cloudrck

I don't think you understand, this isn't a simple form issue. Let's take a look at how the token is generated. public function getCsrfToken($key) { $session_id = session_id(); // Prefer computing CSRF using HMAC if (function_exists("hash_hmac")) return hash_hmac("sha256", $session_id, $key); // Sha256 hash is the next best thing if (function_exists("hash")) return hash("sha256", $key . $session_id); // Regretably, fallback to md5 return md5($key . $session_id); Verifying is simple public function verifyCsrfToken($key = null, $csrf_token = null) { if ($key == null) $key = $this->csrf_token_key; if ($csrf_token === null && isset($_POST[$this->csrf_token_name])) $csrf_token = $_POST[$this->csrf_token_name]; return $this->getCsrfToken($key) == $csrf_token; } The installer shouldn't have anything to do with it. What do your error logs say? PHP should be throwing some sort of error if you are missing something So what are you running? OS, PHP version, openssl, etc..

You've provided no substance to back any of your statements. All you've done is copy and paste what an inaccurate website said in addition to posting statistics of software versions. (rookie move?) Please explain how a tag effects anything.

If you knew how to decode/unobfuscate javascript or malware, it would take 10 seconds to realize it's to encode their email address from spam bots. You can't depend on automated webapps for reliable malware scanning. They are only good at giving unexperienced people a false sense of security. Explain. What's signifcant about this data?

I'll happily test it.

If you can code and know electrical theory than skys the limit. I have some code in my Github deal with the Arduino. There is also the BeagleBone/BeagleBoard line and WandBoard. I've used a BeagleBone A6, it worked well enough for reading sensors, not media though. The $45 BeagleBone Black is supposedly more powerful than the Pi. Source Texas Instruments has been investing in the embedded linux scene lately.

That's what I've been waiting to hear.

I don't have a Rasberry Pi, I opted for something with more power and went with the PandaBoard from Texas Instruments. They have opensource graphic drivers for Ubuntu, so I can play full 1080p MKV files perfectly fine. In addition to using it as a media server, you can setup a VPN tunnel, hook up various sensors (temperature, ambient light, CO2, water flow, etc.). Home automation seems to be gaining ground. I have an Arduino that talks to my Pandaboard sending data from it's sensors. I'm sure you can accomplish the samething with a Raspberry Pi.

Using the Universal Module, services that customers order which are in the Review queue can not be deleted. They can be activated, but can no longer be deleted. This worked fine before, I'm not sure which update broke it. No error messages, it goes through the popup Are you sure you want to delete this service?, I select YES, but it never actually deletes it. Blesta v 3.0.4 PHP5.4 MariaDB 5.5 Nginx 1.4

No works fine for me. What is your OS and Webserver Do you have the rewrite rules set? What URL is sent in the email?

Because you didn't tell cron not to. I would append the following the the end to receive only error emails. http://www.mydigitallife.info/cron-differences-between-devnull-21-and-devnull/ This isn't a bug btw, this is the expected results. So it makes sense to set it back to run every 5mins and send the emails to /dev/null (aka black hole)

Thanks for settign things straight. I wasn't exactly sure how Blesta handled such incidents.

Never knew that such a widget existed, so I never had it active. But this particular transaction doesn't show up because the account was never created, nor was an order placed/invoiced. Blesta/Maxmind didn't allow the order to go through past the account creation screen. So the fraud details aren't in Blesta I had to login to Maxmind.

Besides checking Maxmind, is there anything in Blesta that logs a hint towards the rejection?

The score of the order was 99 and I have the following settings. So it's obviously above the 80 threshold. There was no country mismatch, risk country or anonymous proxy. But the email was labled as a carder email. So why does Blesta not allow me to review the order if it's a carder email.

But if I have mines set to review all, than why would an order get rejected? I don't want any orders rejected, Maxmind isn't perfect, I want Maxmind to simply score them, and if it's too high of a risk I should be able to manually review it.

I left it at the stock 80. What should I increase it to, if I set it any higher I don't see the point in using Maxmind. Shouldn't Blesta still create the account and order, than allow me to review the it? That's what I have configured.

Select One package, fill out details Hit Continue Hit Order More Items Select same package type Fill out details Hit Continue Hit Checkout Fill out account info Hit Create Account Error is shown

Using the Universal module, ordering one service/package works fine. But when trying to order two, it does not get past the account creation screen. PHP5.4 MariaDB 5.5 Nginx 1.4 I only have Maxmind active

Fantastic, the fix you applied appears to work as designed.

Thanks for re-opening this issue. Sorry it took me so long to file a bug report with MariaDB, I got side tracked to say the least.

I can verify that the suggestion by the dev to set works But this isn't the ideal method and there needs to be a change in the query itself. Doesn't seem like a bug with MariaDB as we once thought

As per my previous bug report, I have finally gotten around to filling a bug report with MariaDB. They are pretty fast in dealing with reports, so it's making some progress. And I thought I would post what one of the developers said about Blesta's handling of this specific query. https://mariadb.atlassian.net/browse/MDEV-5049 I'm going to try the dev's suggestion today when I get time and see what happens.

I'm using Stripe and have never come across this issue, but I've never tried a 50% coupon Because Stripe requires an integer. https://stripe.com/docs/api#plan_object And as stated 397.5 is not an integer.

I don't use Windows often, but it could possibly be a conflict with Firefox plugins

Okay, thanks for the clarification