Rocketz

Ugh guys. This is bordering on the ridiculous. All I asked was if he could get his code reviewed so those purchasing the module can have a good amount of trust that obvious exploit vectors are checked and eliminated
he said "no, costs too much"
end of story as far as I'm concerned. I'd love a vultr module, but not at the cost that the module could be exploited in an obvious way and wreck the business
no one is attacking anyone. I asked a question

I want to offer a free addon / option on certain plans. How can I make blesta automatically "checkmark" that addon during the order process? 
It's more of a marketing thing, so you say "hey you get this thing for free! its value is actually X dollars, but you get it for free!" type of thing. And it's automatically checked as enabled. 
And of course, because this option has an internal cost, i'd like it to be charged/credited properly on the invoice and reports. 
How can I do this? 

I want to offer a free addon / option on certain plans. How can I make blesta automatically "checkmark" that addon during the order process? 
It's more of a marketing thing, so you say "hey you get this thing for free! its value is actually X dollars, but you get it for free!" type of thing. And it's automatically checked as enabled. 
And of course, because this option has an internal cost, i'd like it to be charged/credited properly on the invoice and reports. 
How can I do this? 

I wasn't saying you would do that at all. I'm saying a customer signs up, the module provisions their vps on vultr. 
What stops them from hijacking the module via sql injection or whatever the cool new way to hack into things is, and taking over functions of the vultr account? That's what I'm most concerned about. Same thing with other modules like cPanel Extended, and others where there's a possibility of a hack.
Nothing is 100% hack proof, so all i'm asking for is if there is a way to have someone else review the code for you, a second set of eyes that could catch something obvious that 99.999% of the hackers would know how to do. And for the 0.001% chance of being hacked, well, we all live with that risk and mitigate it as much as possible. 

I want to offer a free addon / option on certain plans. How can I make blesta automatically "checkmark" that addon during the order process? 
It's more of a marketing thing, so you say "hey you get this thing for free! its value is actually X dollars, but you get it for free!" type of thing. And it's automatically checked as enabled. 
And of course, because this option has an internal cost, i'd like it to be charged/credited properly on the invoice and reports. 
How can I do this? 

The service_id is available via line_items, see https://docs.blesta.com/pages/viewpage.action?pageId=4161679#InvoiceDelivery(Unpaid)-SupportedTags but it may not be possible to determine what package the service is linked to within the email template. You can use the tag {% debug %} to see all of the data that's available to the template. YOU SHOULD BE CAREFUL THOUGH, not to send out an email with this tag to any customers. There could be sensitive information in the output.

We have released version 1.0.2 of this gateway today, which patches a small bug that prevented users from making "credit payments", and depositing funds not applicable to any invoice. We also took the opportunity to update the Stripe PHP SDK version, which patches a few issues. Full changelog: https://github.com/nodecraft/stripe_plus_gateway/blob/master/CHANGELOG.md
 
Download the latest version at https://github.com/nodecraft/stripe_plus_gateway/releases

I hear you. All good points. Blesta is under developed for the hosting industry. 
Blesta's vision of their software vs. reality is where the problem is. I really believe Blesta thought they could develop the core part of the software, make it all very modular, and then developers would take it from there and offer modules based on demand. 
Reality is that there are only ~5 module developers for Blesta, and the market is so small, they get very little out of making modules. Some modules exist, and make a really good impact on the overall software, but you're basically relying on a single person to extend Blesta to the point you need it to be at. The reason is companies don't want the headaches of having to search out developers for features that the industry expects to be standard in any software release now. So the customer base isn't growing much, which means less developers. A classic catch-22. 
An idea I had a little while back would be for Blesta to partner with developers, get all the code going in the same direction, and implement those modules directly into Blesta, and they pay the developers. I'm not going to assume what the finances of that arrangement would be, but it's an idea. 
One other thing that should be done is really start doing focus groups of actual users, of varying company sizes. And then pivoting in small, quick releases, based on that feedback. One of Blesta's competitors just released a feature... auto-update. Because it was the highest voted feature by their community. I won't get into how ridiculous that kind of feature is, because if you can install the software, you sure can update it. Especially since no one in their right mind would auto-update their billing system. But they spent months of dev time creating this feature and trying to hype it up. Stupid stupid stupid. It shows they didn't really talk to the people running their software and relied on community upvotes instead. The opportunity cost is high. 
I'm going to give Blesta a shot after their initial 4.0 release. This release, from what I can tell is more of a major re-factoring and maintenance release, positioning Blesta for better future updates. So I'm not expecting a lot of critical features to be in it, and I hope you aren't either. Documentation is a separate issue. 
I really do hope Blesta comes to understand their core market segment, which is hosting. It's where it was born. The reason for its existence was the faltering of previous competitors. Get that  industry taken care of first, grow the business, and then look at other industries that are struggling to get by with subpar billing systems and hit them up. Don't try to be a generic be-all billing system yet. 
 

