diff --git a/install/tpl/system.ini.master b/install/tpl/system.ini.master
index d6dfa18f47f61ed5598c56edb8d6bc81f15732c0..ec6573d7b156a44a53e798310543adb86d1b8420 100644
--- a/install/tpl/system.ini.master
+++ b/install/tpl/system.ini.master
@@ -36,6 +36,7 @@ backups_include_into_web_quota=n
 reseller_can_use_options=n
 web_php_options=no,fast-cgi,mod,php-fpm
 show_aps_menu=n
+client_protection=y
 
 
 [tools]
diff --git a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
index 3f9b0db5b6b7ef92fcbaf112ca4ea092d22872fb..0099b2002b95fb1ca5bf8a33d653616656b5daf4 100644
--- a/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
+++ b/interface/lib/plugins/sites_web_vhost_domain_plugin.inc.php
@@ -46,12 +46,20 @@ class sites_web_vhost_domain_plugin {
 		$vhostdomain_type = 'domain';
 		if($page_form->dataRecord['type'] == 'vhostalias') $vhostdomain_type = 'aliasdomain';
 		elseif($page_form->dataRecord['type'] == 'vhostsubdomain') $vhostdomain_type = 'subdomain';
-		
-		// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
-		// also make sure that the user can not delete domain created by a admin
+
+		// make sure that the record belongs to the client group and not the admin group when a admin inserts it
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
-			$app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $page_form->id);
+			$app->uses('getconf');
+	  	$global_config = $app->getconf->get_global_config('sites');
+	  	if($global_config['client_protection'] == 'y') {
+		    $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
+			} else {
+				$sysuser = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE default_group = ?',$client_group_id);
+				$sysuser_id = (is_array($sysuser) && isset($sysuser['userid']) && $sysuser['userid'] > 0)?$sysuser['userid']:1;
+				$app->db->query("UPDATE web_domain SET sys_userid = ?, sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $sysuser_id, $client_group_id, $this->id);
+			}
 		}
 		if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($page_form->dataRecord["client_group_id"]);
@@ -62,7 +70,7 @@ class sites_web_vhost_domain_plugin {
 		$web_config = $app->getconf->get_server_config($app->functions->intval($page_form->dataRecord['server_id']), 'web');
 		if(isset($app->tform) && is_object($app->tform)) $web_rec = $app->tform->getDataRecord($page_form->id);
 		else $web_rec = $app->remoting_lib->getDataRecord($page_form->id);
-		
+
 		if($vhostdomain_type == 'domain') {
 			$document_root = str_replace("[website_id]", $page_form->id, $web_config["website_path"]);
 			$document_root = str_replace("[website_idhash_1]", $this->id_hash($page_form->id, 1), $document_root);
@@ -97,7 +105,7 @@ class sites_web_vhost_domain_plugin {
 			$document_root    = str_replace("[client_idhash_2]", $this->id_hash($client_id, 2), $document_root);
 			$document_root    = str_replace("[client_idhash_3]", $this->id_hash($client_id, 3), $document_root);
 			$document_root    = str_replace("[client_idhash_4]", $this->id_hash($client_id, 4), $document_root);
-			
+
 			if($event_name == 'sites:web_vhost_domain:on_after_update') {
 				if(($_SESSION["s"]["user"]["typ"] == 'admin' || $app->auth->has_clients($_SESSION['s']['user']['userid'])) &&  isset($page_form->dataRecord["client_group_id"]) && $page_form->dataRecord["client_group_id"] != $page_form->oldDataRecord["sys_groupid"]) {
 
@@ -280,7 +288,7 @@ class sites_web_vhost_domain_plugin {
