > div.dataTables_wrapper > div.row {
  margin: 0;
 }
 div.table-responsive > div.dataTables_wrapper > div.row > div[class^=col-]:first-child {
  padding-left: 0;
 }
 div.table-responsive > div.dataTables_wrapper > div.row > div[class^=col-]:last-child {
  padding-right: 0;
 }
 table.dataTable.dtr-inline.collapsed > tbody > tr > td.child,
 table.dataTable.dtr-inline.collapsed > tbody > tr > th.child,
 table.dataTable.dtr-inline.collapsed > tbody > tr > td.dataTables_empty {
  cursor: default !important;
 }
 table.dataTable.dtr-inline.collapsed > tbody > tr > td.child:before,
 table.dataTable.dtr-inline.collapsed > tbody > tr > th.child:before,
 table.dataTable.dtr-inline.collapsed > tbody > tr > td.dataTables_empty:before {
  display: none !important;
 }
 table.dataTable.dtr-inline.collapsed > tbody > tr > td.dtr-control,
 table.dataTable.dtr-inline.collapsed > tbody > tr > th.dtr-control {
  position: relative;
  padding-left: 30px;
  cursor: pointer;
 }
 table.dataTable.dtr-inline.collapsed > tbody > tr > td.dtr-control:before,
 table.dataTable.dtr-inline.collapsed > tbody > tr > th.dtr-control:before {
  top: 50%;
  left: 5px;
  height: 1em;
  width: 1em;
  margin-top: -9px;
  display: block;
  position: absolute;
  color: white;
  border: 0.15em solid white;
  border-radius: 1em;
  box-shadow: 0 0 0.2em #444;
  box-sizing: content-box;
  text-align: center;
  text-indent: 0 !important;
  font-family: "Courier New", Courier, monospace;
  line-height: 1em;
  content: "+";
  background-color: #0d6efd;
 }
 table.dataTable.dtr-inline.collapsed > tbody > tr.parent > td.dtr-control:before,
 table.dataTable.dtr-inline.collapsed > tbody > tr.parent > th.dtr-control:before {
  content: "-";
  background-color: #d33333;
 }
 table.dataTable.dtr-inline.collapsed.compact > tbody > tr > td.dtr-control,
 table.dataTable.dtr-inline.collapsed.compact > tbody > tr > th.dtr-control {
  padding-left: 27px;
 }
 table.dataTable.dtr-inline.collapsed.compact > tbody > tr > td.dtr-control:before,
 table.dataTable.dtr-inline.collapsed.compact > tbody > tr > th.dtr-control:before {
  left: 4px;
  height: 14px;
  width: 14px;
  border-radius: 14px;
  line-height: 14px;
  text-indent: 3px;
 }
 table.dataTable.dtr-column > tbody > tr > td.dtr-control,
 table.dataTable.dtr-column > tbody > tr > th.dtr-control,
 table.dataTable.dtr-column > tbody > tr > td.control,
 table.dataTable.dtr-column > tbody > tr > th.control {
  position: relative;
  cursor: pointer;
 }
 table.dataTable.dtr-column > tbody > tr > td.dtr-control:before,
 table.dataTable.dtr-column > tbody > tr > th.dtr-control:before,
 table.dataTable.dtr-column > tbody > tr > td.control:before,
 table.dataTable.dtr-column > tbody > tr > th.control:before {
  top: 50%;
  left: 50%;
  height: 0.8em;
  width: 0.8em;
  margin-top: -0.5em;
  margin-left: -0.5em;
  display: block;
  position: absolute;
  color: white;
  border: 0.15em solid white;
  border-radius: 1em;
  box-shadow: 0 0 0.2em #444;
  box-sizing: content-box;
  text-align: center;
  text-indent: 0 !important;
  font-family: "Courier New", Courier, monospace;
  line-height: 1em;
  content: "+";
  background-color: #0d6efd;
 }
 table.dataTable.dtr-column > tbody > tr.parent td.dtr-control:before,
 table.dataTable.dtr-column > tbody > tr.parent th.dtr-control:before,
 table.dataTable.dtr-column > tbody > tr.parent td.control:before,
 table.dataTable.dtr-column > tbody > tr.parent th.control:before {
  content: "-";
  background-color: #d33333;
 }
 table.dataTable > tbody > tr.child {
  padding: 0.5em 1em;
 }
 table.dataTable > tbody > tr.child:hover {
  background: transparent !important;
 }
 table.dataTable > tbody > tr.child ul.dtr-details {
  display: inline-block;
  list-style-type: none;
  margin: 0;
  padding: 0;
 }
 table.dataTable > tbody > tr.child ul.dtr-details > li {
  border-bottom: 1px solid #efefef;
  padding: 0.5em 0;
 }
 table.dataTable > tbody > tr.child ul.dtr-details > li:first-child {
  padding-top: 0;
 }
 table.dataTable > tbody > tr.child ul.dtr-details > li:last-child {
  border-bottom: none;
 }
 table.dataTable > tbody > tr.child span.dtr-title {
  display: inline-block;
  min-width: 75px;
  font-weight: bold;
 }
 div.dtr-modal {
  position: fixed;
  box-sizing: border-box;
  top: 0;
  left: 0;
  height: 100%;
  width: 100%;
  z-index: 100;
  padding: 10em 1em;
 }
 div.dtr-modal div.dtr-modal-display {
  position: absolute;
  top: 0;
  left: 0;
  bottom: 0;
  right: 0;
  width: 50%;
  height: 50%;
  overflow: auto;
  margin: auto;
  z-index: 102;
  overflow: auto;
  background-color: #f5f5f7;
  border: 1px solid black;
  border-radius: 0.5em;
  box-shadow: 0 12px 30px rgba(0, 0, 0, 0.6);
 }
 div.dtr-modal div.dtr-modal-content {
  position: relative;
  padding: 1em;
 }
 div.dtr-modal div.dtr-modal-close {
  position: absolute;
  top: 6px;
  right: 6px;
  width: 22px;
  height: 22px;
  border: 1px solid #eaeaea;
  background-color: #f9f9f9;
  text-align: center;
  border-radius: 3px;
  cursor: pointer;
  z-index: 12;
 }
 div.dtr-modal div.dtr-modal-close:hover {
  background-color: #eaeaea;
 }
 div.dtr-modal div.dtr-modal-background {
  position: fixed;
  top: 0;
  left: 0;
  right: 0;
  bottom: 0;
  z-index: 101;
  background: rgba(0, 0, 0, 0.6);
 }
@media screen and (max-width: 767px) {
  div.dtr-modal div.dtr-modal-display {
    width: 95%;
  }
 }
 div.dtr-bs-modal table.table tr:first-child td {
  border-top: none;
 }
 table.dataTable.table-bordered th.dtr-control.dtr-hidden + *,
 table.dataTable.table-bordered td.dtr-control.dtr-hidden + * {
  border-left-width: 1px;
 }
 table.dataTable > tbody > tr > .selected {
  background-color: rgba(13, 110, 253, 0.9);
  color: white;
 }
 table.dataTable > tbody > tr > td.select-checkbox,
 table.dataTable > tbody > tr > th.select-checkbox {
  position: relative;
 }
 table.dataTable > tbody > tr > td.select-checkbox:before, table.dataTable > tbody > tr > td.select-checkbox:after,
 table.dataTable > tbody > tr > th.select-checkbox:before,
 table.dataTable > tbody > tr > th.select-checkbox:after {
  display: block;
  position: absolute;
  top: 1.2em;
  left: 50%;
  width: 12px;
  height: 12px;
  box-sizing: border-box;
 }
 table.dataTable > tbody > tr > td.select-checkbox:before,
 table.dataTable > tbody > tr > th.select-checkbox:before {
  content: " ";
  margin-top: -5px;
  margin-left: -6px;
  border: 1px solid black;
  border-radius: 3px;
 }
 table.dataTable > tbody > tr.selected > td.select-checkbox:before,
 table.dataTable > tbody > tr.selected > th.select-checkbox:before {
  border: 1px solid white;
 }
 table.dataTable > tbody > tr.selected > td.select-checkbox:after,
 table.dataTable > tbody > tr.selected > th.select-checkbox:after {
  content: "✓";
  font-size: 20px;
  margin-top: -19px;
  margin-left: -6px;
  text-align: center;
  text-shadow: 1px 1px #B0BED9, -1px -1px #B0BED9, 1px -1px #B0BED9, -1px 1px #B0BED9;
 }
 table.dataTable.compact > tbody > tr > td.select-checkbox:before,
 table.dataTable.compact > tbody > tr > th.select-checkbox:before {
  margin-top: -12px;
 }
 table.dataTable.compact > tbody > tr.selected > td.select-checkbox:after,
 table.dataTable.compact > tbody > tr.selected > th.select-checkbox:after {
  margin-top: -16px;
 }
 div.dataTables_wrapper span.select-info,
 div.dataTables_wrapper span.select-item {
  margin-left: 0.5em;
 }
@media screen and (max-width: 640px) {
  div.dataTables_wrapper span.select-info,
 div.dataTables_wrapper span.select-item {
    margin-left: 0;
    display: block;
  }
 }
 table.dataTable.table-sm tbody td.select-checkbox::before {
  margin-top: -9px;
 }
--- a/data/web/css/build/012-Chart.min.css
+++ b/data/web/css/build/012-Chart.min.css
@@ -1 +0,0 @@
@keyframes chartjs-render-animation{from{opacity:.99}to{opacity:1}}.chartjs-render-monitor{animation:chartjs-render-animation 1ms}.chartjs-size-monitor,.chartjs-size-monitor-expand,.chartjs-size-monitor-shrink{position:absolute;direction:ltr;left:0;top:0;right:0;bottom:0;overflow:hidden;pointer-events:none;visibility:hidden;z-index:-1}.chartjs-size-monitor-expand>div{position:absolute;width:1000000px;height:1000000px;left:0;top:0}.chartjs-size-monitor-shrink>div{position:absolute;width:200%;height:200%;left:0;top:0}
--- a/data/web/css/build/012-bootstrap-icons.css
+++ b/data/web/css/build/012-bootstrap-icons.css
@@ -1,7 +1,7 @@
@font-face {
  font-family: "bootstrap-icons";
-  src: url("/fonts/bootstrap-icons.woff2?45695e8b569b2b0178db2713ca47065c") format("woff2"),
+  src: url("/fonts/bootstrap-icons.woff2?524846017b983fc8ded9325d94ed40f3") format("woff2"),
-url("/fonts/bootstrap-icons.woff?45695e8b569b2b0178db2713ca47065c") format("woff");
+url("/fonts/bootstrap-icons.woff?524846017b983fc8ded9325d94ed40f3") format("woff");
 }
 .bi::before,
@@ -19,6 +19,7 @@ url("/fonts/bootstrap-icons.woff?45695e8b569b2b0178db2713ca47065c") format("woff
  -moz-osx-font-smoothing: grayscale;
 }
 .bi-123::before { content: "\f67f"; }
 .bi-alarm-fill::before { content: "\f101"; }
 .bi-alarm::before { content: "\f102"; }
 .bi-align-bottom::before { content: "\f103"; }
@@ -1425,3 +1426,279 @@ url("/fonts/bootstrap-icons.woff?45695e8b569b2b0178db2713ca47065c") format("woff
 .bi-webcam-fill::before { content: "\f67c"; }
 .bi-webcam::before { content: "\f67d"; }
 .bi-yin-yang::before { content: "\f67e"; }
 .bi-bandaid-fill::before { content: "\f680"; }
 .bi-bandaid::before { content: "\f681"; }
 .bi-bluetooth::before { content: "\f682"; }
 .bi-body-text::before { content: "\f683"; }
 .bi-boombox::before { content: "\f684"; }
 .bi-boxes::before { content: "\f685"; }
 .bi-dpad-fill::before { content: "\f686"; }
 .bi-dpad::before { content: "\f687"; }
 .bi-ear-fill::before { content: "\f688"; }
 .bi-ear::before { content: "\f689"; }
 .bi-envelope-check-1::before { content: "\f68a"; }
 .bi-envelope-check-fill::before { content: "\f68b"; }
 .bi-envelope-check::before { content: "\f68c"; }
 .bi-envelope-dash-1::before { content: "\f68d"; }
 .bi-envelope-dash-fill::before { content: "\f68e"; }
 .bi-envelope-dash::before { content: "\f68f"; }
 .bi-envelope-exclamation-1::before { content: "\f690"; }
 .bi-envelope-exclamation-fill::before { content: "\f691"; }
 .bi-envelope-exclamation::before { content: "\f692"; }
 .bi-envelope-plus-fill::before { content: "\f693"; }
 .bi-envelope-plus::before { content: "\f694"; }
 .bi-envelope-slash-1::before { content: "\f695"; }
 .bi-envelope-slash-fill::before { content: "\f696"; }
 .bi-envelope-slash::before { content: "\f697"; }
 .bi-envelope-x-1::before { content: "\f698"; }
 .bi-envelope-x-fill::before { content: "\f699"; }
 .bi-envelope-x::before { content: "\f69a"; }
 .bi-explicit-fill::before { content: "\f69b"; }
 .bi-explicit::before { content: "\f69c"; }
 .bi-git::before { content: "\f69d"; }
 .bi-infinity::before { content: "\f69e"; }
 .bi-list-columns-reverse::before { content: "\f69f"; }
 .bi-list-columns::before { content: "\f6a0"; }
 .bi-meta::before { content: "\f6a1"; }
 .bi-mortorboard-fill::before { content: "\f6a2"; }
 .bi-mortorboard::before { content: "\f6a3"; }
 .bi-nintendo-switch::before { content: "\f6a4"; }
 .bi-pc-display-horizontal::before { content: "\f6a5"; }
 .bi-pc-display::before { content: "\f6a6"; }
 .bi-pc-horizontal::before { content: "\f6a7"; }
 .bi-pc::before { content: "\f6a8"; }
 .bi-playstation::before { content: "\f6a9"; }
 .bi-plus-slash-minus::before { content: "\f6aa"; }
 .bi-projector-fill::before { content: "\f6ab"; }
 .bi-projector::before { content: "\f6ac"; }
 .bi-qr-code-scan::before { content: "\f6ad"; }
 .bi-qr-code::before { content: "\f6ae"; }
 .bi-quora::before { content: "\f6af"; }
 .bi-quote::before { content: "\f6b0"; }
 .bi-robot::before { content: "\f6b1"; }
 .bi-send-check-fill::before { content: "\f6b2"; }
 .bi-send-check::before { content: "\f6b3"; }
 .bi-send-dash-fill::before { content: "\f6b4"; }
 .bi-send-dash::before { content: "\f6b5"; }
 .bi-send-exclamation-1::before { content: "\f6b6"; }
 .bi-send-exclamation-fill::before { content: "\f6b7"; }
 .bi-send-exclamation::before { content: "\f6b8"; }
 .bi-send-fill::before { content: "\f6b9"; }
 .bi-send-plus-fill::before { content: "\f6ba"; }
 .bi-send-plus::before { content: "\f6bb"; }
 .bi-send-slash-fill::before { content: "\f6bc"; }
 .bi-send-slash::before { content: "\f6bd"; }
 .bi-send-x-fill::before { content: "\f6be"; }
 .bi-send-x::before { content: "\f6bf"; }
 .bi-send::before { content: "\f6c0"; }
 .bi-steam::before { content: "\f6c1"; }
 .bi-terminal-dash-1::before { content: "\f6c2"; }
 .bi-terminal-dash::before { content: "\f6c3"; }
 .bi-terminal-plus::before { content: "\f6c4"; }
 .bi-terminal-split::before { content: "\f6c5"; }
 .bi-ticket-detailed-fill::before { content: "\f6c6"; }
 .bi-ticket-detailed::before { content: "\f6c7"; }
 .bi-ticket-fill::before { content: "\f6c8"; }
 .bi-ticket-perforated-fill::before { content: "\f6c9"; }
 .bi-ticket-perforated::before { content: "\f6ca"; }
 .bi-ticket::before { content: "\f6cb"; }
 .bi-tiktok::before { content: "\f6cc"; }
 .bi-window-dash::before { content: "\f6cd"; }
 .bi-window-desktop::before { content: "\f6ce"; }
 .bi-window-fullscreen::before { content: "\f6cf"; }
 .bi-window-plus::before { content: "\f6d0"; }
 .bi-window-split::before { content: "\f6d1"; }
 .bi-window-stack::before { content: "\f6d2"; }
 .bi-window-x::before { content: "\f6d3"; }
 .bi-xbox::before { content: "\f6d4"; }
 .bi-ethernet::before { content: "\f6d5"; }
 .bi-hdmi-fill::before { content: "\f6d6"; }
 .bi-hdmi::before { content: "\f6d7"; }
 .bi-usb-c-fill::before { content: "\f6d8"; }
 .bi-usb-c::before { content: "\f6d9"; }
 .bi-usb-fill::before { content: "\f6da"; }
 .bi-usb-plug-fill::before { content: "\f6db"; }
 .bi-usb-plug::before { content: "\f6dc"; }
 .bi-usb-symbol::before { content: "\f6dd"; }
 .bi-usb::before { content: "\f6de"; }
 .bi-boombox-fill::before { content: "\f6df"; }
 .bi-displayport-1::before { content: "\f6e0"; }
 .bi-displayport::before { content: "\f6e1"; }
 .bi-gpu-card::before { content: "\f6e2"; }
 .bi-memory::before { content: "\f6e3"; }
 .bi-modem-fill::before { content: "\f6e4"; }
 .bi-modem::before { content: "\f6e5"; }
 .bi-motherboard-fill::before { content: "\f6e6"; }
 .bi-motherboard::before { content: "\f6e7"; }
 .bi-optical-audio-fill::before { content: "\f6e8"; }
 .bi-optical-audio::before { content: "\f6e9"; }
 .bi-pci-card::before { content: "\f6ea"; }
 .bi-router-fill::before { content: "\f6eb"; }
 .bi-router::before { content: "\f6ec"; }
 .bi-ssd-fill::before { content: "\f6ed"; }
 .bi-ssd::before { content: "\f6ee"; }
 .bi-thunderbolt-fill::before { content: "\f6ef"; }
 .bi-thunderbolt::before { content: "\f6f0"; }
 .bi-usb-drive-fill::before { content: "\f6f1"; }
 .bi-usb-drive::before { content: "\f6f2"; }
 .bi-usb-micro-fill::before { content: "\f6f3"; }
 .bi-usb-micro::before { content: "\f6f4"; }
 .bi-usb-mini-fill::before { content: "\f6f5"; }
 .bi-usb-mini::before { content: "\f6f6"; }
 .bi-cloud-haze2::before { content: "\f6f7"; }
 .bi-device-hdd-fill::before { content: "\f6f8"; }
 .bi-device-hdd::before { content: "\f6f9"; }
 .bi-device-ssd-fill::before { content: "\f6fa"; }
 .bi-device-ssd::before { content: "\f6fb"; }
 .bi-displayport-fill::before { content: "\f6fc"; }
 .bi-mortarboard-fill::before { content: "\f6fd"; }
 .bi-mortarboard::before { content: "\f6fe"; }
 .bi-terminal-x::before { content: "\f6ff"; }
 .bi-arrow-through-heart-fill::before { content: "\f700"; }
 .bi-arrow-through-heart::before { content: "\f701"; }
 .bi-badge-sd-fill::before { content: "\f702"; }
 .bi-badge-sd::before { content: "\f703"; }
 .bi-bag-heart-fill::before { content: "\f704"; }
 .bi-bag-heart::before { content: "\f705"; }
 .bi-balloon-fill::before { content: "\f706"; }
 .bi-balloon-heart-fill::before { content: "\f707"; }
 .bi-balloon-heart::before { content: "\f708"; }
 .bi-balloon::before { content: "\f709"; }
 .bi-box2-fill::before { content: "\f70a"; }
 .bi-box2-heart-fill::before { content: "\f70b"; }
 .bi-box2-heart::before { content: "\f70c"; }
 .bi-box2::before { content: "\f70d"; }
 .bi-braces-asterisk::before { content: "\f70e"; }
 .bi-calendar-heart-fill::before { content: "\f70f"; }
 .bi-calendar-heart::before { content: "\f710"; }
 .bi-calendar2-heart-fill::before { content: "\f711"; }
 .bi-calendar2-heart::before { content: "\f712"; }
 .bi-chat-heart-fill::before { content: "\f713"; }
 .bi-chat-heart::before { content: "\f714"; }
 .bi-chat-left-heart-fill::before { content: "\f715"; }
 .bi-chat-left-heart::before { content: "\f716"; }
 .bi-chat-right-heart-fill::before { content: "\f717"; }
 .bi-chat-right-heart::before { content: "\f718"; }
 .bi-chat-square-heart-fill::before { content: "\f719"; }
 .bi-chat-square-heart::before { content: "\f71a"; }
 .bi-clipboard-check-fill::before { content: "\f71b"; }
 .bi-clipboard-data-fill::before { content: "\f71c"; }
 .bi-clipboard-fill::before { content: "\f71d"; }
 .bi-clipboard-heart-fill::before { content: "\f71e"; }
 .bi-clipboard-heart::before { content: "\f71f"; }
 .bi-clipboard-minus-fill::before { content: "\f720"; }
 .bi-clipboard-plus-fill::before { content: "\f721"; }
 .bi-clipboard-pulse::before { content: "\f722"; }
 .bi-clipboard-x-fill::before { content: "\f723"; }
 .bi-clipboard2-check-fill::before { content: "\f724"; }
 .bi-clipboard2-check::before { content: "\f725"; }
 .bi-clipboard2-data-fill::before { content: "\f726"; }
 .bi-clipboard2-data::before { content: "\f727"; }
 .bi-clipboard2-fill::before { content: "\f728"; }
 .bi-clipboard2-heart-fill::before { content: "\f729"; }
 .bi-clipboard2-heart::before { content: "\f72a"; }
 .bi-clipboard2-minus-fill::before { content: "\f72b"; }
 .bi-clipboard2-minus::before { content: "\f72c"; }
 .bi-clipboard2-plus-fill::before { content: "\f72d"; }
 .bi-clipboard2-plus::before { content: "\f72e"; }
 .bi-clipboard2-pulse-fill::before { content: "\f72f"; }
 .bi-clipboard2-pulse::before { content: "\f730"; }
 .bi-clipboard2-x-fill::before { content: "\f731"; }
 .bi-clipboard2-x::before { content: "\f732"; }
 .bi-clipboard2::before { content: "\f733"; }
 .bi-emoji-kiss-fill::before { content: "\f734"; }
 .bi-emoji-kiss::before { content: "\f735"; }
 .bi-envelope-heart-fill::before { content: "\f736"; }
 .bi-envelope-heart::before { content: "\f737"; }
 .bi-envelope-open-heart-fill::before { content: "\f738"; }
 .bi-envelope-open-heart::before { content: "\f739"; }
 .bi-envelope-paper-fill::before { content: "\f73a"; }
 .bi-envelope-paper-heart-fill::before { content: "\f73b"; }
 .bi-envelope-paper-heart::before { content: "\f73c"; }
 .bi-envelope-paper::before { content: "\f73d"; }
 .bi-filetype-aac::before { content: "\f73e"; }
 .bi-filetype-ai::before { content: "\f73f"; }
 .bi-filetype-bmp::before { content: "\f740"; }
 .bi-filetype-cs::before { content: "\f741"; }
 .bi-filetype-css::before { content: "\f742"; }
 .bi-filetype-csv::before { content: "\f743"; }
 .bi-filetype-doc::before { content: "\f744"; }
 .bi-filetype-docx::before { content: "\f745"; }
 .bi-filetype-exe::before { content: "\f746"; }
 .bi-filetype-gif::before { content: "\f747"; }
 .bi-filetype-heic::before { content: "\f748"; }
 .bi-filetype-html::before { content: "\f749"; }
 .bi-filetype-java::before { content: "\f74a"; }
 .bi-filetype-jpg::before { content: "\f74b"; }
 .bi-filetype-js::before { content: "\f74c"; }
 .bi-filetype-jsx::before { content: "\f74d"; }
 .bi-filetype-key::before { content: "\f74e"; }
 .bi-filetype-m4p::before { content: "\f74f"; }
 .bi-filetype-md::before { content: "\f750"; }
 .bi-filetype-mdx::before { content: "\f751"; }
 .bi-filetype-mov::before { content: "\f752"; }
 .bi-filetype-mp3::before { content: "\f753"; }
 .bi-filetype-mp4::before { content: "\f754"; }