I don't disagree at all. I've been preaching for a while now how Blesta should encourage more custom module development. I just have a sore spot for what happened here, and trying to think of ways we can guarantee it not happening again. 
The reason I seem sour on this is simple. I trust Blesta 100%. My business will be running on Blesta once the migration and customization is complete. I trust that Blesta will be there to issue security updates and software updates regularly. Blesta is a critical part of the business. 
I trust most of the developers here. Cyandark, Paulo, Naja have all shown they're willing to contribute time and resources into developing modules, even free ones. I trust them to do right by the customer. They've been here since V3 was released, and are still here today contributing. 
Can I trust a developer who made a pretty cool plugin, that people relied on, and then essentially deserted them? Like Mike mentioned above, everyone deserves a fresh start, but when you rely on software to run your business, you really don't want to break that trust, because it's very hard to get back. 

Don't quote me on this but I believe if you put this in your 'Service Created' email template, they will only receive one email with the contents of the Email created under the Package itself: {package.email_html}. That's the way we have it setup and when I receive a copy of it, I only receive 1 email.
I'm sure Licensecart can verify this real soon.

You are correct and do the same for {package.email_text}.

If I'm not mistaken, they receive 'Account Creation', 'Service Creation / Welcome Email' (as one combined email) and 'Invoice Due / Paid'.
Our template for 'Service Creation' is {package.email_html} which would pick up the contents of the 'welcome email'. I think 'Service Creation' is there if you want to have a generic message that gets attached to the Welcome Email for every package but I've honestly never paid close attention! It does sound confusing though. docs.blesta.com says this about the Service Creation and other email templates in that section: By default, these templates usually don't have to be modified, but it's a good idea to review them in detail anyway.
 
 

well right off the bat, you set it to use IMAP, not piping  
Set it to piping, and you'll see Blesta give you a one line command to enter as an email forwarder in your cpanel account
I don't agree on 777 chmod permissions either. Unless your host is not doing their job correctly. PHP files should never be set to 777 in a cPanel environment. You're just asking to be hacked. 644 for all files, 755 if you really need to. 

he's just very protective of blesta and lacks tact, you have to skip past that aspect of mike  
Paul is making the change to the documentation. In all fairness, it was an honest oversight, one that virtually most companies make when it comes to software relying on other requirements. Like the original starcraft says "windows 95 or later" but i'm pretty sure it won't run on windows 10 without some work. 
I just don't think this is something to be that frustrated about. 

I've spotted a few of our clients who aren't using Two Factor Authorisation and so to try and push clients to use this cool feature, I've put this warning on the client area. And thought I'd pass it onto the community who would also like to use it.

