velaware
-
Posts
346 -
Joined
-
Last visited
-
Days Won
8
Posts posted by velaware
-
-
It shouldn't be in the public view
it should be outside public_html and a location in the settings.Eg: Uploads Directory
/chroot/home/lcadmin/licensecart.com/uploads/
It's not in the /chroot/home/lcadmin/licensecart.com/html/ folder
on cPanel it would be:
/home/lcadmin/uploads/
not /home/lcadmin/public_html/uploads/
If it's not 777 you can't upload to it, nor can the server.
From a security standpoint there's never a good reason to 777 anything, especially on a machine that is accessible from the Internet.
If you have Blesta installed at /var/www/blesta/ then put the folder in /var/uploads and set the ownership to webserver user and group, bam...no more need to 777 it.
-
Ensure the folder has been created.
uploads/1/client_documents/ it must have 777 on that folder too
No, it better not have 777 permissions. That means EVERYONE can access it.
It should have 775 or 755 depending on the server requirements, which you can view by doing ls -liha and seeing what other folder's permissions are.
If you need to 777 anything, then it wasn't coded or configured right.
-
I am getting this error:
The file could not be written.
I have set up the uploads folder in Settings - system - general and the script displays they are writable, what am I doing wrong?
make sure the path is absolute not relative.
-
You are required to do PCI scans because card data touches the server, even though it is not stored. The proposed stripe.js implementation passes the card details directly to Stripe so they don't technically go through your server. In that case, you wouldn't have to do the scans at the moment. We have not implemented the stripe.js method yet. Since your server renders the markup, I believe even stripe.js implementations will be required to do PCI scans in the future. It's a sort of loophole that I expect they will close before long. (If your server was compromised, an attacker could alter the javascript and intercept the card details anyway)
So, short answer. Yes, you should do PCI scans
To expand on what Paul said:
1. Stripe.js acts on the client-side (thus it being JavaScript which is a client-side language, unlike PHP which is server-side). This is why services like Stripe and Balanced can let you circumvent PCI, because with these JavaScript files, the data never touches the server and goes from your browser directly to Stripe's servers.
2. As for an attacker altering the JavaScript, this depends. If you load it directly from Stripe's servers then data theft would be more of a risk if the file gets modified from Stripe's end (but at that point your worries are more than just a modified JavaScript file...). That is one of the reasons why its not suggested to load those files locally. However, JavaScript is one of those easily-hacked technologies if you know the right techniques.
From experiences working with eCommerce web hosting, I would say do PCI compliance audits/scans. If people are interested I can assist in it (compliance C & D [which this would be] is pretty straight forward).
Ideally you should do it quarterly, but I believe the maximum delay between audits is 6-12 months depending on the level of PCI compliance you're after.
-
It's the law I believe that if you are being charged you need a copy of the invoice whether its by email or paper.
https://www.gov.uk/invoicing-and-taking-payment-from-customers/overview
The problem is trying to match the laws of every country out there.
-
-
you did hard work man. Awesome. Congrats.
Thanks.
I'm working on an upgrade for this where the create project and invoice stuff to its own section. Just haven't gotten around to finishing it yet.
I'll be posting a change log once this happens.
- Michael, PauloV and eversmile_host
-
3
-
Its been a very, very long while since I added anything to this but here's a doozy of one.
If you use Git, and have access to GitLab (free to install and use), this plugin is definitely for you!
GitLab Time Tracking plugin is meant for freelancers to monitor the amount of work done on a project. When a push w/ multiple commits is made, the plugin calculates how much time went between the first and last commit and stores that data.
That's not all, though! It also will generate an invoice for you based on a pre-defined set of intervals (minutes, hours and days). So, for example, if you charge $15 every 30 minutes of work, and you do 2 hours of work, it will generate an invoice of $60. Invoices can either be active (default) or draft as well.
If you want to clear a project's data from the plugin, just click "Purge Data" and click "Yes" to the prompt.
While this only works with GitLab right now, it is possible to do this with GitHub and possibly others as well. If there's interest this will be fitted to GitHub first and possibly others after.
The only thing we can address as a "odd" feature is that the quantity for the invoice is as specific as possible, but this is due to rounding issues causing different end money totals (i.e.: 10.1711 x $50/hr = $508.56 but 10.17 x $50/hr = $508.50). This can be patched in but for now we are leaving it as is. We want the community's feedback on this.
Here are some screenshots courtesy of Licensecart for the bandwidth/storage:
Initial Settings
Populated Data
Creating an Invoice
Invoice Details
Download + More Information
To download this and get more information, you can download it at http://lab.anzensolutions.com/anzen-solutions/gitlab_time_tracking
-
If you're talking about looking at that info in the source docs, then that's where I did look to find out what info to pass.
Only thing I can suggest if nothing shows in the logs is to make sure the number is formatted properly +1.<area code><rest of number> i.e.: +1.5553332211 I believe is the E.164 spec.
-
Here is a sample of one that failed..
Array ( [vars] => Array ( [username] => bob88 [new_password] => #x@vJxn1EO [confirm_password] => #x@vJxn1EO [client_group_id] => 1 [first_name] => terry [last_name] => Moldo [company] => weee 2 [email] => xxxxxxx3@internode.on.net [address1] => 128 Moo St [numbers] => Array ( [number] => 555555555 ) [settings] => Array ( [send_registration_email] => ) ) )send_registration_email is equal to bool false.
