ticket summary component version milestone type owner status created _changetime _description _reporter 2 SMTP Error general defect somebody new 2018-02-22T16:59:16+02:00 2018-02-22T17:08:50+02:00 "*document*: Priority tasks (Doc 1).docx I tried to sign up for a new account in ITCPay, but I got a ""Whoops, looks like something went wrong"" error. This was a SMTP error. It says, unable to connect SMTP server with the username [info@usdbank.us|mailto:info@usdbank.us]. I don't know why is [info@usdbank.us|mailto:info@usdbank.us] still being used as our email service provider. Can you please change it? Can you use [no-reply@itcpay.com|mailto:no-reply@itcpay.com] as our email service provider instead. Our email service provider should be [itcpay.com|http://itcpay.com] and not any other domain. And fix up the ""Whoops, looks like something went wrong"" issue. *document*: ITCPay email function issue fixing.docx Currently no emails are being sent from ITCPay server due to SMTP error of [no-reply@itcpay.com|mailto:no-reply@itcpay.com] email account. For example, when an user tries to sign up for a personal account, sign up for a business account, submit a forgot password request, submit a support request in ‘Submit A Support Ticket' page in the site, currently the user gets the below error\- ""Failed to authenticate on SMTP server with username ‘no-reply@itcpay.com' using 2 possible authenticators"" Though the emails should be sent from a from email address [no-reply@itcpay.com|mailto:no-reply@itcpay.com], that doesn't mean that you need smtp credentials of [no-reply@itcpay.com|mailto:no-reply@itcpay.com]. You can activate the email function with smtp credentials of any other email address such as [support@itcpay.com|mailto:support@itcpay.com]. Also when the admin tries to change the email address of an user from admin panel, he gets ""Something went wrong"" error for this SMTP issue of [no-reply@itcpay.com|mailto:no-reply@itcpay.com] email address. Please note that the admin can change an user's email address under ""Manage accounts"">""Modify information"" page of the admin panel. After the admin changes the user's email address, the email address is not instantly changed. A verification email is sent to the new email address and after the user verify the new email address by clicking on that verification link, the email address is changed. An user can not change his email address himself. Also make sure that no other copy of the support request email is being sent to any other email address apart from [support@itcpay.com|mailto:support@itcpay.com]. As mentioned earlier, the ‘Submit A Support Request' page is not working properly. When users submit support requests in ‘Submit A Support Request' page, sometimes the support request doesn't get emailed to our support email address. When an user enters a @mail.ru email address in the ""Submit A Support Ticket"" form and submit the form, the support request doesn't get emailed to our support email address. Rather the user receives an email delivery failure notification email. So, obviously, there are some problems in ""Submit A Support Ticket"" page. You have to check the ""Submit A Support Ticket"" page very carefully and fix up all the issues as we mentioned earlier." victor 38 Malicious content general defect somebody new 2018-02-22T17:10:33+02:00 2018-02-22T17:12:05+02:00 "'''document''': Malicious contents detected in ITCPay.docx We found some malicious content in ITCPay. We found the malicious content in html/writetest.php [[Image(malicious.content.jpg)]] There is a link in ITCPay site that can be used to crash the site remotely. Anyone with this link can crash ITCPay site with just one click. He does not need server access or anything. Just the link is enough to cause massive damage. The malicious link that can be used to crash ITCPay site is itcpay.com/writetest.php Anyone with this link can crash the site easily. Please do not visit the above link. It can cause problems in the current ITCPay server. Now log in to the current DigitalOcean account. Turn off the current ITCPay Droplet. If you turn off the Droplet by using the On-Off switch in DigitalOcean account dashboard, it can cause problems in the server. So it is recommended that you turn off the Droplet from the command line rather than using the On-Off switch. We should turn off the current ITCPay Droplet now to protect the files hosted in the current ITCPay server. After that create a new Ubuntu-NYC-512mb RAM Droplet in the DigitalOcean account and host a fresh copy of ITCPay site in the new Droplet. When you create a new Droplet, we will receive the root password of the Droplet via email and we will forward you the root password. Instructions for the new ITCPay server 1. Do not create any FTP account in the server. 2. Do not create any key in the server and do not create any alternative of root password for accessing the server. 3. Do not install any remote website management tool (e.g. Ajenti) in the server and do not create any alternative of root password for accessing the server. 