 .bi-filetype-otf::before { content: "\f755"; }
 .bi-filetype-pdf::before { content: "\f756"; }
 .bi-filetype-php::before { content: "\f757"; }
 .bi-filetype-png::before { content: "\f758"; }
 .bi-filetype-ppt-1::before { content: "\f759"; }
 .bi-filetype-ppt::before { content: "\f75a"; }
 .bi-filetype-psd::before { content: "\f75b"; }
 .bi-filetype-py::before { content: "\f75c"; }
 .bi-filetype-raw::before { content: "\f75d"; }
 .bi-filetype-rb::before { content: "\f75e"; }
 .bi-filetype-sass::before { content: "\f75f"; }
 .bi-filetype-scss::before { content: "\f760"; }
 .bi-filetype-sh::before { content: "\f761"; }
 .bi-filetype-svg::before { content: "\f762"; }
 .bi-filetype-tiff::before { content: "\f763"; }
 .bi-filetype-tsx::before { content: "\f764"; }
 .bi-filetype-ttf::before { content: "\f765"; }
 .bi-filetype-txt::before { content: "\f766"; }
 .bi-filetype-wav::before { content: "\f767"; }
 .bi-filetype-woff::before { content: "\f768"; }
 .bi-filetype-xls-1::before { content: "\f769"; }
 .bi-filetype-xls::before { content: "\f76a"; }
 .bi-filetype-xml::before { content: "\f76b"; }
 .bi-filetype-yml::before { content: "\f76c"; }
 .bi-heart-arrow::before { content: "\f76d"; }
 .bi-heart-pulse-fill::before { content: "\f76e"; }
 .bi-heart-pulse::before { content: "\f76f"; }
 .bi-heartbreak-fill::before { content: "\f770"; }
 .bi-heartbreak::before { content: "\f771"; }
 .bi-hearts::before { content: "\f772"; }
 .bi-hospital-fill::before { content: "\f773"; }
 .bi-hospital::before { content: "\f774"; }
 .bi-house-heart-fill::before { content: "\f775"; }
 .bi-house-heart::before { content: "\f776"; }
 .bi-incognito::before { content: "\f777"; }
 .bi-magnet-fill::before { content: "\f778"; }
 .bi-magnet::before { content: "\f779"; }
 .bi-person-heart::before { content: "\f77a"; }
 .bi-person-hearts::before { content: "\f77b"; }
 .bi-phone-flip::before { content: "\f77c"; }
 .bi-plugin::before { content: "\f77d"; }
 .bi-postage-fill::before { content: "\f77e"; }
 .bi-postage-heart-fill::before { content: "\f77f"; }
 .bi-postage-heart::before { content: "\f780"; }
 .bi-postage::before { content: "\f781"; }
 .bi-postcard-fill::before { content: "\f782"; }
 .bi-postcard-heart-fill::before { content: "\f783"; }
 .bi-postcard-heart::before { content: "\f784"; }
 .bi-postcard::before { content: "\f785"; }
 .bi-search-heart-fill::before { content: "\f786"; }
 .bi-search-heart::before { content: "\f787"; }
 .bi-sliders2-vertical::before { content: "\f788"; }
 .bi-sliders2::before { content: "\f789"; }
 .bi-trash3-fill::before { content: "\f78a"; }
 .bi-trash3::before { content: "\f78b"; }
 .bi-valentine::before { content: "\f78c"; }
 .bi-valentine2::before { content: "\f78d"; }
 .bi-wrench-adjustable-circle-fill::before { content: "\f78e"; }
 .bi-wrench-adjustable-circle::before { content: "\f78f"; }
 .bi-wrench-adjustable::before { content: "\f790"; }
 .bi-filetype-json::before { content: "\f791"; }
 .bi-filetype-pptx::before { content: "\f792"; }
 .bi-filetype-xlsx::before { content: "\f793"; }
--- a/data/web/css/build/013-datatables.css
+++ b/data/web/css/build/013-datatables.css
@@ -0,0 +1,98 @@
 .dataTables_info {
    margin: 15px 0 !important;
    padding: 0px !important;
 }
 .dataTables_paginate, .dataTables_length, .dataTables_filter {
    margin: 15px 0 !important;
 }
 .dtr-details {
    width: 100%;
 }
 .table-striped>tbody>tr:nth-of-type(odd) {
    background-color: #F2F2F2;
 }
 td.child>ul>li {
    display: flex;
 }
 table.dataTable>tbody>tr.child ul.dtr-details>li {
    border-bottom: 1px solid rgba(0, 0, 0, 0.129);
    padding: 0.5em 0;
 }
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before:hover, 
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before:hover {
    background-color: #5e5e5e;
 }
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before, 
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before,
 table.dataTable td.dt-control:before {
    background-color: #979797 !important;
    border: 1.5px solid #616161 !important;
    border-radius: 2px !important;
    color: #fff;
    height: 1em;
    width: 1em;
    line-height: 1.25em;
    border-radius: 0px;
    box-shadow: none;
    font-size: 14px;
    transition: 0.5s all;
 }
 table.dataTable.dtr-inline.collapsed>tbody>tr.parent>td.dtr-control:before, 
 table.dataTable.dtr-inline.collapsed>tbody>tr.parent>th.dtr-control:before,
 table.dataTable td.dt-control:before {
    background-color: #979797 !important;
 }
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.child, 
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.child, 
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
    background-color: #fbfbfb;
 }
 table.dataTable.table-striped>tbody>tr>td {
    vertical-align: middle;
 }
 table.dataTable.table-striped>tbody>tr>td>input[type="checkbox"] {
    margin-top: 7px;
 }
 td.dtr-col-lg {
    min-width: 350px;
    word-break: break-word;
 }
 td.dtr-col-md {
    min-width: 250px;
    word-break: break-word;
 }
 td.dtr-col-sm {
    min-width: 125px;
    word-break: break-word;
 }
 .dt-data-w100 .dtr-data {
    width: 100%;
 }
 li .dtr-data {
    word-break: break-all;
    flex: 1;
    padding-left: 5px;
    padding-right: 5px;
 }
 table.dataTable>tbody>tr.child span.dtr-title {
    width: 30%;
    max-width: 250px;
 }
 div.dataTables_wrapper div.dataTables_filter {
    text-align: left;
 }
 div.dataTables_wrapper div.dataTables_length {
    text-align: right;
 }
 .dataTables_paginate, .dataTables_length, .dataTables_filter {
    margin: 10px 0!important;
 }
 td.dt-text-right {
    text-align: end !important;
 }
 th.dt-text-right {
    text-align: end !important;
 }
--- a/data/web/css/build/014-mailcow.css
+++ b/data/web/css/build/014-mailcow.css
@@ -63,6 +63,17 @@
 .navbar-nav {
  margin: 0;
 }
 .navbar-nav .nav-item {
  flex-direction: column;
  display: flex;
  padding: 0 10px !important;
 }
 .navbar-nav .nav-link {
  height: 44px;
  display: flex;
  align-items: center;
  padding: 0 10px !important;
 }
 .navbar-fixed-bottom .navbar-collapse, 
 .navbar-fixed-top .navbar-collapse {
  max-height: 1000px
@@ -75,6 +86,12 @@
  display: inline-block;
  font-size: inherit;
 }
 .btn-group-xs > .btn, .btn-xs {
  padding: .25rem .4rem;
  font-size: .875rem;
  line-height: 1rem;
  border-radius: .2rem;
 }
 .icon-spin {
  animation-name: spin;
  animation-duration: 2000ms;
@@ -105,13 +122,22 @@
    transform: rotate(359deg);
  }
 }
-pre{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;}
+@keyframes blink {
-.footable-sortable {
+  50% { 
-  -webkit-user-select: none;  
+    color: transparent 
-  -moz-user-select: none;    
+  }
  -ms-user-select: none;      
  user-select: none;
 }
 .loader-dot { 
  animation: 1s blink infinite 
 }
 .loader-dot:nth-child(2) { 
  animation-delay: 250ms 
 }
 .loader-dot:nth-child(3) { 
  animation-delay: 500ms 
 }
 pre{white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word;}
 /* Fix modal moving content left */
 body.modal-open {
  overflow: inherit;
@@ -166,19 +192,11 @@ legend {
  top: 0; right: 0; bottom: 0; left: 0;
  opacity: 0.7;
 }
 #top {
  padding-top: 70px;
 }
 .bootstrap-select.btn-group .no-results {
  display: none;
 }
-.dropdown-desc {
+.bootstrap-select>.dropdown-toggle.bs-placeholder.btn-secondary {
-  display: block;
+  color: rgb(197, 197, 197) !important;
  padding: 3px 10px;
  clear: both;
  font-weight: bold;
  color: #5a5a5a;
  white-space: nowrap;
 }
 .haveibeenpwned {
  cursor: pointer;
@@ -206,7 +224,7 @@ legend {
  flex-direction: column;
 }
 .footer .version {
-    margin-left: auto;
+  margin-left: auto;
 	margin-top: 20px;
 }
 .slave-info {
@@ -225,15 +243,8 @@ legend {
 .btn-input-missing:active:hover,
 .btn-input-missing:active:focus {
  color: #000 !important;
-  background-color: #ff4136;
+  background-color: #ff2f24 !important;
-  border-color: #ff291c;
+  border-color: #e21207 !important;
 }
 table.footable>tbody>tr.footable-empty>td {
  font-style:italic;
  font-size: 1rem;
 }
 table>tbody>tr>td>span.footable-toggle {
  opacity: 0.75;
 }
 .navbar-nav > li {
  font-size: 1rem !important;
@@ -260,18 +271,11 @@ code {
  margin-right: 5px;
 }
-.list-group-item.webauthn-authenticator-selection,
+.dropdown-header {
-.list-group-item.totp-authenticator-selection,
+  font-weight: 600;
 .list-group-item.yubi_otp-authenticator-selection {
  border-radius: 0px !important;
 }
 .pending-tfa-collapse {
  padding: 10px;
  background: #fbfbfb;
  border: 1px solid #ededed;
  min-height: 110px;
 }
 .tag-box {
  display: flex;
  flex-wrap: wrap;
@@ -295,7 +299,7 @@ code {
 }
 .tag-input {
  margin-left: 10px;
-  border: 0;
+  border: 0 !important;
  flex: 1;
  height: 24px;
  min-width: 150px;
@@ -308,3 +312,61 @@ code {
  align-items: center;
  display: inline-flex;
 }
 #dnstable {
  overflow-x: auto!important;
 }
 .well {
  border: 1px solid #dfdfdf;
  background-color: #f9f9f9;
  padding: 10px;
 }
 .btn-check-label {
  color: #555;
 }
 .caret {
  transform: rotate(0deg);
 }
 a[aria-expanded='true'] > .caret, 
 button[aria-expanded='true'] > .caret {
  transform: rotate(-180deg);
 }
 .list-group-details {
  background: #fff;
 }
 .list-group-header {
  background: #f7f7f7;
 } 
 .bg-primary, .alert-primary, .btn-primary {
  background-color: #0F688D !important;
  border-color: #0d526d !important;
 }
 .bg-info, .alert-info, .btn-info {
  background-color: #148DBC !important;
  border-color: #127ea8 !important;
 }
 .bootstrap-select>.dropdown-toggle.bs-placeholder.btn-secondary {
  color: rgb(137 137 137)!important;
 }
 .progress {
  background-color: #d5d5d5;
 }
 .btn-outline-secondary:hover {
    background-color: #f0f0f0;
 }
 .btn.btn-outline-secondary {
  border-color: #cfcfcf !important;  
 }
 .btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
    background-color: #f0f0f0 !important;
 }
--- a/data/web/css/build/014-responsive.css
+++ b/data/web/css/build/014-responsive.css
@@ -1,308 +0,0 @@
 .space20 {
  margin-bottom: 20px;
 }
 .btn-xs-lg>.lang-sm:after {
  margin-left: 4px;
 }
 .bootstrap-select {
  max-width: 350px;
 }
 .panel-login .apps .btn {
  width: auto;
  float: left;
  margin-right: 10px;
  margin-top: auto;
 }
 .panel-login .apps .btn:hover {
  margin-top: 1px !important;
  border-bottom-width: 3px;
 }
@media (max-width: 767px) {
  .panel-login .apps .btn {
    width: 100%;
    float: none;
    margin-bottom: 10px;
  }
  .panel-login .apps .btn {
    border-bottom-width: 4px;
  }
  .media-clearfix::after {
    clear: both;
    box-sizing: border-box;
  }
  .media-clearfix::before {
    display: table;
    content: " ";
    box-sizing: border-box;
  }
  .xs-show {
    display: block !important;
  }
  .js-tabcollapse-panel-group .panel{
    border: none;
    box-shadow: none;
  }
  .js-tabcollapse-panel-group .panel-body {
    padding: 10px 0;
  }
  .js-tabcollapse-panel-group .js-tabcollapse-panel-body .panel-body {
    padding: 0;
  }
  .js-tabcollapse-panel-body .panel-heading {
    display: none;
  }
  .js-tabcollapse-panel-body .well,
  .panel-body .form-inline.well {
    border: none;
    padding: 0;
    margin: 0;
    box-shadow: none;
    background-color: #fff;
  }
  .js-tabcollapse-panel-heading {
    display: block;
    height: 37px;
    line-height: 37px;
    text-indent: 15px;
  }
  .js-tabcollapse-panel-heading:hover {
    text-decoration: none;
  }
  .js-tabcollapse-panel-heading {
    position: relative;
  }
  .js-tabcollapse-panel-heading:after {
    content: '';
    display: block;
    position: absolute;
    top: 17px;
    right: 17px;
    width: 0;
    height: 0;
    margin-left: 2px;
    vertical-align: middle;
    border-bottom: 4px dashed;
    border-right: 4px solid transparent;
    border-left: 4px solid transparent;
  }
  .js-tabcollapse-panel-heading.collapsed:after {
    border-bottom: none;
    border-top: 4px dashed;
  }
  .recent-login-success {
  font-size: 14px;
  margin-top: 10px !important;
  }
  .pull-xs-right {
  float: right !important;
  }
  .pull-xs-right .dropdown-menu {
  right: 0;
  left: auto;
  }
  .text-xs-left {
    text-align: left;
  }
  .text-xs-bold {
    font-weight: bold;
  }
  .text-xs-bold .small {
    font-weight: normal;
    text-align: justify;
  }
  .help-block {
    text-align: justify;
  }
  .btn.visible-xs-block {
    width: 100%;
    float: none;
    white-space: normal;
  }
  .btn-group.footable-actions .btn.btn-xs-half,
  .btn.visible-xs-block.btn-xs-half {
    width: 50%;
    float: left;
  }
  .btn-group.footable-actions .btn.btn-xs-third,
  .btn.visible-xs-block.btn-xs-third {
    width: 33.33%;
    float: left;
  }
  .btn-group.footable-actions .btn.btn-xs-quart,
  .btn.visible-xs-block.btn-xs-quart {
    width: 25%;
    float: left;
  }
  .btn.visible-xs-block.btn-sm,
  .btn-xs-lg {
    padding: 15px 16px 13px;
    line-height: 15px;
  }
  .input-xs-lg {
  height: 47px;
    padding: 13px 16px;
  }
  .btn-group:not(.input-group-btn) {
    display: flex;
    flex-wrap: wrap;
  }
  .btn-group.nowrap {
    flex-wrap: nowrap;
  }
  .btn-group.nowrap .dropdown-menu {
    width: 100%;
  }
  .panel-login .btn-group {
    display: block;
  }
  .mass-actions-user .btn-group {
    float: none;
  }
  div[class^='mass-actions'] .dropdown-menu,
  .panel-xs-lg .dropdown-menu,
  .dropdown-menu.login {
    width: 100%;
  }
  div[class^='mass-actions'] .btn-group .dropdown-menu {
  top: 50%;
  }
  div[class^='mass-actions'] .btn-group .btn-group .dropdown-menu,
  div.mass-actions-quarantine .btn-group .dropdown-menu,
  .panel-xs-lg .dropdown-menu {
    top: 100%;
  }
  div[class^='mass-actions'] .dropdown-menu>li>a,
  .panel-xs-lg .dropdown-menu>li>a,
  .dropdown-menu.login>li>a {
    padding: 8px 20px;
  }
  div[class^='mass-actions'] .dropdown-header {
    font-size: 14px;
    font-weight: bold;
  }
  .space20 {
    margin-bottom: 10px;
  }
  .top100 {
    top: 100% !important;
  }
  .top33 {
    top: 33% !important;
  }
  .footable-filtering .form {
    width: 65%;
  }
  .btn-xs-lg>.lang-sm:after {
    top: 1px;
  }
  table.footable>tfoot>tr.footable-paging>td {
    text-align: left;
  }
  .footable-first-visible {
    min-width: 55px;
  }
  table>tbody>tr>td>span.footable-toggle {
    font-size: 24px;
    margin-right: 14px !important;
  }
  table>tbody>tr>td>span.footable-toggle + input {
    position: absolute;
    left: 38px;
  }
  .pagination {
    margin-bottom: 5px;
  }
  tr.footable-filtering>th>form {
    width: 270px;
  }
  .mass-actions-mailbox {
    padding: 0;
  }
  .panel-xs-lg .panel-heading {
    height: 66px;
    line-height: 47px;
  }
  .panel-xs-lg .btn-group .btn {
    padding-right: 5px;
    padding-left: 5px;
  }
  .bootstrap-select:not([class*=col-]):not([class*=form-control]):not(.input-group-btn) {
    width: 100%;
  }
  .btn-group:not(.bootstrap-select) {
    width: auto !important;
  }
  .bootstrap-select {
    max-width: 100%;
  }
  .img-responsive {
    margin: 0 auto;
  }
  .btn-group.footable-actions {
  position: absolute;
    width: 90vw !important;
    left: 0;
    height: 36px;
    margin-top: -8px;
  }
  .btn-group.footable-actions .btn {
  padding: 10px 16px 7px;
    line-height: 15px;
    display: block;
    width: 100%;
  }
  .btn-group.footable-actions:after {
    content: "";
    display: block;
    clear: both;
  }
  .bootstrap-select.btn-group.show-tick .dropdown-menu li a span.text {
    margin-right: 14px;
    white-space: normal;
  }
  .clearfix {
    flex-basis: 100%;
    height: 0;
  }
  .btn-group > .btn-group {
    flex-basis: 100%;
  }
  .btn-group .btn {
  display: flex !important;
  align-items: center;
  justify-content: center;
  }
  .btn-group .btn i {
    margin-right: 5px;
  }
  .btn-group .btn .caret {
  margin-left: 5px;
  }
  .panel-login .btn-group .btn {
    display: block !important;
  }
  .panel-login .clearfix {
    height: auto;
  }
 }
@media (max-width: 350px) {
  .mailcow-logo img {
    max-width: 250px;
  }
 }
--- a/data/web/css/build/015-responsive.css
+++ b/data/web/css/build/015-responsive.css
@@ -0,0 +1,221 @@
 .btn-xs-lg>.lang-sm:after {
  margin-left: 4px;
 }
 .bootstrap-select {
  max-width: 350px;
 }
 .card-login .apps .btn {
  width: auto;
  float: left;
  margin-right: 10px;
  margin-top: auto;
 }
 .card-login .apps .btn:hover {
  margin-top: 1px !important;
  border-bottom-width: 3px;
 }
 .responsive-tabs .nav-tabs {
  display: none;
 }
 .dataTables_paginate.paging_simple_numbers .pagination {
  display: flex;
  flex-wrap: wrap;
 }
@media (min-width: 768px) {
  .responsive-tabs .nav-tabs {
      display: flex;
  }
  .responsive-tabs .card .card-body.collapse {
      display: block;
  }
 }
@media (max-width: 767px) {
  .responsive-tabs .tab-pane {
      display: block !important;
      opacity: 1;
  }
  .card-login .apps .btn {
    width: 100%;
    float: none;
    margin-bottom: 10px;
  }
  .card-login .apps .btn {
    border-bottom-width: 4px;
  }
  .xs-show {
    display: block !important;
  }
  .recent-login-success {
    font-size: 14px;
    margin-top: 10px !important;
  }
  .pull-xs-right {
  float: right !important;
  }
  .pull-xs-right .dropdown-menu {
    right: 0;
    left: auto;
  }
  .text-xs-left {
    text-align: left;
  }
  .text-xs-bold {
    font-weight: bold;
  }
  .text-xs-bold .small {
    font-weight: normal;
    text-align: justify;
  }
  .btn.d-block {
    width: 100%;
    white-space: normal;
  }
  .btn.btn-xs-half,
  .btn.d-block.btn-xs-half {
    width: 50%;
  }
  .btn.btn-xs-third,
  .btn.d-block.btn-xs-third {
    width: 33.33%;
  }
  .btn.btn-xs-quart,
  .btn.d-block.btn-xs-quart {
    width: 25%;
  }
  .btn.d-block.btn-sm,
  .btn-xs-lg {
    padding: .5rem 1rem;
    line-height: 20px;
  }
  .input-xs-lg {
    height: 47px;
    padding: 13px 16px;
  }
  .btn-group:not(.input-group-btn) {
    display: flex;
    flex-wrap: wrap;
  }
  .btn-group.nowrap {
    flex-wrap: nowrap;
  }
  .btn-group.nowrap .dropdown-menu {
    width: 100%;
  }
  .card-login .btn-group {
    display: block;
  }
  .mass-actions-user .btn-group {
    float: none;
  }
  div[class^='mass-actions'] .dropdown-menu,
  .card-xs-lg .dropdown-menu,
  .dropdown-menu.login {
    width: 100%;
  }
  div[class^='mass-actions'] .btn-group .dropdown-menu {
    top: 50%;
  }
  div[class^='mass-actions'] .btn-group .btn-group .dropdown-menu,
  div.mass-actions-quarantine .btn-group .dropdown-menu,
  .card-xs-lg .dropdown-menu {
    top: 100%;
  }
  div[class^='mass-actions'] .dropdown-menu>li>a,
  .card-xs-lg .dropdown-menu>li>a,
  .dropdown-menu.login>li>a {
    padding: 8px 20px;
  }
  div[class^='mass-actions'] .dropdown-header {
    font-size: 14px;
    font-weight: bold;
  }
  .top100 {
    top: 100% !important;
  }
  .top33 {
    top: 33% !important;
  }
  .footable-filtering .form {
    width: 65%;
  }
  .btn-xs-lg>.lang-sm:after {
    top: 1px;
  }
  .pagination {
    margin-bottom: 5px;
  }
  .mass-actions-mailbox {
    padding: 0;
  }
  .card-xs-lg .card-header {
    height: 66px;
    line-height: 47px;
  }
  .card-xs-lg .btn-group .btn {
    padding-right: 5px;
    padding-left: 5px;
  }
  .bootstrap-select:not([class*=col-]):not([class*=form-control]):not(.input-group-btn) {
    width: 100%;
  }
  .btn-group:not(.bootstrap-select) {
    width: auto !important;
  }
  .bootstrap-select {
    max-width: 100%;
  }
  .bootstrap-select.btn-group.show-tick .dropdown-menu li a span.text {
    margin-right: 14px;
    white-space: normal;
  }
  .btn-group > .btn-group {
    flex-basis: 100%;
  }
  .btn-group .btn {
    display: flex !important;
    align-items: center;
    justify-content: center;
  }
  .btn-group .btn i {
    margin-right: 5px;
  }
  .card-login .btn-group .btn {
    display: block !important;
  }
  .dt-sm-head-hidden .dtr-title {
