Adam

What are you trying to do? ... For what purpose are you calling the login module for Blesta? -Adam

What are you trying to do? I believe the issue is that you are not passing a valid Session object. If you read the docs the login function takes two arguments, a Session Object and an array of user attributes. The session object is defined here: http://source-docs.blesta.com/class-Session.html which is not the same as PHP's session class you are currently using (does not appear Blesta Session module implments PHP's SessionHandlerInterface). You might want to use the auth function if you want to verify if a user exists. -Adam

Script does not work -- did you try it out in your shell? By default curl streams the data to standard output. You are not capturing the output. Every line after that is incorrect. Your logic on checking for MD5 is backwords -- if you ask me. Read the man page for the command md5sum (man md5sum). Yes, that goes in your crontab file (/var/spool/cron/) Do not forget the &&. The following does everything you need: 0 9 * * 3 [ `date +\%d` -le 7 ] && cd /path/to/uploads/system/ && curl -L https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz | gunzip > /srv/uploads/system/GeoLiteCity.dat No, the script is not good. Please test before posting. Depending on what philosophy you subscribe too, I am of the idea that I should only be email when something bad happens. Since you plan on making this into a cronjob, cron can email you the output of a script. So only print to standard output (or error) in your bash script when it fails. Get ride of the verbose printing would be what I suggest. -Adam

If you run this in a cronjob, no need to log each message since you log the whole script (email or pipe redirection). I would also make the suggestion you use https as opposed to http for the transfer (geolite supports this). You could get a small performance boost if you used named pipes and curl. Something like this would work: curl -L https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz | gunzip > GeoLiteCity.dat That is pretty agressive. The Maxmind website says the database is updated on the first Tuesday of the month. Taking into account the various number of timezones and not knowing when on Tuesday the database is updated, lets run this on Wednesdays instead. 0 9 * * 3 [ `date +\%d` -le 7 ] && curl -L https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz | gunzip > /srv/uploads/system/GeoLiteCity.dat Runs on the first Wednesday of every month at 9AM server time. It is more then just countries, cities are accounted for. With IPv4 shortage, v4 addresses are being reallocated, reassigned more fequrently then ever before. Note to Blesta Devs: Should switch to the new GeoLite2 database format. The current one is legacy and will be deprecated at some point. The new GeoLite2 also includes md5 sums which can be added to the script above. http://dev.maxmind.com/geoip/geoip2/geolite2/ -Adam

FYI: PHP 5.3 has end of life about 11 months ago and is no longer getting updates or patches for security. PHP 5.4 will EOL in about a month. I suggest upgrading to the latest. More information: http://php.net/eol.php and http://php.net/supported-versions.php -Adam

The caller of the function (blesta core) passes you that argument. It is more of a convince then anything. It is a variable that you can access within the function. -Adam

But they do! http://bfy.tw/rdw and for the lazy: http://documentation.cpanel.net/x/hgAX :-) -Adam

Would be better if you offered a link directly for cPanel/WHM since that is what kikloo is running. BUT the idea is the same, although I would NOT follow the steps of using chattr. In fact, if you do, you will most likely not be able to add/remove/modify any accounts server wide. I believe you can increase the max timeout via WHM under Apache Configuration (WHM > Apache Configuration > Global Configuration) Checking our your website, it appears you are now getting SQL errors, and no longer 500 errors. Sounds like you have resolved the 500 errors. You might want to re-start the installation process (clear out all data, including database) and make sure your system meets the requirements: http://docs.blesta.com/display/user/Requirements If you are running under a LxC environment (which you mentioned you are via CageFS) make sure you select the necessary PHP version and modules required. thanks, -Adam

If you are getting a 500 error, check your server logs, for example: /etc/httpd/logs/error_log Common items to check: Are the files owned by the web user? Do you have issues in your .htaccess file? Do you have the correct version of IonCube loaded with the version of PHP you are running? (if you are running PHP5.5 you need to apply the PHP 5.5 patch files). Many issues could cause 500 errors, only way to know is to check /etc/httpd/logs/error_log -Adam

Typically with popen you want to use pclose and not fclose. However in my test environment I wrote a simple pipe program and simulator and it did not matter. Things to try, make sure Blesta debugging is enabled (along with PHP's) (in config/core.php) Configure::set("System.debug", true); and that the path to pipe program is correct. You should try using the full path in your code above. You may also want to try and add a shebang to plugins/support_manager/pipe.php. Use something like #!/bin/env php -q should do it. Of course, also make sure Blesta department is setup to correctly handle piping.-Adam

Should always use /bin/env phpfollowed by any args or path.

Blesta needs a SEO plugin? What benefit will that offer? Take for example the Blesta demo: http://demo.blesta.com/ the only area I could see any use if someone had an extensive knowledge base that they want to attract users to their site (similar to digital ocean's system ... but most of those are user submitted content in exchange for credits). But I believe the wording of the knowledge base would be more beneficial for SEO then any metadata that would exist. Ya, I think that could be solved with some rewrite rules from your webserver. But I can see some modifications that might need to be done to Blesta to support this. What do you mean? Like configuration fields supporting extra metadata information? What do you mean by keyword selection? Tag Cloud? This could be solved by editing your theme. Add Robots, like in robots.txt? Blesta can give suggestions for bots to not crawl some aspects of a blesta install, for example, the admin area or plugins folder. As for installation, robots.txt requires it to be installed at the root web folder of a domain. If your blesta is installed in a subfolder, out of the box it would not work (domain.tld/blesta/robots.txt for example). What do you mean by XML feed better faster? What feeds would blesta publish? The only thing I can think of would be for the Blesta Announcement plugin: http://www.blesta.com/forums/index.php?/topic/3180-plugin-announcement-released/ Perhaps you should post your suggestion to that plugin (already on TODO list). As for send website details to google or listing directories, I mean, google has an API for that https://developers.google.com/apis-explorer/#p/webmasters/v3/ but why is this needed? How many times are you going to be submitting the site to Google's Webmaster Tool? Seems like a lot of work on reinventing the wheel. Would be much easier, and update to date, if you used Google's interface rather then a plugin. I just do not see the need for this. Maybe you and others can convince me I am wrong. -Adam