4. Do not install any remote database management tool (e.g. phpMyAdmin) in the server. Have you completed any work so far in ITCPay site in your local computers? If you have completed some works in ITCPay in your local computers, then your local computers contain the current latest version of ITCPay site. Now start searching for malicious contents in the latest version of ITCPay site in your local computers (not in old ITCPay Droplet). Delete the malicious content writetest.php. And continue searching the entire website VERY VERY CAREFULLY to find more malicious content. If you find anymore malicious content, delete all the malicious contents from the website in your local computers. After all the malicious contents has been removed from the ITCPay site in your local computers, host the fresh copy of the latest version of the ITCPay site in the new Droplet. After all these are completed, we can destroy the old ITCPay Droplet from the DigitalOcean account. " victor 1 Research & Estimates defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 victor 3 Business Account : Add a bank account defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: 08. Bank accounts page issues.docx When I visited ""Add A Bank Account"" page of ITCPay site, bank account details for Central African Republic was asked. And the business name was selected as ""Name on account"". I switched to personal name and the country of bank account got changed to ""United States"". US bank account details were being asked on the page then. I switched back to business name again but still I was being asked to enter US bank account details. But as I switched back to business name, the page needed to ask Central African Republic bank account details instead. So the ""Add a bank account"" page is not working correctly." victor 4 PopUp taking too long to appear defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: 08. Bank accounts page issues.docx US bank accounts issue: When an user adds a US bank account, after the user submits the bank account details, an window appears asking the user to enter online banking login credentials. But after submitting the bank account details, it is taking a lot of time for the ""online banking login credentials window"" to appear. I don't know why is it taking so long for the window to appear? Why is the page working so slow? Fix up these issues" victor 5 Missing PopUp after user enters online banking login credentials defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: 08. Bank accounts page issues.docx Also, after the user enters online banking login credentials, we expect another window to appear asking the user to enter ""SSN and Driver's license number"". Previously that window was appearing. But since we have created problems in ""Add a bank account"" page, ""SSN and Driver's license number"" aren't being asked to US users anymore. Problems\!" victor 6 Missing request to enter online banking login credentials for US account defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: 08. Bank accounts page issues.docx Also I created an account with a Madagascar personal address and United States business address. When I visited ""Add a bank account page"", selected ""Business name"" as ""Name on account"" and submitted US bank account details, my bank account just got an ""Added"" status directly and I was not even asked to enter online banking login credentials. So US bank accounts are not working at all in ""Add a bank account"" page. You have to fix up all these issues." victor 7 Banc Account / Cards data is used after it's deleted defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: \[iColdo\] \- Initial instructions.docx For example, I created a new account in ITCPay and have found that 3 bank accounts are already linked to the newly created ITCPay account. But how? Actually, we deleted some ITCPay accounts from admin panel previously. And there were cards and bank accounts added to those accounts. Though the accounts got deleted from our database, the cards and bank accounts linked to those accounts have not got deleted from our database. So now when someone creates a new ITCPay account, some of those bank accounts got added to the new ITCPay account automatically. This is a very serious problem. I think there may be same problem with cards as well. I will send you a separate document with more details about this problem." victor 8 Bank Account: Malaysia : duplicate - change rule defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: {{14.'Bank accounts' page details.docx}} Malaysia: If both MEPS bank routing code and Account number match between 2 bank accounts, the 2‌^nd^ bank account is a bank duplicate account and should be rejected. SEPA countries (excluding UK), Gibraltar and non-SEPA countries those require IBAN: If IBAN matches between 2 accounts, the 2‌^nd^ bank account is a duplicate bank account and should be rejected. You may have to make a correction here. For non-SEPA countries those require IBAN, the current rule is ""if both IBAN and SWIFT code match between 2 bank accounts, the 2‌^nd^ bank account is a duplicate bank account and should be rejected."" Change this rule. The new duplicate bank account detection rule for non-SEPA countries those require IBAN should be ""if IBAN matches between 2 bank accounts, the 2‌^nd^ bank account is a duplicate bank account and should be rejected."" Apply this new rule." victor 9 Bank Account: Other Counties: duplicate - change rule defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: {{14.'Bank accounts' page details.docx}} All other countries: If both SWIFT code and Account number match between 2 bank accounts, the 2‌^nd^ bank