Paul

Issued

There probably should have been a unit test for this, point taken. We may have been able to discover and resolve the issue sooner. But lets look at what happened.. 10:15am issue reported 4:37pm hotfix issued

I have confirmed Google has changed the URL and I have assigned this to CORE-879 so we can take a look into it. Thanks for the report!

I saw this article mentioned in the ARIN mailing list recently, and found it quite interesting. http://www.renesys.com/2013/11/mitm-internet-hijacking/ Apparently, route hijacking has been on the rise in 2013. Worth the read if you have a few minutes.

I know, crazy huh.. our old forum was vbulletin 3.7, which apparently isn't affected. I never could get myself to upgrade to v4 or v5, and opted to go a different route.

Restarted the server running the forums this afternoon (around 4pm pacific time) and it wouldn't come back up.. kernel panic. ugh So, I had to restore it and we may have lost a few posts, as the most recent backup was apparently corrupt.. so the one from an hour previous was restored. We back up the forums every hour, with significant retention, and I'm considering backing up more frequently. The client area is on another server, so completely unaffected.. and that one is backed up more frequently. If we lost one of your posts, sorry about that. I'm guessing we may have lost a couple.

Disabling CSRF tokens on the login page is just a configuration file change, and will eliminate CSRF as an obstacle to logging in in a non-standard way.

There is an ongoing discussion on this here -- http://www.blesta.com/forums/index.php?/topic/1480-login-with-curl-to-blesta/

Looks good, nice work! Doesn't seem to be any call records for any of the services, so can't test all functionality but it's looking really nice.

Settings are inherited, though I don't think this would work here, but you can give it a try. You could try adding 2 rows to the company_settings table. 1. key: maintenance_mode value: true (or false) 2. key: maintenance_reason value: We are currently undergoing maintenance (or whatever you want it to say) Make sure the company_id is correct, and encrypted is 0. Try this at your own risk, I'm doubtful it will work.

If other emails are going out, then the content of this template may have issues. Check to make sure there are no invalid tags in the template in either the html or text sections. Also, make sure Settings > Company > Automation > Payment Reminders is checked, and scheduled to run at a certain time. You can cross reference the cron log under Tools > Log for this time, and see if an attempt to run it was made.

Not yet. A lot of the work has been done for a while, but there are some things we need to finish up after 3.1.

Do you have curl-ssl in your PHP? Is your firewall allowing egress port 2087 and 2086?

Interesting idea. We assumed the primary reason someone would want to put the system in maintenance mode is to perform an upgrade -- in which case, it's best if all companies are in maintenance mode. I suppose there are reasons one company would need to be in maintenance mode and not others.

We can manually add additional locations to your license if you're running it in a clustered environment. IP addresses and directory paths, though, generally you'll only have a different IP for each web server. Currently we do not recommend running Blesta in a NAT however where your web server has a local IP address. This is an issue we are working to resolve in licensing. Also, only the web server is licensed, so you can have a separate MySQL server or cluster of servers configured any way you like.

Actually.. multi-company uses the same installation, so they would be installed on the same box. You would point the docroot for each domain to the same place. You can request a dev license by opening a ticket. They are granted to anyone with an owned license.

Cody or Tyson may be able to provide a more in-depth response, but have you taken a look at events?

Hey guys, welcome!

Certainly.

Please post feature requests here. To comment on this one though, adding the ability to resend a welcome email or service activation email that there are no logs for, or that were never originally sent is something I'd like to do. It hasn't been heavily requested yet, so it's not very high on the priority list, but I think it's necessary.

You have something ready to beta test? Surprised nobody has offered to help test.

If you are trying to login to do a loginshare or something, you might want to check out events - http://docs.blesta.com/display/dev/Event+Handlers

Are you planning to use it internally only, or distribute it as well?

20% is a huge discount, surely it would cost more to use Stripe vs PayPal if Stripe users get 20% off..?

I doubt there will be time, but even if we release 3.1 without Multicraft, we can release Multicraft on the forums when it's ready. There are already going to be some other modules included with 3.1, so it wouldn't be exclusive anyway.