    display: none !important;
  }
  div.dataTables_wrapper div.dataTables_length {
    text-align: left;
  }
  .senders-mw220 {
    max-width: 100% !important;
  }
 }
@media (max-width: 350px) {
  .mailcow-logo img {
    max-width: 250px;
  }
 }
@media (min-width: 1400px) {
  .container-xxl, .container-xl, .container-lg, .container-md, .container-sm, .container {
    max-width: 1600px;
  }
 }
--- a/data/web/css/site/admin.css
+++ b/data/web/css/site/admin.css
@@ -25,7 +25,6 @@ body.modal-open {
 }
 .mass-actions-admin {
  user-select: none;
  padding:10px 0 10px 0;
 }
 .inputMissingAttr {
  border-color: #FF4136;
--- a/data/web/css/site/debug.css
+++ b/data/web/css/site/debug.css
@@ -26,7 +26,6 @@
 }
 .mass-actions-debug {
  user-select: none;
  padding:10px 0 10px 10px;
 }
 .inputMissingAttr {
  border-color: #FF4136;
--- a/data/web/css/site/edit.css
+++ b/data/web/css/site/edit.css
@@ -21,7 +21,6 @@
 }
 .mass-actions-user {
  user-select: none;
  padding:10px 0 10px 0;
 }
 .inputMissingAttr {
  border-color: #FF4136;
--- a/data/web/css/site/mailbox.css
+++ b/data/web/css/site/mailbox.css
@@ -32,7 +32,6 @@
 }
 .mass-actions-mailbox {
  user-select: none;
  padding:10px 0 10px 10px;
 }
 .inputMissingAttr {
  border-color: #FF4136;
--- a/data/web/css/site/quarantine.css
+++ b/data/web/css/site/quarantine.css
@@ -1,103 +1,104 @@
-.pagination a {
+.pagination a {
-  text-decoration: none !important;
+  text-decoration: none !important;
-}
+}
-
+
-.panel.panel-default {
+.panel.panel-default {
-  overflow: visible !important;
+  overflow: visible !important;
-}
+}
-
+
-.table-responsive {
+.table-responsive {
-  overflow: visible !important;
+  overflow: visible !important;
-}
+}
-
+
-.table-responsive {
+.table-responsive {
-  overflow-x: scroll !important;
+  overflow-x: scroll !important;
-}
+}
-
+
-.footer-add-item {
+.footer-add-item {
-  display: block;
+  display: block;
-  text-align: center;
+  text-align: center;
-  font-style: italic;
+  font-style: italic;
-  padding: 10px;
+  padding: 10px;
-  background: #F5F5F5;
+  background: #F5F5F5;
-}
+}
-
+
-@media (min-width: 992px) {
+@media (min-width: 992px) {
-  .container {
+  .container {
-    width: 100%;
+    width: 100%;
-  }
+  }
-}
+}
-@media (min-width: 1920px) {
+@media (min-width: 1920px) {
-  .container {
+  .container {
-      width: 80%;
+      width: 80%;
-  }
+  }
-}
+}
-
+
-.mass-actions-quarantine {
+.mass-actions-quarantine {
-  user-select: none;
+  user-select: none;
-  padding: 10px;
+}
-}
+
-
+.inputMissingAttr {
-.inputMissingAttr {
+  border-color: #FF4136;
-  border-color: #FF4136;
+}
-}
+
-
+.modal#qidDetailModal p {
-.modal#qidDetailModal p {
+  word-break: break-all;
-  word-break: break-all;
+}
-}
+
-
+span#qid_detail_score {
-span#qid_detail_score {
+  font-weight: 700;
-  font-weight: 700;
+  margin-left: 5px;
-  margin-left: 5px;
+}
-}
+
-
+span.rspamd-symbol {
-span.rspamd-symbol {
+  display: inline-block;
-  display: inline-block;
+  margin: 2px 6px 2px 0;
-  margin: 2px 6px 2px 0;
+  border-radius: 4px;
-  border-radius: 4px;
+  padding: 0 7px;
-  padding: 0 7px;
+}
-}
+
-
+span.rspamd-symbol.positive {
-span.rspamd-symbol.positive {
+  background: #4CAF50;
-  background: #4CAF50;
+  border: 1px solid #4CAF50;
-  border: 1px solid #4CAF50;
+  color: white;
-  color: white;
+}
-}
+
-
+span.rspamd-symbol.negative {
-span.rspamd-symbol.negative {
+  background: #ff4136;
-  background: #ff4136;
+  border: 1px solid #ff4136;
-  border: 1px solid #ff4136;
+  color: white;
-  color: white;
+}
-}
+
-
+span.rspamd-symbol.neutral {
-span.rspamd-symbol.neutral {
+  background: #f5f5f5;
-  background: #f5f5f5;
+  color: #333;
-  color: #333;
+  border: 1px solid #ccc;
-  border: 1px solid #ccc;
+}
-}
+
-
+span.rspamd-symbol span.score {
-span.rspamd-symbol span.score {
+  font-weight: 700;
-  font-weight: 700;
+}
-}
+
-
+span.mail-address-item {
-span.mail-address-item {
+  background-color: #f5f5f5;
-  background-color: #f5f5f5;
+  border-radius: 4px;
-  border-radius: 4px;
+  border: 1px solid #ccc;
-  border: 1px solid #ccc;
+  padding: 2px 7px;
-  padding: 2px 7px;
+  display: inline-block;
-  display: inline-block;
+  margin: 2px 6px 2px 0;
-  margin: 2px 6px 2px 0;
+}
-}
+
-
+table tbody tr {
-table tbody tr {
+  cursor: pointer;
-  cursor: pointer;
+}
-}
+
-
+table tbody tr td input[type="checkbox"] {
-table tbody tr td input[type="checkbox"] {
+  cursor: pointer;
-  cursor: pointer;
+}
-}
+.label-rspamd-action {
-.label-rspamd-action {
+  font-size:110%;
-  font-size:110%;
+  margin:20px;
-  margin:20px;
+}
-}
+.senders-mw220 {
-
+  max-width: 220px;
 }
--- a/data/web/css/site/user.css
+++ b/data/web/css/site/user.css
@@ -21,7 +21,6 @@
 }
 .mass-actions-user {
  user-select: none;
  padding:10px 0;
 }
 .inputMissingAttr {
  border-color: #FF4136;
--- a/data/web/css/themes/lumen-bootstrap.css
+++ b/data/web/css/themes/lumen-bootstrap.css
--- a/data/web/css/themes/mailcow-darkmode.css
+++ b/data/web/css/themes/mailcow-darkmode.css
@@ -0,0 +1,368 @@
 body {
    background-color: #414141;
    color: #e0e0e0;
 }
 .card {
    border: 1px solid #1c1c1c;
    background-color: #3a3a3a;
 }
 legend {
    color: #f5f5f5;
 }
 .card-header {
    color: #bbb;
    background-color: #2c2c2c;
    border-color: transparent;
 }
 .btn-secondary, .paginate_button, .page-link, .btn-light {
    color: #fff !important;
    background-color: #7a7a7a !important;
    border-color: #5c5c5c !important;
 }
 .btn-check:checked+.btn-secondary, .btn-check:active+.btn-secondary, .btn-secondary:active, .btn-secondary.active, .show>.btn-secondary.dropdown-toggle {
    border-color: #7a7a7a !important;
 }
 .alert-secondary {
    color: #fff !important;
    background-color: #7a7a7a !important;
    border-color: #5c5c5c !important;
 }
 .bg-secondary {
    color: #fff !important;
    background-color: #7a7a7a !important;
 }
 .alert-secondary, .alert-secondary a, .alert-secondary .alert-link {
    color: #fff;
 }
 .page-item.active .page-link {
    background-color: #158cba !important;
    border-color: #127ba3 !important;
 }
 .btn-secondary:focus, .btn-secondary:hover, .btn-group.open .dropdown-toggle.btn-secondary {
    background-color: #7a7a7a;
    border-color: #5c5c5c !important;
    color: #fff;
 }
 .btn-secondary:disabled, .btn-secondary.disabled {
    border-color: #7a7a7a !important;
 }
 .modal-content {
    background-color: #414141;
 }
 .modal-header {
    border-bottom: 1px solid #161616;
 }
 .modal-title {
    color: white;
 }
 .modal .btn-close {
    filter: invert(1) grayscale(100%) brightness(200%);
 }
 .navbar.bg-light {
    background-color: #222222 !important;
    border-color: #181818;
 }
 .nav-link {
    color: #ccc !important;
 }
 .nav-tabs .nav-link.active, .nav-tabs .nav-item.show .nav-link {
    background: none;
 }
 .nav-tabs .nav-link:not(.disabled):hover, .nav-tabs .nav-link:not(.disabled):focus, .nav-tabs .nav-link.active {
    border-bottom-color: #414141;
 }
 .table, .table-striped>tbody>tr:nth-of-type(odd)>*, tbody tr {
    color: #ccc !important;
 }
 .dropdown-menu {
    background-color: #585858;
    border: 1px solid #333;
 }
 .dropdown-menu>li>a:focus, .dropdown-menu>li>a:hover {
    color: #fafafa;
 }
 .bootstrap-select>.dropdown-toggle.bs-placeholder, .bootstrap-select>.dropdown-toggle.bs-placeholder:active, .bootstrap-select>.dropdown-toggle.bs-placeholder:focus, .bootstrap-select>.dropdown-toggle.bs-placeholder:hover {
    color: #fff;
 }
 .bootstrap-select>.dropdown-toggle.bs-placeholder, .bootstrap-select>.dropdown-toggle.bs-placeholder.btn-secondary {
    color: #d4d4d4 !important;
 }
 tbody tr {
    color: #555;
 }
 .navbar-default .navbar-nav>.open>a, .navbar-default .navbar-nav>.open>a:focus, .navbar-default .navbar-nav>.open>a:hover {
    color: #ccc;
 }
 .navbar-default .navbar-nav>.active>a, .navbar-default .navbar-nav>.active>a:focus, .navbar-default .navbar-nav>.active>a:hover {
    color: #ccc;
 }
 .list-group-item {
    background-color: #333;
    border: 1px solid #555;
 }
 .table-striped>tbody>tr:nth-of-type(odd) {
    background-color: #333;
 }
 table.dataTable>tbody>tr.child ul.dtr-details>li {
    border-bottom: 1px solid rgba(255, 255, 255, 0.13);
 }
 tbody tr {
    color: #ccc;
 }
 .label.label-last-login {
    color: #ccc !important;
    background-color: #555 !important;
 }
 .progress {
    background-color: #555;
 }
 .h1, .h2, .h3, .h4, .h5, .h6, h1, h2, h3, h4, h5, h6 {
    color: #ccc;
 }
 div.numberedtextarea-number {
    color: #999;
 }
 .well {
    border: 1px solid #555;
    background-color: #333;
 }
 pre {
    color: #ccc;
    background-color: #333;
    border: 1px solid #555;
 }
 input.form-control, textarea.form-control {
    color: #e2e2e2 !important;
    background-color: #555 !important;
    border: 1px solid #999;
 }
 input.form-control:focus, textarea.form-control {
    background-color: #555 !important;
 }
 input.form-control:disabled, textarea.form-disabled {
    color: #a8a8a8 !important;
    background-color: #6e6e6e !important;
 }
 .input-group-addon {
    color: #ccc;
    background-color: #555 !important;
    border: 1px solid #999;
 }
 .input-group-text {
    color: #ccc;
    background-color: #242424;
 }
 .list-group-item {
    color: #ccc;
 }
 .dropdown-item {
    color: #ccc;
 }
 .dropdown-item:hover {
    color: #616161 !important;
 }
 .dropdown-item.active:hover {
    color: #fff !important;
    background-color: #31b1e4;
 }
 .form-select {
    color: #e2e2e2!important;
    background-color: #555!important;
    border: 1px solid #999;
 }
 .responsive-tabs .card-header button[data-bs-toggle="collapse"] {
    color: #c7c7c7;
 }
 .navbar-toggler {
    color: #fff !important;
 }
 .table-secondary {
    --bs-table-bg: #7a7a7a;
    --bs-table-striped-bg: #e4e4e4;
    --bs-table-striped-color: #000;
    --bs-table-active-bg: #d8d8d8;
    --bs-table-active-color: #000;
    --bs-table-hover-bg: #dedede;
    --bs-table-hover-color: #000;
    color: #000;
    border-color: #d8d8d8;
 }
 .table-light {
    --bs-table-bg: #f6f6f6;
    --bs-table-striped-bg: #eaeaea;
    --bs-table-striped-color: #000;
    --bs-table-active-bg: #dddddd;
    --bs-table-active-color: #000;
    --bs-table-hover-bg: #e4e4e4;
    --bs-table-hover-color: #000;
    color: #000;
    border-color: #dddddd;
 }
 .form-control-plaintext {
    color: #e0e0e0;
 }
 .breadcrumb {
    color: #fff !important;
    background-color: #7a7a7a !important;
    border-color: #5c5c5c !important;
 }
 a {
    color: #6fc7e9;
    text-decoration: underline;
 }
 a:hover {
    color: #3daedb;
 }
 .breadcrumb-item.active {
    color: #ccc;
 }
 .list-group-item.disabled, .list-group-item:disabled {
    color: #fff;
    background-color: #a8a8a8 !important;
    border-color: #a8a8a8;
 }
 .card.bg-light .card-title {
    color: #000 !important;
 }
 .card.bg-light .card-text {
    color: #000;
 }
 .accordion-item {
    background-color: #3a3a3a;
 }
 .accordion-button {
    color: #bbb;
    background-color: #2c2c2c;
 }
 .accordion-button:not(.collapsed) {
    color: #6fc7e9;
    background-color: #2c2c2c;
 }
 .accordion-button::after {
    background-image: none;
 }
 .accordion-button:not(.collapsed)::after {
    background-image: none;
 }
 .toast-header {
    background-color: #4c4c4c;
 }
 .toast-body {
    background-color: #626262;
 }
 .nav-pills .nav-link.active, .nav-pills .show > .nav-link {
    color: #fff !important;
 }
 .tag-box {
    background-color: #555;
    border: 1px solid #999;
 }
 .tag-input {
    color: #fff;
    background-color: #555;
 }
 .tag-add {
    color: #ccc;
 }
 .tag-add:hover {
    color: #d1d1d1;
 }
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before:hover, 
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before:hover {
  background-color: #7a7a7a !important;
 }
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.dtr-control:before, 
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.dtr-control:before {
  background-color: #7a7a7a !important;
  border: 1.5px solid #5c5c5c !important;
  color: #fff !important;
 }
 table.dataTable.dtr-inline.collapsed>tbody>tr.parent>td.dtr-control:before, 
 table.dataTable.dtr-inline.collapsed>tbody>tr.parent>th.dtr-control:before {
  background-color: #949494;
 }
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.child, 
 table.dataTable.dtr-inline.collapsed>tbody>tr>th.child, 
 table.dataTable.dtr-inline.collapsed>tbody>tr>td.dataTables_empty {
  background-color: #444444;
 }
 .btn-check-label {
  color: #fff;
 }
 .btn-outline-secondary:hover {
    background-color: #c3c3c3;
 }
 .btn.btn-outline-secondary {
  color: #fff !important;
  border-color: #7a7a7a !important;  
 }
 .btn-check:checked+.btn-outline-secondary, .btn-check:active+.btn-outline-secondary, .btn-outline-secondary:active, .btn-outline-secondary.active, .btn-outline-secondary.dropdown-toggle.show {
    background-color: #9b9b9b !important;
 }
 .btn-input-missing,
 .btn-input-missing:hover,
 .btn-input-missing:active,
 .btn-input-missing:focus,
 .btn-input-missing:active:hover,
 .btn-input-missing:active:focus {
  color: #fff !important;
  background-color: #ff2f24 !important;
  border-color: #e21207 !important;
 }
 .inputMissingAttr {
    border-color: #FF4136 !important;
 }
 .list-group-details {
    background: #444444;
 }
 .list-group-header {
    background: #333;
 }
 span.mail-address-item {
    background-color: #333;
    border-radius: 4px;
    border: 1px solid #555;
    padding: 2px 7px;
    display: inline-block;
    margin: 2px 6px 2px 0;
 }
--- a/data/web/debug.php
+++ b/data/web/debug.php
@@ -11,6 +11,11 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $solr_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_SOLR"])) ? false : solr_status();
 $clamd_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_CLAMD"])) ? false : true;
 if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CACHE')) {
  $_SESSION['gal'] = json_decode($license_cache, true);
 }
 $js_minifier->add('/web/js/site/debug.js');
 // vmail df
@@ -44,15 +49,26 @@ foreach ($containers as $container => $container_info) {
  $containers[$container]['State']['StartedAtHR'] = $started;
 }
 // get mailcow data
 $hostname = getenv('MAILCOW_HOSTNAME');
 $timezone = getenv('TZ');
 $template = 'debug.twig';
 $template_data = [
  'log_lines' => getenv('LOG_LINES'),
  'vmail_df' => $vmail_df,
  'hostname' => $hostname,
  'timezone' => $timezone,
  'gal' => @$_SESSION['gal'],
  'license_guid' => license('guid'),
  'solr_status' => $solr_status,
  'solr_uptime' => round($solr_status['status']['dovecot-fts']['uptime'] / 1000 / 60 / 60),
  'clamd_status' => $clamd_status,
  'containers' => $containers,
  'ip_check' => customize('get', 'ip_check'),
  'lang_admin' => json_encode($lang['admin']),
  'lang_debug' => json_encode($lang['debug']),
  'lang_datatables' => json_encode($lang['datatables']),
 ];
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
--- a/data/web/edit.php
+++ b/data/web/edit.php
@@ -38,24 +38,46 @@ if (isset($_SESSION['mailcow_cc_role'])) {
      $template = 'edit/admin.twig';
      $template_data = ['admin' => $admin];
    }
-    elseif (isset($_GET['domain']) &&
+    elseif (isset($_GET['domain'])) {
-      is_valid_domain_name($_GET["domain"]) &&
+      if (is_valid_domain_name($_GET["domain"]) &&
-      !empty($_GET["domain"])) {
+        !empty($_GET["domain"])) {
-        $domain = $_GET["domain"];
+          // edit domain
-        $result = mailbox('get', 'domain_details', $domain);
+          $domain = $_GET["domain"];
-        $quota_notification_bcc = quota_notification_bcc('get', $domain);
+          $result = mailbox('get', 'domain_details', $domain);
-        $rl = ratelimit('get', 'domain', $domain);
+          $quota_notification_bcc = quota_notification_bcc('get', $domain);
-        $rlyhosts = relayhost('get');
+          $rl = ratelimit('get', 'domain', $domain);
-        $template = 'edit/domain.twig';
+          $rlyhosts = relayhost('get');
          $template = 'edit/domain.twig';
          $template_data = [
            'acl' => $_SESSION['acl'],
            'domain' => $domain,
            'quota_notification_bcc' => $quota_notification_bcc,
            'rl' => $rl,
            'rlyhosts' => $rlyhosts,
            'dkim' => dkim('details', $domain),
            'domain_details' => $result,
          ];
      }
    }
    elseif (isset($_GET["template"])){
      $domain_template = mailbox('get', 'domain_templates', $_GET["template"]);
      if ($domain_template){
        $template_data = [
-          'acl' => $_SESSION['acl'],
+          'template' => $domain_template
          'domain' => $domain,
          'quota_notification_bcc' => $quota_notification_bcc,
          'rl' => $rl,
          'rlyhosts' => $rlyhosts,
          'dkim' => dkim('details', $domain),
          'domain_details' => $result,
        ];
        $template = 'edit/domain-templates.twig';
        $result = true;
      }
      else {
        $mailbox_template = mailbox('get', 'mailbox_templates', $_GET["template"]);
        if ($mailbox_template){
          $template_data = [
            'template' => $mailbox_template
          ];
          $template = 'edit/mailbox-templates.twig';
          $result = true;
        }
      }
    }
    elseif (isset($_GET['oauth2client']) &&
      is_numeric($_GET["oauth2client"]) &&
@@ -79,29 +101,32 @@ if (isset($_SESSION['mailcow_cc_role'])) {
          'dkim' => dkim('details', $alias_domain),
        ];
    }
-    elseif (isset($_GET['mailbox']) && filter_var(html_entity_decode(rawurldecode($_GET["mailbox"])), FILTER_VALIDATE_EMAIL) && !empty($_GET["mailbox"])) {
+    elseif (isset($_GET['mailbox'])){
-      $mailbox = html_entity_decode(rawurldecode($_GET["mailbox"]));
+      if(filter_var(html_entity_decode(rawurldecode($_GET["mailbox"])), FILTER_VALIDATE_EMAIL) && !empty($_GET["mailbox"])) {
-      $result = mailbox('get', 'mailbox_details', $mailbox);
+        // edit mailbox
-      $rl = ratelimit('get', 'mailbox', $mailbox);
+        $mailbox = html_entity_decode(rawurldecode($_GET["mailbox"]));
-      $pushover_data = pushover('get', $mailbox);
+        $result = mailbox('get', 'mailbox_details', $mailbox);
-      $quarantine_notification = mailbox('get', 'quarantine_notification', $mailbox);
+        $rl = ratelimit('get', 'mailbox', $mailbox);
-      $quarantine_category = mailbox('get', 'quarantine_category', $mailbox);
+        $pushover_data = pushover('get', $mailbox);
-      $get_tls_policy = mailbox('get', 'tls_policy', $mailbox);
+        $quarantine_notification = mailbox('get', 'quarantine_notification', $mailbox);
-      $rlyhosts = relayhost('get');
+        $quarantine_category = mailbox('get', 'quarantine_category', $mailbox);
-      $template = 'edit/mailbox.twig';
+        $get_tls_policy = mailbox('get', 'tls_policy', $mailbox);
-      $template_data = [
+        $rlyhosts = relayhost('get');
-        'acl' => $_SESSION['acl'],
+        $template = 'edit/mailbox.twig';
-        'mailbox' => $mailbox,
+        $template_data = [
-        'rl' => $rl,
+          'acl' => $_SESSION['acl'],
-        'pushover_data' => $pushover_data,
+          'mailbox' => $mailbox,
-        'quarantine_notification' => $quarantine_notification,
+          'rl' => $rl,
-        'quarantine_category' => $quarantine_category,
+          'pushover_data' => $pushover_data,
-        'get_tls_policy' => $get_tls_policy,
+          'quarantine_notification' => $quarantine_notification,
-        'rlyhosts' => $rlyhosts,
+          'quarantine_category' => $quarantine_category,
-        'sender_acl_handles' => mailbox('get', 'sender_acl_handles', $mailbox),
+          'get_tls_policy' => $get_tls_policy,
