Leaderboard

i lot of request in the forums for the full multilanguages integration in blesta . today i want to talk aboutthe URLs in blesta for multilanguages purpose use . it would be a perfect strategy if blesta can handle the multilanguages urls also , like domain.com/blesta/fr/client/login/ & domain.com/blesta/en/client/login/ ect ... domain.com/blesta/fr/order/main/index/blesta/ & domain.com/blesta/en/order/main/index/blesta/ ect ... domain.com/blesta/fr/client/plugin/support_manager/client_tickets/departments/ & domain.com/blesta/en/client/plugin/support_manager/client_tickets/departments/ ect ... when using a direct url "domain.com/blesta/client/login/" , use the default language . this behavior is for non-loggedin users . this is the best practice for SEO and multitargeting client geography . we can achieve the url usage with htaccess , but it has some limitation and also blesta can't generate urls with that format at the moments . this post is just to let blesta staff make in consideration with they will attack the multilanguages features . for reading https://support.google.com/webmasters/answer/182192?hl=en&ref_topic=2370587 .

This request is a semilar to a old request i have made , it was simple as attach a module to another module to allow service be managed by two module, each one for a specific tab . my exemple at that time was cpanel for hosting, and add softwacolous for install apps . registrar module for domains, and add DNS management for other module . if blesta can make this is really a dream .

That's incorrect. Only the hostname is sent unencrypted (by the SNI TLS extension, so the server knows which certificate it should use, if more than one site shares the IP). All HTTP communication including URL and request headers does is sent over encrypted SSL. Only problems are the GET parameters ending up in web browser history, and that URLs including GET parameters are usually logged in web server logs. Do note that this module is not the only one with security flaws regarding to GET parameters. When you enable Blesta's two-factor-authentication it submits your secret master seed code -of which all TOTP codes derive from- as GET parameter to chart.googleapis.com in order to generate a QR code of it... Reported over a year ago, but apparently it was not considered worth fixing.

Hi, The integrated support manager in Blesta is very nice. BUT : if you enable the plugin, then you need to disable many mod_security / naxsi rules just to be able to post a couple of lines in a ticket. Customers want to send very long codes, and you may ask them to send stuff like email sources, debug codes, etc... It can take a lot of time and efforts before you get a stable and secure set of mod_security / naxsi rules. We all know blesta is very secure, but it's always better to use an application firewall, like mod_security or naxsi. However, doing this can turn into a nightmare. While trying to submit codes, or any other content with special characters, your customers may see 503 error codes. That's not beautiful Some peoples may end up by doing stupid things like completely disabling mod_security while they should not. Other peoples will simply start disabling everything they see in the logs. They may disable too many rules, or whitelist too many ip's. I found a very good way to avoid 503 errors, while keeping most of your naxsi / mod_security rules intact. With theses little changes in your files, your customers will be able to copy/paste and type everything they want in a ticket textfield or subject line, and you won't need to disable all your rules. I can use the support manager plugin with only a couple rules disabled, in fact. You can re-enable most of your rules for the support plugin paths, by doing this : 1) Go to the support_manager plugin folder and open /views/default/client_tickets_reply.pdt Add the following at the end of the file, just after the ?> <script>function deleteextra() { var initVal = $(this).val(); outputVal = initVal.replace(/[^0-9a-zA-Z\n\/'@-]/g," "); if (initVal != outputVal) { $(this).val(outputVal); } }; $().ready(function(){ $("#summary").keyup(deleteextra).blur(deleteextra); $("textarea").keyup(deleteextra).blur(deleteextra); }); </script> 2) do the same in client_tickets_add.pdt And voilà You are now able to use mod_security with the support manager, on client side - you may also do the same on the admin side (in admin_tickets_add.pdt and admin_tickets_reply.pdt) What it does? When a customer will copy and paste, or type something in the ticket reply or ticket add textarea the unwanted special characters will just disappear before the ticket is submitted. It will only keep the following : @.-_ It will also remove the http:// and https:// before an url, to make sure your staff won't click on any link by mistake. i love jquery! You may want to adapt the regex to your requirements, but this work fine for us. I hope this will help someone!

Hi again Today I bring you a beautiful module for cPanel. With several improvements. Features New Statistics Design WebDisk Support Install Any Script from Blesta (Softaculous) DNS Zone Editor Email Fowarding Preview of the Hosted Site And lot more... With love <3 Update 19/08/15 Change Password issues Fixed Internal changes Available in GitHub: https://github.com/CyanDarkInc/cpanelextended Screenshoots

Perhaps Blesta is trying to set admin-c, tech-c and billing-c while those do not exist for .co.uk domains? Those should be set to contact ID -1 according to logicboxes API documentation. http://manage.logicboxes.com/kb/answer/752 The Administrative Contact of the domain name. NotePass -1 for the following TLDs: .EU .NZ .RU .UK Or perhaps it is not using the right contact type as registrant. Other modules (like eNom) also make the mistake of only having special handling for 2nd-level .uk domains, while most of these things apply equally to .co.uk.

Does have other downsides though. All the modules being totally independent are a pain if you want to translate Blesta to another language. You end up with each module having e.g. 100 translatable strings, will only 10 are really specific to that module. Would rather see inheritance being used more. And it would also be nice if it was possible to assign more than one module to a service (e.g. one main module that handles the actual server provisioning, and a completely different one to offer monitoring through Observium)

erm... no thanks PS: you took something for free (which is fine) but then you charge for it?

for update this topic, only thing that work to use a mysql grid framework in blesta template is: http://sourceforge.n...jects/lazymofo/

The tools.php file generates an encoded string used by the module, and have the algorithm to encode the string, this its the reason that its encoded. for security reasons. Im working in a new update with some improvements of the code

Config option upgrades/downgrades were added in 3.5, I would suggest upgrading and trying it again. In 3.4, when you change a config option as an admin, it should renew at the new price, but it won't charge a prorated upgrade amount (this is in 3.5).

Hi, In canada Beanstream start offer free merchant accounts so its good to have this option

is very needed, blesta can't take the europe market without thier invoicing law standard in-the-box .

I'm SUR a lot of client hs stopped moving to blesta , just for the domain management system, and the order related to it . so Im a BIG supporter for the new Domain Management system .