Yes and, inheritance! I think having the inheritance model would allow for this. For example, if we want to create a new module, we can inherit from the universal plugin and simply override or and add new features. At some level, this is already built in from the base class Modules. This adds a great level of separation and adds features! Yup, keyword is inheritance. /adam

Any update on this from the devs? Paul, Cody, Tyson? thanks, -Adam

Why is client_id not required? How do you plan on sending quotes to clients who do not exist within the system? I understand quotes are not invoices, but when you create a quote, you already have a client in mind (at least their name, company, email address, etc). Might be better, and easier, if every quote you created was associated with some client. It would make garbage collection easier -- no orphaned records, etc. What is the difference between status column and activate? For example, how can a quote be activate but "dead." Or inactivate but open? Seems like you these two fields should be normalized (merged). Other then that, looks good. -Adam

May this be added to CORE-1082? Paul, Cody, Tyson? thanks, /adam

Any updates from the Blesta Devs? Paul, Cody, Tyson? thanks, /adam

That would be awesome. It would make for more features and shorter development cycles. For example, SolusVM has IP management and rebooting of VMs (among other features). If someone wants to do the same for lets say VPS.net module (already written) or new module xyz for a cloud provider, why should they reinvent? If we can assign more then module per product, things like adding Observium (or another monitoring platforms) would be easier and fit a wider audience. Unless, of course, plugins are the answer? Would be interesting to know what the Blesta Developers have to say where the "line in the sand" is drawn between module and plugin. /adam

Howdy, Is it possible to extend an existing module? For example, I would like to extend the universal_module and add a few features to it for server management. For compatibility reasons and general separation of concerns, this would make sense, however I am not sure if this is feasible. I am currently developing a few extra features like IP address management (PTR/RDNS), password / public key generation, bandwidth graphs, monitoring and general IPMI interface. My assumption is that this should go under a module and _not_ a plugin. Is this correct? The reason for creating a plugin is that these items are very specific to a service and product and not necessarily to all products and services. I did read http://docs.blesta.com/display/dev/Creating+a+Plugin and it seems like a plugin would also work for these requirements. However looking at both plugins and modules, it seems that modules tend to have the characteristics I am building, hence my assumption. thanks, /adam

It is no secret what algorithm you use to encode that string .. since you told us how to decode it (via your module). I do not understand your argument on it being obfuscated for security reasons. You first output the server status via base64 encode as hex. Then each character is shifted by 13 places via str_rot13. After that you reverse the entire character stream via strrev. Finally, you compress the output via gzencode. All this for what appears to be server status. I say what appears as server status because I have not taken the time to reverse engineer the script to see if any malicious intent is also included. What is so secretive about the status of the server? With a little investigative work (thanks to your screenshot) I can see your server has 3 CPUs, ~25GB of disk and roughly 256MB of memory with an uptime of almost two days. If you are worried about attackers, outputting the version of Apache you use, along with OpenSSL and PHP can do more harm (which is what you currently have setup). Again, all this for server status. Yet, as Max pointed out, your passwords are sent as a GET parameter to a 3rd party site. Regardless if the connection is SSL or not, GET parameters are not part of the encrypted payload in TCP/IP (they are part of the packet header). It seems more focus should be addressed in other areas is all I am saying. I say these things not to make you feel bad, but because code review is an integral part of making software better. -Adam

Howdy, I am using the universal configuration module and currently testing it out. An order was placed using that module and service provisioned with configuration options. In the admin area, I want to now upgrade / downgrade any of these options for the client. I can do that just fine, but the price of the product does not change, despite the configuration option correctly changing. What am I doing wrong? Do I have to manually override the price? I am using Blesta 3.4.4 thanks, /adam

Why is servertools obfuscated? May you please undo that, along with posting this on a public source code repo .. so others can contribute to it? A lot of work needs to be done in order to make this more modular. Injecting HTML within the controller does not seem good MVC approach nor is using shell_exec without escaping the string with escapeshellarg. It also seems you are hard coding OS values, hard drive values rather then taking a more general approach of pulling from database via the Record object provided from the base class. -Adam

Mike, Check the PayPal IPN history page: https://www.paypal.com/us/cgi-bin/webscr?cmd=_display-ipns-history (Profile -> Profile & Settings -> My Selling tools on the left hand side -> Instant payment notifications -> IPN History Page). That will show you the payload that PayPal sent, and the respond back it got from the server. /adam

Merge the projects. @cyandark should post this on some public code repository (self-hosted git/svn or github, bitbucket, etc). /adam

Howdy, Would it be possible to add a default option to be selected when using Radio or and Checkbox as a configuration option? By adding this feature, this would improve the user experience on order forms as the end user can avoid selecting configuration options if the default that is define by the company is selected. thanks, /adam