-        'user_acls' => acl('get', 'user', $mailbox),
+          'rlyhosts' => $rlyhosts,
-        'mailbox_details' => $result
+          'sender_acl_handles' => mailbox('get', 'sender_acl_handles', $mailbox),
-      ];
+          'user_acls' => acl('get', 'user', $mailbox),
          'mailbox_details' => $result
        ];
      }
    }
    elseif (isset($_GET['relayhost']) && is_numeric($_GET["relayhost"]) && !empty($_GET["relayhost"])) {
        $relayhost = intval($_GET["relayhost"]);
@@ -189,5 +214,6 @@ $js_minifier->add('/web/js/site/pwgen.js');
 $template_data['result'] = $result;
 $template_data['return_to'] = $_SESSION['return_to'];
 $template_data['lang_user'] = json_encode($lang['user']);
 $template_data['lang_datatables'] = json_encode($lang['datatables']);
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
--- a/data/web/fonts/bootstrap-icons.woff
+++ b/data/web/fonts/bootstrap-icons.woff
--- a/data/web/fonts/bootstrap-icons.woff2
+++ b/data/web/fonts/bootstrap-icons.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-300.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-300.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-300.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-300.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-300italic.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-300italic.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-300italic.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-700.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-700.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-700.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-700.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-700italic.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-700italic.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-700italic.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-italic.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-italic.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-italic.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-italic.woff2
--- a/data/web/fonts/source-sans-pro-v21-latin-regular.woff
+++ b/data/web/fonts/source-sans-pro-v21-latin-regular.woff
--- a/data/web/fonts/source-sans-pro-v21-latin-regular.woff2
+++ b/data/web/fonts/source-sans-pro-v21-latin-regular.woff2
--- a/data/web/img/rspamd_logo_dark.png
+++ b/data/web/img/rspamd_logo_dark.png
--- a/data/web/img/rspamd_logo_light.png
+++ b/data/web/img/rspamd_logo_light.png
--- a/data/web/inc/ajax/dns_diagnostics.php
+++ b/data/web/inc/ajax/dns_diagnostics.php
@@ -436,7 +436,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
      }
      ?>
    </table>
-    <a id='download-zonefile' class="btn btn-sm btn-default visible-xs-block visible-sm-inline visible-md-inline visible-lg-inline" style="margin-top:10px" data-zonefile="<?=base64_encode($dns_data);?>" download='<?=$_GET['domain'];?>.txt' type='text/csv'>Download</a>
+    <a id='download-zonefile' class="btn btn-sm btn-secondary visible-xs-block visible-sm-inline visible-md-inline visible-lg-inline mb-4" style="margin-top:10px" data-zonefile="<?=base64_encode($dns_data);?>" download='<?=$_GET['domain'];?>.txt' type='text/csv'>Download</a>
    <script>
      var zonefile_dl_link = document.getElementById('download-zonefile');
      var zonefile = atob(zonefile_dl_link.getAttribute('data-zonefile'));
--- a/data/web/inc/functions.customize.inc.php
+++ b/data/web/inc/functions.customize.inc.php
@@ -2,8 +2,18 @@
 function customize($_action, $_item, $_data = null) {
 	global $redis;
 	global $lang;
  switch ($_action) {
    case 'add':
      // disable functionality when demo mode is enabled
      if ($GLOBALS["DEMO_MODE"]) {
        $_SESSION['return'][] = array(
          'type' => 'danger',
          'log' => array(__FUNCTION__, $_action, $_item, $_data),
          'msg' => 'demo_mode_enabled'
        );
        return false;
      }
      if ($_SESSION['mailcow_cc_role'] != "admin") {
        $_SESSION['return'][] = array(
          'type' => 'danger',
@@ -72,6 +82,15 @@ function customize($_action, $_item, $_data = null) {
      }
    break;
    case 'edit':
      // disable functionality when demo mode is enabled
      if ($GLOBALS["DEMO_MODE"]) {
        $_SESSION['return'][] = array(
          'type' => 'danger',
          'log' => array(__FUNCTION__, $_action, $_item, $_data),
          'msg' => 'demo_mode_enabled'
        );
        return false;
      }
      if ($_SESSION['mailcow_cc_role'] != "admin") {
        $_SESSION['return'][] = array(
          'type' => 'danger',
@@ -116,6 +135,7 @@ function customize($_action, $_item, $_data = null) {
          $ui_announcement_text = $_data['ui_announcement_text'];
          $ui_announcement_type = (in_array($_data['ui_announcement_type'], array('info', 'warning', 'danger'))) ? $_data['ui_announcement_type'] : false;
          $ui_announcement_active = (!empty($_data['ui_announcement_active']) ? 1 : 0);
          try {
            $redis->set('TITLE_NAME', htmlspecialchars($title_name));
            $redis->set('MAIN_NAME', htmlspecialchars($main_name));
@@ -140,9 +160,37 @@ function customize($_action, $_item, $_data = null) {
            'msg' => 'ui_texts'
          );
        break;
        case 'ip_check':
          $ip_check = ($_data['ip_check_opt_in'] == "1") ? 1 : 0;
          try {
            $redis->set('IP_CHECK', $ip_check);
          }
          catch (RedisException $e) {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_item, $_data),
              'msg' => array('redis_error', $e)
            );
            return false;
          }
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_item, $_data),
            'msg' => 'ip_check_opt_in_modified'
          );
        break;
      }
    break;
    case 'delete':
      // disable functionality when demo mode is enabled
      if ($GLOBALS["DEMO_MODE"]) {
        $_SESSION['return'][] = array(
          'type' => 'danger',
          'log' => array(__FUNCTION__, $_action, $_item, $_data),
          'msg' => 'demo_mode_enabled'
        );
        return false;
      }
      if ($_SESSION['mailcow_cc_role'] != "admin") {
        $_SESSION['return'][] = array(
          'type' => 'danger',
@@ -247,6 +295,20 @@ function customize($_action, $_item, $_data = null) {
            return false;
          }
        break;
        case 'ip_check':
          try {
            $ip_check = ($ip_check = $redis->get('IP_CHECK')) ? $ip_check : 0;
            return $ip_check;
          }
          catch (RedisException $e) {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_item, $_data),
              'msg' => array('redis_error', $e)
            );
            return false;
          }
        break;
      }
    break;
  }
--- a/data/web/inc/functions.docker.inc.php
+++ b/data/web/inc/functions.docker.inc.php
@@ -1,6 +1,7 @@
 <?php
 function docker($action, $service_name = null, $attr1 = null, $attr2 = null, $extra_headers = null) {
  global $DOCKER_TIMEOUT;
  global $redis;
  $curl = curl_init();
  curl_setopt($curl, CURLOPT_HTTPHEADER,array('Content-Type: application/json' ));
  // We are using our mail certificates for dockerapi, the names will not match, the certs are trusted anyway
@@ -32,6 +33,7 @@ function docker($action, $service_name = null, $attr1 = null, $attr2 = null, $ex
        }
      }
      return false;
    break;
    case 'containers':
      curl_setopt($curl, CURLOPT_URL, 'https://dockerapi:443/containers/json');
      curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
@@ -51,6 +53,7 @@ function docker($action, $service_name = null, $attr1 = null, $attr2 = null, $ex
            if (strtolower($container['Config']['Labels']['com.docker.compose.project']) == strtolower(getenv('COMPOSE_PROJECT_NAME'))) {
              $out[$container['Config']['Labels']['com.docker.compose.service']]['State'] = $container['State'];
              $out[$container['Config']['Labels']['com.docker.compose.service']]['Config'] = $container['Config'];
              $out[$container['Config']['Labels']['com.docker.compose.service']]['Id'] = trim($container['Id']);
            }
          }
        }
@@ -94,6 +97,7 @@ function docker($action, $service_name = null, $attr1 = null, $attr2 = null, $ex
                unset($container['Config']['Env']);
                $out[$container['Config']['Labels']['com.docker.compose.service']]['State'] = $container['State'];
                $out[$container['Config']['Labels']['com.docker.compose.service']]['Config'] = $container['Config'];
                $out[$container['Config']['Labels']['com.docker.compose.service']]['Id'] = trim($container['Id']);
              }
            }
          }
@@ -103,6 +107,7 @@ function docker($action, $service_name = null, $attr1 = null, $attr2 = null, $ex
              unset($container['Config']['Env']);
              $out[$decoded_response['Config']['Labels']['com.docker.compose.service']]['State'] = $decoded_response['State'];
              $out[$decoded_response['Config']['Labels']['com.docker.compose.service']]['Config'] = $decoded_response['Config'];
              $out[$decoded_response['Config']['Labels']['com.docker.compose.service']]['Id'] = trim($decoded_response['Id']);
            }
          }
        }
@@ -146,5 +151,46 @@ function docker($action, $service_name = null, $attr1 = null, $attr2 = null, $ex
        }
      }
    break;
    case 'container_stats':
      if (empty($service_name)){
        return false;
      }
      $container_id = $service_name;
      curl_setopt($curl, CURLOPT_URL, 'https://dockerapi:443/container/' . $container_id . '/stats/update');
      curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
      curl_setopt($curl, CURLOPT_POST, 1);
      curl_setopt($curl, CURLOPT_TIMEOUT, $DOCKER_TIMEOUT);
      $response = curl_exec($curl);
      if ($response === false) {
        $err = curl_error($curl);
        curl_close($curl);
        return $err;
      }
      else {
        curl_close($curl);
        $stats = json_decode($response, true);
        if (!empty($stats)) return $stats;
      }
      return false;
    break;
    case 'host_stats':
      curl_setopt($curl, CURLOPT_URL, 'https://dockerapi:443/host/stats');
      curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
      curl_setopt($curl, CURLOPT_POST, 0);
      curl_setopt($curl, CURLOPT_TIMEOUT, $DOCKER_TIMEOUT);
      $response = curl_exec($curl);
      if ($response === false) {
        $err = curl_error($curl);
        curl_close($curl);
        return $err;
      }
      else {
        curl_close($curl);
        $stats = json_decode($response, true);
        if (!empty($stats)) return $stats;
      }
      return false;
    break;
  }
 }
--- a/data/web/inc/functions.domain_admin.inc.php
+++ b/data/web/inc/functions.domain_admin.inc.php
@@ -1,407 +1,468 @@
-<?php
+<?php
-function domain_admin($_action, $_data = null) {
+function domain_admin($_action, $_data = null) {
-  global $pdo;
+  global $pdo;
-  global $lang;
+  global $lang;
-  $_data_log = $_data;
+  $_data_log = $_data;
-  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
+  !isset($_data_log['password']) ?: $_data_log['password'] = '*';
-  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
+  !isset($_data_log['password2']) ?: $_data_log['password2'] = '*';
-  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
+  !isset($_data_log['user_old_pass']) ?: $_data_log['user_old_pass'] = '*';
-  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
+  !isset($_data_log['user_new_pass']) ?: $_data_log['user_new_pass'] = '*';
-  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
+  !isset($_data_log['user_new_pass2']) ?: $_data_log['user_new_pass2'] = '*';
-  switch ($_action) {
+  switch ($_action) {
-    case 'add':
+    case 'add':
-      $username		= strtolower(trim($_data['username']));
+      $username		= strtolower(trim($_data['username']));
-      $password		= $_data['password'];
+      $password		= $_data['password'];
-      $password2  = $_data['password2'];
+      $password2  = $_data['password2'];
-      $domains    = (array)$_data['domains'];
+      $domains    = (array)$_data['domains'];
-      $active     = intval($_data['active']);
+      $active     = intval($_data['active']);
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
+          'msg' => 'access_denied'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      if (empty($domains)) {
+      if (empty($domains)) {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'domain_invalid'
+          'msg' => 'domain_invalid'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty ($username) || $username == 'API') {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('username_invalid', $username)
+          'msg' => array('username_invalid', $username)
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-
+
-      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
+      $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`
-        WHERE `username` = :username");
+        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
+      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
+
-      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
+      $stmt = $pdo->prepare("SELECT `username` FROM `admin`
-        WHERE `username` = :username");
+        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
+      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
+
-      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
+      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
-        WHERE `username` = :username");
+        WHERE `username` = :username");
-      $stmt->execute(array(':username' => $username));
+      $stmt->execute(array(':username' => $username));
-      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
+      $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC));
-
+
-      foreach ($num_results as $num_results_each) {
+      foreach ($num_results as $num_results_each) {
-        if ($num_results_each != 0) {
+        if ($num_results_each != 0) {
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'danger',
+            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('object_exists', htmlspecialchars($username))
+            'msg' => array('object_exists', htmlspecialchars($username))
-          );
+          );
-          return false;
+          return false;
-        }
+        }
-      }
+      }
-      if (password_check($password, $password2) !== true) {
+      if (password_check($password, $password2) !== true) {
-        continue;
+        continue;
-      }
+      }
-      $password_hashed = hash_password($password);
+      $password_hashed = hash_password($password);
-      $valid_domains = 0;
+      $valid_domains = 0;
-      foreach ($domains as $domain) {
+      foreach ($domains as $domain) {
-        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+        if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'danger',
+            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_invalid', htmlspecialchars($domain))
+            'msg' => array('domain_invalid', htmlspecialchars($domain))
-          );
+          );
-          continue;
+          continue;
-        }
+        }
-        $valid_domains++;
+        $valid_domains++;
-        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+        $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-            VALUES (:username, :domain, :created, :active)");
+            VALUES (:username, :domain, :created, :active)");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-          ':domain' => $domain,
+          ':domain' => $domain,
-          ':created' => date('Y-m-d H:i:s'),
+          ':created' => date('Y-m-d H:i:s'),
-          ':active' => $active
+          ':active' => $active
-        ));
+        ));
-      }
+      }
-      if ($valid_domains != 0) {
+      if ($valid_domains != 0) {
-        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
+        $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `active`)
-          VALUES (:username, :password_hashed, '0', :active)");
+          VALUES (:username, :password_hashed, '0', :active)");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-          ':password_hashed' => $password_hashed,
+          ':password_hashed' => $password_hashed,
-          ':active' => $active
+          ':active' => $active
-        ));
+        ));
-      }
+      }
-      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
+      $stmt = $pdo->prepare("INSERT INTO `da_acl` (`username`) VALUES (:username)");
-      $stmt->execute(array(
+      $stmt->execute(array(
-        ':username' => $username
+        ':username' => $username
-      ));
+      ));
-      $_SESSION['return'][] = array(
+      $_SESSION['return'][] = array(
-        'type' => 'success',
+        'type' => 'success',
-        'log' => array(__FUNCTION__, $_action, $_data_log),
+        'log' => array(__FUNCTION__, $_action, $_data_log),
-        'msg' => array('domain_admin_added', htmlspecialchars($username))
+        'msg' => array('domain_admin_added', htmlspecialchars($username))
-      );
+      );
-    break;
+    break;
-    case 'edit':
+    case 'edit':
-      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
+      if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
+          'msg' => 'access_denied'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      // Administrator
+      // Administrator
-      if ($_SESSION['mailcow_cc_role'] == "admin") {
+      if ($_SESSION['mailcow_cc_role'] == "admin") {
-        if (!is_array($_data['username'])) {
+        if (!is_array($_data['username'])) {
-          $usernames = array();
+          $usernames = array();
-          $usernames[] = $_data['username'];
+          $usernames[] = $_data['username'];
-        }
+        }
-        else {
+        else {
-          $usernames = $_data['username'];
+          $usernames = $_data['username'];
-        }
+        }
-        foreach ($usernames as $username) {
+        foreach ($usernames as $username) {
-          $is_now = domain_admin('details', $username);
+          $is_now = domain_admin('details', $username);
-          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
+          $domains = (isset($_data['domains'])) ? (array)$_data['domains'] : null;
-          if (!empty($is_now)) {
+          if (!empty($is_now)) {
-            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
+            $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active'];
-            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
+            $domains = (!empty($domains)) ? $domains : $is_now['selected_domains'];
-            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
+            $username_new = (!empty($_data['username_new'])) ? $_data['username_new'] : $is_now['username'];
-          }
+          }
-          else {
+          else {
-            $_SESSION['return'][] = array(
+            $_SESSION['return'][] = array(
-              'type' => 'danger',
+              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => 'access_denied'
+              'msg' => 'access_denied'
-            );
+            );
-            continue;
+            continue;
-          }
+          }
-          $password     = $_data['password'];
+          $password     = $_data['password'];
-          $password2    = $_data['password2'];
+          $password2    = $_data['password2'];
-          if (!empty($domains)) {
+          if (!empty($domains)) {
-            foreach ($domains as $domain) {