account is a duplicate bank account and should be rejected. You may have to make a correction here. Currently 2 different duplicate bank account detection rules are being used in this case\- If the bank account the user has added contains a 11 characters SWIFT code, then, ""if both SWIFT code and Account number match between 2 bank accounts, then the 2‌^nd^ bank account is a duplicate bank account and should be rejected."" If the bank account the user has added contains a 8 characters SWIFT code, then, ""if SWIFT code, Account number and ‘full Name on account or part of Name on account' – all these 3 values match between 2 bank accounts, then the 2‌^nd^ bank account is a duplicate bank account and should be rejected."" You have to change this current rule. From now, no matter the SWIFT code of the bank account the user has added is of 11 characters or 8 characters, the duplicate bank account detection rule will be, ""If both SWIFT code and Account number match between 2 bank accounts, then the 2‌^nd^ bank account is a duplicate bank account and should be rejected."" Apply this new rule. *About duplicate bank account detection, also note that whether the user tries to add a duplicate bank account in the same ITCPay account or in a different ITCPay account, he will get error and will not be able to add the duplicate bank account.*" victor 10 Bank Account / Cards: duplicate - test rule for deleted accounts defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: {{14.'Bank accounts' page details.docx}} Also you may have to make another correction. Previously there was no Archived bank accounts page or Archived cards page. When an user deleted a bank account or card, it got deleted permanently. But recently we have created an Archived bank accounts page and Archived cards page. So as we expect, even if a bank account or a card is deleted, if the bank account or the card is still saved in Archived bank accounts page or Archived cards page, the bank account or the card will be considered as linked bank account or linked card in the ITCPay account. So even if a bank account or a card is in ""Archived bank accounts"" page or in ""Archived cards"" page, the user will not be able to add that bank account or that card whether in the same ITCPay account or in a different ITCPay account. If the user tries to do so, he will get error and the duplicate bank account or the duplicate card will be rejected. I don't know whether this feature is already enabled or not. Please check and if it's not yet enabled, please enable it. About duplicate card detection rule, in all cases, if only Card number matches between 2 cards, then the 2‌^nd^ card is a duplicate card and should be rejected." victor 11 Bank Account / card: duplicate: error message - change defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: {{14.'Bank accounts' page details.docx}} Error notice text for duplicate bank account or duplicate card: If an user tries to add a duplicate bank account or duplicate card whether in the same ITCPay account or in a different ITCPay account, he gets error notice. But I am not sure what text is being used in the error notice. Now you have to change the text in this error notice foe duplicate bank account and duplicate card. In all the cases, the error notice for duplicate bank account will be ""This bank account cannot be added."" And in all the cases, the error notice for duplicate card will be ""This card cannot be added."" Reason for rejection of bank account or card will not be mentioned in the error notice in case of duplicate bank account or duplicate card. So update the error notice text for duplicate bank account and duplicate card (for all the cases). And error notice will always be *red*." victor 12 Bank Account: test and fix bugs defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: {{14.'Bank accounts' page details.docx}} We have given you full details of ""Bank accounts"" page. So if you find any bug in Bank accounts, correct those and also inform us about the bugs you have found and corrected in Bank accounts." victor 13 Upload Forms: test and fix all upload forms defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Priority tasks (Doc 4).docx Now review all the pages in ITCPay site where you can find an upload box. You have to ensure that all the upload boxes are working correctly. There may be problems in the upload boxes. Please check carefully if you find any bug there. Fix up the issues if found any. For example, it's possible that the upload boxes are not accepting a supported file format. Or the upload boxes are accepting an unsupported file format. Or the upload boxes are not validating the acceptable file size of the documents properly (acceptable file size is mentioned in the respective pages either on the top of the page or below the upload boxes). etc. etc. These are some possible issues. Furthermore, create a function in the upload boxes so that he users can upload supported formats of files only. I mean when an user clicks on the ""Browse"" link in order to upload a file, the user will only see the files in supported formats in the window. As a result, the user will not be able to upload a document in unsupported format. After you fix up the issues, create a document with a list of the issues you have found and fixed up and email us the document after that. We need to review the