Leaderboard

This made me laugh so much I was in tears haha... Come on I had to share it haha

lol, im going to finish the last lines of code on Thusday, to trie to relase on nex week

HSTS has to be configured domain wide, so should only be done via server config, not application specific. I'm not sure many people install only Blesta on their domain.

I have a barebones plugin for wordpress that I finished last night. I'll push it to github tonight most likely. If people have other systems they want plugins for I will gladly make them as it isn't a difficult task fortunately.

Supporting 3rd Party CMS integration has nothing to do with a billing system. It's normally those 3rd Party CMS's that start that integration process, not the other way around. Blesta 3 is only about a year old, and I'm 100% happy that the devs are not wasting their time on doing stuff like this. It's a billing system, their focus should be on making the BILLING features top notch, and then worry about integration with 3rd party applications later...specially applications like CMS's that aren't specifically related in anyway. Integration with domain resellers, payment gateways, etc...those are things that a billing system SHOULD have...integration with CMS's?...completely optional and not required. The product works just fine, I think it's your expectations of what should come with a BILLING system is what's flawed. And your mention of open source, you do realize that Blesta is already 99%+ open source right, the only thing that isn't open source is the licensing files...and it's way more than "half baked". Blesta is built around a plugin/module system for a reason...and that is to make it easy for the open source community to do exactly the types of modules you are wanting.

It sounds like everything you want done are things that the host should be doing mainly or are configurations that you can do to the server.

I was just wondering why the configurable options and addon packages don't have descriptions to explain what they are for. So I would like to open a feature request to have a ? next to or a line underneath the title with the description set.

How can I register domain from client panel?

How can I mark domain as registered?

A new email template will be in v3.4 that will be used to send these non-merchant gateway payment receipts.

There are also other reasons than non-payment for which you need to be able to write out credit notes, and pro-forma does not help with those. E.g. when a customer returns goods to your store, or for any other reason that warrants a refund. === Here you do are allowed to use the regular "tax invoice" template, and maintain the normal invoice numbering. Only need to put negative quantities and negative total on the invoice, and add a note saying it is a credit note, correcting invoice # 123 dated $date. Problem is that Blesta doesn't accept negative quantities by default though (got rid of that verification rule in my patch, along with adding a "void and create credit note" button).

Ok, the latest version is available here - https://account.blesta.com/client/plugin/download_manager/client_main/index/5/ Make sure you're logged in. You want license_manager-2014-09-26.zip, make sure you back up everything first. Once you overwrite the license manager plugin and the license module, be sure to go to Settings > Company > Plugins and Modules and click to upgrade them.

All patched up again today, after getting all patched up yesterday. If there's another patch to fix the previous patches I'm going to start drawing some parallels.

lol yes, i make the mistake of saying that OpenSSL[heartbleed], (that can be installed on any OS), was Linux fault

I think so too, just went through updating 8 servers, all of the interworx ones were already complete.

Just to raise the mood in Blesta Foruns, a new reformulated (by me) joke because of the lates security breaches: Three male programmers were in the bathroom standing at the urinals. The first programmer finishes, walks over to the sink to wash his hands. He then proceeds to dry his hands very carefully. He uses paper towel after paper towel and ensures that every single spot of water on his hands is dried. Turning to the other two, he says, "At Windows, we are trained to be extremely thorough." The second programmer finishes his task at the urinal and he proceeds to wash his hands. He uses a single paper towel and makes sure that he dries his hands using every available portion of the paper towel. He turns and says, "At Macintosh not only are we trained to be extremely thorough but we are also trained to be extremely efficient." The third programmer finished and walks straight for the door, shouting over his shoulder. "At RedHat, we sometimes PISS on our hands, like in heartbleed, and the recent shellshock, but we trie hard not to"

Im out of "Like This" since the morning on Blesta Foruns, lol, So I have to reply to Say "PauloV Like This"

Easy thing to do

1º- How to sell an Online Automated Hosting Billing System? 2º- What can we offer that outhers dont alredy offer? This is the right questions Blesta is not selling a services, he is selling a master pice of software, and like a great painting or a great car, it has to get the best of best Wen you buy a new Car you dont want to drive in a dirt road with alot of holes (only if you buy an offroad car lol) Wen you buy a painting (for paintig art lovers), you dont want to put in a wall that dosent hold the painting Wen someone buys Blesta, they dont want to run in a server with a minimum of PHP 5.1 It seams today am a bit inspired lol, I have to make a break and drink a coffee Im going to catch the nex flight to UK and invite Mike to go to Starbucks or any outher popular Coffee Shop in UK

Nothing to see here. Move along..... had the incorrect paypal address set for the sandbox account.