+            foreach ($domains as $domain) {
-              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
+              if (!is_valid_domain_name($domain) || mailbox('get', 'domain_details', $domain) === false) {
-                $_SESSION['return'][] = array(
+                $_SESSION['return'][] = array(
-                  'type' => 'danger',
+                  'type' => 'danger',
-                  'log' => array(__FUNCTION__, $_action, $_data_log),
+                  'log' => array(__FUNCTION__, $_action, $_data_log),
-                  'msg' => array('domain_invalid', htmlspecialchars($domain))
+                  'msg' => array('domain_invalid', htmlspecialchars($domain))
-                );
+                );
-                continue 2;
+                continue 2;
-              }
+              }
-            }
+            }
-          }
+          }
-          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
+          if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username_new))) {
-            $_SESSION['return'][] = array(
+            $_SESSION['return'][] = array(
-              'type' => 'danger',
+              'type' => 'danger',
-              'log' => array(__FUNCTION__, $_action, $_data_log),
+              'log' => array(__FUNCTION__, $_action, $_data_log),
-              'msg' => array('username_invalid', $username_new)
+              'msg' => array('username_invalid', $username_new)
-            );
+            );
-            continue;
+            continue;
-          }
+          }
-          if ($username_new != $username) {
+          if ($username_new != $username) {
-            if (!empty(domain_admin('details', $username_new)['username'])) {
+            if (!empty(domain_admin('details', $username_new)['username'])) {
-              $_SESSION['return'][] = array(
+              $_SESSION['return'][] = array(
-                'type' => 'danger',
+                'type' => 'danger',
-                'log' => array(__FUNCTION__, $_action, $_data_log),
+                'log' => array(__FUNCTION__, $_action, $_data_log),
-                'msg' => array('username_invalid', $username_new)
+                'msg' => array('username_invalid', $username_new)
-              );
+              );
-              continue;
+              continue;
-            }
+            }
-          }
+          }
-          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+          $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-          $stmt->execute(array(
+          $stmt->execute(array(
-            ':username' => $username,
+            ':username' => $username,
-          ));
+          ));
-          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
+          $stmt = $pdo->prepare("UPDATE `da_acl` SET `username` = :username_new WHERE `username` = :username");
-          $stmt->execute(array(
+          $stmt->execute(array(
-            ':username_new' => $username_new,
+            ':username_new' => $username_new,
-            ':username' => $username
+            ':username' => $username
-          ));
+          ));
-          if (!empty($domains)) {
+          if (!empty($domains)) {
-            foreach ($domains as $domain) {
+            foreach ($domains as $domain) {
-              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
+              $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)
-                VALUES (:username_new, :domain, :created, :active)");
+                VALUES (:username_new, :domain, :created, :active)");
-              $stmt->execute(array(
+              $stmt->execute(array(
-                ':username_new' => $username_new,
+                ':username_new' => $username_new,
-                ':domain' => $domain,
+                ':domain' => $domain,
-                ':created' => date('Y-m-d H:i:s'),
+                ':created' => date('Y-m-d H:i:s'),
-                ':active' => $active
+                ':active' => $active
-              ));
+              ));
-            }
+            }
-          }
+          }
-          if (!empty($password)) {
+          if (!empty($password)) {
-            if (password_check($password, $password2) !== true) {
+            if (password_check($password, $password2) !== true) {
-              return false;
+              return false;
-            }
+            }
-            $password_hashed = hash_password($password);
+            $password_hashed = hash_password($password);
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active, `password` = :password_hashed WHERE `username` = :username");
-            $stmt->execute(array(
+            $stmt->execute(array(
-              ':password_hashed' => $password_hashed,
+              ':password_hashed' => $password_hashed,
-              ':username_new' => $username_new,
+              ':username_new' => $username_new,
-              ':username' => $username,
+              ':username' => $username,
-              ':active' => $active
+              ':active' => $active
-            ));
+            ));
-            if (isset($_data['disable_tfa'])) {
+            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
+              $stmt->execute(array(':username' => $username));
-            }
+            }
-            else {
+            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
+            }
-          }
+          }
-          else {
+          else {
-            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
+            $stmt = $pdo->prepare("UPDATE `admin` SET `username` = :username_new, `active` = :active WHERE `username` = :username");
-            $stmt->execute(array(
+            $stmt->execute(array(
-              ':username_new' => $username_new,
+              ':username_new' => $username_new,
-              ':username' => $username,
+              ':username' => $username,
-              ':active' => $active
+              ':active' => $active
-            ));
+            ));
-            if (isset($_data['disable_tfa'])) {
+            if (isset($_data['disable_tfa'])) {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `active` = '0' WHERE `username` = :username");
-              $stmt->execute(array(':username' => $username));
+              $stmt->execute(array(':username' => $username));
-            }
+            }
-            else {
+            else {
-              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
+              $stmt = $pdo->prepare("UPDATE `tfa` SET `username` = :username_new WHERE `username` = :username");
-              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
+              $stmt->execute(array(':username_new' => $username_new, ':username' => $username));
-            }
+            }
-          }
+          }
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'success',
+            'type' => 'success',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('domain_admin_modified', htmlspecialchars($username))
+            'msg' => array('domain_admin_modified', htmlspecialchars($username))
-          );
+          );
-        }
+        }
-        return true;
+        return true;
-      }
+      }
-      // Domain administrator
+      // Domain administrator
-      // Can only edit itself
+      // Can only edit itself
-      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
+      elseif ($_SESSION['mailcow_cc_role'] == "domainadmin") {
-        $username = $_SESSION['mailcow_cc_username'];
+        $username = $_SESSION['mailcow_cc_username'];
-        $password_old		= $_data['user_old_pass'];
+        $password_old		= $_data['user_old_pass'];
-        $password_new	= $_data['user_new_pass'];
+        $password_new	= $_data['user_new_pass'];
-        $password_new2	= $_data['user_new_pass2'];
+        $password_new2	= $_data['user_new_pass2'];
-
+
-        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
+        $stmt = $pdo->prepare("SELECT `password` FROM `admin`
-            WHERE `username` = :user");
+            WHERE `username` = :user");
-        $stmt->execute(array(':user' => $username));
+        $stmt->execute(array(':user' => $username));
-        $row = $stmt->fetch(PDO::FETCH_ASSOC);
+        $row = $stmt->fetch(PDO::FETCH_ASSOC);
-        if (!verify_hash($row['password'], $password_old)) {
+        if (!verify_hash($row['password'], $password_old)) {
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'danger',
+            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => 'access_denied'
+            'msg' => 'access_denied'
-          );
+          );
-          return false;
+          return false;
-        }
+        }
-        if (password_check($password_new, $password_new2) !== true) {
+        if (password_check($password_new, $password_new2) !== true) {
-          return false;
+          return false;
-        }
+        }
-        $password_hashed = hash_password($password_new);
+        $password_hashed = hash_password($password_new);
-        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
+        $stmt = $pdo->prepare("UPDATE `admin` SET `password` = :password_hashed WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':password_hashed' => $password_hashed,
+          ':password_hashed' => $password_hashed,
-          ':username' => $username
+          ':username' => $username
-        ));
+        ));
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'success',
+          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_modified', htmlspecialchars($username))
+          'msg' => array('domain_admin_modified', htmlspecialchars($username))
-        );
+        );
-      }
+      }
-    break;
+    break;
-    case 'delete':
+    case 'delete':
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
+          'msg' => 'access_denied'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      $usernames = (array)$_data['username'];
+      $usernames = (array)$_data['username'];
-      foreach ($usernames as $username) {
+      foreach ($usernames as $username) {
-        if (empty(domain_admin('details', $username))) {
+        if (empty(domain_admin('details', $username))) {
-          $_SESSION['return'][] = array(
+          $_SESSION['return'][] = array(
-            'type' => 'danger',
+            'type' => 'danger',
-            'log' => array(__FUNCTION__, $_action, $_data_log),
+            'log' => array(__FUNCTION__, $_action, $_data_log),
-            'msg' => array('username_invalid', $username)
+            'msg' => array('username_invalid', $username)
-          );
+          );
-          continue;
+          continue;
-        }
+        }
-        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `domain_admins` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `admin` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `da_acl` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `tfa` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
+        $stmt = $pdo->prepare("DELETE FROM `fido2` WHERE `username` = :username");
-        $stmt->execute(array(
+        $stmt->execute(array(
-          ':username' => $username,
+          ':username' => $username,
-        ));
+        ));
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'success',
+          'type' => 'success',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => array('domain_admin_removed', htmlspecialchars($username))
+          'msg' => array('domain_admin_removed', htmlspecialchars($username))
-        );
+        );
-      }
+      }
-    break;
+    break;
-    case 'get':
+    case 'get':
-      $domainadmins = array();
+      $domainadmins = array();
-      if ($_SESSION['mailcow_cc_role'] != "admin") {
+      if ($_SESSION['mailcow_cc_role'] != "admin") {
-        $_SESSION['return'][] = array(
+        $_SESSION['return'][] = array(
-          'type' => 'danger',
+          'type' => 'danger',
-          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'log' => array(__FUNCTION__, $_action, $_data_log),
-          'msg' => 'access_denied'
+          'msg' => 'access_denied'
-        );
+        );
-        return false;
+        return false;
-      }
+      }
-      $stmt = $pdo->query("SELECT DISTINCT
+      $stmt = $pdo->query("SELECT DISTINCT
-        `username`
+        `username`
-          FROM `domain_admins`
+          FROM `domain_admins`
-            WHERE `username` IN (
+            WHERE `username` IN (
-              SELECT `username` FROM `admin`
+              SELECT `username` FROM `admin`
-                WHERE `superadmin`!='1'
+                WHERE `superadmin`!='1'
-            )");
+            )");
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while ($row = array_shift($rows)) {
+      while ($row = array_shift($rows)) {
-        $domainadmins[] = $row['username'];
+        $domainadmins[] = $row['username'];
-      }
+      }
-      return $domainadmins;
+      return $domainadmins;
-    break;
+    break;
-    case 'details':
+    case 'details':
-      $domainadmindata = array();
+      $domainadmindata = array();
-      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
+      if ($_SESSION['mailcow_cc_role'] == "domainadmin" && $_data != $_SESSION['mailcow_cc_username']) {
-        return false;
+        return false;
-      }
+      }
-      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
+      elseif ($_SESSION['mailcow_cc_role'] != "admin" || !isset($_data)) {
-        return false;
+        return false;
-      }
+      }
-      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
+      if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $_data))) {
-        return false;
+        return false;
-      }
+      }
-      $stmt = $pdo->prepare("SELECT
+      $stmt = $pdo->prepare("SELECT
-        `tfa`.`active` AS `tfa_active`,
+        `tfa`.`active` AS `tfa_active`,
-        `domain_admins`.`username`,
+        `domain_admins`.`username`,
-        `domain_admins`.`created`,
+        `domain_admins`.`created`,
-        `domain_admins`.`active` AS `active`
+        `domain_admins`.`active` AS `active`
-          FROM `domain_admins`
+          FROM `domain_admins`
-          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
+          LEFT OUTER JOIN `tfa` ON `tfa`.`username`=`domain_admins`.`username`
-            WHERE `domain_admins`.`username`= :domain_admin");
+            WHERE `domain_admins`.`username`= :domain_admin");
-      $stmt->execute(array(
+      $stmt->execute(array(
-        ':domain_admin' => $_data
+        ':domain_admin' => $_data
-      ));
+      ));
-      $row = $stmt->fetch(PDO::FETCH_ASSOC);
+      $row = $stmt->fetch(PDO::FETCH_ASSOC);
-      if (empty($row)) {
+      if (empty($row)) {
-        return false;
+        return false;
-      }
+      }
-      $domainadmindata['username'] = $row['username'];
+      $domainadmindata['username'] = $row['username'];
-      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['tfa_active'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
+      $domainadmindata['tfa_active_int'] = (is_null($row['tfa_active'])) ? 0 : $row['tfa_active'];
-      $domainadmindata['active'] = $row['active'];
+      $domainadmindata['active'] = $row['active'];
-      $domainadmindata['active_int'] = $row['active'];
+      $domainadmindata['active_int'] = $row['active'];
-      $domainadmindata['created'] = $row['created'];
+      $domainadmindata['created'] = $row['created'];
-      // GET SELECTED
+      // GET SELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` IN (
+        WHERE `domain` IN (
-          SELECT `domain` FROM `domain_admins`
+          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
+            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
+      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
+      while($row = array_shift($rows)) {
-        $domainadmindata['selected_domains'][] = $row['domain'];
+        $domainadmindata['selected_domains'][] = $row['domain'];
-      }
+      }
-      // GET UNSELECTED
+      // GET UNSELECTED
-      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
+      $stmt = $pdo->prepare("SELECT `domain` FROM `domain`
-        WHERE `domain` NOT IN (
+        WHERE `domain` NOT IN (
-          SELECT `domain` FROM `domain_admins`
+          SELECT `domain` FROM `domain_admins`
-            WHERE `username`= :domain_admin)");
+            WHERE `username`= :domain_admin)");
-      $stmt->execute(array(':domain_admin' => $_data));
+      $stmt->execute(array(':domain_admin' => $_data));
-      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+      $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-      while($row = array_shift($rows)) {
+      while($row = array_shift($rows)) {
-        $domainadmindata['unselected_domains'][] = $row['domain'];
+        $domainadmindata['unselected_domains'][] = $row['domain'];
-      }
+      }
-      if (!isset($domainadmindata['unselected_domains'])) {
+      if (!isset($domainadmindata['unselected_domains'])) {
-        $domainadmindata['unselected_domains'] = "";
+        $domainadmindata['unselected_domains'] = "";
-      }
+      }
-
+
-      return $domainadmindata;
+      return $domainadmindata;
-    break;
+    break;
-  }
+  }
-}
+}
 function domain_admin_sso($_action, $_data) {
  global $pdo;
  switch ($_action) {
    case 'check':
      $token = $_data;
      $stmt = $pdo->prepare("SELECT `t1`.`username` FROM `da_sso` AS `t1` JOIN `admin` AS `t2` ON `t1`.`username` = `t2`.`username` WHERE `t1`.`token` = :token AND `t1`.`created` > DATE_SUB(NOW(), INTERVAL '30' SECOND) AND `t2`.`active` = 1 AND `t2`.`superadmin` = 0;");
      $stmt->execute(array(
        ':token' => preg_replace('/[^a-zA-Z0-9-]/', '', $token)
      ));
      $return = $stmt->fetch(PDO::FETCH_ASSOC);
      return empty($return['username']) ? false : $return['username'];
    case 'issue':
      if ($_SESSION['mailcow_cc_role'] != "admin") {
        $_SESSION['return'][] = array(
          'type' => 'danger',
          'log' => array(__FUNCTION__, $_action, $_data),
          'msg' => 'access_denied'
        );
        return false;
      }
      $username = $_data['username'];
      $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`
        WHERE `username` = :username");
      $stmt->execute(array(':username' => $username));
      $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
      if ($num_results < 1) {
        $_SESSION['return'][] = array(
          'type' => 'danger',
          'log' => array(__FUNCTION__, $_action, $_data),
          'msg' => array('object_doesnt_exist', htmlspecialchars($username))
        );
        return false;
      }
      $token = implode('-', array(
        strtoupper(bin2hex(random_bytes(3))),
        strtoupper(bin2hex(random_bytes(3))),
        strtoupper(bin2hex(random_bytes(3))),
        strtoupper(bin2hex(random_bytes(3))),
        strtoupper(bin2hex(random_bytes(3)))
      ));
      $stmt = $pdo->prepare("INSERT INTO `da_sso` (`username`, `token`)
            VALUES (:username, :token)");
      $stmt->execute(array(
        ':username' => $username,
        ':token' => $token
      ));
      // perform cleanup
      $pdo->query("DELETE FROM `da_sso` WHERE created < DATE_SUB(NOW(), INTERVAL '30' SECOND);");
      return ['token' => $token];
    break;
  }
 }
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -251,7 +251,7 @@ function password_check($password1, $password2) {
  return true;
 }
-function last_login($action, $username, $sasl_limit_days = 7) {
+function last_login($action, $username, $sasl_limit_days = 7, $ui_offset = 1) {