corrections you have made to ensure that you have not made any mistake while making the corrections. Here's the list of pages where you will find ""Upload boxes""\- \- ITCPay ""Authenticate card"" page \-ITCPay personal verification page (both for unverified personal accounts and unverified business accounts, this link appears under My account>Verifications. Also in account Home page, in ""Account status:"" field, a ""Get verified"" link appears for unverified accounts that redirects the user to the verification form.) \- ITCPay business verification page (for unverified business accounts, this link appears under My account>Verifications. Also in account Home page, in ""Account status:"" field, a ""Get verified"" link appears for unverified accounts that redirects the user to the verification form.) \- ITCPay ‘Submit A Support Ticket' page \[both for logged in users and not logged in users\] (there's an upload box in this page and the user can open more upload boxes by clicking ‘Add more' link). After finding bugs in all the upload boxes and fixing up the issues, please find bugs in the entire form in all the above pages. All of the above pages contain forms and there are many fields in the forms. Maybe there are bugs in some fields. You have to fix up the issues in all the forms. For example, I am almost sure there are problems in ""Personal verification page"" and ""business verification page"". Sometimes when I try to upload documents in ""Personal verification page"" I get an error, ""The photo ID field is required"" even though I have uploaded everything correctly. Or imagine, I have submitted personal verification information and documents, but the admin have rejected those from admin panel. Now I have to resubmit the information and documents in ""Personal verification"" page. The information and documents I previously submitted will not be deleted from the form and will appear in the respective fields. And I can just edit the form and resubmit the form. For all other fields in the form, I can re-use the information and document I previously submitted without entering/uploading any information/document again. But when I try to reuse photo ID without uploading a new ID, I get error ""The photo ID field is required"". Why is this so? So there are problems in the personal verification form. Maybe there are problems in the other forms in the other pages mentioned above as well. Please fix up all these issues in all these forms. After making corrections in these forms, please email us a report in a document about exactly what corrections you have made in the forms. We need to review the list of corrections. Because we have to make sure that you have not made any mistake while making these corrections" victor 14 SSL Redirect not working in some browsers general defect somebody new 2018-02-22T16:59:16+02:00 2018-02-22T17:04:12+02:00 "'''document''': Priority tasks (Doc 3).docx Reference: Document 1 Task: When I visit itcpay.com with Firefox, I get redirected to www.itcpay.com. But when I visit itcpay.com with Google Chrome or Avast Safezone browser, the URL remains as itcpay.com on the browser address bar. You have to fix up this issue. Whatever browser the user uses, the user should be redirected to www.itcpay.com if the user visits itcpay.com. '''document''': ITCPay email function issue fixing.docx You should redirect itcpay.com link to www.itcpay.com. So if an user visits itcpay.com, he will be redirected to www.itcpay.com. Please create a function that even if an user visits direct link of any other page of the site without using leading www in the URL, the user will automatically be redirected to the page with URL starting with www. For example, if an user visits itcpay.com/login or itcpay.com/register directly, the user will be redirected to www.itcpay.com/login and www.itcpay.com/register respectively. Previously when the user visited IP address or http://IP address, the user got redirected to www.itcpay.com. But when the user visited https://IP address, the user got unsecure connection warning in his browser and if the user clicked “Advanced>Continue anyway” the user was able to access the site, but the URL remained as https://IP address in the address bar and the user did not get redirected to www.itcpay.com. So there are problems. Can an IP address be SSL protected? If so, we should protect the IP address with SSL as well. Furthermore, redirect the IP address to www.itcpay.com. And enable a feature that whether an user visits IP address or http://IP address or https://IP address, the user will be redirected to www.atcpay.com. Also enable a feature that even if an user visits direct IP address link of any other page, the user will automatically be redirected to the page with URL starting with www. For example, if an user visits IP address/login or IP address/register directly, the user will be redirected to www.itcpay.com/login and www.itcpay.com/register respectively." victor 15 Cards : Documents Files - change error message and add acceptable formats defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Priority tasks (Doc 4).docx Some issues in ITCPay and Reojen: In the ""Cards"" page of a ITCPay account, after an user adds a card, the user is automatically redirected to ""Authenticate card"" page to submit card authentication documents. If the user leaves the ""Authenticate card"" page