Look at app/models/clients.php. I see a few issues such as the # not in E.164 format, among others. Look at the create() method's comments above, it has all the variables to pass to Clients::create().
-
I disagree, I like my usernames thank you
but If it's a email address if I change it it should change the log in email address in my honest opinion.Haven't looked at the code in-depth, but what happens most likely is that it updates the contacts' table information but not the users' table.
Blesta registration basically goes first to the users table, then creates a contact entry. When you update the contact's email, Blesta is only focused on the contacts table itself, leaving the users table to be untouched. This would be an easy fix to add into the code, and as long as the contacts.contact_type == "primary" update the user's information as well.
-
I'm calling the clients::create() method as so..
$response = $this->api->post("clients", "create", $data);But this is what I'm getting back as the response:
BlestaResponse Object ( [raw:BlestaResponse:private] => [response_code:BlestaResponse:private] => 0 )
Why is this!?
It means you're not creating the client (call fails), since Client::create() == 0/null when it fails.
Look at the $data and make sure its filled with stuff that is required (name, email, username, etc...) and that the client doesn't already exist.
-
If Cloudmin integration in the other thread takes care of displaying service (server) information then you may disregard this request. However, I am not sure when any decent VPS management system like Virtulizor or Cloudmin will be fully integrated with Blesta, so that's why thought maybe we have to at least manually enter the service information and make it at hand to customers.
Looking at soon.
We can still integrate some of these features (at least let the user choose which service this is for). That will be up to you, however.
This won't be possible through email tickets, however, unless I can find a way to modify that appropriately.
-
I'm game for this on the grounds credit for the edits are given to us.
Guessing by the price and the small feature change you want just the support manager to be modified?
-
As I explained it will take some time for us to create proper development environment for you, so if you can do everything on your end, would be even better.
Also, please take a look at another bounty announced by us: http://www.blesta.com/forums/index.php?/topic/2627-100-bounty-for-getting-service-information-displayed-on-the-upper-part-of-ticket-page/
Yup, I'll still be trying to set up an environment on my end. Just the GPL is limited to one virtual instance and only to Xen/KVM. Everything else should be functional enough to make this happen.
Do we have a deal to make this happen?
-
Not sure if this is the best place to put this, but it seemed most suited.
I'm wanting to gauge interest in a wrapper for using the license manager module/plugin that Blesta released. This would interface the same way that the PHP sample does, but will be suited for Python projects.
Python is well-known for being a web app, among other solutions. It has great backing and this wrapper will support 2.7+ and 3.4 (possibly lower).
Side note: I know Python wrappers are usually called modules too, but I didn't want to make the terminology confusing so I chose to keep plugin/module to reference Blesta and wrapper to reference Python.
If you like, I would appreciate a reason why/why not to gauge the purpose of interest as well.
-
-
-
-
Blesta users can't change their username from what I can tell only admin can, unless you mean when email addresses are used as username like Clamhost mentioned. You are right that if usernames are the same they should be changed on both sides or not at all. I really don't like that Blesta lets the user decide which username method to use as I think that should be controlled by admin. That's a feature request that I'd be willing to make if I haven't already.
In the interim you could just edit the registration form or so and remove that field.
-
3.2 isn't out yet, but so far it has not been added.
Do you guys think this plugin is useful enough in its current state to be included in our builds?
Personally I would. Not something installed by default but definitely something that is shipped with.
-
You will be able to edit the structure.pdt to make changes to suit your needs.
Ah thanks. I saw that *.pdt files were to be excluded from a nginx config example I copied but wasn't sure what they were. So, they are the template files. OMG there is 476 of them, including modules and plugins! About 36k lines and 1.4Mb of code just for templates so, yes, changing all of that for bootstrap would be a huge job. As a comparison I just applied https://github.com/ShaunR/template-bootstrap to whmcs (easy) and it worked (99%) for everything I tried throughout the system. It is excellent being able to admin whmcs from a phone aside from clients using a mobile friendly signup procedure.
Honestly while there's a lot of PDT files, and a lot of code in each, a vast majority of it is all the same style sets. So, it really wouldn't be difficult to convert the current theme system to Bootstrap, it would just be tedious, even with a massive love of sed.
-
Thought I would share a simplistic report extension I wrote to export some basic contact/client information. A client of mine needed something a little more advanced, but I thought I would share a boilerplate-style one for others to use, since custom reports can be very important.
Direct download: http://git.anzensolutions.com/downloads/public.git/blob_plain/HEAD:/ci.tar.gz
Git repo for source: http://git.anzensolutions.com/blesta/components/reports/customer_information.git
If you have any questions or anything feel free to PM me or post here.
If you have any updates you'd like to provide to this contact me first, as I don't allow non-authorized users to push updates.
Thanks to CubicWebs for sponsoring the development.
-
For anyone interested I'm looking to set up a XMPP cluster of sorts for this service. For those interested, PM me. It won't be free, but won't cost a lot either.
Basic Customer Information Report
in The Marketplace
Posted
I didn't even know I had things pubically available on that old server, lol. My fault, sorry.
Shoot me an email (ehansen@anzensolutions.com) telling me what you did and the URL it happened on, and I'll look into it.