Paul

Settings > Company > Currencies > Active Currencies to remove any not in use. We have had a few people complain about charges not going through. They were using USD but had clients with invoices in AUD. I'm not sure this is related, but I wonder if there may be a bug in here someplace that is causing the currency to revert to or default to AUD.

You need to add an exception for CSRF to log in from another page. Disabling the CSRF check on the login page is simple, see http://docs.blesta.com/display/user/Logging+In#LoggingIn-LogginginFromAnotherPageasaClient

Ok, great! Not sure what happened, my only guess would be mysql crashed during the initial install or something. If anyone can duplicate the issue, we would be most interested.

I've never seen that before. Does your database user have full access to your Blesta database? Do you have many tickets in there? My suggestion would be to uninstall the support manager, and re-install it and see if those templates are added.

The email templates should be created when the support manager plugin is installed. Under Settings > Company > Emails look in the "Plugin Emails" section. You should have the following as part of the Support Manager: Ticket Bounce Ticket Received Ticket Updated Staff Ticket Assigned Staff Ticket Updated Staff Ticket Updated (Mobile) Are all of these missing? Are you certain the support plugin is installed?

Thanks for the call earlier. Can you take a look at the module log? Tools > Logs > Modules, click the row to expand. We are interested in the raw data to/from Multicraft for provisioning the account that got the wrong IP address. Feel free to send to support@. Tyson will need this prior to debugging. Thanks!

We are in a crunch to finish 3.5, and then we are focusing on the mass mailer. There has been overwhelming requests for it. Expect an initial release on the forums or on the marketplace after 3.5.

Yep, this was intentional. Typically if a vulnerability is found for a specific version of software, and this happened frequently with vBulletin, an attacker can google that string and come up with a pretty good list of targets.

It really depends on the owner of the directory and the user writing the attachment. If you're having trouble, try setting the directories to 777 and see if it works. You can always back off on the permissions to 755 or 775 after that and stick with the permissions that are least open that work for you.

We also copy checks but they go in a locked filing cabinet. Having a copy of the check linked to the transaction would be convenient, but may raise some security concerns. Anyone have any thoughts on this?

Attachments are supported, please ensure that your uploads directory is set and is writable. Settings > System > General > Basic Setup > Uploads Directory. This directory must be writable by your web server, cron user, and email server user. Also, ensure that you have the following directories inside the upload directory Assumes your uploads directory is at say /var/www/uploads/ (Be sure to start and end with a forward slash /) /var/www/uploads/ /var/www/uploads/1 (1 here is for company ID 1, if you have 1 company, that is this one) /var/www/uploads/1/support_manager_files (This is where support attachments go) /var/www/uploads/system (For system use) A link to any/all attachments will appear in the ticket for the reply they were attached to. Attachments are not however emailed out to staff or clients, but only downloadable in the UI. This is due to the potentially sensitive nature of attachments. But attachments can be emailed in.

Personally I would prefer sending the password link. It's time sensitive and allows them to set their own password, which is preferable. Plus, sending a password in email is not secure. I would be open to this. I have had to, on several occasions opened up the client password reset page and entered a customers username to force one of these to them after they had trouble doing so on their own. Thoughts from anyone else?

Welcome and thank you for choosing Blesta! If there is anything we can do for you please let us know!

We are looking into adding the noVNC console for KVM, HVM, and possibly signing the jcterm applet to get around that security exception. SolusVM's jcterm applet was recently signed by OnApp.

That works certainly. But let's say the doc root is /var/www/html and you've added a directory called portal that Blesta is installed in. Now your website content would go into /var/www/html/ for BOTH sites. For most people, this is a problem because they want to have a different website at each domain. Either the application has to sort them out and display the correct website (I'm thinking something like Expression Engine multi-site) or the doc roots have to be different and /portal aliases to a separate location that Blesta is installed at. You can see why using a subdomain is more convenient to configure.

I do like the mobile swipe menus. I'm considering drop down menus, but making it an option. This would fit well with other plans to allow more customization. For example, in the client area I would like the widgets to be able to be sorted by staff, and possibly placed on their own pages and show up in the nav instead of the dashboard.

Bootstrap is used for the client area, not for the admin area. All of the templates are in /app/views/client/bootstrap/. You can clone the bootstrap directory with a new name, and select it from the Settings, and modify it.

I think the theme is designed to be like WHM/cPanel Considering a drop down menu option as an alternative in the admin area, but the last thing I want are nested drop down menus like they have that are more confusing. Simple is better.

https://wiki.php.net/rfc/remove_deprecated_functionality_in_php7 Goodbye mysql, hello PDO! It's good some of us thought about this a long time ago.

You could probably use aliases to have Blesta installed at /portal on each domain, and have different document roots for the primary sites. I'm not familiar with that in order to help you with it, but it should be possible to do. I like it clean and easy though, so we recommend sub-domains for Blesta installs if using multicompany.

If the public and private key pair no longer match then it would be possible to be able to encrypt a card number with the public key, but not decrypt it using the (wrong) private key. Since the key in the config file is used to generate an HMAC and encrypt the private RSA key, it's also possible (and more likely) that the key in /config/blesta.php was changed. This could have happened if Blesta was installed fresh, and the config file was overwritten with a previous one. That is likely what happened here. If you don't have the original config file that was created when that RSA key pair was generated, then you're better off doing a fresh install. That key is used for encryption in other places as well, so I would highly suggest a fresh installation, especially since it is not production.

I just PM'd you a trial key. Are you sure your password is correct? Are there any other admins that can try? There is a public/private RSA key pair that is used for credit card encryption, and the private key is encrypted with AES if a passphrase is set. If you don't have a passphrase set, then your admin password is technically not necessary to decrypt the card data, but it is requested so that your access can be logged.

You didn't enable batch processing did you? Settings > Company > General > Encryption. Is there a passphrase set? If there is, the passphrase must be entered to process any cards, and used to show the card instead of your password. If there is no passphrase, then I'm not sure. Has anything been modified? Maybe try a fresh install on the same server (In a sub-directory or something) and see if it's an issue (No need to set up the merchant gateway or anything, just jump into adding a payment account). That'll narrow it down to either your installation or an issue on the server. Unusual.

Try creating a new payment account, and then try using the "show card" option on it. Same result, or does it display? Was this card number added via Blesta, or imported? If it was imported, it may be corrupt.

If you go edit the payment account on the clients profile page, and click the link next to the card to decrypt it, does it work? (If it's not token based storage) What gateway are you using? Blesta's config file contains an encryption key generated during installation (in /config/blesta.php). If this is changed, all encrypted data in Blesta will no longer be able to be decrypted. So, if that was changed, it could be the problem. EDIT: Also check the gateway log under Tools > Logs, Gateway Tab. Click the row to expand and show the raw input/output (Raw except card numbers are masked)