Leaderboard

Let me know what you think of this CORE-2222 It includes a provision for an additional functionality change whereby new customers will not have access to the client area until their order is approved. Having a 4th status makes this possible.

5.6 is currently supported: [root@server ~]# php -v PHP 5.6.23 (cli) (built: Jun 22 2016 08:56:52) Copyright (c) 1997-2016 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v5.1.2, Copyright (c) 2002-2016, by ionCube Ltd. [root@server ~]# 7.0 the ioncube guys need to fix something in the beta first.

There's 2 or 3 that actually need to get done for beta. We're working on it, will be done soon. Updating minPHP and a couple other tasks were really involved, and required some refactoring and creation of new libraries. So, taking longer than expected, but almost there

Blesta: Stripe (plus) Gateway Forked version of the original Stripe gateway which includes updated offsite storage and ACH payments. Some of the feature/bug requests this updated gateway resolves are listed below: http://www.blesta.com/forums/index.php?/topic/6224-latest-stripe-api-with-blesta-361/ http://www.blesta.com/forums/index.php?/topic/6089-stripe-invoice-number-in-description/ http://www.blesta.com/forums/index.php?/topic/5812-stripe-ach/ http://www.blesta.com/forums/index.php?/topic/5760-stripe-error-401-when-customer-attempts-charge/ Installation Download the latest release version from https://github.com/nodecraft/stripe_plus_gateway/releases and then simply upload the stripe_plus_gateway folder to ~/components/gateways/merchant directory on your Blesta installation. Feature changes from Original Gateway This gateway has been rewritten from the original version which was distributed with Blesta. The major changes are as follows: Only creates one Stripe Customer per Client Contact, rather than one Stripe Customer per Credit Card Only supports offsite card storage, onsite storage is removed Supports ACH payments* Updated Stripe API PHP SDK to version 3.14.2 Utilizes Stripe API Version 2016-06-15 Adds API key environment selection (test vs live) Updated Currency list to Stripe Documentation Does not utilize Blesta's $client_reference_id lookup to Stripe customer ID. This can cause multiple customer accounts if the user deletes all payment methods. Uses added MySQL table stripe_plus_meta Pros: Prevents your Stripe account from having "dead" data by attaching one customer per payment source. This enhances your ability to fight fraud. Added security by preventing payment source information from being stored locally Cons: *ACH Payments by Stripe require "verification" before payments are accepted. Blesta does not provide any methods for this process to take place. You will need to manually verify the bank account with your customer until this is improved or a plugin created. Roadmap: Add ACH verification if Blesta implements methods on Gateway Download: https://github.com/nodecraft/stripe_plus_gateway Issues/feature requests: https://github.com/nodecraft/stripe_plus_gateway/issues

Blesta: Janitor Small Blesta plugin to automate cleaning of abandoned orders, invoices, and services. Installation Download the latest release version from our releases and then simply upload the janitor folder to ~/plugins directory on your Blesta installation. How it Works: Janitor creates two cron entries which can be configured both by the cron settings and by the direct plugin settings. All of the plugin’s settings are based on the time the order was created. It may be important that you not cleanup and cancel at the same interval if you expect the orders to be marked as cancelled for any amount of time. Both cron tasks will never cleanup any orders or services which meeting the following criteria: The order’s invoice has any amount paid towards it. The order’s service is active or already cancelled. The order’s invoice is completely paid and is already closed (database: invoices.invoice_date_closed) Cron Task: Cancel Abandoned Orders This task is designed to strictly check for open orders which have never had any payments attached to them. First, the task will cancel the order and then next, it will void the invoice with a message as described in the language file. This cron task will also cancel any services attached to the order. This part of the cron intentionally leaves orders, invoices, and services in the database, in the possible event of this data being used by sales automation, etc. Cleanup Order Database This task is designed to completely delete all related database entries related to the order. It will remove the orders database entry, the order_services entry, and provides you the option to either leave the services as marked cancelled, or completely delete the service from the database via the plugins options. Only canceled services will be deleted if this option is set. If the service on this task is any other status than canceled, as set in the ‘Cancel Abandoned Orders’ cron task, it will ignore the service entirely. Download: https://github.com/nodecraft/janitor/releases Issues/feature requests: https://github.com/nodecraft/janitor/issues

http://www.webhostingtalk.com/showthread.php?t=1584028 I know quite a few people over here have accounts on WHT, just wanted to make sure everyone saw this so they can change their passwords if they haven't.

The issue has been addressed in CORE-2221. The decided upon solution was to prevent pending services from making any cancellation calls to the module when they are canceled. This makes sense because when a user(admin or client) adds a pending service blesta will not make creation call to the module.