In /app/views/client/bootstrap/structure.pdt under the Blesta Nav you can paste this code:
<?php if ($this->Html->ifSet($logged_in)) { if ($client->two_factor_mode === 'none'){ ?> <div class="container"> <div class="row"> <div class="col-sm-12"> <div class="alert alert-danger alert-dismissible" role="alert"> <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button> <strong>Warning!</strong><br /> <p style="margin-top: 0px !important;font-size: 13px;"> It seems you haven't activated Two Factor Authorization yet? It's a security feature in which you provide two means of identification to log into your account.<br> You can enable it <a href="//licensecart.com/customers/main/edit/" class="alert-link">here</a> under "Authentication". </p> </div> </div> </div> </div> <?php } } ?> All you need to edit there is the licensecart.com to your Blesta installation url. It will display a message like so:

I don't disagree at all. I've been preaching for a while now how Blesta should encourage more custom module development. I just have a sore spot for what happened here, and trying to think of ways we can guarantee it not happening again. 
The reason I seem sour on this is simple. I trust Blesta 100%. My business will be running on Blesta once the migration and customization is complete. I trust that Blesta will be there to issue security updates and software updates regularly. Blesta is a critical part of the business. 
I trust most of the developers here. Cyandark, Paulo, Naja have all shown they're willing to contribute time and resources into developing modules, even free ones. I trust them to do right by the customer. They've been here since V3 was released, and are still here today contributing. 
Can I trust a developer who made a pretty cool plugin, that people relied on, and then essentially deserted them? Like Mike mentioned above, everyone deserves a fresh start, but when you rely on software to run your business, you really don't want to break that trust, because it's very hard to get back. 

Before plunking any money down on these modules, I'd appreciate knowing what changed? Why are you back to developing for Blesta? And how do we know you're not going to pack up and go away again?
I'm not a fan of buying modules, just to be abandoned by the developer later on. So until there's some satisfactory answers, I wouldn't pay a penny on these yet. 

Thanks. It makes sense, but it's not very comforting. That means there's a pattern of this developer willing to sign exclusivity agreements, to the detriment of existing customers. 

Nice work guys. It's good to see this kind of collaboration  

Thank you Paul, I appreciate that offer. I may take you up on it at some point. I am interested in seeing v4 beta 1 before I make a final decision, to see if it is any more intuitive from the owner's perspective or better documented (though I dislike beta versions, as reliability is important to me). Depending on the timing, I may want to see v4 before making a final decision, since I have already bought it.

However, based on what I know now, I'm leaning toward building my own hosting webware. Since there are less than 20 API functions I'll need, it appears that I can create a more user-intuitive idiot-proof solution for my clients by engineering my own solution. Even if I did completely figure out Blesta, I would not be able to simplify my customers' user experience beyond the limits of the software design.

I have absolutely no reason for confidence at this point that a Blesta solution would enable me to create a simple UX for them. Simplicity rules. My clients will subscribe with me because I make it absolutely easy for them to do so. Or they will go elsewhere.

@AnthonyL Sorry the late reply  
For now it dosent support that functionality, buit its very easy to implement, let the new Blesta 4.0 Stable come out And I will add this in the next update
 
@cyandark Hello  
Sorry, still no migration functionality, but its easy, I didnt implement yet because there wasnt alot requests  
I Will promisse to add a migration functionality betwin Support Manager Original and Support Manager Pro, also an option to Migrate all data to Core Support Manager (It will delete all data on the Support Manager that will be migrated to because of the ID's and CODE in Tickets to not mess everithing)
@all 
Im tinking to add on next update the encryption of all Ticket's messages because of sensitive data in case of an MySQL/MariaDB intrusion, what do you think? The problem is going to be the search functionality that will be a tiny slow to let the encrypt/decrypt function to run.

well right off the bat, you set it to use IMAP, not piping  
Set it to piping, and you'll see Blesta give you a one line command to enter as an email forwarder in your cpanel account
I don't agree on 777 chmod permissions either. Unless your host is not doing their job correctly. PHP files should never be set to 777 in a cPanel environment. You're just asking to be hacked. 644 for all files, 755 if you really need to. 

It would probably be a good idea to disable the pay button on click so that it cannot be clicked more than once.

You hit the nail on the head with your last sentence. No one controls the pricing apart from ICANN and the TLD registries. It's also never been an expectation for customers to be locked into domain pricing.
If you really want a workaround to this, businesses can offer a coupon code / discount to bring the price back down. But it should be at their discretion. 
But in most common scenarios, price increases are passed on in the domain world. 

