Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


alankru last won the day on June 30 2017

alankru had the most liked content!

About alankru

  • Rank
    Advanced Member

Profile Information

  • Gender
    Not Telling
  • Location
  1. cPanel password strength change

    Thanks Tyson. Unfortunately, I cannot decrease the strength requirement as I do not control the server. You see, with WHMCS, you can control the password complexity easily (according to the webhost). Therefore, there isn't a need for the webhost to lower the strength requirement. Additionally, as this isn't something that the webhost has purposefully increased, but is due to this change from cPanel, what would the webhost set it to... I know that it will help by adding Uppercase characters. I would also like to (potentially) increase the length of the password. Would you be able to tell me how to do that please? The documentation for the password strength calculation is here: https://documentation.cpanel.net/display/CKB/How+to+Determine+Password+Strength The document has just been created on Oct 30th! (probably due to the recent update!) Thank you.
  2. cPanel password strength change

    Thank you. What I'm confused about is that the max_length values are different and where it has "mt_rand(max($min_length, 5)" it has a min_length near a max word? Therefore, I'm confused as to which values I alter.
  3. cPanel password strength change

    Hello, I created a cPanel service the other week and let Blesta generate the password for the cPanel account - No issues. However, when Blesta is now trying to create a cPanel service and it is generating the password, I am now receiving an error response from the cPanel server, stating that the password does not meet a strength of 90. I spoke to my server host about this and they have not altered the complexity requirement. They double checked and they have a password that the other week was a password of 90 strength, now the password is registering a strength of 75. We mutually concluded that cPanel must have changed the algorithm used to calculate passed strengths. Some digging of the cPanel change log shows: It has obviously just taken a while for the release with this change in it to filter out. My thread here serves a few purposes: 1. To make the Blesta team aware of this change and potential bug (I therefore felt that the bugs forum was the best place for this topic, although I was unsure) 2. See if anyone else is experiencing the same 3. To gain instruction on how exactly to increase the complexity of the passwords that Blesta generates. On point 3, I have opened file components/modules/cpanel/cpanel.php and I find, which starts at line 1667 in v4: /** * Generates a password * * @param int $min_length The minimum character length for the password (5 or larger) * @param int $max_length The maximum character length for the password (14 or fewer) * @return string The generated password */ private function generatePassword($min_length = 10, $max_length = 14) { $pool = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()'; $pool_size = strlen($pool); $length = mt_rand(max($min_length, 5), min($max_length, 14)); $password = ''; for ($i=0; $i<$length; $i++) { $password .= substr($pool, mt_rand(0, $pool_size-1), 1); } return $password; } I can see from previous examples of passwords that Blesta generates, that Blesta does not incorporate capital (uppercase) letters. I can now see this from the above code. To increase the complexity of the passwords that Blesta generates, I feel that it is just a case of adding capital letters. To do this, please could someone tell me; is it just a case of adding in the capital letters into the $pool line? Please could someone also tell me; which part of the code controls how long the password will be? (to increase its complexity) Thank you very much.
  4. I have been using Blesta for many years (I've been storing up my feature requests for years too - sorry!) and I know that this topic comes up from time to time, however, I would like to give what I believe is a strong case as to why it should be allowed to delete clients. Firstly, I realise that it is not possible to delete clients if they have an invoice or service attached and I believe that the reason for this is for accounting purposes in particular geographic locations (one of them being the UK it would seem). However, in the UK we also need to comply with Data Protection laws. This says that we must not retain personal data for longer than necessary. See here: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-5-retention/ According to the above page, we are allowed to retain the data if required for tax returns and this will not be considered to be retained for longer than necessary. So far so good...but according to my research, HMRC says that you only need to keep your business income records (including sales invoices) for 5 years after the submission of the tax return: https://www.gov.uk/self-employed-records/how-long-to-keep-your-records Therefore, my feeling is that UK businesses should be removing the client records after 5 years of them ceasing the relationship with the business, thereby complying with the data protection act that says that you must not retain personal data for longer than necessary. This is how I interpret the law and in my opinion this makes a much stronger argument for the necessity to be able to fully delete client records from Blesta. Also submitted to: https://requests.blesta.com/topic/delete-client-for-data-protection-reasons (posted here for awareness)
  5. Search content of tickets

    I would greatly value the ability to search the content of tickets. You see, I can't quite believe that no one has suggested this yet for Blesta or WHMCS...but I want to search the content of tickets and I can't. I've taken a look at WHMCS and you can't do it with WHMCS either. Yet, it is a pretty standard feature of helpdesk software (of which I have used many). Customers never subject title their emails correctly (if at all!) and often talk about multiple issues under one ticket (which often has a vague subject line which doesn't cover it). Therefore, the need to search the messages of tickets is a must in my eyes and if it were achievable, would be a plus point for Blesta. It is possible that this hasn't been developed already because of the strain? to search ticket content, but if other software can achieve it...surely Blesta can too? Also submitted to: https://requests.blesta.com/topic/search-content-of-tickets (posted here for awareness)
  6. Backups encryption

