furioussnail

For me the issue is related to 2checkout rather Blesta...

It looks like 2checkout went "full retard" and isn't a viable solution anymore. Not sure it even makes sense for you to invest development hours into this platform. They were acquired by Avangate and it looks like their platform acts as a billing panel. An horrible one. Now I am a bit desperate to find a good merchant payments processor. ? Thinking about Stripe Atlas but I am scared about the unknowns...

I get that but there is no 2checkout related row shown. Thank you for your reply.

Here is the link to the INS related document: https://knowledgecenter.2checkout.com/Integration/09Webhooks/Instant_Notification_Service_(INS)

There is nothing useful for 2checkout either in logs/ or in "Tools" -> "Logs" -> "Gateway". Absolutely no message. However, I didn't even configure INS since there is nothing in the documentation on how to do that. Thank you.

2checkout doesn't actually apply transactions automatically. I created a forum topic regarding this issue but got no reply:

Hello. I experience the exact same problem. No payment is recorded. I also opened a feature request for subscriptions support: https://requests.blesta.com/topic/update-for-2checkout-plugin-to-support-subscriptions

Yes, I think the theme should be set to theme.css, or custom-theme.css. I don't think web browsers understand the ?dev= part of that query.

I undestand the purpose of the theme.css file. The problem is caused by the "?dir=" query string added to the file: <link href="/admin/theme/theme.css?dir=" rel="stylesheet" type="text/css" media="screen" /> I think the href should point to the file without "?dir=". Thank you.

Hello. For some reason Blesta adds theme.css?dir= as an asset dependency. What is the reason behind this? This make the resource difficult to cache. Can it be fixed? Thank you.

Hello. At some point though my installation I was encountering the following error: Database connection FAILED. Ensure that you have created the database and that the credentials are correct. However PHP modules were installed and the user name and password were correct. Further debugging revealed that the exceptions in install.php aren't handled properly. In the try catch block at line 469 I appended $e->getMessage() to the error and I finally figured out the problem: PHP's json extension is required to use Monolog's NormalizerFormatter So, I think the behavior needs to be changed accordingly. My best.

Hello. Currently when trying to pay for a service PayPal returns the following message: Things don't appear to be working at the moment. Please try again later. With "code=EWP_SETTINGS" in the URL. According to Google this is due to Encrypted Website Payments being enabled in PayPal. How do I use Encrypted Website Payments with Blesta? Thank you.

The fact that many do it in one way doesn't mean it is right. Yes, there are techniques used to prevent brute force attacks or user escalation but can you foresee any vulnerabilities? Even yesterday Twitter asked users to reset their passwords... So, not sure Twitter is a good example.

This is not security through obscurity. This is protecting my private data. Yes, attackers may be capable of obtaining the data (depending on how you protect it), it doesn't mean it should be made easy for them. I already provided the user escalation example... Security through obscurity isn't related to one practice. It should or could always be used in combination with more secure techniques, as security by design or open security. Security through obscurity may deter less apt attackers.

Well, too bad. But maybe Blesta team would consider opening a bug with the providers of the forum software.

I am talking about the user name which are also used as display names. For example, can you login with Blesta.Store as user name? If yes, don't you notice an issue with that?

AFAIK the practice of displaying any details used for login helps attackers to exploit the system. The more info is provided about the internals of a system the easier it is for an attacker to exploit the system. Let's say there is a 0 day vulnerability an attacker found which allows user escalation. By investigating who is who on the forums it is super easy for the attacker to escalate to a user with extended rights.

Hello. Does the 2checkout module support INS? If yes, what is the correct link to be used? Documentation lacks this information. Thank you.

Hello. I believe requiring users to login with their display names is a bad idea. Basically any attacker has less guessing to do. Maybe login behavior should be changed?

Forgot about Plesk restarting. Thank you BlestaStore. You are awesome. :-)

Yes.

Hello. I get different errors when adding a subscription in Blesta using the Plesk subscription. The logs show nothing of value but the subscription is added in Plesk. So, this seems to be related to Blesta. Running Blesta on PHP 5.6. It is an Apache + PHP-FPM setup. How can I fix this? Thank you.

Hm... In cron I have this: */5 * * * * /usr/bin/php /srv/http/portal.harubik.com/index.php cron > /dev/null However once the cron task gets executed the following message is sent (just the snippet): [2017-11-26 16:05:02] general.INFO: Created Invoice Any idea why are general.INFO notifications (stdout) treated as errors? Thank you.

Ah, indeed. The solution helps. Didn't notice it the first time. Thank you.

Yes, as I wrote, the issue is related to bug CORE-2473 but for some reason I still get the error. Thank you.