Leaderboard

Enjoy

Hi, I have this theme in my computer about half year, this theme is of a cancelled project and I will not use the theme anymore, for this I will decided share the theme to the community, this can be useful for something. This theme not will receive updates. If you want a customization you can send me a PM to get a quote. cloud.zip

Hi Dev Team, Since I am new to Blesta I started testing the v3.6.2 for two reasons. 1) I wanted to get it customized for our business 2) Check bugs/security if any. I started testing Blesta on a localhost (laptop) with a trial license. To my surprise I found that two clients can be created from Blesta Admin Panel with the same (identical) email address. I tested this with client's other data different from one another but the email address. This is not acceptable. It should NOT be like that. Can someone from Dev Team explain this to me? Thank you in advance. P.S. I can check this myself. Would appreciate if Dev can pm me the names of the files related to Admin Creating a Client, as I am busy at the mom and don't have time to study all coding in Blesta. Thanks again.

Aww!!! Ok I ill try

But what are the usernames?

Very much agree with this. How we dealt with this in another system was this way : - If a user opens a ticket from their client portal, and 2 factor is enabled : perform the request - If a user opens a ticket from the client portal, but 2FA is not enabled : ask for a support pin or security question - If a user emails in : same as above The support pin or security question is something the user sets up at order time. They cannot be changed or reset by the customer. If they need to be reset, you ask for ID before allowing the user to change them. And then of course, it was noted on the ticket how it was opened, as suggested in this thread.

That's not possible even in the admin area! If you try and use the same username you get this error: "That username has already been taken." Video: http://screencast.com/t/Ji6LTO5uljx So either you are editing the core files and getting this issue or you are trying to say people can make the same email address twice with the same provider and they are getting the emails for a wrong account. I tried this ages ago with 3.x.x and that is filmed on 4.0.0-b1

Yes, I came across this because I am trying to customise Blesta for a special purpose. Otherwise I wouldn't have noticed this. This will not be when you create few customers. But a huge issue when several staff members are allowed to create clients. There is a possibility someone may create, by mistake, a client with a duplicate email address. I am just checking all possible loopholes and I want to rectify them before using Blesta on production.

Don't know about front end registrations. I am trying to customise this app for Admin creating clients and issuing invoices. This way the client gets an invitation email. I have not sent any email msgs yet because I am only simulating these issues on a localhost. But again, when you do create clients through Admin panel then the first client gets the wrong mail even if the second client is supposed to receive the invitation e-mail. This happens only if the admin panel creates clients. I have not tested the front end regs yet.

Yeah, or maybe the reply is red and says "unsecure" until they click the link. That way not every reply needs to be marked secure, but only the unsecure replies are marked as such.

Not a bad idea for the link to click on. so they have to login and then a label shows up saying "secure"

There are many reasons why a system (client portal in the case of Blesta) should have a UNIQUE email address. One simple reason is "When one recovers the password". This is a security measure. An Admin ( or Staff ) may by mistake duplicate email addresses while creating clients. To avoid this the email address should be unique. There are several other reasons too. ********************* In fact I was not checking this email address thing purposely. I came across this accidently while trying checking functions of various other inputs in order to develop a plugin for a particular project. But this finding is unexpected.

How to prevent this? i got this problem too. My clients create 2 accounts with same email. And how to force user, to only use email as login. Not username. like @naja7host (blesta-addons registration page)?

That shows up even if you enter a invalid username. Please see: https://blesta.store/plugin/support_manager/knowledgebase/view/33/help-i-m-locked-out-my-admin-area/27/

Sweet plugin, decided to use this for the main cPanel plugin Good work

Hello we have make a plugin called Seo Tools that ill boost seo and auto generates sitemaps and ping google and bing .

Fixed in Github .... download the plugin and go to plugin , then update . thanks for the bug discovery .