EMar

OK but I think the WYSIWYG editor would be more convenient there.

I could be having some cache issue.

Ok sorry I was half asleep last night, I'm was referring to that page title "Order" when you click the Order link in the nav menu When you change that word Order it changes the link text and the title under the nav menu. Anyway I have a cache issue now, the lnav link doesn't change properly. $lang['OrderPlugin.client.name'] = "Order Stream Hosting";

Is my order form editor loading properly? Can I get it to load like this: Instead of this:

Good morning, Is the order form editor suppose to load like this: I thought it loaded like the editor in the update products section, which is better..

I did void the invoice after, then deleted the new client, I'll try it again, I'm using a paypal sandbox account, also for the new client signup, Still thought, I didn't go through any paypal login to make the payment. I just logged in as the new client and could see the new centova login info.

I dunno, what if you have different types of products / order forms, Why would they all have the same page title "Order" or whatever you put in OrderPlugin.client.name Like when you're managing the Portal section, it has its own index page title. I've so many ideas in my head that are not really there in the platform.

Ok, At first the module wouldn't connect, it kept saying incorrect hostname or password or something, We did something on the server then were able to connect the Centova module to the server in question, What I meant was, say the correct password for the Centova admin was 43rgg7rg37 If I entered something else like 56uy56 the module still says connected successfully. It's working now but I was wondering why it said connected successfully if it was the wrong password.

Hi, Using the Centova Cast module, Just testing an order form as a demo client (paypal sandbox account) so developer mode is enabled in blesta. Went through the checkout process and ordered a Centova Cast account, $ 3.50 for 1 month. Created an account, used the email from the paypal sandbox account, selected paypal as payment method, Signed in as the new client and the Centova Cast account was already created and waiting, no payment made. I didn't have to login to paypal with the sandbox account to complete the payment. So it provisioned the new Centova Cast account, I was able to log in to the new stream account. There also was an invoice saying i was overdue and please pay 7 USD asap. What should I do? it shouldn't be creating/provisioning any accounts until payment is received right? At least we know the module is connecting that's a good start. Any help appreciated.

Hi, Where do you change the title text "Order" in the order form page /order/forms

Hi, Is it normal for the centova cast module to accept any password? I mean even if I enter an incorrect password, it says The Server was successfully updated.

Hi, I have ReCaptcha enabled, does Anti-Fraud need to be enabled also?

Luckily I hadn't done any custom edits, or they'd be gone, I only had to change that Route.admin', 'admin'); and it was sorted. Is there any child-themes that we could do our custom work on?

Not sure if I screwed up the installation, upgraded from 4.2.2 to 4.4.0. Uploaded everything from the Blesta folder and overwrite everything, Then used the hotfix for php 7.1 as I'm using php 7.2 on the server, So I ran the updater /crew/upgrade but get a white page. Do I need to configure any settings again? routes.php or others? Followed this guide https://docs.blesta.com/display/user/Upgrading+Blesta I have since switched the vps to use php 7.1.22 but that didn't make any difference. EDIT, I went into routes.php and see it had the default Configure::set('Route.admin', 'admin'); Is that the only setting I need to change again? I had it renamed to "crew"

Has this been added to Admin tools yet?

Ok.. I have those config files now, I can edit them in CentOS Web Panel 7. There's no disable option for Mod Security, I uninstalled it while editing Blesta pages then installed it again. Adding SecRuleRemoveById 9667848 to all 3 files Configuration Files:Main Configuration --> /usr/local/apache/conf.d/mod_security.confRules Configuration --> /usr/local/apache/modsecurity-owasp-old/owasp.confDisabled Rules --> /usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf I don't have a custom_user.conf Contents of File: /usr/local/apache/conf.d/mod_security.conf Contents of File: /usr/local/apache/modsecurity-owasp-old/global_disabled_rules.conf Do I need to add it to /usr/local/apache/modsecurity-owasp-old/owasp.conf?

I don't know where exclude rules files are.

[root@me /]# yum install mlocate -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos.mirrors.tds.net * epel: mirror.steadfast.net * extras: mirrors.gigenet.com * updates: centos.mirrors.tds.net Package mlocate-0.26-6.el7.x86_64 already installed and latest version Nothing to do

Sorry no idea what you mean.

Thanks, I can't find /usr/local/apache/modsecurity-owasp-old/ in my Centos installation, using sftp as root.

I logged into CentOS Control Panel 7 and clicked Mod Security under the Security tab. Last 20 Lines matching ModSecurity from Error log file: /usr/local/apache/logs/error_log [Tue Apr 24 01:08:09.218692 2018] [:error] [pid 255567:tid 1402356545764868i24] [client 11.110.113.232:63250] [client 11.110.113.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:@.+=\\\\s*?\\\\(\\\\s*?select)|(?:\\\\d+\\\\s*?(x?or|div|like|between|and)\\\\s*?\\\\d+\\\\s*?[\\\\-+])|(?:\\\\/\\\\w+;?\\\\s+(?:having|and|x?or|div|like|between|and|select)\\\\W)|(?:\\\\d\\\\s+group\\\\s+by.+\\\\()|(?:(?:;|#|--)\\\\s*?(?:drop|alter))|(?:(?:;|#|--)\\\\s*?(?:update|i ..." at ARGS:content. [file "/usr/local/apache/modsecurity-owasp-old/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "211"] [id "9667848"] [msg "Detects chained SQL injection attempts 1/2"] [data "Matched Data: div class=\\x22 found within ARGS:content: <div class=\\x22col-md-12\\x22>\\x0d\\x0a <div class=\\x22thanks\\x22>\\x0d\\x0a\\x0d\\x0a\\x0d\\x0a</div>\\x0d\\x0a </div>\\x0d\\x0a\\x0d\\x0a <div class=\\x22col-md-4 col-sm-6 portal-box\\x22>\\x0d\\x0a <a href=\\x22{client_url}login/\\x22>\\x0d\\x0a <div class=\\x22well\\x22>\\x0d\\x0a <i class=\\x22fa fa-cogs fa-4x\\x22></i>\\x0d\\x0a <h4>My Account</h4>\\x0d\\x0a <p>Log in here to manage your ac [hostname "clients.domain.com"] [uri "/staff/settings/company/plugins/manage/5/"] [unique_id "%^$%6DeSztztryrrtrggJxJwAAAM8"], referer: https://clients.domain.com/staff/settings/company/plugins/manage/5/

I tried that command in putty, don't think it did anything.

I see some files at /usr/local/apache/logs error_log, modsec_audit.log, modsec_debug.log

For some reason I created two staff members, but with the same info, Each assigned to a different department, billing and support. I've ticked every box at System > Staff > Staff Groups, for both users, but still can't edit that portal module. EDIT Actually I disable mod_security in the server and was able to edit the portal module. So any idea how to fix this when mod_security is enabled?

Hmm I was trying to edit the portal module text and after saving got this Forbidden You don't have permission to access /staff/settings/company/plugins/manage/5/ on this server. Would it have anything to do with mod security which I enabled the other day on CentOs Panel?