 				$php_open_basedir    = str_replace("[website_path]", $document_root, $web_config["php_open_basedir"]);
 				$php_open_basedir    = str_replace("[website_domain]", $app->functions->idn_encode($page_form->dataRecord['domain']), $php_open_basedir);
 				$htaccess_allow_override  = $web_config["htaccess_allow_override"];
-				
+
 				$sql = "UPDATE web_domain SET system_user = ?, system_group = ?, document_root = ?, allow_override = ?, php_open_basedir = ?  WHERE domain_id = ?";
 				$app->db->query($sql, $system_user, $system_group, $document_root, $htaccess_allow_override, $php_open_basedir, $page_form->id);
 			}
diff --git a/interface/web/admin/form/system_config.tform.php b/interface/web/admin/form/system_config.tform.php
index 4dd069b613a99aa7bc694ceba6d656a785172fcc..0e29902c33ed7a2886e70cb64a6f7551819e5958 100644
--- a/interface/web/admin/form/system_config.tform.php
+++ b/interface/web/admin/form/system_config.tform.php
@@ -148,6 +148,12 @@ $form["tabs"]['sites'] = array (
 			'width'  => '30',
 			'maxlength' => '255'
 		),
+		'client_protection' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'y',
+			'value'  => array(0 => 'n', 1 => 'y')
+		),
 		'vhost_subdomains' => array (
 			'datatype' => 'VARCHAR',
 			'formtype' => 'CHECKBOX',
@@ -795,4 +801,3 @@ $form['tabs']['dns_ca'] = array (
 		)
 	)
 );
-
diff --git a/interface/web/admin/lib/lang/ar_system_config.lng b/interface/web/admin/lib/lang/ar_system_config.lng
index b871fc930c23eb9327f607d14d2d44f702479975..495da61225f79edd9ee37810249121dba7e6d0a7 100644
--- a/interface/web/admin/lib/lang/ar_system_config.lng
+++ b/interface/web/admin/lib/lang/ar_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/bg_system_config.lng b/interface/web/admin/lib/lang/bg_system_config.lng
index cf8e8c8273fc278b01ec2ef873e60b2445d9b94b..25ad5d2cc5e1e504c65a3be5c355f7c564f61bb2 100644
--- a/interface/web/admin/lib/lang/bg_system_config.lng
+++ b/interface/web/admin/lib/lang/bg_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/br_system_config.lng b/interface/web/admin/lib/lang/br_system_config.lng
index eccac5d178b3e142e60226a0c12d1d580bb7d87e..a6802651161e74c1befae13e99540ef629561c87 100644
--- a/interface/web/admin/lib/lang/br_system_config.lng
+++ b/interface/web/admin/lib/lang/br_system_config.lng
@@ -94,4 +94,5 @@ $wb['active_txt'] = 'Ativo';
 $wb['btn_save_txt'] = 'Salvar';
 $wb['btn_cancel_txt'] = 'Cancelar';
 $wb['web_php_options_txt'] = 'Manipulador do php (Somente apache)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/ca_system_config.lng b/interface/web/admin/lib/lang/ca_system_config.lng
index 17e4fd3db8e2c04e465cfea0e620b03a9f6f2457..f40012120f60b186e9503f3680fa5a2102d6f424 100644
--- a/interface/web/admin/lib/lang/ca_system_config.lng
+++ b/interface/web/admin/lib/lang/ca_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/cz_system_config.lng b/interface/web/admin/lib/lang/cz_system_config.lng
index fb9f4cf843a9eb64ac62585d8c0de38103df30ac..b7a7515403ae91f3acd6d7ccccdc43dbba820ce4 100644
--- a/interface/web/admin/lib/lang/cz_system_config.lng
+++ b/interface/web/admin/lib/lang/cz_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktivní';
 $wb['btn_save_txt'] = 'Uložit';
 $wb['btn_cancel_txt'] = 'Zrušit';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/de_system_config.lng b/interface/web/admin/lib/lang/de_system_config.lng
index 7e88eccd00ea2e777818a2355a6643bc52202958..58575617ad2a9eadb05eae0edf6c28a9841c2052 100644
--- a/interface/web/admin/lib/lang/de_system_config.lng
