Leaderboard

Blesta version 4.0.0-b3 (BETA 3) is now available. You can download it from right here (Client Area Login Required). If you haven't seen the blog post announcement for 4.0.0 BETA 1, you can read it here. This is a BETA release. Beta releases are not considered stable enough for production use, and are UNSUPPORTED. DO NOT INSTALL IN A PRODUCTION ENVIRONMENT. Please report any bugs you find in the v4 beta bug forum. Installing Blesta See Installing Blesta in the User Manual for instructions. Upgrading Blesta See Upgrading Blesta in the User Manual for instructions. Release Notes See Blesta Core - Version 4.0.0-b1-b3. SEE BETA3 ONLY For older releases see all Change Logs. What to Test! 1. Test everything! Version 4 is a major release. This release primarily fixes an issue with Package creation.

We are in the process of fully spec'ing out the Domain Manager plugin for 4.1 and would love your feedback. I want to give you a basic overview of what we're considering for the Domain Manager, and get your feedback. We want to resolve the current issues and frustrations with how domains are currently handled. Please understand that the new domain system may not include everything in the first release, but our goal is to build the proper foundation so that it can easily be improved upon in the future. What is the Domain Manager? The Domain Manager is a plugin that will be responsible for all things domain related. Think of the Order System, and the Support Manager which cover all things related to orders, and support, respectively. How will I define pricing? A pricing grid will exist, likely under Domains > TLD Pricing where the price can be set for each TLD for 1 through 10 years for Register, Renew, and Transfer. This will provide a simple pricing grid, with different price options for Register, Renew, and Transfer. Additionally, special pricing can be set on a Client Group level, which will override the default pricing. Additionally, domain extras like ID Protect, Email Forwarding, and DNS Management will be options on a per-TLD basis and pricing can be set for these. The customer would be able to check if they want these options during checkout. Question: Is it sufficient to have a single price of ID Protect, Email Forwarding, and DNS Management for all TLDs, or would you want the ability to set a different price for these extra options on each TLD? Are domains services? This is a question that has resulted in much debate internally. My personal thoughts are that domains are very unique and do not easily fit with services. I am proposing that domains be treated completely separately from services. This means there would be a separate table in the database that stores domains and information unique to domains like: Domain Name, Registrar, Status, Date Registered, Date Expires, Management Features Available, Expiration/Renewal Reminders, Last Sync Date, and whether to Auto Renew or not. If domains are not services, they will not be listed with services. For the Staff area, I propose a new Domains widget on client profile pages. For the client area, I propose a new primary nav link called Domains. The Domain Manager would be responsible for renewing domains, and invoicing for them and services and domains would not appear on the same invoices, even if they are billed on the same day. Question: What are your thoughts on domains not being considered services? What about email templates? The domain manager would create several new email templates, likely to include the following: Domain Registration, Domain Transfer Initiated, Domain Transferred, Domain Renewed, Domain Expired, Domain Renewal Notice (domains listed are going to expire in the next x days). What about automatic things? The Domain Manager would be responsible for the following Automation Tasks: Send expiration emails at the reminder intervals Renew domains that are set to automatically renew Synchronize renew dates with the registrar at a given interval What about Registrar Modules? The Domain Manager would implement its own module system, and existing registrar modules would not be compatible. The new registrar module system would be drop-in similar to the existing, but these would be enabled and configured under Domains > Registrars. New registrar modules would likely be more lightweight than current registrar modules as the plugin would implement the common features across registrars. What management features would be available? This will depend on the specific registrar module, but the following features would be supported: Register, Transfer, Renew Domain (obviously) with Renew Domain being an option for Clients and Staff Manage DNS for Domain (Get, Update DNS zone records if DNS hosted by registrar) Manage Registrar Lock for Domain (Enable, Disable registrar lock) Manage Email Forwarding for Domain Manage ID Protection for domain (Enable, Disable ID Protection) Manage Contacts for Domain Whois (Registrant, Admin, Tech) Update Name Servers for Domain (Get Name Servers, Update Name Servers) Register Name Servers (Unsupported by many registrars or not commonly done by average users, may be optional for first release) What about existing registrar modules? Existing registrar modules would be incompatible with the Domain Manager plugin. However, services using current domain registrar modules will continue to work as they do now. Any bulk features? We plan to have bulk features for both Staff and Clients. For Staff, under Domains > Browse Domains and under the Client Profile, Domains Widget. For Clients, under the Domains page. Bulk editing/tasks would work similar to selecting invoices for delivery with a checkbox on the left and some options to choose from like Renew Domain, Manage ID Protection, Domain Lock, Name Servers. I'm certain I'm missing something, but wanted to give you a rough overview of what we are planning and get your feedback. Please let us know what you think!