  global $pdo;
  global $redis;
  $sasl_limit_days = intval($sasl_limit_days);
@@ -319,8 +319,11 @@ function last_login($action, $username, $sasl_limit_days = 7) {
        $stmt = $pdo->prepare('SELECT `remote`, `time` FROM `logs`
          WHERE JSON_EXTRACT(`call`, "$[0]") = "check_login"
            AND JSON_EXTRACT(`call`, "$[1]") = :username
-            AND `type` = "success" ORDER BY `time` DESC LIMIT 1 OFFSET 1');
+            AND `type` = "success" ORDER BY `time` DESC LIMIT 1 OFFSET :offset');
-        $stmt->execute(array(':username' => $username));
+        $stmt->execute(array(
          ':username' => $username,
          ':offset' => $ui_offset
        ));
        $ui = $stmt->fetch(PDO::FETCH_ASSOC);
      }
      else {
@@ -1736,7 +1739,7 @@ function verify_tfa_login($username, $_data) {
              $_SESSION['return'][] =  array(
                  'type' => 'danger',
                  'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'authenticator not found')
+                  'msg' => array('webauthn_authenticator_failed')
              );
              return false;
            } 
@@ -1745,11 +1748,20 @@ function verify_tfa_login($username, $_data) {
                $_SESSION['return'][] =  array(
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $username, '*'),
-                    'msg' => array('webauthn_verification_failed', 'publicKey not found')
+                    'msg' => array('webauthn_publickey_failed')
                );
                return false;
            }
            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
              $_SESSION['return'][] =  array(
                  'type' => 'danger',
                  'log' => array(__FUNCTION__, $username, '*'),
                  'msg' => array('webauthn_username_failed')
              );
              return false;
            }
            try {
                $WebAuthn->processGet($clientDataJSON, $authenticatorData, $signature, $process_webauthn['publicKey'], $challenge, null, $GLOBALS['WEBAUTHN_UV_FLAG_LOGIN'], $GLOBALS['WEBAUTHN_USER_PRESENT_FLAG']);
            }
@@ -1781,21 +1793,12 @@ function verify_tfa_login($username, $_data) {
                $_SESSION['return'][] =  array(
                  'type' => 'danger',
                  'log' => array(__FUNCTION__, $username, '*'),
-                  'msg' => array('webauthn_verification_failed', 'could not determine user role')
+                  'msg' => array('webauthn_role_failed')
                );
                return false;
              }
            }
            if ($process_webauthn['username'] != $_SESSION['pending_mailcow_cc_username']){
                $_SESSION['return'][] =  array(
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $username, '*'),
                    'msg' => array('webauthn_verification_failed', 'user who requests does not match with sql entry')
                );
                return false;
            }
            $_SESSION["mailcow_cc_username"] = $process_webauthn['username'];
            $_SESSION['tfa_id'] = $process_webauthn['id'];
            $_SESSION['authReq'] = null;
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -1020,6 +1020,13 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          if (empty($name)) {
            $name = $local_part;
          }
          if (isset($_data['protocol_access'])) {
            $_data['protocol_access'] = (array)$_data['protocol_access'];
            $_data['imap_access'] = (in_array('imap', $_data['protocol_access'])) ? 1 : 0;
            $_data['pop3_access'] = (in_array('pop3', $_data['protocol_access'])) ? 1 : 0;
            $_data['smtp_access'] = (in_array('smtp', $_data['protocol_access'])) ? 1 : 0;
            $_data['sieve_access'] = (in_array('sieve', $_data['protocol_access'])) ? 1 : 0;
          }
          $active = intval($_data['active']);
          $force_pw_update = (isset($_data['force_pw_update'])) ? intval($_data['force_pw_update']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['force_pw_update']);
          $tls_enforce_in = (isset($_data['tls_enforce_in'])) ? intval($_data['tls_enforce_in']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_in']);
@@ -1200,10 +1207,63 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            ':domain' => $domain,
            ':active' => $active
          ));
-          $stmt = $pdo->prepare("INSERT INTO `user_acl` (`username`) VALUES (:username)");
+
-          $stmt->execute(array(
+          
-            ':username' => $username
+          if (isset($_data['acl'])) {
-          ));
+            $_data['acl'] = (array)$_data['acl'];
            $_data['spam_alias'] = (in_array('spam_alias', $_data['acl'])) ? 1 : 0;
            $_data['tls_policy'] = (in_array('tls_policy', $_data['acl'])) ? 1 : 0;
            $_data['spam_score'] = (in_array('spam_score', $_data['acl'])) ? 1 : 0;
            $_data['spam_policy'] = (in_array('spam_policy', $_data['acl'])) ? 1 : 0;
            $_data['delimiter_action'] = (in_array('delimiter_action', $_data['acl'])) ? 1 : 0;
            $_data['syncjobs'] = (in_array('syncjobs', $_data['acl'])) ? 1 : 0;
            $_data['eas_reset'] = (in_array('eas_reset', $_data['acl'])) ? 1 : 0;
            $_data['sogo_profile_reset'] = (in_array('sogo_profile_reset', $_data['acl'])) ? 1 : 0;
            $_data['pushover'] = (in_array('pushover', $_data['acl'])) ? 1 : 0;
            $_data['quarantine'] = (in_array('quarantine', $_data['acl'])) ? 1 : 0;
            $_data['quarantine_attachments'] = (in_array('quarantine_attachments', $_data['acl'])) ? 1 : 0;
            $_data['quarantine_notification'] = (in_array('quarantine_notification', $_data['acl'])) ? 1 : 0;
            $_data['quarantine_category'] = (in_array('quarantine_category', $_data['acl'])) ? 1 : 0;
            $_data['app_passwds'] = (in_array('app_passwds', $_data['acl'])) ? 1 : 0;
            $stmt = $pdo->prepare("INSERT INTO `user_acl` 
              (`username`, `spam_alias`, `tls_policy`, `spam_score`, `spam_policy`, `delimiter_action`, `syncjobs`, `eas_reset`, `sogo_profile_reset`,
               `pushover`, `quarantine`, `quarantine_attachments`, `quarantine_notification`, `quarantine_category`, `app_passwds`) 
              VALUES (:username, :spam_alias, :tls_policy, :spam_score, :spam_policy, :delimiter_action, :syncjobs, :eas_reset, :sogo_profile_reset,
               :pushover, :quarantine, :quarantine_attachments, :quarantine_notification, :quarantine_category, :app_passwds) ");
            $stmt->execute(array(
              ':username' => $username,
              ':spam_alias' => $_data['spam_alias'],
              ':tls_policy' => $_data['tls_policy'],
              ':spam_score' => $_data['spam_score'],
              ':spam_policy' => $_data['spam_policy'],
              ':delimiter_action' => $_data['delimiter_action'],
              ':syncjobs' => $_data['syncjobs'],
              ':eas_reset' => $_data['eas_reset'],
              ':sogo_profile_reset' => $_data['sogo_profile_reset'],
              ':pushover' => $_data['pushover'],
              ':quarantine' => $_data['quarantine'],
              ':quarantine_attachments' => $_data['quarantine_attachments'],
              ':quarantine_notification' => $_data['quarantine_notification'],
              ':quarantine_category' => $_data['quarantine_category'],
              ':app_passwds' => $_data['app_passwds']
            ));
          }
          else {
            $stmt = $pdo->prepare("INSERT INTO `user_acl` (`username`) VALUES (:username)");
            $stmt->execute(array(
              ':username' => $username
            ));
          }
          if (isset($_data['rl_frame']) && isset($_data['rl_value'])){
            ratelimit('edit', 'mailbox', array(
              'object' => $username,
              'rl_frame' => $_data['rl_frame'],
              'rl_value' => $_data['rl_value']
            ));
          }
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
@@ -1322,6 +1382,190 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            'msg' => array('resource_added', htmlspecialchars($name))
          );
        break;
        case 'domain_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
              'msg' => 'access_denied'
            );
            return false;
          }
          if (empty($_data["template"])){
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
              'msg' => 'template_name_invalid'
            );
            return false;
          }
          // check if template name exists, return false
          $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
          $stmt->execute(array(
            ":type" => "domain",
            ":template" => $_data["template"]
          ));
          $row = $stmt->fetch(PDO::FETCH_ASSOC);
          if (!empty($row)){
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
              'msg' => array('template_exists', $_data["template"])
            );
            return false;
          }
          // check attributes
          $attr = array();
          $attr['tags']                       = (isset($_data['tags'])) ? $_data['tags'] : array();
          $attr['max_num_aliases_for_domain'] = (!empty($_data['max_num_aliases_for_domain'])) ? intval($_data['max_num_aliases_for_domain']) : 400;
          $attr['max_num_mboxes_for_domain']  = (!empty($_data['max_num_mboxes_for_domain'])) ? intval($_data['max_num_mboxes_for_domain']) : 10;
          $attr['def_quota_for_mbox']         = (!empty($_data['def_quota_for_mbox'])) ? intval($_data['def_quota_for_mbox']) * 1048576 : 3072 * 1048576;
          $attr['max_quota_for_mbox']         = (!empty($_data['max_quota_for_mbox'])) ? intval($_data['max_quota_for_mbox']) * 1048576 : 10240 * 1048576;
          $attr['max_quota_for_domain']       = (!empty($_data['max_quota_for_domain'])) ? intval($_data['max_quota_for_domain']) * 1048576 : 10240 * 1048576;
          $attr['rl_frame']                   = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : "s";
          $attr['rl_value']                   = (!empty($_data['rl_value'])) ? $_data['rl_value'] : "";
          $attr['active']                     = isset($_data['active']) ? intval($_data['active']) : 1;
          $attr['gal']                        = (isset($_data['gal'])) ? intval($_data['gal']) : 1;
          $attr['backupmx']                   = (isset($_data['backupmx'])) ? intval($_data['backupmx']) : 0;
          $attr['relay_all_recipients']       = (isset($_data['relay_all_recipients'])) ? intval($_data['relay_all_recipients']) : 0;
          $attr['relay_unknown_only']          = (isset($_data['relay_unknown_only'])) ? intval($_data['relay_unknown_only']) : 0;
          $attr['dkim_selector']              = (isset($_data['dkim_selector'])) ? $_data['dkim_selector'] : "dkim";
          $attr['key_size']                   = isset($_data['key_size']) ? intval($_data['key_size']) : 2048;
          // save template
          $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
            VALUES (:type, :template, :attributes)");
          $stmt->execute(array(
            ":type" => "domain",
            ":template" => $_data["template"],
            ":attributes" => json_encode($attr)
          ));
          // success
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
            'msg' => array('template_added', $_data["template"])
          );
          return true;
        break;
        case 'mailbox_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
              'msg' => 'access_denied'
            );
            return false;
          }
          if (empty($_data["template"])){
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
              'msg' => 'template_name_invalid'
            );
            return false;
          }
          // check if template name exists, return false
          $stmt = $pdo->prepare("SELECT id FROM `templates` WHERE `type` = :type AND `template` = :template");
          $stmt->execute(array(
            ":type" => "mailbox",
            ":template" => $_data["template"]
          ));
          $row = $stmt->fetch(PDO::FETCH_ASSOC);
          if (!empty($row)){
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
              'msg' => array('template_exists', $_data["template"])
            );
            return false;
          }
          // check attributes
          $attr = array();
          $attr["quota"]                       = isset($_data['quota']) ? intval($_data['quota']) * 1048576 : 0;
          $attr['tags']                        = (isset($_data['tags'])) ? $_data['tags'] : array();
          $attr["quarantine_notification"]     = (!empty($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_notification']);
          $attr["quarantine_category"]         = (!empty($_data['quarantine_category'])) ? $_data['quarantine_category'] : strval($MAILBOX_DEFAULT_ATTRIBUTES['quarantine_category']);
          $attr["rl_frame"]                    = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : "s";
          $attr["rl_value"]                    = (!empty($_data['rl_value'])) ? $_data['rl_value'] : "";
          $attr["force_pw_update"]             = isset($_data['force_pw_update']) ? intval($_data['force_pw_update']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['force_pw_update']);
          $attr["sogo_access"]                 = isset($_data['sogo_access']) ? intval($_data['sogo_access']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['sogo_access']);
          $attr["active"]                      = isset($_data['active']) ? intval($_data['active']) : 1;
          $attr["tls_enforce_in"]              = isset($_data['tls_enforce_in']) ? intval($_data['tls_enforce_in']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_in']);
          $attr["tls_enforce_out"]             = isset($_data['tls_enforce_out']) ? intval($_data['tls_enforce_out']) : intval($MAILBOX_DEFAULT_ATTRIBUTES['tls_enforce_out']);
          if (isset($_data['protocol_access'])) {
            $_data['protocol_access'] = (array)$_data['protocol_access'];
            $attr['imap_access'] = (in_array('imap', $_data['protocol_access'])) ? 1 : intval($MAILBOX_DEFAULT_ATTRIBUTES['imap_access']);
            $attr['pop3_access'] = (in_array('pop3', $_data['protocol_access'])) ? 1 : intval($MAILBOX_DEFAULT_ATTRIBUTES['pop3_access']);
            $attr['smtp_access'] = (in_array('smtp', $_data['protocol_access'])) ? 1 : intval($MAILBOX_DEFAULT_ATTRIBUTES['smtp_access']);
            $attr['sieve_access'] = (in_array('sieve', $_data['protocol_access'])) ? 1 : intval($MAILBOX_DEFAULT_ATTRIBUTES['sieve_access']);
          }   
          else {
            $attr['imap_access'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['imap_access']);
            $attr['pop3_access'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['pop3_access']);
            $attr['smtp_access'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['smtp_access']);
            $attr['sieve_access'] = intval($MAILBOX_DEFAULT_ATTRIBUTES['sieve_access']);
          }       
          if (isset($_data['acl'])) {
            $_data['acl'] = (array)$_data['acl'];
            $attr['acl_spam_alias'] = (in_array('spam_alias', $_data['acl'])) ? 1 : 0;
            $attr['acl_tls_policy'] = (in_array('tls_policy', $_data['acl'])) ? 1 : 0;
            $attr['acl_spam_score'] = (in_array('spam_score', $_data['acl'])) ? 1 : 0;
            $attr['acl_spam_policy'] = (in_array('spam_policy', $_data['acl'])) ? 1 : 0;
            $attr['acl_delimiter_action'] = (in_array('delimiter_action', $_data['acl'])) ? 1 : 0;
            $attr['acl_syncjobs'] = (in_array('syncjobs', $_data['acl'])) ? 1 : 0;
            $attr['acl_eas_reset'] = (in_array('eas_reset', $_data['acl'])) ? 1 : 0;
            $attr['acl_sogo_profile_reset'] = (in_array('sogo_profile_reset', $_data['acl'])) ? 1 : 0;
            $attr['acl_pushover'] = (in_array('pushover', $_data['acl'])) ? 1 : 0;
            $attr['acl_quarantine'] = (in_array('quarantine', $_data['acl'])) ? 1 : 0;
            $attr['acl_quarantine_attachments'] = (in_array('quarantine_attachments', $_data['acl'])) ? 1 : 0;
            $attr['acl_quarantine_notification'] = (in_array('quarantine_notification', $_data['acl'])) ? 1 : 0;
            $attr['acl_quarantine_category'] = (in_array('quarantine_category', $_data['acl'])) ? 1 : 0;
            $attr['acl_app_passwds'] = (in_array('app_passwds', $_data['acl'])) ? 1 : 0;
          } else {
            $_data['acl'] = (array)$_data['acl'];
            $attr['acl_spam_alias'] = 1;
            $attr['acl_tls_policy'] = 1;
            $attr['acl_spam_score'] = 1;
            $attr['acl_spam_policy'] = 1;
            $attr['acl_delimiter_action'] = 1;
            $attr['acl_syncjobs'] = 0;
            $attr['acl_eas_reset'] = 1;
            $attr['acl_sogo_profile_reset'] = 0;
            $attr['acl_pushover'] = 1;
            $attr['acl_quarantine'] = 1;
            $attr['acl_quarantine_attachments'] = 1;
            $attr['acl_quarantine_notification'] = 1;
            $attr['acl_quarantine_category'] = 1;
            $attr['acl_app_passwds'] = 1;
          }
          // save template
          $stmt = $pdo->prepare("INSERT INTO `templates` (`type`, `template`, `attributes`)
          VALUES (:type, :template, :attributes)");
          $stmt->execute(array(
            ":type" => "mailbox",
            ":template" => $_data["template"],
            ":attributes" => json_encode($attr)
          ));
          // success
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
            'msg' => array('template_added', $_data["template"])
          );
          return true;
        break;
      }
    break;
    case 'edit':
@@ -2472,6 +2716,79 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            }
          }
        break;
        case 'domain_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
              'msg' => 'access_denied'
            );
            return false;
          }
          if (!is_array($_data['ids'])) {
            $ids = array();
            $ids[] = $_data['ids'];
          }
          else {
            $ids = $_data['ids'];
          }
          foreach ($ids as $id) {
            $is_now = mailbox("get", "domain_templates", $id);
            if (empty($is_now) ||
                $is_now["type"] != "domain"){
              $_SESSION['return'][] = array(
                'type' => 'danger',
                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
                'msg' => 'template_id_invalid'
              );
              continue;
            }
            // check name
            if ($is_now["template"] == "Default" && $is_now["template"] != $_data["template"]){
              // keep template name of Default template
              $_data["template"]                   = $is_now["template"]; 
            }
            else {
              $_data["template"]                   = (isset($_data["template"])) ? $_data["template"] : $is_now["template"]; 
            }   
            // check attributes
            $attr = array();
            $attr['tags']                       = (isset($_data['tags'])) ? $_data['tags'] : array();
            $attr['max_num_aliases_for_domain'] = (isset($_data['max_num_aliases_for_domain'])) ? intval($_data['max_num_aliases_for_domain']) : 0;
            $attr['max_num_mboxes_for_domain']  = (isset($_data['max_num_mboxes_for_domain'])) ? intval($_data['max_num_mboxes_for_domain']) : 0;
            $attr['def_quota_for_mbox']         = (isset($_data['def_quota_for_mbox'])) ? intval($_data['def_quota_for_mbox']) * 1048576 : 0;