+++ b/interface/web/admin/lib/lang/de_system_config.lng
@@ -99,4 +99,5 @@ $wb['active_txt'] = 'Aktiv';
 $wb['btn_save_txt'] = 'Speichern';
 $wb['btn_cancel_txt'] = 'Abbrechen';
 $wb['web_php_options_txt'] = 'PHP Handler (Nur Apache)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/dk_system_config.lng b/interface/web/admin/lib/lang/dk_system_config.lng
index 2be15ca1a087bd17476a9b4d93e11426aded1dad..6801b566c9aeea8cb574e8cca7d36596831db6f8 100644
--- a/interface/web/admin/lib/lang/dk_system_config.lng
+++ b/interface/web/admin/lib/lang/dk_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/el_system_config.lng b/interface/web/admin/lib/lang/el_system_config.lng
index 045e20d02105bbfbe3adbdec37b5d8d87e6c4280..f324e335b3c1af3e0eaab925683e7ebbdef0100b 100644
--- a/interface/web/admin/lib/lang/el_system_config.lng
+++ b/interface/web/admin/lib/lang/el_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/en_system_config.lng b/interface/web/admin/lib/lang/en_system_config.lng
index 27a5e58f28ef69c819f72bb93aefac13b9e93011..882e6c21c3220012c626cc14027d9b27d096391f 100644
--- a/interface/web/admin/lib/lang/en_system_config.lng
+++ b/interface/web/admin/lib/lang/en_system_config.lng
@@ -102,4 +102,5 @@ $wb['active_txt'] = 'Active';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/es_system_config.lng b/interface/web/admin/lib/lang/es_system_config.lng
index 96e1e4487a549bcd3d14be03d2c07550998da066..4eeaa9abe994ca43dca157d771086938ab041280 100644
--- a/interface/web/admin/lib/lang/es_system_config.lng
+++ b/interface/web/admin/lib/lang/es_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/fi_system_config.lng b/interface/web/admin/lib/lang/fi_system_config.lng
index b6102f7f62e8e224d96c8a818d0f4abec2d32375..831eee9ff6d9837bf651037b583fdb6091f18b86 100644
--- a/interface/web/admin/lib/lang/fi_system_config.lng
+++ b/interface/web/admin/lib/lang/fi_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/fr_system_config.lng b/interface/web/admin/lib/lang/fr_system_config.lng
index 38e2573044b93340c8cb496387d16f0d9f5e6086..a5270b879fa8d5284eb3f3a26db43f40d3f4957d 100644
--- a/interface/web/admin/lib/lang/fr_system_config.lng
+++ b/interface/web/admin/lib/lang/fr_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/hr_system_config.lng b/interface/web/admin/lib/lang/hr_system_config.lng
index ab8756e95621c3666a91d2c507700938e404f2fa..220ca7e90ca9482831ad458a7ab47deeaac8a712 100644
--- a/interface/web/admin/lib/lang/hr_system_config.lng
+++ b/interface/web/admin/lib/lang/hr_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/hu_system_config.lng b/interface/web/admin/lib/lang/hu_system_config.lng
index 4262b892099af4ec5e6d366ec53824b7c5ca7bad..0069f31c07448ed4fcf4e2fb1f277604be3ccff9 100644
--- a/interface/web/admin/lib/lang/hu_system_config.lng
+++ b/interface/web/admin/lib/lang/hu_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/id_system_config.lng b/interface/web/admin/lib/lang/id_system_config.lng
index fe545e7476f06ecc07e8499434024ac4aa853e6d..539699da888897e43fee3bcce3425a3b5ed3a463 100644
--- a/interface/web/admin/lib/lang/id_system_config.lng
+++ b/interface/web/admin/lib/lang/id_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/it_system_config.lng b/interface/web/admin/lib/lang/it_system_config.lng
index f261ba3e8127bcfe843a64c32c0d6a9a24bed76c..0c20959df29caa4f411234e58d0cc4b6e8fd6f0e 100644
--- a/interface/web/admin/lib/lang/it_system_config.lng
+++ b/interface/web/admin/lib/lang/it_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/ja_system_config.lng b/interface/web/admin/lib/lang/ja_system_config.lng