We are in the process of fully spec'ing out the Domain Manager plugin for 4.1 and would love your feedback. I want to give you a basic overview of what we're considering for the Domain Manager, and get your feedback. We want to resolve the current issues and frustrations with how domains are currently handled. Please understand that the new domain system may not include everything in the first release, but our goal is to build the proper foundation so that it can easily be improved upon in the future.
What is the Domain Manager?
The Domain Manager is a plugin that will be responsible for all things domain related. Think of the Order System, and the Support Manager which cover all things related to orders, and support, respectively.
How will I define pricing?
A pricing grid will exist, likely under Domains > TLD Pricing where the price can be set for each TLD for 1 through 10 years for Register, Renew, and Transfer. This will provide a simple pricing grid, with different price options for Register, Renew, and Transfer. Additionally, special pricing can be set on a Client Group level, which will override the default pricing.
Additionally, domain extras like ID Protect, Email Forwarding, and DNS Management will be options on a per-TLD basis and pricing can be set for these. The customer would be able to check if they want these options during checkout.
Question: Is it sufficient to have a single price of ID Protect, Email Forwarding, and DNS Management for all TLDs, or would you want the ability to set a different price for these extra options on each TLD?
Are domains services?
This is a question that has resulted in much debate internally. My personal thoughts are that domains are very unique and do not easily fit with services. I am proposing that domains be treated completely separately from services. This means there would be a separate table in the database that stores domains and information unique to domains like: Domain Name, Registrar, Status, Date Registered, Date Expires, Management Features Available, Expiration/Renewal Reminders, Last Sync Date, and whether to Auto Renew or not.
If domains are not services, they will not be listed with services. For the Staff area, I propose a new Domains widget on client profile pages. For the client area, I propose a new primary nav link called Domains. The Domain Manager would be responsible for renewing domains, and invoicing for them and services and domains would not appear on the same invoices, even if they are billed on the same day.
Question: What are your thoughts on domains not being considered services?
What about email templates?
The domain manager would create several new email templates, likely to include the following: Domain Registration, Domain Transfer Initiated, Domain Transferred, Domain Renewed, Domain Expired, Domain Renewal Notice (domains listed are going to expire in the next x days).
What about automatic things?
The Domain Manager would be responsible for the following Automation Tasks:
Send expiration emails at the reminder intervals Renew domains that are set to automatically renew Synchronize renew dates with the registrar at a given interval What about Registrar Modules?
The Domain Manager would implement its own module system, and existing registrar modules would not be compatible. The new registrar module system would be drop-in similar to the existing, but these would be enabled and configured under Domains > Registrars. New registrar modules would likely be more lightweight than current registrar modules as the plugin would implement the common features across registrars.
What management features would be available?
This will depend on the specific registrar module, but the following features would be supported:
Register, Transfer, Renew Domain (obviously) with Renew Domain being an option for Clients and Staff Manage DNS for Domain (Get, Update DNS zone records if DNS hosted by registrar) Manage Registrar Lock for Domain (Enable, Disable registrar lock) Manage Email Forwarding for Domain Manage ID Protection for domain (Enable, Disable ID Protection) Manage Contacts for Domain Whois (Registrant, Admin, Tech) Update Name Servers for Domain (Get Name Servers, Update Name Servers) Register Name Servers (Unsupported by many registrars or not commonly done by average users, may be optional for first release) What about existing registrar modules?
Existing registrar modules would be incompatible with the Domain Manager plugin. However, services using current domain registrar modules will continue to work as they do now.
Any bulk features?
We plan to have bulk features for both Staff and Clients. For Staff, under Domains > Browse Domains and under the Client Profile, Domains Widget. For Clients, under the Domains page. Bulk editing/tasks would work similar to selecting invoices for delivery with a checkbox on the left and some options to choose from like Renew Domain, Manage ID Protection, Domain Lock, Name Servers.
I'm certain I'm missing something, but wanted to give you a rough overview of what we are planning and get your feedback. Please let us know what you think!