then and visits ""Cards"" page again, he sees ""Authenticate card"" link in ""Cards"" page. If the user clicks on that link, he lands on ""Authenticate card"" page again.In ""Authenticate card"" page, there are 3 upload boxes. There are file format restrictions applied on the upload boxes. Currently .jpg, .jpeg, .pdf, .png, .gif and .bmp files are being accepted in the upload boxes. We only accept image files in the upload boxes to prevent our site from being hacked. If we accept any format of file, anyone can upload a file containing hacking program. Now as I checked, when the user uploads documents in the upload boxes in supported file formats such as .jpg or .pdf, the submission gets accepted. But when the user uploads the documents in unsupported format, the user gets a ""Whoops\! Looks like something went wrong."" error. It's a wrong error. The user needs to get error like ""This format of file not accepted."" or something like this. Furthermore, the upload boxes are accepting jpg, jpeg, pdf and png files only. Other 2 formats \- .gif and .bmp are not being accepted. So there are problems. You will ensure that the upload boxes accept all the supported image formats. So fix up this issue." victor 16 Submit A Support Ticket : Attachments - change error message and add pdf as acceptable file format defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Priority tasks (Doc 4).docx In the ""Attachments"" field in the ""Submit A Support Ticket"" page of ITCPay site, there's an upload box. Users can create additional upload boxes by clicking on ""Add more"" link. Currently in these upload boxes, if an user tries to upload a .pdf file he gets an error that only .jpg, .jpeg, .png, .gif and .bmp files are accepted. But it's wrong. Our supported file formats are .jpg, .jpeg, .pdf, .png, .gif and .bmp. So .pdf is not an unaccepted format. So correct the problems in the upload boxes and accept .pdf files. Please note that the fields in the Support page are different for logged in users and not logged in users. You have to correct this problem in the upload boxes in ‘Submit a support ticket' page both for logged in users and not logged in users. Also you have to correct the error notice text that appears when an user uploads a file in unsupported format. In that notice text it is mentioned that only .jpg, .jpeg, .png, .gif and .bmp files are accepted. But it will be .jpg, .jpeg, .pdf, .png, .gif and .bmp." victor 17 Authenticate card : PAN card number - test and fix defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Priority tasks (Doc 4).docx About ""Authenticate card"" page in ITCPay, for Indian users, a field ""PAN card number"" appears in this page. I am not sure how is Indian user accounts being detected. Are accounts with Indian personal address only being considered as Indian user accounts? Please check. You may have to make correction there. For business accounts, both personal address and business address are required. If either the personal address or the business address is Indian, the ""PAN card number"" will be required. So check it and if it's not working correctly, make corrections. Also there's a validation rule for ""PAN card number"". ""PAN card number"" must be a 10 character alphanumeric number. If the user enters an invalid ""PAN card number"", the user will get this error, ""PAN card number must be a 10 characters alphanumeric number"". Please check whether this validation is working correctly or not. If any bug is found, make corrections there." victor 18 Log in session : test and fix defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Priority tasks (Doc 4).docx Check ""ITCPay log in session"" (the user will be logged out automatically when he closes his browser. User will remain logged in for a browsing session only) and if there's any issue, fix up the issue. – This task was given before. Repeated task. " victor 19 Upload Forms: add tiff format and change message defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Priority tasks (Doc 4).docx Accept .tif files as well in all the upload boxes in the site. And change the maximum file size to 5 MB in all the upload boxes (currently up to 10 MB is being accepted in some upload boxes). Here's the list of pages where you will find ""Upload boxes"" \- ITCPay ""Authenticate card"" page \-ITCPay personal verification page (both for unverified personal accounts and unverified business accounts, this link appears under My account>Verifications. Also in account Home page, in ""Account status:"" field, a ""Get verified"" link appears for unverified accounts that redirects the user to the verification form.) \- ITCPay business verification page (for unverified business accounts, this link appears under My account>Verifications. Also in account Home page, in ""Account status:"" field, a ""Get verified"" link appears for unverified accounts that redirects the user to the verification form.) \- ITCPay ‘Submit A Support Ticket' page \[both for logged in users and not logged in users\] (there's an upload box in this page and the user can open more upload boxes by clicking ‘Add more' link). In ""Personal verification"" page, in ""Business verification"" page and in ""Authenticate card"" page, there's a notice text posted on the top of the page\- ""Submit the documents asked below with high resolution and high quality in order to verify your identity. Any low resolution and low quality document will be rejected. All the 4 edges of the document must be visible. Do not crop or rotate the images. Your document must be in English or certified translation should be provided. Your document must be either in.jpg (typo), .jpeg, .pdf, .png, .gif, .bmp etc. format and Max Size 10M (both grammatical mistake and typo) \[The entire sentence is full of grammatical mistakes and confusions. ""We accepts documents in etc. formats"" – it can create some confusions for the user. It doesn't clarify exactly what formats of documents are accepted.