    Given the personal data that Blesta installations hold, in line with data protection laws, it would be appropriate for the backups feature to have encryption. Whilst the servers where Blesta are installed are likely to have extra security safeguards in place, the offsite backup locations are less likely to have the same security setups. Additionally, data may be offloaded to a different organisation which can create additional complexity. If the data were packaged encrypted, only the Blesta installation owner would have access to the data, negating any data protection issues with where the data is being offloaded to as part of the backup. Also submitted to: https://requests.blesta.com/topic/backups-encryption (posted here for awareness)
  7. It would be extremely helpful to have an email notification to the admin when there are any Blesta system issues, rather than relying on the system status widget in the staff portal. Not everyone checks the staff portal daily (there isn't necessarily a need, particularly if you are a small business and you use the support tickets via email) and, for example, the crons can get stuck and therefore it can go unnoticed that there is an issue. If you don't have a lot of business, you can't rely on the fact that you haven't heard from anyone in a while.. Also submitted to: https://requests.blesta.com/topic/system-issue-email-notifications
  8. Folks, You have missed my original thread (I was the original instigator of all of this, prior to v3.2 ), whereby I have the solution for the 2 separate buttons. See here: http://www.blesta.com/forums/index.php?/topic/2532-change-paypal-buttons/?p=19943 Everything is visually perfect with the buttons that I am using, see my screenshots and explanation... IMO, those are the buttons to use.
  9. wfitg alluded to this; we have to be careful to still comply with the EU Consumer rights directive when making our own buttons. The buttons need to be clear that there is an obligation to pay. As in my original topic, the PayPal buttons that I changed mine to say "Pay now" and "subscribe" (it would be better for the button to say "subscribe and pay" but I don't have much of a choice in order to keep consistency). I appreciate that PayPal/non-merchant gateways are likely to be doing some of this obligation for us on subsequent pages, but it is best to be absolutely clear so that there is no room for error. I also agree with Jonathan that it would be best to mention the non-merchant gateway being used. Therefore, taking all of this into consideration, Cody's quoted suggestion in the original post (from my original topic here), is the best: Cody, on 16 Jun 2014 - 4:45 PM, said:
  10. Is It Necessary To Backup The "uploads" Directory

    Thank you very much for the clarification and explanation Paul.
  11. Is It Necessary To Backup The "uploads" Directory

    Ah, the config/blesta.php file also; I hadn't realised that was also necessary, but I can see why. I'm trying to cover all bases for a disaster recovery. Thank you for your response.
  12. Hello, On top of the database, is it also necessary to backup the "uploads" folder? as there appears to be some data in there relating to support tickets (attachments it seems) along with the invoice logo. So if I were to restore the database only, would the attachments and invoice logo not be missing? Thanks!
  13. Cannot Configure Sftp Backup On Https

    Hi Paul, Thank you very much for your help. Due to an unrelated issue, my webhost has moved my account to another server. Consequently, the SFTP backup settings are now saving correctly and I have successfully sent a backup offsite. So it must have been something about the server that my account was previously on (both servers appear to be setup very similarly with CageFS). Really odd, but I am relived that it is now working. Thanks for everyone's help and sorry to have wasted your time as this is not a bug.
  14. Cannot Configure Sftp Backup On Https

    Sorry, it's CloudLinux/cPanel/Apache. No Cloudflare. Thanks Paul but I don't have this installed.
  15. Cannot Configure Sftp Backup On Https

    My Blesta install is v3.4.3 with PHP 5.4 & 10.0.18-MariaDB. Importantly, I am using Blesta on https. I am using Windows 7. I am unable to configure my SFTP backup settings (Settings -> System -> Backup -> Secure FTP) on the page https://mydomain.com/admin/settings/system/backup/ftp/. I enter all of the details and click on the Update Settings button. In Google Chrome, I am then redirected back to the root address of the client portal (ie. https://mydomain.com/) and my settings are not saved. Additionally, in Google Chrome, I am unable to press "test these settings" because Google Chrome is blocking a script from an unauthenticated source (see screenshot). If I use Internet Explorer, and press to "test these settings", nothing happens. If I enter the backup details and then click on the Update Settings button, I am also redirected back to the root address of the client portal and the settings are not saved. I have a development install of Blesta on non-https (admittedly it is also on a different server) and I can test and save the connection details without issue using Google Chrome. You will see from the attached screenshot that there appears to be a bug in that the script regarding the "test these settings" is trying to load from the non-https address of my Blesta install. Consequently, I am unable to take an automated Backup of my Blesta install, which is quite an issue for me at present. Thank you for your help.