Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Max last won the day on July 7

Max had the most liked content!

1 Follower

About Max

  • Rank
    Advanced Member

Recent Profile Visitors

1,089 profile views
  1. Be aware that using strong customer authentication methods such as Securecode/3Ds becomes mandatory when taking payments from European customers after 14 September 2019. For subscriptions the first payment should be authenticated, but subsequent payments do not. So all merchant payment gateways should be updated, or payment processing will simply stop working. See the articles published by the various payment gateways for details. E.g.: https://stripe.com/en-US/guides/strong-customer-authentication
  2. Hey Max, 

    I'm using Blesta 4.2.2 and NOCPS - the plugin doesn't seem to be working correctly. Is there any update to the module or troubleshooting I can do?

  3. You send an e-mail to your customer that you assigned a server to them, and that they can login to the Blesta client panel to provision it. They should already have the login for that, if they placed the initial order through Blesta...
  4. Client should provision his own server using the client area, and specify the password he wants there. Passwords are not stored in the system. There is absolutely no need for you to have access to the passwords of your customers' servers, if you sell unmanaged dedicated servers. And there are better solutions like SSH public key authentication if you offer managed ones.
  5. Localize the names of generic payment methods (e.g. credit card, bank transfer, direct debit) somewhere centrally (do not duplicate that in every module), not the gateway names.
  6. - It should be possible to have multiple payment methods per non-merchant gateway. E.g. if I want to use Paypal for processing credit cards as well, there shouldn't be just "Paypal" but "Credit card" as well. And for European gateways it is pretty common to have 4 different payment methods handled by a single gateway. - Ideally it should also be possible for individual payment modules to add additional arbitrary fields to the form under the payment method. Like Woocommerce allows for iDeal payments, where the user has to select his own bank from a list: This prevents having the user to go through an extra screen later, and promotes the concept of a single page order screen.
  7. Max

    Stripe Plus Gateway

    The libraries provided by providers often leave to be desired, and are not used by other projects. E.g. they fail to include unit tests that simulate requests and responses. As far as my module goes, it only implemented a small subset of the gateways as a proof of concept. For things like merchant gateway support, tokenization (think stripe.js), securecode/3dsecure, and recurring payments changes to Blesta core code would be necessary.
  8. Max

    Stripe Plus Gateway

    Well, Blesta did not write the third-party libraries they are currently using to communicate with say Stripe, Braintree, PagSeguro and Converge either... And the implementations they did do are kinda minimal. E.g. the HTML form "buy" buttons for non-merchant gateways like Paypal that Blesta currently spits out, and that the customer has to click on, may technically work. But properly using the payment provider's API to create a transaction and redirecting the customer automatically would be a lot nicer...
  9. Max

    Stripe Plus Gateway

    That may work for small code modifications to core modules, but doubt many professional developers would do so for modules they created themselves. It is more common for developers to retain their rights, and even if the client paid to have something custom developed to only grant them a license. Why? Well, it prevents the developer getting sued, if he ever does a similar looking project for another customer. Would personally rather see that Blesta stopped using their own propitiatory modules for things like handling payments, and switched to using something more standard like the Omnipay library. There is no way Blesta or any other billing system can properly test modules for gateways they are not using themselves. So using something used by more projects makes sense. And yes, that would mean the competition could use the exact same set of modules. But so what, find something else to compete on...
  10. Do keep in mind that any encryption in this context is the equivalent of putting a lock on your door, but always keeping the key in. The billing system needs to be able to decrypt it, to display it. So if the billing system (or server it is running on) is compromised, so will the credentials be. Personally, I would rather see that account passwords are not stored in the billing system at all, and there would only be a "password reset" button instead, allowing a new password to be set. If the system would be compromised it would indeed still be possible for the intruder to reset the password, but at least that would be noticed pretty soon, as then the legitimate user would be locked out, and complain. That might be hard to implement for your appliances though.
  11. Module still works as intended with latest Blesta version. Cannot guarantee any long-term support though. Number of Blesta users is very low.
  12. Yes, in some jurisdictions credit notes can also be used in other situations in which a customer gets a general discount or money back, rather than correcting an indvidual invoice. I know some use them to administer affiliate earnings. And negative lines should be allowed in manually created normal invoices as well. (currently they are prohibited by your validation rules) E.g. if the user ordered and paid for a $ 10 standard hosting package, but decided the $ 20 super-deluxe package would be a better match for his needs, you could of-course just send him an invoice for another $ 10. However a more proper way that signifies that the package normally costs $ 20 would be:
  13. A credit note aka credit invoice is just an invoice with negative amounts. Could display them in the list of invoices, and let them use the same numbering (although separate range is also allowed) Do not edit any invoice pdf after it has been issued. For any reason. Ever. Separate document. It should be easy to locate and print out all invoices, credit invoices, and other tax relevant documents issued within an accounting period en masse. They should not be hiding behind an invoice that may be from last year.
  14. The west also has pretty good consumer protection laws to compensate though. E.g. here you are you required to send at least one free written payment reminder by normal postal mail before you are allowed to charge any late fees, or can take any follow-up action.
  15. The way Blesta implements things you do need full PCI complaince with all merchant gateways. Whether or not the PSP will actually check you are compliant beforehand is a different question. However if you are ever compromised and it turns out you were not, things may get expensive. Some PSPs also require you to self-certify how you are using them, and may have follow-up questions if you answer that truthfully. Note that Blesta does NOT use tokenization clients like stripe.js.
  • Create New...