Jump to content

mrrsm

Members
 View Profile  See their activity

  • Posts

    179

  • Joined

  • Last visited

  • Days Won

    6

 Content Type 

Posts posted by mrrsm

  1. Amazon AWS Automation

    in Feature Requests

    Posted

    Similar to what Blesta Addons said, Blesta doesn't really setup anything.  It makes API calls to something which sets up the services.  Making a module to do these things is not that difficult however you need to be very specific as to what you need done. For example "Install Wordpress" could mean many things where "Install Wordpress via Softaculous on cpanel" is very specific and will allow people to help you.

  4. Auto Updating

    in Feature Requests

    Posted

    I don't like the idea of my billing system ever auto updating.  Things will invariably go wrong at some point and I can't risk my billing system going down and me not knowing what happened.  I wouldn't mind having a notification in the admin telling me that there are updates available though that way I can take action and be reminded until I do.

  6. Blesta 4 on PHP7

    in General

    Posted

    14 hours ago, Blesta Addons said:

    is one of our products, we will happy to know , we can provide a patched version of php7 if needed.

    Nope, if it was one of your's I am sure it would have been fixed already as you guys are on top of things. It was actually an old module that I no longer needed anyways.  However due to it still being there when I tried to load the plugin page in the admin it would fail due to an incompatibility with the ioncube loader.

  8. Where to find the callback php files for gateways?

    in General

    Posted

    Aren't all the gateway callbacks more or less the same 

    Configure::set("Blesta.gw_callback_url", "http" . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "off" ? "s" : "") . "://" . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : "localhost") . WEBDIR . "callback/gw/");

    Specifically for paypal the notify url is built 

    'notify_url' => Configure::get('Blesta.gw_callback_url')
                . Configure::get('Blesta.company_id') . '/paypal_payments_standard/?client_id='
                . $this->ifSet($contact_info['client_id']),

     

  9. Alternative of Mailparse?

    in Feature Requests

    Posted

    Is there a reason that the providers give as to why it isn't enabled or why they can't enable it?  I know in the past I ran into providers who didn't offer this extension.  My guess was due to higher resource usage that that module could cause.  Regardless, at this point I don't think there is a good reason for a reputable shared hosting provider to not have this.  With cloud linux they can even more strictly control your resource usage if resource usage was the issue.

    Do you know of anything that can replace mailparse.  I had looked many times and never found anything that worked as well as mailparse did.

  12. Database error after provisioning first SolusVM VM

    in Support

    Posted

    For testing and maybe even production, depending on how many customers you have, a 512Mb instance is probably more than enough.  You may need to tune some things to work better under a lower ram environment, such as mysql, or you can supplement it by adding swap which will probably rarely get used.  An example for centos 6 is something like this https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-centos-6

  13. [Module] Proxmox Reloaded - Beta Release

    in The Marketplace

    Posted

    1 hour ago, timnboys said:

    okay but you do realize I said I am making my own vps panel so proxmox is irrelevant and all resources are being diverted to making the new vps panel correct? 

    I think you are missing the point of what I am saying.  You come across, at least to me, as very combative which is very off putting.  I honestly don't think anyone here is attacking you even if they are criticizing some things you are doing.  I am just making suggestions of things you can do to improve your coding which will in turn improve your products.  This doesn't mean you need to drop everything you are currently doing and/or release anything/everything open source.   However if you find a small project that you can create and release it open source you will get feedback from others, be it code style, organization, or unit tests, which you can learn from.  If you don't want to go that route there are a ton of good examples with Blesta being one of them that you can draw inspiration from as well.

  14. [Module] Proxmox Reloaded - Beta Release

    in The Marketplace

    Posted

    17 minutes ago, timnboys said:

    I don't know have you seen my coding I don't think you will consider it "pretty" and likely have hard time following it as I know that is what will happen so that is why I don't ever release open source modules because I know the backlash that will cause and it won't drive sales it will instead bottom them out(not because it is that bad but only because it isn't what you call PSR-1 standard lol)

    I have my own way of coding things that produce the same result of the PSR-1 coded code just in a different way.

    If nobody is giving you feedback and you are not willing to learn the reasons people use the PSR standards (as well as others) you will never grow as a developer.  Once you have clean code you will find out how much easier it is to follow and feel comfortable with.  On top of this you can start writing unit tests which will help as well.  You have to make steps though.  Release a single module open source.  People will give you feedback as well as possibly make pull requests against your code.  Don't take things personally, instead take what people say for what it is and learn from it.  I am confident you would learn quickly and your code would improve fast if you are willing to put yourself out there a bit to start with.

  16. Forum Intergration

    in Feature Requests

    Posted

    On 12/4/2016 at 11:48 AM, Allan said:

    My experience with forums though is just about everyone connects differently.

    You wouldn't have a universal one. In reality the shared login will allow you to create a plugin/module for any of the forums out there in order to do a SSO style login.  From there you can also use the API to do whatever else you need to do with the user's account.  It shouldn't take much more than an hour per forum as long as there was some boilerplate plugin/module framework as most of them do similar things for handling login hooks as most of your code is the same between them.

  17. minPHP Issue

    in The Lounge

    Posted

    9 minutes ago, Blesta Addons said:

    i have so many project done with old minphp for that reason i have used the bridge to prepare my work for updates .

    That makes sense to me.  It sounded like cyandark was starting a new project which means he should not need the bridge.