            $attr['max_quota_for_mbox']         = (isset($_data['max_quota_for_mbox'])) ? intval($_data['max_quota_for_mbox']) * 1048576 : 0;
            $attr['max_quota_for_domain']       = (isset($_data['max_quota_for_domain'])) ? intval($_data['max_quota_for_domain']) * 1048576 : 0;
            $attr['rl_frame']                   = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : "s";
            $attr['rl_value']                   = (!empty($_data['rl_value'])) ? $_data['rl_value'] : "";
            $attr['active']                     = isset($_data['active']) ? intval($_data['active']) : 1;
            $attr['gal']                        = (isset($_data['gal'])) ? intval($_data['gal']) : 1;
            $attr['backupmx']                   = (isset($_data['backupmx'])) ? intval($_data['backupmx']) : 0;
            $attr['relay_all_recipients']       = (isset($_data['relay_all_recipients'])) ? intval($_data['relay_all_recipients']) : 0;
            $attr['relay_unknown_only']          = (isset($_data['relay_unknown_only'])) ? intval($_data['relay_unknown_only']) : 0;
            $attr['dkim_selector']              = (isset($_data['dkim_selector'])) ? $_data['dkim_selector'] : "dkim";
            $attr['key_size']                   = isset($_data['key_size']) ? intval($_data['key_size']) : 2048;
            // update template
            $stmt = $pdo->prepare("UPDATE `templates`
              SET `template` = :template, `attributes` = :attributes
              WHERE id = :id");
            $stmt->execute(array(
              ":id" => $id ,
              ":template" => $_data["template"] ,
              ":attributes" => json_encode($attr)
            )); 
          }
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
            'msg' => array('template_modified', $_data["template"])
          );
          return true;
        break;
        case 'mailbox':
          if (!is_array($_data['username'])) {
            $usernames = array();
@@ -2562,67 +2879,68 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                $_SESSION['return'][] = array(
                  'type' => 'danger',
                  'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                  'msg' => 'access_denied'
+                  'msg' => 'extended_sender_acl_denied'
                );
                return false;
              }
-              $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl']));
+              else {
-              foreach ($extra_acls as $i => &$extra_acl) {
+                $extra_acls = array_map('trim', preg_split( "/( |,|;|\n)/", $_data['extended_sender_acl']));
-                if (empty($extra_acl)) {
+                foreach ($extra_acls as $i => &$extra_acl) {
-                  continue;
+                  if (empty($extra_acl)) {
-                }
+                    continue;
-                if (substr($extra_acl, 0, 1) === "@") {
+                  }
-                  $extra_acl = ltrim($extra_acl, '@');
+                  if (substr($extra_acl, 0, 1) === "@") {
-                }
+                    $extra_acl = ltrim($extra_acl, '@');
-                if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
+                  }
-                  $_SESSION['return'][] = array(
+                  if (!filter_var($extra_acl, FILTER_VALIDATE_EMAIL) && !is_valid_domain_name($extra_acl)) {
                    'type' => 'danger',
                    'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
                    'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
                  );
                  unset($extra_acls[$i]);
                  continue;
                }
                $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
                if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
                  $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
                  if (in_array($extra_acl_domain, $domains)) {
                    $_SESSION['return'][] = array(
                      'type' => 'danger',
                      'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                      'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                      'msg' => array('extra_acl_invalid', htmlspecialchars($extra_acl))
                    );
                    unset($extra_acls[$i]);
                    continue;
                  }
-                }
+                  $domains = array_merge(mailbox('get', 'domains'), mailbox('get', 'alias_domains'));
-                else {
+                  if (filter_var($extra_acl, FILTER_VALIDATE_EMAIL)) {
-                  if (in_array($extra_acl, $domains)) {
+                    $extra_acl_domain = idn_to_ascii(substr(strstr($extra_acl, '@'), 1), 0, INTL_IDNA_VARIANT_UTS46);
-                    $_SESSION['return'][] = array(
+                    if (in_array($extra_acl_domain, $domains)) {
-                      'type' => 'danger',
+                      $_SESSION['return'][] = array(
-                      'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
+                        'type' => 'danger',
-                      'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
+                        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
-                    );
+                        'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
-                    unset($extra_acls[$i]);
+                      );
-                    continue;
+                      unset($extra_acls[$i]);
                      continue;
                    }
                  }
                  else {
                    if (in_array($extra_acl, $domains)) {
                      $_SESSION['return'][] = array(
                        'type' => 'danger',
                        'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
                        'msg' => array('extra_acl_invalid_domain', $extra_acl_domain)
                      );
                      unset($extra_acls[$i]);
                      continue;
                    }
                    $extra_acl = '@' . $extra_acl;
                  }
                  $extra_acl = '@' . $extra_acl;
                }
-              }
+                $extra_acls = array_filter($extra_acls);
-              $extra_acls = array_filter($extra_acls);
+                $extra_acls = array_values($extra_acls);
-              $extra_acls = array_values($extra_acls);
+                $extra_acls = array_unique($extra_acls);
-              $extra_acls = array_unique($extra_acls);
+                $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
              $stmt = $pdo->prepare("DELETE FROM `sender_acl` WHERE `external` = 1 AND `logged_in_as` = :username");
              $stmt->execute(array(
                ':username' => $username
              ));
              foreach ($extra_acls as $sender_acl_external) {
                $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
                  VALUES (:sender_acl, :username, 1)");
                $stmt->execute(array(
                  ':sender_acl' => $sender_acl_external,
                  ':username' => $username
                ));
                foreach ($extra_acls as $sender_acl_external) {
                  $stmt = $pdo->prepare("INSERT INTO `sender_acl` (`send_as`, `logged_in_as`, `external`)
                    VALUES (:sender_acl, :username, 1)");
                  $stmt->execute(array(
                    ':sender_acl' => $sender_acl_external,
                    ':username' => $username
                  ));
                }
              }
            }
            if (isset($_data['sender_acl'])) {
@@ -2814,6 +3132,110 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            );
          }
        break;
        case 'mailbox_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
              'msg' => 'access_denied'
            );
            return false;
          }
          if (!is_array($_data['ids'])) {
            $ids = array();
            $ids[] = $_data['ids'];
          }
          else {
            $ids = $_data['ids'];
          }
          foreach ($ids as $id) {
            $is_now = mailbox("get", "mailbox_templates", $id);
            if (empty($is_now) ||
                $is_now["type"] != "mailbox"){
              $_SESSION['return'][] = array(
                'type' => 'danger',
                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_extra),
                'msg' => 'template_id_invalid'
              );
              continue;
            }
            // check name
            if ($is_now["template"] == "Default" && $is_now["template"] != $_data["template"]){
              // keep template name of Default template
              $_data["template"]                   = $is_now["template"]; 
            }
            else {
              $_data["template"]                   = (isset($_data["template"])) ? $_data["template"] : $is_now["template"]; 
            }   
            // check attributes
            $attr = array();
            $attr["quota"]                       = isset($_data['quota']) ? intval($_data['quota']) * 1048576 : 0;
            $attr['tags']                        = (isset($_data['tags'])) ? $_data['tags'] : $is_now['tags'];
            $attr["quarantine_notification"]     = (!empty($_data['quarantine_notification'])) ? $_data['quarantine_notification'] : $is_now['quarantine_notification'];
            $attr["quarantine_category"]         = (!empty($_data['quarantine_category'])) ? $_data['quarantine_category'] : $is_now['quarantine_category'];
            $attr["rl_frame"]                    = (!empty($_data['rl_frame'])) ? $_data['rl_frame'] : $is_now['rl_frame'];
            $attr["rl_value"]                    = (!empty($_data['rl_value'])) ? $_data['rl_value'] : $is_now['rl_value'];
            $attr["force_pw_update"]             = isset($_data['force_pw_update']) ? intval($_data['force_pw_update']) : $is_now['force_pw_update'];
            $attr["sogo_access"]                 = isset($_data['sogo_access']) ? intval($_data['sogo_access']) : $is_now['sogo_access'];
            $attr["active"]                      = isset($_data['active']) ? intval($_data['active']) : $is_now['active'];
            $attr["tls_enforce_in"]              = isset($_data['tls_enforce_in']) ? intval($_data['tls_enforce_in']) : $is_now['tls_enforce_in'];
            $attr["tls_enforce_out"]             = isset($_data['tls_enforce_out']) ? intval($_data['tls_enforce_out']) : $is_now['tls_enforce_out'];
            if (isset($_data['protocol_access'])) {
              $_data['protocol_access'] = (array)$_data['protocol_access'];
              $attr['imap_access'] = (in_array('imap', $_data['protocol_access'])) ? 1 : 0;
              $attr['pop3_access'] = (in_array('pop3', $_data['protocol_access'])) ? 1 : 0;
              $attr['smtp_access'] = (in_array('smtp', $_data['protocol_access'])) ? 1 : 0;
              $attr['sieve_access'] = (in_array('sieve', $_data['protocol_access'])) ? 1 : 0;
            }          
            else { 
              foreach ($is_now as $key => $value){
                $attr[$key] = $is_now[$key];
              }    
            }
            if (isset($_data['acl'])) {
              $_data['acl'] = (array)$_data['acl'];
              $attr['acl_spam_alias'] = (in_array('spam_alias', $_data['acl'])) ? 1 : 0;
              $attr['acl_tls_policy'] = (in_array('tls_policy', $_data['acl'])) ? 1 : 0;
              $attr['acl_spam_score'] = (in_array('spam_score', $_data['acl'])) ? 1 : 0;
              $attr['acl_spam_policy'] = (in_array('spam_policy', $_data['acl'])) ? 1 : 0;
              $attr['acl_delimiter_action'] = (in_array('delimiter_action', $_data['acl'])) ? 1 : 0;
              $attr['acl_syncjobs'] = (in_array('syncjobs', $_data['acl'])) ? 1 : 0;
              $attr['acl_eas_reset'] = (in_array('eas_reset', $_data['acl'])) ? 1 : 0;
              $attr['acl_sogo_profile_reset'] = (in_array('sogo_profile_reset', $_data['acl'])) ? 1 : 0;
              $attr['acl_pushover'] = (in_array('pushover', $_data['acl'])) ? 1 : 0;
              $attr['acl_quarantine'] = (in_array('quarantine', $_data['acl'])) ? 1 : 0;
              $attr['acl_quarantine_attachments'] = (in_array('quarantine_attachments', $_data['acl'])) ? 1 : 0;
              $attr['acl_quarantine_notification'] = (in_array('quarantine_notification', $_data['acl'])) ? 1 : 0;
              $attr['acl_quarantine_category'] = (in_array('quarantine_category', $_data['acl'])) ? 1 : 0;
              $attr['acl_app_passwds'] = (in_array('app_passwds', $_data['acl'])) ? 1 : 0;
            } else {    
              foreach ($is_now as $key => $value){
                $attr[$key] = $is_now[$key];
              }        
            }
            // update template
            $stmt = $pdo->prepare("UPDATE `templates`
              SET `template` = :template, `attributes` = :attributes
              WHERE id = :id");
            $stmt->execute(array(
              ":id" => $id ,
              ":template" => $_data["template"] ,
              ":attributes" => json_encode($attr)
            )); 
          }
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
            'msg' => array('template_modified', $_data["template"])
          );
          return true;
        break;
        case 'resource':
          if (!is_array($_data['name'])) {
            $names = array();
@@ -3606,6 +4028,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              `mailboxes`,
              `defquota`,
              `maxquota`,
              `created`,
              `modified`,
              `quota`,
              `relayhost`,
              `relay_all_recipients`,
@@ -3678,6 +4102,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          $domaindata['relay_all_recipients_int'] = $row['relay_all_recipients'];
          $domaindata['relay_unknown_only'] = $row['relay_unknown_only'];
          $domaindata['relay_unknown_only_int'] = $row['relay_unknown_only'];
          $domaindata['created'] = $row['created'];
          $domaindata['modified'] = $row['modified'];
          $stmt = $pdo->prepare("SELECT COUNT(`address`) AS `alias_count` FROM `alias`
            WHERE (`domain`= :domain OR `domain` IN (SELECT `alias_domain` FROM `alias_domain` WHERE `target_domain` = :domain2))
              AND `address` NOT IN (
@@ -3711,6 +4137,43 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          return $domaindata;
        break;
        case 'domain_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
            return false;
          }
          $_data = (isset($_data)) ? intval($_data) : null;
          if (isset($_data)){          
            $stmt = $pdo->prepare("SELECT * FROM `templates` 
              WHERE `id` = :id AND type = :type");
            $stmt->execute(array(
              ":id" => $_data,
              ":type" => "domain"
            ));
            $row = $stmt->fetch(PDO::FETCH_ASSOC);
            if (empty($row)){
              return false;
            }
            $row["attributes"] = json_decode($row["attributes"], true);
            return $row;
          }
          else {
            $stmt = $pdo->prepare("SELECT * FROM `templates` WHERE `type` =  'domain'");
            $stmt->execute();
            $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
            if (empty($rows)){
              return false;
            }
            foreach($rows as $key => $row){
              $rows[$key]["attributes"] = json_decode($row["attributes"], true);
            }
            return $rows;
          }
        break;
        case 'mailbox_details':
          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
            return false;
@@ -3725,6 +4188,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              `mailbox`.`domain`,
              `mailbox`.`local_part`,
              `mailbox`.`quota`,
              `mailbox`.`created`,
              `mailbox`.`modified`,
              `quota2`.`bytes`,
              `attributes`,
              `quota2`.`messages`
@@ -3743,6 +4208,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              `mailbox`.`domain`,
              `mailbox`.`local_part`,
              `mailbox`.`quota`,
              `mailbox`.`created`,
              `mailbox`.`modified`,
              `quota2replica`.`bytes`,
              `attributes`,
              `quota2replica`.`messages`
@@ -3769,6 +4236,8 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          $mailboxdata['attributes'] = json_decode($row['attributes'], true);
          $mailboxdata['quota_used'] = intval($row['bytes']);
          $mailboxdata['percent_in_use'] = ($row['quota'] == 0) ? '- ' : round((intval($row['bytes']) / intval($row['quota'])) * 100);
          $mailboxdata['created'] = $row['created'];
          $mailboxdata['modified'] = $row['modified'];
          if ($mailboxdata['percent_in_use'] === '- ') {
            $mailboxdata['percent_class'] = "info";
@@ -3856,6 +4325,43 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          return $mailboxdata;
        break;
        case 'mailbox_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
            return false;
          }
          $_data = (isset($_data)) ? intval($_data) : null;
          if (isset($_data)){          
            $stmt = $pdo->prepare("SELECT * FROM `templates` 
              WHERE `id` = :id AND type = :type");
            $stmt->execute(array(
              ":id" => $_data,
              ":type" => "mailbox"
            ));
            $row = $stmt->fetch(PDO::FETCH_ASSOC);
            if (empty($row)){
              return false;
            }
            $row["attributes"] = json_decode($row["attributes"], true);
            return $row;
          }
          else {
            $stmt = $pdo->prepare("SELECT * FROM `templates` WHERE `type` =  'mailbox'");
            $stmt->execute();
            $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
            if (empty($rows)){
              return false;
            }
            foreach($rows as $key => $row){
              $rows[$key]["attributes"] = json_decode($row["attributes"], true);
            }
            return $rows;
          }
        break;
        case 'resource_details':
          $resourcedata = array();
          if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $_data)) {
@@ -4224,6 +4730,42 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            );
          }
        break;
        case 'domain_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
              'msg' => 'access_denied'
            );
            return false;
          }
          if (!is_array($_data['ids'])) {
            $ids = array();
            $ids[] = $_data['ids'];
          }
          else {
            $ids = $_data['ids'];
          }
          foreach ($ids as $id) {
            // delete template
            $stmt = $pdo->prepare("DELETE FROM `templates`
              WHERE id = :id AND type = :type AND NOT template = :template");
            $stmt->execute(array(
              ":id" => $id,
              ":type" => "domain",
              ":template" => "Default"
            ));
            $_SESSION['return'][] = array(
              'type' => 'success',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
              'msg' => array('template_removed', htmlspecialchars($id))
            );
            return true;
          }
        break;
        case 'alias':
          if (!is_array($_data['id'])) {