index 96ce2d2ad64d66ba0f3fbcb8b5014c382642397c..f6b5c9e1a519ec3ba3f642bb94d5c3e11792ede1 100644
--- a/interface/web/admin/lib/lang/ja_system_config.lng
+++ b/interface/web/admin/lib/lang/ja_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/nl_system_config.lng b/interface/web/admin/lib/lang/nl_system_config.lng
index f9f59896bfc226da7d2839d62e28ae6676b632f6..19eae464a354a780c17bdbd273c7241356292ca6 100644
--- a/interface/web/admin/lib/lang/nl_system_config.lng
+++ b/interface/web/admin/lib/lang/nl_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/pl_system_config.lng b/interface/web/admin/lib/lang/pl_system_config.lng
index 5f49133f561589911d3e9095e7891ab98ca6e628..f44853ccb2b4ecb62bacdc99784592a4b5ff489e 100644
--- a/interface/web/admin/lib/lang/pl_system_config.lng
+++ b/interface/web/admin/lib/lang/pl_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/pt_system_config.lng b/interface/web/admin/lib/lang/pt_system_config.lng
index 10b87a40ae223ca364da96b44c5fad4543913016..bbfedbf3a43f5b931b99ca8b6bea80a03a8afdb6 100644
--- a/interface/web/admin/lib/lang/pt_system_config.lng
+++ b/interface/web/admin/lib/lang/pt_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/ro_system_config.lng b/interface/web/admin/lib/lang/ro_system_config.lng
index 56c7e40059a858ff89d41c80aed078db9b1a69e9..a7756c737d8361c0147b26179f8fde2a29a06f90 100644
--- a/interface/web/admin/lib/lang/ro_system_config.lng
+++ b/interface/web/admin/lib/lang/ro_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/ru_system_config.lng b/interface/web/admin/lib/lang/ru_system_config.lng
index c0da3d894a8ebcfb8c6121a8011cfb79273dbc67..37d9c263abf8e2ce1ac5e152a73804d0eb05157a 100644
--- a/interface/web/admin/lib/lang/ru_system_config.lng
+++ b/interface/web/admin/lib/lang/ru_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/se_system_config.lng b/interface/web/admin/lib/lang/se_system_config.lng
index bf24b9852b8b275da9a8d8f7b143271bf7d760c8..6768bc411887e561c57362e0eb73370bf7f0cd6a 100644
--- a/interface/web/admin/lib/lang/se_system_config.lng
+++ b/interface/web/admin/lib/lang/se_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/sk_system_config.lng b/interface/web/admin/lib/lang/sk_system_config.lng
index 2fdce03e691badf87b628a17e21c66ee2d50995d..85a96bf5bf1126e65cccd898d2a7bb2276197934 100644
--- a/interface/web/admin/lib/lang/sk_system_config.lng
+++ b/interface/web/admin/lib/lang/sk_system_config.lng
@@ -95,4 +95,5 @@ $wb['active_txt'] = 'Aktive';
 $wb['btn_save_txt'] = 'Save';
 $wb['btn_cancel_txt'] = 'Cancel';
 $wb['web_php_options_txt'] = 'PHP Handler (Apache only)';
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/lib/lang/tr_system_config.lng b/interface/web/admin/lib/lang/tr_system_config.lng
index afc8a9239f2df64b2b9ca3dabe6d10ca01ba44d7..b4cb7c8d11bc3db4633af003cc31f0ea0595de59 100644
--- a/interface/web/admin/lib/lang/tr_system_config.lng
+++ b/interface/web/admin/lib/lang/tr_system_config.lng
@@ -89,4 +89,5 @@ $wb['custom_login_link_txt'] = 'Oturum Açma Sayfası Bağlantısı';
 $wb['login_link_error_regex'] = 'Oturum Açma Bağlantısı Geçersiz';
 $wb["default_remote_dbserver_txt"] = "Default DB Remote servers";
 $wb["disable_client_remote_dbserver_txt"] = "Disable DB Remote sections for Clients";
+$wb['client_protection_txt'] = 'Client protection';
 ?>
diff --git a/interface/web/admin/system_config_edit.php b/interface/web/admin/system_config_edit.php
