Kal

Thanks for testing and confirming the bug. Any ETA on when it might be fixed? Any chance it will be a simple change I can replicate, or will I need to renew my paid support?

@Paul, I've done some more tests and worked out that the problem is with the `DirectAdmin.password_length` setting. Regardless of what I set this to, the error appears if I enter a password of less than 12 characters. The `DirectAdmin.password_requirements` setting works as expected. For example: Configure::set('DirectAdmin.password_requirements', [ ["A-Z"], ["a-z"] ]); Configure::set('DirectAdmin.password_length', 9); With these settings, a password of 'Abcdefghijkl' (12 characters) passes, but a password of 'Abcdefghijk' (11 characters) fails. Is this a bug, or have I missed something?

Okay, so DA has the option 'Allow API logins with the current User/password', which is ticked. Just to be sure, I temporarily turned off 2FA, but the problem persists. Any other ideas?

Something just occurred to me… I have two-factor authentication turned on in DA (as every security-minded admin should). Is this incompatible with the module?

Hi Paul, and thanks for offering to help. Yes, no and yes. I edited the error message under the same directory, as you described, and I can confirm that the error message has now changed—so it's certainly the correct (and only) copy of Blesta on the server. Yes, it exceeds the requirements. I was testing the 'Add Service' command on an existing account, and the password is the one that is already used by that account. I unticked 'Provision using the DirectAdmin module when activated'. Am I doing something wrong perhaps? The accounts are already set up in DirectAdmin—I just want to link them to Blesta so I can start using it for billing. I also tried creating a new account by specifying a new username and domain, but I just get the same error again, even if I use Blesta's 'Generated Password' feature. So despite the error, I suspect the problem is not with the password requirements. What else could cause this error to get triggered? Last time I checked, DirectAdmin's `enforce_difficult_passwords` option is turned off by default, and if you turn it on, the default minimum password requirements are 6 characters including an upper-case letter, lower-case letter and number. See: Difficult password enforcement option. When you say that you 'go with the strictest possible requirement', how can you know how a user has configured this in DirectAdmin? Password checking is performed by a script, and there is no limit to how the server admin could configure this.

I have edited this file as described, removing unwanted requirements and reducing the minimum password length to 9, but as soon as I try to add a service I still get the same message: Help! (BTW, for anyone who still believes that character-composition requirements are a good idea, you might want to read the advice of security experts like Troy Hunt, NIST and Microsoft who all advise against this practice. See: Passwords Evolved: Authentication Guidance for the Modern Era. A poor decision for Blesta to turn this on by default IMO.)

I've now made this a feature request: Friendly URLs (permalinks).

Friendly URLs are, in my opinion, an essential element of any content management system. No one likes a long, ugly URL. But more importantly, no one likes link rot—least of all the site owner who may lose their precious search engine rank when a URL changes. For this reason, a URL should never be dependant on the underlying platform. Here's an example of such a URL, from Blesta's Knowledge Base plugin: https://blesta.example.com/plugin/support_manager/knowledgebase/view/12/testing-your-website-before-it-goes-live/5/ Aside from being unnecessarily long, the URL also includes the following, platform-specific data: Blesta's Knowledge Base is a 'plugin'. The plug-in is called 'Support Manager'. The article is the 12th one that was added to the database. The article belongs to the 5th category that was added to the database. Each of these is a point at which the URL is likely to break if and when the underlying software platform changes. A platform agnostic URL, or permalink, is a URL that should never change, and it's a critical element of website design/development. Tim Berners-Lee stated this firmly in the 1998 article, Cool URIs don't change, where he espoused the concept of URI design. I request that Blesta introduce a permalink feature, which is accessible via the UI, easy to use, and central to the design of the whole system. The Knowledge Base, perhaps, needs special attention, so that database table row IDs are never part of the article URLs. (routes.php does not fulfil these requirements.) Without this feature, the user must go to considerable effort to manually create many individual redirects using Apache configuration files or .htaccess files.

I did rummage through your old posts around the time (December 2016), but couldn't find it. Are you able to remember and share, even briefly, the process?

Thanks for the info about routes.php. I can see from the code, for example, how `/admin/settings/company/general/localization/` really points to `/admin_company_general/localization/`. By the same logic, `/admin/plugin/support_manager/admin_knowledgebase/` should point to `/support_manager/admin_knowledgebase/`, but trying to load that second URL in a browser doesn't work—so I guess there's something I'm not getting about how it works. Anyway, I suspect I can't achieve what I want with routes, because the table row IDs for knowledge base articles are essential parts of the URLs. Ideally, I'd like the option of having human-readable and platform-agnostic URLs like this: https://account.example.com/help/docs/article-title I don't like that the URLs include table row IDs, which don't reflect anything meaningful, only what order I created the articles. That kind of thing should be hidden from the user IMHO.

Is there a way to get Blesta to generate friendlier URLs? I'm thinking of the Knowledge Base in particular. Instead of this: https://blesta.example.com/plugin/support_manager/knowledgebase/view/6/testing-your-website-before-it-goes-live/5/ I'd like to have something like this: https://blesta.example.com/knowledgebase/testing-your-website-before-it-goes-live

Thanks Paul, that's very useful. Is there any way to choose a default if the client navigates to the order form from within the Blesta UI?

Did any progress get made on this? I can't find any option to choose which package is selected by default.

Perfect!! While I'm saying thank you, thanks for all the great new features in 4.11 too. I especially appreciate the ability to enforce email address usernames—something I switched on straight away. ?

I had wondered if structure.pdt would get overwritten with an update. Indeed it does. This also makes the official instructions for Removing Branding a temporary fix, which isn't mentioned in the docs. Since that feature is advertised on Blesta's pricing page, I'd have hoped for a more robust method. DirectAdmin has a feature where customised config files can be placed within 'custom' subdirectories to protect them from being overwritten. Maybe something like that could work for Blesta? Adding these features to the UI would be even better though. @Paul, you mentioned above that style overrides were coming to themes, and there was talk on this thread of possibly removing branding automatically from unbranded licenses in the future. Are those features still on the roadmap?