            $ids = array();
@@ -4518,6 +5060,42 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
            );
          }
        break;
        case 'mailbox_templates':
          if ($_SESSION['mailcow_cc_role'] != "admin") {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
              'msg' => 'access_denied'
            );
            return false;
          }
          if (!is_array($_data['ids'])) {
            $ids = array();
            $ids[] = $_data['ids'];
          }
          else {
            $ids = $_data['ids'];
          }
          foreach ($ids as $id) {
            // delete template
            $stmt = $pdo->prepare("DELETE FROM `templates`
              WHERE id = :id AND type = :type AND NOT template = :template");
            $stmt->execute(array(
              ":id" => $id,
              ":type" => "mailbox",
              ":template" => "Default"
            )); 
          }
          $_SESSION['return'][] = array(
            'type' => 'success',
            'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
            'msg' => 'template_removed'
          );
          return true;
        break;
        case 'resource':
          if (!is_array($_data['name'])) {
            $names = array();
@@ -4593,15 +5171,6 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          $tags = $_data['tags'];
          if (!is_array($tags)) $tags = array();
          if ($_SESSION['mailcow_cc_role'] != "admin") {
            $_SESSION['return'][] = array(
              'type' => 'danger',
              'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
              'msg' => 'access_denied'
            );
            return false;
          }
          $wasModified = false;
          foreach ($domains as $domain) {            
@@ -4613,7 +5182,15 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
              );
              continue;
            }
-
+            if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
              $_SESSION['return'][] = array(
                'type' => 'danger',
                'log' => array(__FUNCTION__, $_action, $_type, $_data_log, $_attr),
                'msg' => 'access_denied'
              );
              return false;
            }
            foreach($tags as $tag){
              // delete tag
              $wasModified = true;
@@ -4687,7 +5264,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
      }
    break;
  }
-  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource'))) {
+  if ($_action != 'get' && in_array($_type, array('domain', 'alias', 'alias_domain', 'mailbox', 'resource')) && getenv('SKIP_SOGO') != "y") {
    update_sogo_static_view();
  }
 }
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -39,7 +39,6 @@ $globalVariables = [
  'dual_login' => @$_SESSION['dual-login'],
  'ui_texts' => $UI_TEXTS,
  'css_path' => '/cache/'.basename($CSSPath),
  'theme' => strtolower(trim($DEFAULT_THEME)),
  'logo' => customize('get', 'main_logo'),
  'available_languages' => $AVAILABLE_LANGUAGES,
  'lang' => $lang,
@@ -49,6 +48,7 @@ $globalVariables = [
  'app_links' => customize('get', 'app_links'),
  'is_root_uri' => (parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) == '/'),
  'uri' => $_SERVER['REQUEST_URI'],
  'last_login' => last_login('get', $_SESSION['mailcow_cc_username'], 7, 0)['ui']['time']
 ];
 foreach ($globalVariables as $globalVariableName => $globalVariableValue) {
--- a/data/web/inc/init_db.inc.php
+++ b/data/web/inc/init_db.inc.php
--- a/data/web/inc/prerequisites.inc.php
+++ b/data/web/inc/prerequisites.inc.php
@@ -2,6 +2,8 @@
 // check for development mode
 $DEV_MODE = (getenv('DEV_MODE') == 'y');
 // check for demo mode
 $DEMO_MODE = (getenv('DEMO_MODE') == 'y');
 // Slave does not serve UI
 /* if (!preg_match('/y|yes/i', getenv('MASTER'))) {
@@ -44,21 +46,6 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/CSSminifierExtended.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/array_merge_real.php';
 // Minify JS
 use MatthiasMullie\Minify;
 $js_minifier = new JSminifierExtended();
 $js_dir = array_diff(scandir('/web/js/build'), array('..', '.'));
 foreach ($js_dir as $js_file) {
  $js_minifier->add('/web/js/build/' . $js_file);
 }
 // Minify CSS
 $css_minifier = new CSSminifierExtended();
 $css_dir = array_diff(scandir('/web/css/build'), array('..', '.'));
 foreach ($css_dir as $css_file) {
  $css_minifier->add('/web/css/build/' . $css_file);
 }
 // U2F API + T/HOTP API
 // u2f - deprecated, should be removed
 $u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']);
@@ -247,7 +234,7 @@ if (!isset($_SESSION['mailcow_locale']) && !isset($_COOKIE['mailcow_locale'])) {
    // Try suggest match
    // e.g. suggest en-gb when only en-us is provided
-    if (!isset($_COOKIE['mailcow_locale'])) {
+    if (!isset($_SESSION['mailcow_locale'])) {
      foreach ($lang2pref as $lang => $q) {
        if (array_key_exists(substr($lang, 0, 2), $AVAILABLE_BASE_LANGUAGES)) {
          $_SESSION['mailcow_locale'] = $AVAILABLE_BASE_LANGUAGES[substr($lang, 0, 2)];
@@ -278,6 +265,7 @@ if(file_exists($langFile)) {
  $lang = array_merge_real($lang, json_decode(file_get_contents($langFile), true));
 }
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.acl.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.address_rewriting.inc.php';
 require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.admin.inc.php';
@@ -312,4 +300,29 @@ if (isset($_SESSION['mailcow_cc_role'])) {
  // }
  acl('to_session');
 }
 // init frontend
 // Minify JS
 use MatthiasMullie\Minify;
 $js_minifier = new JSminifierExtended();
 $js_dir = array_diff(scandir('/web/js/build'), array('..', '.'));
 // Minify CSS
 $css_minifier = new CSSminifierExtended();
 $css_dir = array_diff(scandir('/web/css/build'), array('..', '.'));
 // get customized ui data
 $UI_TEXTS = customize('get', 'ui_texts');
 // minify bootstrap theme
 if (file_exists('/web/css/themes/'.$UI_THEME.'-bootstrap.css'))
  $css_minifier->add('/web/css/themes/'.$UI_THEME.'-bootstrap.css');
 else
  $css_minifier->add('/web/css/themes/lumen-bootstrap.css'); 
 // minify css build files
 foreach ($css_dir as $css_file) {
  $css_minifier->add('/web/css/build/' . $css_file);
 }
 // minify js build files
 foreach ($js_dir as $js_file) {
  $js_minifier->add('/web/js/build/' . $js_file);
 }
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -1,140 +1,140 @@
-<?php
+<?php
-// Start session
+// Start session
-if (session_status() !== PHP_SESSION_ACTIVE) {
+if (session_status() !== PHP_SESSION_ACTIVE) {
-  ini_set("session.cookie_httponly", 1);
+  ini_set("session.cookie_httponly", 1);
-  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
+  ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
-}
+}
-
+
-if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && 
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
-  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
+  strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
+    ini_set("session.cookie_secure", 1);
-  }
+  }
-  $IS_HTTPS = true;
+  $IS_HTTPS = true;
-}
+}
-elseif (isset($_SERVER['HTTPS'])) {
+elseif (isset($_SERVER['HTTPS'])) {
-  if (session_status() !== PHP_SESSION_ACTIVE) {
+  if (session_status() !== PHP_SESSION_ACTIVE) {
-    ini_set("session.cookie_secure", 1);
+    ini_set("session.cookie_secure", 1);
-  }
+  }
-  $IS_HTTPS = true;
+  $IS_HTTPS = true;
-}
+}
-else {
+else {
-  $IS_HTTPS = false;
+  $IS_HTTPS = false;
-}
+}
-
+
-if (session_status() !== PHP_SESSION_ACTIVE) {
+if (session_status() !== PHP_SESSION_ACTIVE) {
-  session_start();
+  session_start();
-}
+}
-
+
-if (!isset($_SESSION['CSRF']['TOKEN'])) {
+if (!isset($_SESSION['CSRF']['TOKEN'])) {
-  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+  $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-}
+}
-
+
-// Set session UA
+// Set session UA
-if (!isset($_SESSION['SESS_REMOTE_UA'])) {
+if (!isset($_SESSION['SESS_REMOTE_UA'])) {
-  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
+  $_SESSION['SESS_REMOTE_UA'] = $_SERVER['HTTP_USER_AGENT'];
-}
+}
-
+
-// Keep session active
+// Keep session active
-if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
+if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > $SESSION_LIFETIME)) {
-  session_unset();
+  session_unset();
-  session_destroy();
+  session_destroy();
-}
+}
-$_SESSION['LAST_ACTIVITY'] = time();
+$_SESSION['LAST_ACTIVITY'] = time();
-
+
-// API
+// API
-if (!empty($_SERVER['HTTP_X_API_KEY'])) {
+if (!empty($_SERVER['HTTP_X_API_KEY'])) {
-  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
+  $stmt = $pdo->prepare("SELECT * FROM `api` WHERE `api_key` = :api_key AND `active` = '1';");
-  $stmt->execute(array(
+  $stmt->execute(array(
-    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
+    ':api_key' => preg_replace('/[^a-zA-Z0-9-]/', '', $_SERVER['HTTP_X_API_KEY'])
-  ));
+  ));
-  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
+  $api_return = $stmt->fetch(PDO::FETCH_ASSOC);
-  if (!empty($api_return['api_key'])) {
+  if (!empty($api_return['api_key'])) {
-    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
+    $skip_ip_check = ($api_return['skip_ip_check'] == 1);
-    $remote = get_remote_ip(false);
+    $remote = get_remote_ip(false);
-    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
+    $allow_from = array_map('trim', preg_split( "/( |,|;|\n)/", $api_return['allow_from']));
-    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
+    if ($skip_ip_check === true || ip_acl($remote, $allow_from)) {
-      $_SESSION['mailcow_cc_username'] = 'API';
+      $_SESSION['mailcow_cc_username'] = 'API';
-      $_SESSION['mailcow_cc_role'] = 'admin';
+      $_SESSION['mailcow_cc_role'] = 'admin';
-      $_SESSION['mailcow_cc_api'] = true;
+      $_SESSION['mailcow_cc_api'] = true;
-      if ($api_return['access'] == 'rw') {
+      if ($api_return['access'] == 'rw') {
-        $_SESSION['mailcow_cc_api_access'] = 'rw';
+        $_SESSION['mailcow_cc_api_access'] = 'rw';
-      }
+      }
-      else {
+      else {
-        $_SESSION['mailcow_cc_api_access'] = 'ro';
+        $_SESSION['mailcow_cc_api_access'] = 'ro';
-      }
+      }
-    }
+    }
-    else {
+    else {
-      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+      $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+      error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-      http_response_code(401);
+      http_response_code(401);
-      echo json_encode(array(
+      echo json_encode(array(
-        'type' => 'error',
+        'type' => 'error',
-        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
+        'msg' => 'api access denied for ip ' . $_SERVER['REMOTE_ADDR']
-      ));
+      ));
-      unset($_POST);
+      unset($_POST);
-      exit();
+      exit();
-    }
+    }
-  }
+  }
-  else {
+  else {
-    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
+    $redis->publish("F2B_CHANNEL", "mailcow UI: Invalid password for API_USER by " . $_SERVER['REMOTE_ADDR']);
-    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
+    error_log("mailcow UI: Invalid password for " . $user . " by " . $_SERVER['REMOTE_ADDR']);
-    http_response_code(401);
+    http_response_code(401);
-    echo json_encode(array(
+    echo json_encode(array(
-      'type' => 'error',
+      'type' => 'error',
-      'msg' => 'authentication failed'
+      'msg' => 'authentication failed'
-    ));
+    ));
-    unset($_POST);
+    unset($_POST);
-    exit();
+    exit();
-  }
+  }
-}
+}
-
+
-// Handle logouts
+// Handle logouts
-if (isset($_POST["logout"])) {
+if (isset($_POST["logout"])) {
-  if (isset($_SESSION["dual-login"])) {
+  if (isset($_SESSION["dual-login"])) {
-    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
+    $_SESSION["mailcow_cc_username"] = $_SESSION["dual-login"]["username"];
-    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
+    $_SESSION["mailcow_cc_role"] = $_SESSION["dual-login"]["role"];
-    unset($_SESSION["dual-login"]);
+    unset($_SESSION["dual-login"]);
-    header("Location: /mailbox");
+    header("Location: /mailbox");
-    exit();
+    exit();
-  }
+  }
-  else {
+  else {
-    session_regenerate_id(true);
+    session_regenerate_id(true);
-    session_unset();
+    session_unset();
-    session_destroy();
+    session_destroy();
-    session_write_close();
+    session_write_close();
-    header("Location: /");
+    header("Location: /");
-  }
+  }
-}
+}
-
+
-// Check session
+// Check session
-function session_check() {
+function session_check() {
-  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
+  if (isset($_SESSION['mailcow_cc_api']) && $_SESSION['mailcow_cc_api'] === true) {
-    return true;
+    return true;
-  }
+  }
-  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
+  if (!isset($_SESSION['SESS_REMOTE_UA']) || ($_SESSION['SESS_REMOTE_UA'] != $_SERVER['HTTP_USER_AGENT'])) {
-    $_SESSION['return'][] = array(
+    $_SESSION['return'][] = array(
-      'type' => 'warning',
+      'type' => 'warning',
-      'msg' => 'session_ua'
+      'msg' => 'session_ua'
-    );
+    );
-    return false;
+    return false;
-  }
+  }
-  if (!empty($_POST)) {
+  if (!empty($_POST)) {
-    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
+    if ($_SESSION['CSRF']['TOKEN'] != $_POST['csrf_token']) {
-      $_SESSION['return'][] = array(
+      $_SESSION['return'][] = array(
-        'type' => 'warning',
+        'type' => 'warning',
-        'msg' => 'session_token'
+        'msg' => 'session_token'
-      );
+      );
-      return false;
+      return false;
-    }
+    }
-    unset($_POST['csrf_token']);
+    unset($_POST['csrf_token']);
-    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
+    $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));
-    $_SESSION['CSRF']['TIME'] = time();
+    $_SESSION['CSRF']['TIME'] = time();
-  }
+  }
-  return true;
+  return true;
-}
+}
-
+
-if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
+if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
-  $_POST = array();
+  $_POST = array();
-  $_FILES = array();
+  $_FILES = array();
-}
+}
--- a/data/web/inc/triggers.inc.php
+++ b/data/web/inc/triggers.inc.php
@@ -1,4 +1,15 @@
 <?php
 // SSO Domain Admin
 if (!empty($_GET['sso_token'])) {
  $username = domain_admin_sso('check', $_GET['sso_token']);
  if ($username !== false) {
    $_SESSION['mailcow_cc_username'] = $username;
    $_SESSION['mailcow_cc_role'] = 'domainadmin';
    header('Location: /mailbox');
  }
 }
 if (isset($_POST["verify_tfa_login"])) {
  if (verify_tfa_login($_SESSION['pending_mailcow_cc_username'], $_POST)) {
    $_SESSION['mailcow_cc_username'] = $_SESSION['pending_mailcow_cc_username'];
@@ -6,7 +17,7 @@ if (isset($_POST["verify_tfa_login"])) {
    unset($_SESSION['pending_mailcow_cc_username']);
    unset($_SESSION['pending_mailcow_cc_role']);
    unset($_SESSION['pending_tfa_methods']);
-	
+
    header("Location: /user");
  } else {
    unset($_SESSION['pending_mailcow_cc_username']);
@@ -34,7 +45,7 @@ if (isset($_POST["quick_delete"])) {
 if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 	$login_user = strtolower(trim($_POST["login_user"]));
 	$as = check_login($login_user, $_POST["pass_user"]);
-  
+
 	if ($as == "admin") {
 		$_SESSION['mailcow_cc_username'] = $login_user;
 		$_SESSION['mailcow_cc_role'] = "admin";
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@@ -107,12 +107,10 @@ $AVAILABLE_LANGUAGES = array(
  'zh-tw' => '繁體中文 (Traditional Chinese)',
 );
-// Change theme (default: lumen)
+// default theme is lumen
-// Needs to be one of those: cerulean, cosmo, cyborg, darkly, flatly, journal, lumen, paper, readable, sandstone,
+// additional themes can be found here: https://bootswatch.com/
-// simplex, slate, spacelab, superhero, united, yeti
+// copy them to data/web/css/themes/{THEME-NAME}-bootstrap.css
-// See https://bootswatch.com/
+$UI_THEME = "lumen";
 // WARNING: Only lumen is loaded locally. Enabling any other theme, will download external sources.
 $DEFAULT_THEME = 'lumen';
 // Show DKIM private keys - false by default
 $SHOW_DKIM_PRIV_KEYS = false;
@@ -126,7 +124,7 @@ $MAILCOW_APPS = array(
 );
 // Rows until pagination begins
-$PAGINATION_SIZE = 20;
+$PAGINATION_SIZE = 25;
 // Default number of rows/lines to display (log table)
 $LOG_LINES = 1000;
--- a/data/web/index.php
+++ b/data/web/index.php
@@ -8,7 +8,7 @@ if (isset($_SESSION['mailcow_cc_role']) && isset($_SESSION['oauth2_request'])) {
  exit();
 }
 elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
-  header('Location: /admin');
+  header('Location: /debug');
  exit();
 }
 elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
--- a/data/web/js/build/000-jquery-3.6.0.min.js
+++ b/data/web/js/build/000-jquery-3.6.0.min.js
--- a/data/web/js/build/000-jquery.min.js
+++ b/data/web/js/build/000-jquery.min.js
--- a/data/web/js/build/001-bootstrap.bundle.min.js
+++ b/data/web/js/build/001-bootstrap.bundle.min.js
--- a/data/web/js/build/001-bootstrap.min.js
+++ b/data/web/js/build/001-bootstrap.min.js
--- a/data/web/js/build/002-slider.min.js
+++ b/data/web/js/build/002-slider.min.js
--- a/data/web/js/build/003-bootstrap-select.js
+++ b/data/web/js/build/003-bootstrap-select.js
--- a/data/web/js/build/004-bootstrap-select.min.js
+++ b/data/web/js/build/004-bootstrap-select.min.js
--- a/data/web/js/build/004-datatables.js
+++ b/data/web/js/build/004-datatables.js
--- a/data/web/js/build/005-notifications.min.js
+++ b/data/web/js/build/005-notifications.min.js
--- a/data/web/js/build/006-formcache.min.js
+++ b/data/web/js/build/006-formcache.min.js
--- a/Show More
+++ b/Show More
`@@ -1,4 +1,4 @@`
	`FROM alpine:3.16`	`FROM alpine:3.17`

	`LABEL maintainer "Andre Peters <andre.peters@servercow.de>"`	`LABEL maintainer "Andre Peters <andre.peters@servercow.de>"`
`@@ -1,4 +1,4 @@`
	`FROM clamav/clamav:0.105.1_base`	`FROM clamav/clamav:1.0.1-1_base`

	`LABEL maintainer "André Peters <andre.peters@servercow.de>"`	`LABEL maintainer "André Peters <andre.peters@servercow.de>"`
		`@@ -1 +1 @@`
			@media (max-width:1050px){.navbar-header{float:none}.navbar-left,.navbar-nav,.navbar-right{float:none!important}.navbar-toggle{display:block}.navbar-collapse{border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,.1)}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-collapse.collapse{display:none!important}.navbar-nav{margin-top:7.5px}.navbar-nav>li{float:none}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px}.collapse.in{display:block!important}.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}}				@media (max-width:1050px){.navbar-header{float:none}.navbar-left,.navbar-nav,.navbar-right{float:none!important}.navbar-toggle{display:block}.navbar-collapse{border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,.1)}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-nav{margin-top:7.5px}.navbar-nav>li{float:none}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px}.collapse.in{display:block!important}.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;-webkit-box-shadow:none;box-shadow:none}}
		`@@ -1 +0,0 @@`
			@keyframes chartjs-render-animation{from{opacity:.99}to{opacity:1}}.chartjs-render-monitor{animation:chartjs-render-animation 1ms}.chartjs-size-monitor,.chartjs-size-monitor-expand,.chartjs-size-monitor-shrink{position:absolute;direction:ltr;left:0;top:0;right:0;bottom:0;overflow:hidden;pointer-events:none;visibility:hidden;z-index:-1}.chartjs-size-monitor-expand>div{position:absolute;width:1000000px;height:1000000px;left:0;top:0}.chartjs-size-monitor-shrink>div{position:absolute;width:200%;height:200%;left:0;top:0}