     

    11 minutes ago, Blesta Addons said:

    is better if one of the blesta team make a look and update the github for us :)

    I hope this will happen.  What is in the github not kind of works but it isn't worth putting in a PR as v4 is using the minphp 1.0 and works so an update to the repo would fix most of the problems most likely.

  18. minPHP Issue

    in The Lounge

    Posted

    Without that change, if I run what is in the minphp repo directly I get the following error 

    Fatal error: Class 'minphp\Language\Language' not found in /code/php/minphp/src/lib/language.php on line 7

Fatal error: Uncaught Error: Class 'View' not found in /code/php/minphp/src/lib/controller.php:87 Stack trace: #0 /code/php/minphp/src/lib/dispatcher.php(165): Controller->__construct() #1 /code/php/minphp/src/lib/unknown_exception.php(58): Dispatcher::raiseError(Object(UnknownException)) #2 [internal function]: UnknownException::setFatalErrorHandler() #3 {main} thrown in /code/php/minphp/src/lib/controller.php on line 87

    This happens because the View class depends on the Language class which has an invalid use statement. 

    15 minutes ago, Blesta Addons said:

    as i know minphp v1.0 is not using any files in lib directory , take a look here https://github.com/phillipsdata/minphp-bridge

    I am not sure what the bridge has to do with anything if you are creating a new project as you shouldn't need to use it if you just use the new 1.0 code.  I haven't fully looked into the bridge but that is what I got from reading the README.

  19. minPHP Issue

    in The Lounge

    Posted

    If you want to get the current version in master working as of 2016-11-28 against commit ed21031213e395cf38e902d8b4c2b2cbf072dc0c here is what you need to do.

    I would be happy to submit PR's to get the code in the repo working but the repo looks fairly dead to me. 

    git clone https://github.com/phillipsdata/minphp.git

    Edit the composer.json file 

    -        "minphp/html": "dev-master",
+        "minphp/html": "~1.0",

    Download/Run composer install 

    php composer.phar install

    Edit src/lib/language.php 

    -use minphp\Language\Language as FrameworkLanguage;
+use Minphp\Language\Language as FrameworkLanguage;

    That should get what is currently in the repo to work. (at least it did for me).

    I tested it by running a webserver out of the src directory via php locally on port 8000 

    cd src
php -S localhost:8000

     

  22. My License Verification Portal Built off Blesta is Finally Live And Working!

    in Show Off

    Posted

    9 minutes ago, timnboys said:

    please do tell me mrrsm what "in-code ways" can I use to reduce the attack vector and as I have mod_security and mod_evasive enabled & installed too as the "firewall"?

    You are more or less protected than if you have good mod_security rules in place.

    If you look at the forms Blesta creates they add a CSRF token 

    <input type="hidden" name="_csrf_token" value="f366be67543fb4413174a63bf048bd383d65177a65194eaf55d5a37ab185d705">

    This will help, among other things, people submitting forms multiple times, submitting a form from somwhere that is not the form, and multiple others things.  The wikipedia page has a pretty full description of things tokens can help protect you against.

  23. My License Verification Portal Built off Blesta is Finally Live And Working!

    in Show Off

    Posted

    I'm not sure how I feel about people just being able to put in my website and see what plugins of yours I am using or if I am using your plugins at all.  Other things which I know have similar features are billing systems, forums, etc but with all of those it is hard to tell that I am not using them.  For a fraud checker or vultur provisioner (examples) I don't really need anyone to know what plugin I am using for that.

    How is someone even going to know if the billing system is using X plugin or module behind the scenes?  Without that knowledge I am not sure why someone would even bother, or know, to go to your site and check to see if they are using a valid license.

    On to the analysis of it

    Quote
    License Found And Valid! The Domain Queried is using Genuine CubeData Software1
    Refresh the Page After Checking one Domain to Check Another

    You may want to fix that 1 at the end

    Quote

    NO License Found that matches that Domain! License is pirated and you should report it to us to check out!1

    Looks like it shows up on both positive and negative results.

    You also may want to make the page look a bit nicer.  The main point of the page is the form but there is nothing telling me what to do with it.  Not even a placeholder on the input box.  The blue bar outshines the rest of the page way too much, only because there isn't anything around the form currently.

    Finally you may want to lockdown your endpoint at least a little bit as right now just about anyone could hammer on it.  I didn't test it too much but I didn't have a hard time sending multiple requests in succession directly to the endpoint.  I am going to guess that you are using mysql or a flat file somewhere to manage your license and that is probably being hit every time a lookup is done.  This is bad because someone could essentially do a denial of service attack by beating on that one url and it can't be cached so they know it will hammer a resource behind the scenes and they don't have to login or get a CSRF token to do it.  You may just want to mitigate that as a firewall rule but there are in-code ways to reduce the attack vector as well that wouldn't hurt.

    Finally this is listed on your site under products.  Is this something you are planning on selling or is it just due to the fact it is validating the license on your products.  If it is the latter I would suggest moving it under the "Quick Links" section as to me it makes more sense for it to be there.

    This is a good proof of concept but still has a way to go before I would think it is production ready.

  25. GoGetSSL - Some issues and order was not processed

    in Support

    Posted

    5 hours ago, SSL-Nick said:

    At the moment, our module is a bit lackluster, but that will be changing within the next few weeks (if not sooner).

    If your modules gets updated and becomes a more solid experience I will be so happy.  It isn't bad per-say now but it isn't that user friendly which usually means a bit more work from the admin side to get things done when a user can't figure it out on their own.

×
×
  • Create New...