I would be wary of using online tools to check for this vulnerability...as there is no way to tell which ones truly have your best interest in mind, and which ones are just trying to gather a list of vulnerable systems to sell to the highest bidder. It's easy enough to test for this on the server itself, without having to worry about a third party trying to exploit your server (which is what all of these tests are doing...). Just my opinion though.

@ Licensecart: Trying to refrase it again to make "the point" Anyone that install Blesta, has the professional obligation to use a separeted VPS or Dedicated Server or Isolated Hosting Enviorment to be able to secure data and use the latest stable PHP and MySQL and outher security measures. (wen i talk latest stable, im not talking about PHP 5.5 or PHP 5.6, but at the minimum the PHP 5.3, and not PHP 5.1 or PHP 5.2 that are very insecure comparing with the new ones) Or you are you trying to say that you have Blesta installed on a none VPS, none Dedicated Server or none Isolated Enviorment that you cant install/activate the latest satable PHP and MySQL? Blesta or any outher billing sistem has to be isolated from the rest of the buisness or data is more insecure, and is our responsability to have it secured enough For exemple, if you have a main web site and Blesta, if the main website is for exemple a popular CMS (Wordpress, Joomla, outher), and the CMS dosent work correctly on PHP => 5.3, then you have to update your CMS or at least put the CMS in anouther enviorment to able to Blesta be installed with the minimum PHP requirements. @Paul, @Tyson, @Cody: Please update the minimum PHP requirement (PHP => 5.3) or the competitours and jealous clients will use that argument to attack Blesta Security. Blesta is known to be the most, clean, secure, and stable, we have to continue to fight to be the best of best and not loose any reputation Is just my opinion

They fixed both CVE-'s today so ensure it says: Use: yum list installed | grep bash Should see: bash.x86_64 4.1.2-15.el6_5.2 @updates ------ Downloading Packages: bash-4.1.2-15.el6_5.2.x86_64.rpm | 905 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : bash-4.1.2-15.el6_5.2.x86_64 1/2 Cleanup : bash-4.1.2-15.el6_5.1.x86_64 2/2 Verifying : bash-4.1.2-15.el6_5.2.x86_64 1/2 Verifying : bash-4.1.2-15.el6_5.1.x86_64 2/2 Updated: bash.x86_64 0:4.1.2-15.el6_5.2

Ok, seems the issue was because the from address wasn't a real email address; once I changed it to a real email address it worked fine.

If you set the order form you can use the direct url to place a order or make it the default order form and when you have the portal installed you can click order and go straight to the order page.

Paul can help you with that.

There is the code for WHMCS that could possibly be used a guide. I would do it if I had the time.

I don't think HSTS should be enabled by default. It's great and I use it myself but it's not something you can just disable if you don't want it.

I meant, what explicitly do you think we should consider? safe mode added in 5.4? What's else? Blesta already uses HTTPOnly. Secure cookies isn't feasible because not everyone forces SSL. That's why I'm asking, specifically, what options you think Blesta should support.

Completely agree, that was my point earlier, but I understand Blesta wanting to reach a maximum number of potential of customers and at the end of the day, it's more about secure coding practices. It's all about reducing your attack surface and indeed, upgrading to PHP 5.6 days after its release is non-sense. It requires more testing, debugging, etc. Imagine that you have to write twice as much code or rely on twice the libraries because older versions have problems. It's a lot more code to audit.

Right, and who uses Centos, Ubuntu etc and what happens... BASH Security... now was you using the latest one? I bet you was... now tell me everything is secure with the latest stuff.. not everyone wants to use the newest PHP or MySQL. Not everyone wants to jump head first in the deep end. Look at all the WHM** fans out there using inseucre software, and they are all webhosts and professionals too. And even some of them don't jump head first to the newest *Secure* version.

good idea .... with github all will participate in transalation and correct defition is is wrong .

The Refunded status will be in v3.4

Why don't you put the translation editor code to github and let the community help out. This way you can concentrate on the core of Blesta and we can worry about the translation editor.

Anyone send you the decoded file? The ISP is telling me they are aware of the police investigation. I'm curious how it turns out, and wish you the best of luck.

I may move some beta threads over before I close the forum. I'm in no hurry to close the forum right now as it's the typical post-release rush of tickets and am pretty busy. So... feature requests that have not been implemented, and bug fixes that have not been fixed?