serge

Hi,
 
 
The integrated support manager in Blesta is very nice.  BUT : if you enable the plugin, then you need to disable many mod_security / naxsi rules just to be able to post a couple of lines in a ticket.  Customers want to send very long codes, and you may ask them to send stuff like email sources, debug codes, etc...  It can take a lot of time and efforts before you get a stable and secure set of mod_security / naxsi rules.
 
We all know blesta is very secure, but it's always better to use an application firewall, like mod_security or naxsi.  However, doing this can turn into a nightmare.  While trying to submit codes, or any other content with special characters, your customers may see 503 error codes.  That's not beautiful
 
Some peoples may end up by doing stupid things like completely disabling mod_security while they should not.  Other peoples will simply start disabling everything they see in the logs.  They may disable too many rules, or whitelist too many ip's.
 
I found a very good way to avoid 503 errors, while keeping most of your naxsi / mod_security rules intact.
  With theses little changes in your files, your customers will be able to copy/paste and type everything they want in a ticket textfield or subject line, and you won't need to disable all your rules.  I can use the support manager plugin with only a couple rules disabled, in fact.
 
You can re-enable most of your rules for the support plugin paths, by doing this :  
 
1) Go to the support_manager plugin folder and open /views/default/client_tickets_reply.pdt
 
Add the following at the end of the file, just after the ?>
<script>function deleteextra() {    var initVal = $(this).val();     outputVal = initVal.replace(/[^0-9a-zA-Z\n\/'@-]/g," ");               if (initVal != outputVal) {         $(this).val(outputVal);     } }; $().ready(function(){     $("#summary").keyup(deleteextra).blur(deleteextra);     $("textarea").keyup(deleteextra).blur(deleteextra); }); </script>    
2) do the same in client_tickets_add.pdt   And voilà  You are now able to use mod_security with the support manager, on client side - you may also do the same on the admin side (in admin_tickets_add.pdt and admin_tickets_reply.pdt)   What it does?  When a customer will copy and paste, or type something in the ticket reply or ticket add textarea the unwanted special characters will just disappear before the ticket is submitted.  It will only keep the following : @.-_   It will also remove the http:// and https:// before an url, to make sure your staff won't click on any link by mistake.   i love jquery!       You may want to adapt the regex to your requirements, but this work fine for us.   I hope this will help someone!

I take note of your advice for the next update.    Tomare nota de tus consejos para la próxima actualización.

Testing, learning, testing, and only after PRODUCTION?

thxs for the interresting feedback.
 
As my purpose here was to use a framework to makes easy database grid, I found most of them do have integration issue with blesta, from jquery/bootstrap load to session sharing(I tried up to 5), the one that is related to the origin of this post and having (as most other) session issue is xcrud.com
 
And at the end, the only one that is not using jquerry/bootsrapt and not ussing session sharing, and can work fine for my goal for now:
 
http://sourceforge.net/projects/lazymofo/
 
I just use very limited css only related to table and I apply css directlly in the given blesta template, with 2-3 modification and it's do not change/alter Blesta display.
 
Only things is I had no chance with associating php function with grid action, like action before or after save, even at following their examples, when this was working for xcrud.com but having session issue with blesta, I will makes a try to adapt xcrud.com for it's use session stored in db by blesta.

i was forcing the same issue already when i was working in adminLTE template .
i think blesta should think about a way that let the developpers/designer to add thier own function or request in the template, as now ,we can just use what blesta offer .
there a re a old thread about this subject .

I already collected a great rule set, but am still pretty far away from complete.
It runs great so far.

I think there is no payment button for offline payment, because it's by design, if the payment is offline, what the payment button will server and to communicate with what system?  there is no gateway to communicate with, as it's offline payment.
 
in the template, you could add intrustruction, that is displayed only for this payment method like:
   pay to bank account xxxxx with this number (order number) as message
 
and when merchant receive offline payment, he has to do manual action to pass invoice as paid and can add bank reference for tracability

Sure, I understand what you're saying... but hosting requires a domain name.   It's not an option.  You have to have one.  Every single customer also has to purchase/transfer/renew a domain name.

And if they don't do their domains through us.. then they'll do it through godaddy, namecheap or some other popular company that also offers hosting along with domain stuff.
 
In other words... if you're a hosting provider and you also aren't offering domain names to your customers... you're basically pushing them into the arms of another company who is practically guaranteed to be constantly trying to upsell hosting to your customer.
 
