Table of Contents

Logging in for the first time a Staff user

After installation is complete, the initial login occurs automatically.

To log in subsequently, visit https://www.yourdomain.com/[installation_directory]/admin/login and enter the username and password specified during installation.


URLs without mod_rewrite

If mod_rewrite is not supported by the web server, the path will need to be preceded by index.php. For example, http://www.yourdomain.com/[installation_directory]/index.php/admin/login

If your hosting provider installed Blesta for you, or provided a VM image to do so, and you did not specify a username and password, they may have already set up a login for you. If the system is installed, and a login has not yet been created, accessing the login page will prompt you to create one. Review their documentation, or contact them to determine what you should use to login if you are prompted.


Resetting your Password

To reset your Staff password, click the "Reset My Password" link from the login page at http://www.yourdomain.com/[installation_directory]/index.php/admin/login, enter your username, and click "Reset Password". Check your email for a time sensitive link that you will use to choose a new password.

Clients and Staff members alike may request to reset their password from their respective log in screens by clicking the Reset Password link. Users are then asked to enter their username, and, if a match is found, an email with a temporarily link is sent to the address on file. Clicking the link will take the user to a page that will allow them to enter a new password.

By default Blesta will display a success message for all reset requests, regardless of whether or not a match is found. This is a security measure designed to not reveal information about users that may or may not exist within the system. You can disable this feature by modifying the Blesta.default_password_reset_value Configuration Files value.

The length of time that the reset password link is active for is controlled by the Blesta.reset_password_ttl Configuration value.

Logging in From Another Page as a Client

By default, clients log in at /client/login. Blesta makes use of CSRF tokens by default, so logging in directly from another page will not work by default. To get around this restriction it's necessary to edit your config/blesta.php config file to add an exception. Back up, and then open config/blesta.php in a UTF-8 friendly text editor. Look for this line:

Configure::set("Blesta.csrf_bypass", array());

Change it to:

Configure::set("Blesta.csrf_bypass", array('client_login::index'));
  • No labels