Jump to content

Alk

Members
  • Posts

    146
  • Joined

  • Last visited

  • Days Won

    6

Everything posted by Alk

  1. Hello, I created a cPanel service the other week and let Blesta generate the password for the cPanel account - No issues. However, when Blesta is now trying to create a cPanel service and it is generating the password, I am now receiving an error response from the cPanel server, stating that the password does not meet a strength of 90. I spoke to my server host about this and they have not altered the complexity requirement. They double checked and they have a password that the other week was a password of 90 strength, now the password is registering a strength of 75. We mutually concluded that cPanel must have changed the algorithm used to calculate passed strengths. Some digging of the cPanel change log shows: It has obviously just taken a while for the release with this change in it to filter out. My thread here serves a few purposes: 1. To make the Blesta team aware of this change and potential bug (I therefore felt that the bugs forum was the best place for this topic, although I was unsure) 2. See if anyone else is experiencing the same 3. To gain instruction on how exactly to increase the complexity of the passwords that Blesta generates. On point 3, I have opened file components/modules/cpanel/cpanel.php and I find, which starts at line 1667 in v4: /** * Generates a password * * @param int $min_length The minimum character length for the password (5 or larger) * @param int $max_length The maximum character length for the password (14 or fewer) * @return string The generated password */ private function generatePassword($min_length = 10, $max_length = 14) { $pool = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()'; $pool_size = strlen($pool); $length = mt_rand(max($min_length, 5), min($max_length, 14)); $password = ''; for ($i=0; $i<$length; $i++) { $password .= substr($pool, mt_rand(0, $pool_size-1), 1); } return $password; } I can see from previous examples of passwords that Blesta generates, that Blesta does not incorporate capital (uppercase) letters. I can now see this from the above code. To increase the complexity of the passwords that Blesta generates, I feel that it is just a case of adding capital letters. To do this, please could someone tell me; is it just a case of adding in the capital letters into the $pool line? Please could someone also tell me; which part of the code controls how long the password will be? (to increase its complexity) Thank you very much.
  2. I have been using Blesta for many years (I've been storing up my feature requests for years too - sorry!) and I know that this topic comes up from time to time, however, I would like to give what I believe is a strong case as to why it should be allowed to delete clients. Firstly, I realise that it is not possible to delete clients if they have an invoice or service attached and I believe that the reason for this is for accounting purposes in particular geographic locations (one of them being the UK it would seem). However, in the UK we also need to comply with Data Protection laws. This says that we must not retain personal data for longer than necessary. See here: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-5-retention/ According to the above page, we are allowed to retain the data if required for tax returns and this will not be considered to be retained for longer than necessary. So far so good...but according to my research, HMRC says that you only need to keep your business income records (including sales invoices) for 5 years after the submission of the tax return: https://www.gov.uk/self-employed-records/how-long-to-keep-your-records Therefore, my feeling is that UK businesses should be removing the client records after 5 years of them ceasing the relationship with the business, thereby complying with the data protection act that says that you must not retain personal data for longer than necessary. This is how I interpret the law and in my opinion this makes a much stronger argument for the necessity to be able to fully delete client records from Blesta. Also submitted to: https://requests.blesta.com/topic/delete-client-for-data-protection-reasons (posted here for awareness)
  3. I would greatly value the ability to search the content of tickets. You see, I can't quite believe that no one has suggested this yet for Blesta or WHMCS...but I want to search the content of tickets and I can't. I've taken a look at WHMCS and you can't do it with WHMCS either. Yet, it is a pretty standard feature of helpdesk software (of which I have used many). Customers never subject title their emails correctly (if at all!) and often talk about multiple issues under one ticket (which often has a vague subject line which doesn't cover it). Therefore, the need to search the messages of tickets is a must in my eyes and if it were achievable, would be a plus point for Blesta. It is possible that this hasn't been developed already because of the strain? to search ticket content, but if other software can achieve it...surely Blesta can too? Also submitted to: https://requests.blesta.com/topic/search-content-of-tickets (posted here for awareness)
  4. Given the personal data that Blesta installations hold, in line with data protection laws, it would be appropriate for the backups feature to have encryption. Whilst the servers where Blesta are installed are likely to have extra security safeguards in place, the offsite backup locations are less likely to have the same security setups. Additionally, data may be offloaded to a different organisation which can create additional complexity. If the data were packaged encrypted, only the Blesta installation owner would have access to the data, negating any data protection issues with where the data is being offloaded to as part of the backup. Also submitted to: https://requests.blesta.com/topic/backups-encryption (posted here for awareness)
  5. It would be extremely helpful to have an email notification to the admin when there are any Blesta system issues, rather than relying on the system status widget in the staff portal. Not everyone checks the staff portal daily (there isn't necessarily a need, particularly if you are a small business and you use the support tickets via email) and, for example, the crons can get stuck and therefore it can go unnoticed that there is an issue. If you don't have a lot of business, you can't rely on the fact that you haven't heard from anyone in a while.. Also submitted to: https://requests.blesta.com/topic/system-issue-email-notifications
  6. Folks, You have missed my original thread (I was the original instigator of all of this, prior to v3.2 ), whereby I have the solution for the 2 separate buttons. See here: http://www.blesta.com/forums/index.php?/topic/2532-change-paypal-buttons/?p=19943 Everything is visually perfect with the buttons that I am using, see my screenshots and explanation... IMO, those are the buttons to use.
  7. wfitg alluded to this; we have to be careful to still comply with the EU Consumer rights directive when making our own buttons. The buttons need to be clear that there is an obligation to pay. As in my original topic, the PayPal buttons that I changed mine to say "Pay now" and "subscribe" (it would be better for the button to say "subscribe and pay" but I don't have much of a choice in order to keep consistency). I appreciate that PayPal/non-merchant gateways are likely to be doing some of this obligation for us on subsequent pages, but it is best to be absolutely clear so that there is no room for error. I also agree with Jonathan that it would be best to mention the non-merchant gateway being used. Therefore, taking all of this into consideration, Cody's quoted suggestion in the original post (from my original topic here), is the best: Cody, on 16 Jun 2014 - 4:45 PM, said:
  8. Thank you very much for the clarification and explanation Paul.
  9. Ah, the config/blesta.php file also; I hadn't realised that was also necessary, but I can see why. I'm trying to cover all bases for a disaster recovery. Thank you for your response.
  10. Hello, On top of the database, is it also necessary to backup the "uploads" folder? as there appears to be some data in there relating to support tickets (attachments it seems) along with the invoice logo. So if I were to restore the database only, would the attachments and invoice logo not be missing? Thanks!
  11. Hi Paul, Thank you very much for your help. Due to an unrelated issue, my webhost has moved my account to another server. Consequently, the SFTP backup settings are now saving correctly and I have successfully sent a backup offsite. So it must have been something about the server that my account was previously on (both servers appear to be setup very similarly with CageFS). Really odd, but I am relived that it is now working. Thanks for everyone's help and sorry to have wasted your time as this is not a bug.
  12. Sorry, it's CloudLinux/cPanel/Apache. No Cloudflare. Thanks Paul but I don't have this installed.
  13. My Blesta install is v3.4.3 with PHP 5.4 & 10.0.18-MariaDB. Importantly, I am using Blesta on https. I am using Windows 7. I am unable to configure my SFTP backup settings (Settings -> System -> Backup -> Secure FTP) on the page https://mydomain.com/admin/settings/system/backup/ftp/. I enter all of the details and click on the Update Settings button. In Google Chrome, I am then redirected back to the root address of the client portal (ie. https://mydomain.com/) and my settings are not saved. Additionally, in Google Chrome, I am unable to press "test these settings" because Google Chrome is blocking a script from an unauthenticated source (see screenshot). If I use Internet Explorer, and press to "test these settings", nothing happens. If I enter the backup details and then click on the Update Settings button, I am also redirected back to the root address of the client portal and the settings are not saved. I have a development install of Blesta on non-https (admittedly it is also on a different server) and I can test and save the connection details without issue using Google Chrome. You will see from the attached screenshot that there appears to be a bug in that the script regarding the "test these settings" is trying to load from the non-https address of my Blesta install. Consequently, I am unable to take an automated Backup of my Blesta install, which is quite an issue for me at present. Thank you for your help.
  14. Alk

