Logging In

Logging in for the first time a Staff user

After installation is complete, the initial login occurs automatically.

To log in subsequently, visit https://www.yourdomain.com/[installation_directory]/admin/login and enter the username and password specified during installation.

Resetting your Password

To reset your Staff password, click the "Reset My Password" link from the login page at http://www.yourdomain.com/[installation_directory]/index.php/admin/login, enter your username, and click "Reset Password". Check your email for a time sensitive link that you will use to choose a new password.

Clients and Staff members alike may request to reset their password from their respective log in screens by clicking the Reset Password link. Users are then asked to enter their username, and, if a match is found, an email with a temporarily link is sent to the address on file. Clicking the link will take the user to a page that will allow them to enter a new password.

By default Blesta will display a success message for all reset requests, regardless of whether or not a match is found. This is a security measure designed to not reveal information about users that may or may not exist within the system. You can disable this feature by modifying the Blesta.default_password_reset_value Configuration Files value.

The length of time that the reset password link is active for is controlled by the Blesta.reset_password_ttl Configuration value.

Logging in From Another Page as a Client

By default, clients log in at /client/login. Blesta makes use of CSRF tokens by default, so logging in directly from another page will not work by default. To get around this restriction it's necessary to edit your config/blesta.php config file to add an exception. Back up, and then open config/blesta.php in a UTF-8 friendly text editor. Look for this line:

Configure::set("Blesta.csrf_bypass", array());

Change it to:

Configure::set("Blesta.csrf_bypass", array('client_login::index'));