velaware

I didn't even know I had things pubically available on that old server, lol. My fault, sorry. Shoot me an email (ehansen@anzensolutions.com) telling me what you did and the URL it happened on, and I'll look into it.

From a security standpoint there's never a good reason to 777 anything, especially on a machine that is accessible from the Internet. If you have Blesta installed at /var/www/blesta/ then put the folder in /var/uploads and set the ownership to webserver user and group, bam...no more need to 777 it.

No, it better not have 777 permissions. That means EVERYONE can access it. It should have 775 or 755 depending on the server requirements, which you can view by doing ls -liha and seeing what other folder's permissions are. If you need to 777 anything, then it wasn't coded or configured right.

make sure the path is absolute not relative.

To expand on what Paul said: 1. Stripe.js acts on the client-side (thus it being JavaScript which is a client-side language, unlike PHP which is server-side). This is why services like Stripe and Balanced can let you circumvent PCI, because with these JavaScript files, the data never touches the server and goes from your browser directly to Stripe's servers. 2. As for an attacker altering the JavaScript, this depends. If you load it directly from Stripe's servers then data theft would be more of a risk if the file gets modified from Stripe's end (but at that point your worries are more than just a modified JavaScript file...). That is one of the reasons why its not suggested to load those files locally. However, JavaScript is one of those easily-hacked technologies if you know the right techniques. From experiences working with eCommerce web hosting, I would say do PCI compliance audits/scans. If people are interested I can assist in it (compliance C & D [which this would be] is pretty straight forward). Ideally you should do it quarterly, but I believe the maximum delay between audits is 6-12 months depending on the level of PCI compliance you're after.

The problem is trying to match the laws of every country out there.

Thanks guys. Taking a small break from this to create a module but once that's done I'll be working on this plugin's feature set for sure!

Thanks. I'm working on an upgrade for this where the create project and invoice stuff to its own section. Just haven't gotten around to finishing it yet. I'll be posting a change log once this happens.

Its been a very, very long while since I added anything to this but here's a doozy of one. If you use Git, and have access to GitLab (free to install and use), this plugin is definitely for you! GitLab Time Tracking plugin is meant for freelancers to monitor the amount of work done on a project. When a push w/ multiple commits is made, the plugin calculates how much time went between the first and last commit and stores that data. That's not all, though! It also will generate an invoice for you based on a pre-defined set of intervals (minutes, hours and days). So, for example, if you charge $15 every 30 minutes of work, and you do 2 hours of work, it will generate an invoice of $60. Invoices can either be active (default) or draft as well. If you want to clear a project's data from the plugin, just click "Purge Data" and click "Yes" to the prompt. While this only works with GitLab right now, it is possible to do this with GitHub and possibly others as well. If there's interest this will be fitted to GitHub first and possibly others after. The only thing we can address as a "odd" feature is that the quantity for the invoice is as specific as possible, but this is due to rounding issues causing different end money totals (i.e.: 10.1711 x $50/hr = $508.56 but 10.17 x $50/hr = $508.50). This can be patched in but for now we are leaving it as is. We want the community's feedback on this. Here are some screenshots courtesy of Licensecart for the bandwidth/storage: Initial Settings Populated Data Creating an Invoice Invoice Details Download + More Information To download this and get more information, you can download it at http://lab.anzensolutions.com/anzen-solutions/gitlab_time_tracking

Only thing I can suggest if nothing shows in the logs is to make sure the number is formatted properly +1.<area code><rest of number> i.e.: +1.5553332211 I believe is the E.164 spec.

Look at app/models/clients.php. I see a few issues such as the # not in E.164 format, among others. Look at the create() method's comments above, it has all the variables to pass to Clients::create().

Haven't looked at the code in-depth, but what happens most likely is that it updates the contacts' table information but not the users' table. Blesta registration basically goes first to the users table, then creates a contact entry. When you update the contact's email, Blesta is only focused on the contacts table itself, leaving the users table to be untouched. This would be an easy fix to add into the code, and as long as the contacts.contact_type == "primary" update the user's information as well.

It means you're not creating the client (call fails), since Client::create() == 0/null when it fails. Look at the $data and make sure its filled with stuff that is required (name, email, username, etc...) and that the client doesn't already exist.

Looking at soon. We can still integrate some of these features (at least let the user choose which service this is for). That will be up to you, however. This won't be possible through email tickets, however, unless I can find a way to modify that appropriately.

I'm game for this on the grounds credit for the edits are given to us. Guessing by the price and the small feature change you want just the support manager to be modified?

Yup, I'll still be trying to set up an environment on my end. Just the GPL is limited to one virtual instance and only to Xen/KVM. Everything else should be functional enough to make this happen. Do we have a deal to make this happen?

Not sure if this is the best place to put this, but it seemed most suited. I'm wanting to gauge interest in a wrapper for using the license manager module/plugin that Blesta released. This would interface the same way that the PHP sample does, but will be suited for Python projects. Python is well-known for being a web app, among other solutions. It has great backing and this wrapper will support 2.7+ and 3.4 (possibly lower). Side note: I know Python wrappers are usually called modules too, but I didn't want to make the terminology confusing so I chose to keep plugin/module to reference Blesta and wrapper to reference Python. If you like, I would appreciate a reason why/why not to gauge the purpose of interest as well.

Per discussions, responding to this thread. Going to install a local copy of the GPL version to test drive some concepts and am awaiting client's response to some information requested.

I get the idea here but unless this was made for Christmas, I'd rather not use it. The contrast is too much, and you should never mix any two colors of the same spectrum (green/red, blue/red, blue/green, etc...). It really is not good for your users' eyes.

When you get a chance shoot me an email at ehansen@anzensolutions.com and we can talk about this. I am interested in this.

In the interim you could just edit the registration form or so and remove that field.

Personally I would. Not something installed by default but definitely something that is shipped with.

Honestly while there's a lot of PDT files, and a lot of code in each, a vast majority of it is all the same style sets. So, it really wouldn't be difficult to convert the current theme system to Bootstrap, it would just be tedious, even with a massive love of sed.

Thought I would share a simplistic report extension I wrote to export some basic contact/client information. A client of mine needed something a little more advanced, but I thought I would share a boilerplate-style one for others to use, since custom reports can be very important. Direct download: http://git.anzensolutions.com/downloads/public.git/blob_plain/HEAD:/ci.tar.gz Git repo for source: http://git.anzensolutions.com/blesta/components/reports/customer_information.git If you have any questions or anything feel free to PM me or post here. If you have any updates you'd like to provide to this contact me first, as I don't allow non-authorized users to push updates. Thanks to CubicWebs for sponsoring the development.

For anyone interested I'm looking to set up a XMPP cluster of sorts for this service. For those interested, PM me. It won't be free, but won't cost a lot either.