\]."" You have to update the supported file formats names in the above notice text. Because from now, we accept .tif files as well. Also we do not need .etc next to the file formats names. And you have to update the maximum file size as well in the above notice text. Because we have changed the maximum file size to 5 MB. The supported file formats and acceptable document size is mentioned below each upload box in ITCPay and Reojen site. You have to update that text posted below the upload boxes. About supported file formats, include .tif in the list. And about acceptable file size, change the maximum file size to 5 MB. Make this correction in the texts posted below every upload box in ITCPay site. I have already sent you the list of all the pages in ITCPay site where you will find upload boxes." victor 20 MySQL injection: test and provide analysis defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Priority tasks (Doc 4).docx Task related only to ITCPay ??Enable MySQL injection protection in all the 4 sites (ITCPay, Reojen, DGHS and ‘old version of ITCPay') in the 2 servers if it's not enabled in any of the 4 sites already.?? We enabled MySQL injection protection, but not sure whether it's enabled in all the 4 sites or not. So you have to check it and confirm. If you find that MySQL injection protection is not enabled in any of the 4 sites, enable MySQL injection protection for that site. – We have enabled MySQL injection protection already. But not sure whether we have enabled MySQL protection in all the 4 sites correctly or not. You will check and let us know. If you think our sites need some more security tool to prevent hacking attempts, you should must let us know. We are serious about website security and hacking prevention." victor 21 Users can send or withdraw more funds than their available balance defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Priority tasks (Doc 4).docx It appeared as users can send or withdraw more funds than their available balance in ITCPay account and create negative balance in the account. So an user could send or withdraw 100000 even if he has 0 and create \-100000 balance. This is a serious issue. We tried to fix up this issue. But not sure whether it is correctly fixed up now or not. You have to check and confirm. Please note that when an user sends or withdraw money, there's a fee for sending money or withdrawing money. In some cases, the fee can be 0 though, but in other cases, there's a fee (visit ITCPay ""Fees"" page for details). ""The amount the user sends or withdraws \+ the fee"" will be deducted from his available balance and account balance. So ""the amount he sends or withdraws \+ the fee"" will not be greater than his available balance. Otherwise he will get error. Please note that available balance differs from account balance. Please check if this issue is still not resolved. Check the codes very carefully, as it's a very serious issue. Check whether there's any bug in the codes. If you discover any bug, you will let us know at first before making any correction. Because we must have to review the corrections you are making to make sure that you are not making any mistake while making corrections in the site." victor 22 Submit A Support Ticket : remove Paymet Hub link for logged in users, defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: 02. ITCPay 'Submit A Support Ticket' page issues.docx For logged in users, in the Support page, inside the captcha box, a small link ""Paymet Hub"" appears. Remove that link from there." victor 23 Submit A Support Ticket : Notification - change & test & fix defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: 02. ITCPay 'Submit A Support Ticket' page issues.docx After an user submits a support ticket in Support page, I don't know where is the support request sent. The support request needs to be sent to the support email address support@itcpay.com as email. Make sure that the support request is being sent to support@itcpay.com email address. Also make sure that no other copy of the support request email is being sent to any other email address apart from support@itcpay.com. Now change the ""From:"" email address of the support request email. When the user submits a support request, the support request will be sent to the support email address from no-reply@itcpay.com. I don't know which ""From:"" email address is currently being used. But change the ""From:"" email address to no-reply@itcpay.com. And the email address the user enters as his email address in Support page will be included with the support request email as ""Reply to:"" address. Now change the contents in the support request email. Currently, the user's name, subject of the support request etc. things are included in the body of the