index 04db6717b0d3eb37aca9ae625d3d1a8154a0c982..9b3102e60e337c7a2dcef9a131cd444e3b5fa08e 100644
--- a/interface/web/admin/system_config_edit.php
+++ b/interface/web/admin/system_config_edit.php
@@ -96,7 +96,7 @@ class page_action extends tform_actions {
 
 		if($available_dashlets_txt == '') $available_dashlets_txt = '------';
 		$app->tpl->setVar("available_dashlets_txt", $available_dashlets_txt);
-		
+
 		// Logo
 		$sys_ini = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = ?", $this->id);
 		if($sys_ini['custom_logo'] != ''){
@@ -156,6 +156,13 @@ class page_action extends tform_actions {
 		*/
 
 		$new_config = $app->tform->encode($this->dataRecord, $section);
+		
+		if($section == 'sites' && $new_config['client_protection'] != 'y' && $server_config_array['sites']['client_protection'] == 'y') {
+		  $app->db->query("UPDATE `web_domain` SET `sys_userid` = (select `userid` FROM `sys_user` WHERE `default_group` = `web_domain`.`sys_groupid`), `sys_perm_group` = 'riud' WHERE `added_by` = 'admin' and sys_groupid > 0");
+		} elseif($section == 'sites' && $new_config['client_protection'] != 'n' && $server_config_array['sites']['client_protection'] == 'n') {
+			$app->db->query("UPDATE `web_domain` SET `sys_userid` = 1, `sys_perm_group` = 'ru' WHERE `added_by` = 'admin'");
+		}
+		
 		if($section == 'sites' && $new_config['vhost_subdomains'] != 'y' && $server_config_array['sites']['vhost_subdomains'] == 'y') {
 			// check for existing vhost subdomains, if found the mode cannot be disabled
 			$check = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_domain` WHERE `type` = 'vhostsubdomain'");
@@ -198,13 +205,13 @@ class page_action extends tform_actions {
 				"FROM dns_soa";
 			$app->db->query($sql);
 		}
-		
+
 		//die(print_r($_FILES));
 		// Logo
 		/*
 		if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])){
 			//print_r($_FILES);
-			
+
 			$path= $_FILES['file']['tmp_name'];
 			$type = pathinfo($path, PATHINFO_EXTENSION);
 			$data = file_get_contents($path);
diff --git a/interface/web/admin/templates/system_config_sites_edit.htm b/interface/web/admin/templates/system_config_sites_edit.htm
index 82576d5e53308b0e2bac0e7e89dc5b9c2a481efe..c84b50e6b81ecb3304a4ef68bf8154013545ae89 100644
--- a/interface/web/admin/templates/system_config_sites_edit.htm
+++ b/interface/web/admin/templates/system_config_sites_edit.htm
@@ -26,6 +26,12 @@
             <div class="form-group">
                 <label for="webftp_url" class="col-sm-3 control-label">{tmpl_var name='webftp_url_txt'}</label>
                 <div class="col-sm-9"><input type="text" name="webftp_url" id="webftp_url" value="{tmpl_var name='webftp_url'}" class="form-control" /></div></div>
+                <div class="form-group">
+                    <label class="col-sm-3 control-label">{tmpl_var name='client_protection_txt'}</label>
+                    <div class="col-sm-9">
+                        {tmpl_var name='client_protection'}
+                    </div>
+                </div>
             <div class="form-group">
                 <label class="col-sm-3 control-label">{tmpl_var name='vhost_subdomains_txt'}</label>
                 <div class="col-sm-9">
@@ -84,10 +90,10 @@
                 <label for="default_remote_dbserver" class="col-sm-3 control-label">{tmpl_var name='default_remote_dbserver_txt'}</label>
                 <div class="col-sm-9"><input type="text" name="default_remote_dbserver" id="default_remote_dbserver" value="{tmpl_var name='default_remote_dbserver'}" class="form-control" /></div>