    Hidden Ticket

    Perfect, thanks Tyson and sorry for my late reply.
  15. Alk

    Hidden Ticket

    Yes, sorry if this was not clear. Open a new ticket with some text Now update the ticket with an internal note Update the ticket again with a 2nd internal note Now go back to the ticket and tick the 2 internal notes and choose to split the ticket Now go back to the ticket list and you will find that whereas you used to have 1 ticket open, the ticket total on the tab will now show 2 (depending on what the original ticket's status was) - see screenshot. Lookup in the database and you will find the split ticket, yet it is not shown in the GUI.
  16. Alk

    Hidden Ticket

    Thank you Mike, but I was already aware that notes are for internal use (ie. staff only).
  17. Alk

    Hidden Ticket

    I had some notes in the ticket, intermixed with the customer's replies that shouldn't be in the ticket any more (the notes would cause confusion when referring to the ticket in the future). I really wanted to delete the internal notes but as you cannot delete individual messages/replies in tickets, I thought that by splitting the specific internal notes off to a new ticket, I would subsequently be able to close this newly created ticket, thereby removing the notes from the conversation. I hope that this is now clear.
  18. Alk

    Hidden Ticket

    Thank you, but I'm afraid that I disagree and I feel that it is a bug. It's not permissions - please see that this issue arose from splitting off internal notes in a ticket. The new ticket is now made up of internal notes, but it is hidden (which makes some sense in a way; sort of). Blesta shouldn't have allowed me to do this if it is not designed to do so. I now know not to do this, but that is not the point, so I thought that I should report the issue nonetheless.
  19. Alk

    Hidden Ticket

    My support manager shows that I have a ticket with status "awaiting reply". However, when I click on the "awaiting reply (1)" status tab, there are no tickets to show (it states "There are currently no tickets with this status.)". Upon investigation in the database, I can see that the issue was caused when I split ticket notes to a new ticket (I wanted to delete the ticket notes and thought that this was the best way to do this as I subsequently intended to delete the newly created ticket). Whilst the ticket notes have formed a new ticket in the database with the original ticket's subject and status, I cannot actually get to the ticket in the UI. Using Blesta 3.4.2.
  20. Thank you so much for clearing this up Tyson - appreciate it!
  21. Thanks for your reply. Perhaps that is where there is confusion, because the tickbox now appears for all email templates. As I said, testing has proved that it doesn't do anything for support tickets. Still not sure what the tickbox is about...
  22. Please could someone explain to me what the new "Include any attachments" tickbox does in email templates? Because I have tested with both it ticked and unticked and it doesn't seem to do anything. Incidentally, I have already included the new email attachment tags as per CORE-1274. Thank you.
  23. Thank you all, I did understand it this way.
  24. Great stuff - thanks for answering my question mate.
  25. This is difficult to explain, so I have a screenshot: When you look at your list of tickets in Support Manager, the rows are all different colours, such as Blue, Grey, White. I cannot determine what the row colours are based on though? Could anyone tell me please? Thanks!
×
×
  • Create New...