support request email. You have to change it. User's name will be included both as ""From:"" name and ""Reply to:"" name. Email will be included as ""Reply to:"". Subject will be included as subject of the email. Message will be included as email body. Files will be included with the email as attachments and not as links/buttons. But the problem is that sometimes the support requests don't get mailed to the support email address after an user submits a support request. For example, when an user submits a support request with @mail.ru address as his email address, the support request doesn't get emailed to the admin. The user rather receives an email delivery failure email even though he hasn't sent any email. Apart from this, in many other cases, after the user submits a support request in ITCPay ‘Submit A Support Ticket' page, the support request doesn't get emailed to the support email address. So there are problems with the email system of the ITCPay site. Fix up this issue." victor 24 Submit A Support Ticket: create automated email notification system defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: 02. ITCPay 'Submit A Support Ticket' page issues.docx Also create an automated email notification system for ""Support requests"". When an user submits a support ticket, an automated confirmation email needs to be sent to the user's email address. You will use our existing email template for this email. We have sign up verification email and forgot password email in our site. You can use existing email templates of those emails. About text contents for automated support request email, write those texts based on the automated support ticket confirmation emails of other websites like PayPal, Upwork etc." victor 25 Submit A Support Ticket: change a notice text defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: 02. ITCPay 'Submit A Support Ticket' page issues.docx Also, you have to change a notice text. After an user submits a Support ticket, a green confirmation notice appears on the page. You have to add an additional text with the confirmation notice. The additional text can be something like ""An automated confirmation mail of the receipt of your support ticket has been sent to your email address."" You can modify this given text if required before you post it on the website. Please note that you have to add this text with the existing notice text as additional text. The previous notice text will not be removed." victor 26 Submit A Support Ticke: use no-reply@itcpay.com as from email address for all notifications defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: 02. ITCPay 'Submit A Support Ticket' page issues.docx Now you have to change the email service provider of the website. From now, the sign up verification mail, the forgot password mail, the email changing email (the verification email that is sent to new email address after the admin changes the user's email address from admin panel under ""Manage accounts"">""Modify information""; the user can not change his email address himself) and the support ticket receipt confirmation mail will be sent from no-reply@itcpay.com. So make sure that the correct ""From:"" email address no-reply@itcpay.com is being used for all the emails." victor 27 Change the minimum sending amount and minimum withdrawal amount. defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Additional tasks for ITCPay.docx Change the minimum sending amount and minimum withdrawal amount. From now, the following minimum sending amount and minimum withdrawal amount should be activated- Minimum amount to send money: $0.99 (for all types of payments, whether personal or business, whether domestic or international, whether sent with account balance or credit/debit card). Minimum withdrawal amount: For bank withdrawal to any bank in US, Canada, UK, SEPA countries, Australia, New Zeland, India, Philippines, Mexico, Japan and Malaysia, minimum withdrawal amount will be $10. For bank withdrawal to all other countries, minimum withdrawal amount will be $20. For card withdrawal, the minimum withdrawal amount will be $20." victor 28 Add a card : Card number - validation general defect somebody new 2018-02-22T16:59:16+02:00 2018-02-22T17:20:46+02:00 "document: Additional tasks for ITCPay.docx In ""Card number"" field in ""Add a card"" page, currently spaces, dashes aren't allowed. Users get error if they enter spaces, dashes in ""Card number"" field. If an user visits the ""Add a card"" page from his computer, he can not enter any spaces or dashes (because even if he strokes space, dash key, nothing happens, only if he press number keys, he is able to type) at all. But if the user visits ""Add a card"" page from a mobile device, he is able to enter spaces, dashes in the ""Card number"" field initially. But when he submits the card details with a card number containing spaces, dashes, he gets error. As we don't accept spaces, dashes in ""Card number"" box, for now, post a virtual display text ""No spaces or dashes"" inside the ""Card number"" field to alert the user. Virtual display text means this text will disappear automatically as soon as the user clicks in the ""Card number"" box. Now can you allow the users to enter spaces dashes as well in ""Card number"" field? For example, even if an user enters spaces, dashes in ""Card number"" field, our system will not