 	    </div>
- 
-         	
+
+
         <input type="hidden" name="id" value="{tmpl_var name='id'}">
-            
+
         <div class="clear"><div class="right">
             <button class="btn btn-default formbutton-success" type="button" value="{tmpl_var name='btn_save_txt'}" data-submit-form="pageForm" data-form-action="admin/system_config_edit.php">{tmpl_var name='btn_save_txt'}</button>
             <button class="btn btn-default formbutton-default" type="button" value="{tmpl_var name='btn_cancel_txt'}" data-load-content="admin/users_list.php">{tmpl_var name='btn_cancel_txt'}</button>
diff --git a/interface/web/client/domain_edit.php b/interface/web/client/domain_edit.php
index 094e1899be3b8b7eb16f0c1b322d092884d5e851..af7b900b9109a475b20b238c4060f4d5135c635f 100644
--- a/interface/web/client/domain_edit.php
+++ b/interface/web/client/domain_edit.php
@@ -67,7 +67,7 @@ class page_action extends tform_actions {
 
 	function onShowEnd() {
 		global $app, $conf, $wb;
-		
+
 		if($_SESSION["s"]["user"]["typ"] != 'admin' && $this->id == 0) {
 			if(!$app->tform->checkClientLimit('limit_domainmodule')) {
 				$app->uses('ini_parser,getconf');
@@ -100,7 +100,7 @@ class page_action extends tform_actions {
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 			$client = $app->functions->htmlentities($client);
-			
+
 			// Fill the client select field
 			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ? ORDER BY client.company_name, client.contact_name, sys_group.name";
 			//die($sql);
diff --git a/interface/web/sites/web_vhost_domain_edit.php b/interface/web/sites/web_vhost_domain_edit.php
index cc476a2276f8c87206859aa9bdb4717e30be4df6..9f39721e45024ddf39db8497adcf2234a6b33483 100644
--- a/interface/web/sites/web_vhost_domain_edit.php
+++ b/interface/web/sites/web_vhost_domain_edit.php
@@ -1376,11 +1376,19 @@ class page_action extends tform_actions {
 	function onAfterInsert() {
 		global $app, $conf;
 
-		// make sure that the record belongs to the clinet group and not the admin group when admin inserts it
-		// also make sure that the user can not delete domain created by a admin
+		// make sure that the record belongs to the client group and not the admin group when admin inserts it
+		// also make sure that the user can not delete domain created by a admin if client protection is enabled
 		if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
-			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
-			$app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
+  	  $client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);
+	  	$app->uses('getconf');
+	  	$global_config = $app->getconf->get_global_config('sites');
+	  	if($global_config['client_protection'] == 'y') {
+		    $app->db->query("UPDATE web_domain SET sys_groupid = ?, sys_perm_group = 'ru' WHERE domain_id = ?", $client_group_id, $this->id);
+			} else {
+				$sysuser = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE default_group = ?',$client_group_id);
+				$sysuser_id = (is_array($sysuser) && isset($sysuser['userid']) && $sysuser['userid'] > 0)?$sysuser['userid']:1;
+				$app->db->query("UPDATE web_domain SET sys_userid = ?, sys_groupid = ?, sys_perm_group = 'riud' WHERE domain_id = ?", $sysuser_id, $client_group_id, $this->id);
+			}
 		}
 		if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
 			$client_group_id = $app->functions->intval($this->dataRecord["client_group_id"]);