Hi Blesta members, We had a discussion about wordpress integration here, http://www.blesta.com/forums/index.php?/topic/1725-blesta-wordpress-bridge-screen-shots/. Many asked me how i can download it and try. So for all those, i am sharing link to download and try alpha version. Please download and let me know your thoughts on the alpha version. It needs lots of improvement, we will be working on those asap and will release beta. And we will be distributing it for free Link to download blesta bridge is http://www.alltoolkits.com/toolprofile/wordpress-blesta-bridge

Payment Gateways should have two names. One is client facing, and one is admin facing. When our clients get email confirmations, it says "We have received your PayPal Payments Standard payment" Same thing could be said for bitpay. Most people know it by the Bitcoin name, not bitpay.

Congrats @PauloV to yourself and your partner

Not a fan of Wordpress. InterWorx used to use .php files for the header and footer and grab that from wordpress but I'm not sure how they grabbed it in the php files. If you wish for an integration @ExpertIntegrations are good, I've had a positive review from a client and recommend them from now on.

You are more or less protected than if you have good mod_security rules in place. If you look at the forms Blesta creates they add a CSRF token <input type="hidden" name="_csrf_token" value="f366be67543fb4413174a63bf048bd383d65177a65194eaf55d5a37ab185d705"> This will help, among other things, people submitting forms multiple times, submitting a form from somwhere that is not the form, and multiple others things. The wikipedia page has a pretty full description of things tokens can help protect you against.

I have made some major improvements thanks to the feedback here: please do tell me mrrsm what "in-code ways" can I use to reduce the attack vector and as I have mod_security and mod_evasive enabled & installed too as the "firewall"? anyway now it should be even better now on selecting the specific product and checking the license for it as raised as a valid point by blesta addons

Thanks for the tip! I've set up the Creation Error email notification now.

I'm not sure how I feel about people just being able to put in my website and see what plugins of yours I am using or if I am using your plugins at all. Other things which I know have similar features are billing systems, forums, etc but with all of those it is hard to tell that I am not using them. For a fraud checker or vultur provisioner (examples) I don't really need anyone to know what plugin I am using for that. How is someone even going to know if the billing system is using X plugin or module behind the scenes? Without that knowledge I am not sure why someone would even bother, or know, to go to your site and check to see if they are using a valid license. On to the analysis of it You may want to fix that 1 at the end Looks like it shows up on both positive and negative results. You also may want to make the page look a bit nicer. The main point of the page is the form but there is nothing telling me what to do with it. Not even a placeholder on the input box. The blue bar outshines the rest of the page way too much, only because there isn't anything around the form currently. Finally you may want to lockdown your endpoint at least a little bit as right now just about anyone could hammer on it. I didn't test it too much but I didn't have a hard time sending multiple requests in succession directly to the endpoint. I am going to guess that you are using mysql or a flat file somewhere to manage your license and that is probably being hit every time a lookup is done. This is bad because someone could essentially do a denial of service attack by beating on that one url and it can't be cached so they know it will hammer a resource behind the scenes and they don't have to login or get a CSRF token to do it. You may just want to mitigate that as a firewall rule but there are in-code ways to reduce the attack vector as well that wouldn't hurt. Finally this is listed on your site under products. Is this something you are planning on selling or is it just due to the fact it is validating the license on your products. If it is the latter I would suggest moving it under the "Quick Links" section as to me it makes more sense for it to be there. This is a good proof of concept but still has a way to go before I would think it is production ready.

You can get a email for a failed to activate: My Info > Notices > Creation Error

Merchant payment gateways do not show the name. For example, the customer will never see "Authorize.net", but rather "Credit Card". So, I see this exclusively for non-merchant gateways, and the example of showing simply "PayPal" instead of "PayPal Payments Standard" and "Bitcoin" instead of "Bitpay" are excellent examples. If we have to localize the names of gateways, then that sort of pushes us toward language files. I'm not convinced that gateway names like "PayPal" or "2Checkout" translate well into other languages. Are they not known by their names in other languages? The simplest solution is to be able to set a single name to "override" the build in gateway name. So, for non-merchant gateways, we could potentially add a new field when managing the gateway called something like "Display Name", which would default to the gateway name. For PayPal, this might say "PayPal Payments Standard", but could be modified to say anything you want. Thoughts on this kind of implementation?

The option to configure within the gateway settings would be nice. If I had my choice, I would simply put 'Credit Card' or list out 'Visa, MC, etc' or have 'Paypal' instead of the actual Paypal version. I think a majority of people could care less which gateway is being used as long as they know it's 'credit cards' or 'Bitcoin' or 'Paypal'.

you can change the gateway names in languages files , then use a patch i have posted already to fetch the name from language file and not from database . i think this should a must have option in blesta , name customization and multi-languages .

I suggest maybe upgrading Font Awesome to 4.6.1 //maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css

HAHAHAHAHAHAHAHAHA What a load of Bollocks! Good luck with your now WHMCS. Pathetic.... Love Blesta then swap to a competitor. All I can say knowing your British as-well... What a LOAD of TOSH.

before i begin my request i need a reply for this questios . what about the actual domains we have , will be listed/managed in the new domain manager ? it will exist a importer or migrator for all the old domains to the new domain ?

so we are in the same boat .