The check_subdomain_owner user.conf override for a Reseller creating a User, was not correctly respected: Duplicate: - global: check_subdomain_owner=1 - Reseller "res" has check_subdomain_owner=0 in their user.conf, allowing creation of any sub-domain. - User "fred" already exists under some OTHER creator (not created by "res") with fred.com. - Reseller "res" creates User "subfred" with sub.fred.com 1) The realtime form/json/ajax check passes, as it's checking if "res" could create the sub.fred.com under "res" User account (not entirely correct, but accurate for what we need). This is fine. 2) During the creation of User "subfred", sub.fred.com was added to the domains.list of subfred prior to the attempted and denied creation of domain "sub.fred.com". 3) The creation of sub.fred.com was denied as the check was then done as User "subfred", without any user.conf override, thus blocked (Reseller's user.conf was not checked) This caused a broken state for subfred (User deletion does clear it out correctly), but the expected behavior would be to respect the the user.conf of "res" at subfred creation time. Fix moves the subdomain owner check before any part of the domain is created, and also includes the reseller's user.conf for the user creation state. This only applies to User creation. A domain being created by the already existing User would not check for their creator's user.conf override, as the creator is not the one creating the domain in this instance. ---- EVO2029