Why would you do that?
 
It's a little bit like an oil change place for cars.   Sure, you can create a business that sells ONLY oil change.  Nothing else.  But why?  Not only can you make extra money selling things like transmission oil change, light bulb replacement, engine cleaning, etc... but if you don't.. the potential customer is forced to go somewhere else... and that other place is also going to sell oil changes.  Pretty soon your customer will decide it's simpler/easier to just bring their car to one place instead of two.
 
I do not view hosting and domain management as two different services.  They are two essential services in the same industry that go together.  We don't just sell "hosting"...  We sell hosting "service".  And that includes domain name stuff, since it's absolutely required for every hosting customer.
 
I have the same opinion about SSL certificates....   Any "hosting" billing app that doesn't include full featured SSL sales/management is not designed well.  Why would you purposely not sell a service that will force your customer to find the arms of a different lover?

It will be there after you download SDK API and put it in install dir  ,https://github.com/phillipsdata/blesta_sdk

I got what  i want now
$params = $event->getParams();       $service_id = (int) $params['service_id'];       Loader::loadModels($this, array("Services", "Packages"));       $details = $this->Services->get( $service_id);         $package_id = (int) $details->package->id;       $p_details = $this->Packages->get($package_id);       $meta_array = array();       $meta_array =  $p_details->meta;

after config change & php related, always restart php, and next nginx (or restart the whole server)
 
 
other:
-------
 
 
 
if you are on a VPS or dedicated server you have to edit the php.ini of the given virtual server and not the global php.ini:
 
Global
--------------
/etc/php5/fpm
/etc/php5/cgi
/etc/php5/cli
 
Virtual host
------------------
/home/MY-HOSTNAME/etc/php5
 
 
and in the php.ini set this:
 
cgi.fix_pathinfo=0
 
-------------------------------
 
also in this file: /etc/php5/fpm/pool.d/www.conf
 
the "listen" directive must match to what you have in your nginx vhost or nginx conf
example:
 
listen = /var/run/php5-fpm.sock
OR
listen = 127.0.0.1:8080
 
----------------
as you have apache in front also check that you "forward" php to what port from apache, and make this port is same in the "listen" within the nginx vhost file, and this port opened at your firewall for tcp

I think this will be logical,
 
upgrade/downgrade or any new order are automatically set with price in the client default currency,
 
but allowed to be changed with the currencies dropdownlist

The line I given you is not in your file.....

I think your blank page is returning HTTP OK/success code 200 answer,
 
and from memory, it's tippicaly due to a nginx misconfiguration,
 
Try to edit this file: fastcgi_params
 
in debian it's this path: /etc/nginx/fastcgi_params
 
 
add this at the first line and save and restart nginx:
------------------------------------------------------
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

for each service $i
Service ID: $services[$i]->id
Client ID: $services[$i]->client_id
endfor

i the top of the pdt file n print the "services" var and chearch in it the var you need .
print_r($services);

This is already possible via the Contacts page in the client dashboard. The client simply adds a secondary contact and designates them as a billing contact. You can do the same thing as a support contact, so the options you're asking about is already there.

re-uploading the whole blesta solved the issue

SSH keys have nothing to do with email or website authentication. That's only for *NIX nodes/VPS's/etc...

This is where it should be, in a non-publically-accessible location. But you can put it wherever you want on the filesystem and then update the Uploads Directory setting in Blesta under [settings] -> [system] -> [General] to set the correct absolute path of where you put the uploads directory.

ok, my "upload" folder was just on level above my blesta install, so all is logic/fine
 
I forgot this from my first install

I believe system is above the "1" directory. 1 is the company value, so if you have addon companies then you'd possibly have a 2, 3, etc for each company with 1 being the default.
 
The path to your uploads directory should be set under Settings > System > General

uploads is for the invoice attachment, download plugin files, you can remove it if you have one already.
 
It will be have this:
 
/uploads/
----------- /1/
--------------- /invoices/
---------------/support_manager_files/
---------------/download_files/
---------------/system/
---------------/client_documents/

Thanks for the report. CORE-1699.

Would this be popular? I've had to make a universal domain module to sell TLDs for which I don't have an API. Most importantly, it adds the TLD extension to the order form and checks availability. It also does DNS / nameserver lookups. That's about all the functionality it has, but it should work with any domain name extension. If it's something that's popular, I'd be happy to release the code.