I love the Active/Inactive/Fraud feature of Blesta, and it helps deal with fraud accounts. However, it's hard for us to use the inactive status because it will lock a user completely out of their account. I would like to see something implemented where if a user is marked inactive, they basically get a read-only view of their account (past invoices, tickets and transactions) and nothing more. Maybe it can be a company wide setting of what actions they are able to do with an inactive account. The reason this would be necessary is because we are planning on integrating authentication for various systems into Blesta. We would like inactive clients to still be able to see a 'frozen' version of their account, but not access other resources, etc. Additionally, a company wide option to allow the user to re-activate their account upon purchase of a new service would be good so that if someone leaves, they do not have to open a new account to come back. Maybe a system to auto inactivate clients accounts who have no active services, open invoices, or open tickets would be a part of this as well?

Ah, that's right. Thank you for the clarification!

You're not losing your marbles. It's added as a "public note" on the invoice, which can be seen under the collapsible "Notes" section via the "Edit Invoice" UI within Blesta.

We have released version 1.0.2 of this gateway today, which patches a small bug that prevented users from making "credit payments", and depositing funds not applicable to any invoice. We also took the opportunity to update the Stripe PHP SDK version, which patches a few issues. Full changelog: https://github.com/nodecraft/stripe_plus_gateway/blob/master/CHANGELOG.md Download the latest version at https://github.com/nodecraft/stripe_plus_gateway/releases

Correct.

Good to know. Do you have to apply the 5.5 hotfix for it to be compatible with 5.6? When I saw '5.5 hotfix' I just assumed 5.6 was not supported yet. I was looking at the PHP site today and got a good laugh, because 5.6 is going to have support longer than 7.0 when it comes to security updates. As long as I can get it to work on 5.6 I will be one happy person

contact a developer and send the gateway API .

I don't think Blesta has a module for ipay88. You could either write the module yourself, contact ipay88 and see if they would write it, or find a Blesta developer who could write it for you.

this can be done with a simple plugin ...... please remind me after ~20 days , i will code it for you free

Yep, it's called damage control, and it's shady. People miss it, and don't change their password at other sites if they used the same one. It made me reset my password today but I couldn't log in on the page it directs you to, totally broken. Probably why not many people logged in right now.

Hello, Thanks for the warning, I was distracted this days and didnt notice the Hack, time to update passwords once again Luckly all are diferent WebHostingTalk is/was to quiet lol only yesterday they started anounce on a Post with a strange title lol "Security Update for Registered Users" insted "Security Breach at WebHostingTalk" Like this one in 2009 http://www.webhostingtalk.com/showthread.php?t=729362

We were able to duplicate the issue, and have someone working on it.

Blesta has some rate limiting built in, if you're using piping then it should not respond after, I believe the 5th email or so within a given period of time, which will kill the loop. Don't you love it when someone signs up with an email address that goes to their support system, and then opens tickets?

Deleting a pending service deletes it within Blesta only, and does not make a module call to perform a cancel action. Whenever performing actions on a service, look for the "Use Module" option. If it exists, you can uncheck it to ensure that the action isn't made via the API. This does not exist for deleting pending services though, and will not delete the service on WHM/cPanel.

Awesome to see that this has been completed. Thank you!

Just read through some of the posts in that WHT thread... they were using MD5 passwords?!! Seriously. They might as well be plain text. We switched to bcrypt, HMAC-SHA-256 hashes in Blesta 3.0 years ago and wrote about it a year before v3 was released here - http://www.blesta.com/2012/08/17/blesta-3-0-more-on-security-video-2/ Nobody learns, and big companies like Penton have no excuses. They have the means.

Last time I cheked it is not just WHT but complete databases from 4 of 5 Penton's websites....all user data from these 4 websites are available....e-mails,usernames, ..and other profile fields stored in DB .. till now about 60% of passwords are decrypted..the rest is not decrypted yet..probably passwords from users who used harder passwords I read somewhere that all user will have to use reset pass link but I didn't see it on published on WHT but I couldn't log in with mine so I suppose it is true.. To be hones when you lok all penton's sites...one wordpress 3.9 second W.P 4.x.x version , vBulletin 4...must feel like in museum,maybe this is not reason but just fact that they use outdated version will make them targeted much more . I understand that such big user base is not easy to upgrade but they should have resouce for this..or they just worry for income..

Testing should occur in a non-production environment with a trial or dev license Manually manipulating imported data can be done directly in the database, if you know what you're doing. This doesn't exist in Blesta as a feature, because it's not a normal function of the application. Someone could certainly create a plugin to allow invoices to be wiped out, but many localities do not allow this kind of behavior, so Blesta doesn't support it.