Leaderboard

You can disable it telling it's correct but it does that to stop brute forcing. eg: I hacked your email account, and I know you have an account so I keep trying everything until it goes to your email address. Disable it: /config/blesta.php find: // Default password reset value. Set to true for improved security, false for more accurate error reporting Configure::set('Blesta.default_password_reset_value', true); change it to false.

+1 and done. Seems to work on Desktop, haven't tried on Mobile. Let us know how it goes. @activa

Allowing cron tasks, database access, etc. for modules makes them basically plugins at that point. We're re-evaluating the design of these extensions to be more accommodating.

Thanks for the report, we'll take a look. CORE-2594

Hi, I'm new here and looking forward to start using Blesta. Domains are not my main business.. but a very important part. Can please someone from Blesta team tell if they are working on this? If yes, any kind of timeframe? Thanks

I sure hope so but the lack of any official ETA is not that reassuring...

Just to reiterate, the form returns a success message even if the username does not match a user account in order to hide information. Knowing what valid usernames exist can open up attack vectors. As @BlestaStore mentioned, you can update the Blesta.default_password_reset_value config value to false to instead show an error message if the username does not match an account.

Directories 755, files 644. Be sure that the web server (and cron) run under an appropriate (owner) user with sufficient privileges.

I just set up a fresh v4.2.0 install. The MySQL database password contains the character "$" which was stored in config/blesta.php as "\$". This made sense in older versions as the config options were surrounded by double quotes in v3.6.?, but it appears they've been changed to single quotes which led to me banging my head for a minute trying to figure out why I was only getting blank pages. <?php //... Configure::set('Blesta.database_info', [ //... 'pass' => '\$abc123', //... ] );

Thanks Michael. We may just edit the error message instead of compromising sercurity this way.

I just found smart search - nice feature, really helps when looking for clients! Thanks for a great product.

I understand what's going on... Okay at the bottom of the order form you need to move the OTHER group into it and then it will show up on the same order form.

Blesta doesn't use {$ } so that's why it's not working H2O doesn't support it try: https://blesta.store/plugin/support_manager/knowledgebase/view/12/cpanel/14/

If you are copying anything always make sure it's not got any hidden html codes which cause H2O to go crazy. What I do is paste it into the text box and then copy and pate it into the html box. If you ask you get help it's not for developers as I am far from that.

Thanks for making this change in 4.2! BTW: I use Softaculous, the update from 4.1 to 4.2 appears to be flawless.