consider those spaces, dashes and create a numeric value automatically. Is it possible? Also keep in mind that even if we allow the users to enter spaces, dashes in the ""Card number"" field, we still have to validate the card number as usual." victor 29 Support page settings : Change Support Email Address - use saved email address as destination for submitted ticket defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Additional tasks for ITCPay.docx In the ITCPay admin panel, under ""Support page settings"">""Change Support Email Address"", there's an option to change the support email address of the site. But if the admin changes the support email address of the site with this option, only the email address that is posted inside the ""Email Us"" box in ""Support"" page gets changed. But now you have to enable an additional feature. From now, if the admin changes the support email address with this option, the destination email address where the submitted support tickets gets emailed from ITCPay site, will get changed as well. For example, if the admin changes the support email address from support@ITCPay.com to contact@ITCPay.com in ""Change Support Email address"" page, next time an user submits a support request in ""Submit A Support Ticket"" page, the support request will get emailed to contact@ITCPay.com. Also, you have to make sure that the support request will get emailed to only one email address and copy of support request will not get emailed to more than one email address." victor 30 Settings : Email : Sender - add config and use for all email notification defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Additional tasks for ITCPay.docx In ITCPay site, the sign up verification email (whether for personal or business accounts), forgot password request email, email changing verification email, support request email that is sent to support@ITCPay.com after an user submits a support ticket, support request delivery confirmation email that an user receives after submitting a support request, every email are sent from no-reply@ITCPay.com. So the ""From: email address"" of the site is currently no-reply@ITCPay.com. Now you have to create an option in the admin panel so that the admin can change the ""From email address:"" of the site easily from the admin panel. For example, if the admin changes the ""From email address"" to automatic@ITCPay.com, all the emails will start being sent from automatic@ITCPay.com in ITCPay site then. Please note that the admin can even change the ""from email address"" to an email address associated with a different domain than ITCPay.com. For example, the admin can add newdomain.com to the server and change the ""from email address:"" to something like name@newdomain.com. So create this option in the admin panel. Also create an option in the admin panel to change the ""From name"" of the emails being sent from ITCPay site. The current ""from name:"" for all the emails in ITCPay site is ""ITCPay"". But you have to create an option in the admin panel so that the admin can change this ""From name:"" easily to any name. If the admin changes this ""from name:"", all the emails will start being sent from the new ""from name:""." victor 31 Admin Panel : Lists - change date timezone to GMT+2:00 defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Additional tasks for ITCPay.docx In the admin panel, there are pages like ""List of accounts"", ""Selected accounts"", ""Identity verification requests"", ""Card authentication requests"" where ""date of account creation or date of request creation"" appears. But I don't know based on what time zone these dates are being calculated. So check it and make corrections. From now, all these dates will be calculated based on GMT+2:00 time zone." victor 32 Routes : dashboard - move all sub pages to my-account defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Additional tasks for ITCPay.docx We found that, in personal accounts, when we click on the ""Upgrade account"" link in the account Home page, the ""Upgrade account"" page appears but the URL of the page becomes https://www.domain.com/dashboard/upgradeAcc. Is it normal? Because the ""Upgrade account"" page is under ""My account"" page. And the link for ""My account"" page is https://www.domain.com/my-account. When we visit ""My account"" page and click on ""Upgrade account"" tab, the ""Upgrade account"" page appears but the URL still remains as https://www.domain.com/my-account. But when we click on the ""Upgrade account"" link in account Home page, the page URL becomes https://www.domain.com/dashboard/upgradeAcc. Is it normal? Furthermore, why does https://www.domain.com/dashboard exist in this URL. Previously the URL of ""My account"" page was https://www.domain.com/dashboard or https://www.domain.com/dashboard/my-account (either URL would work) and we have asked you to rename the URL to https://www.domain.com/my-account. Even if you have renamed the URL, I think the URL https://www.domain.com/dashboard URL is still active and if someone visits https://www.domain.com/dashboard, he will land on ""My account"" page. So please check. If you find that https://www.domain.com/dashboard URL is still active in the site, then delete the link. And since we will no longer use https://www.domain.com/dashboard anymore, the URL https://www.domain.com/dashboard/upgradeAcc should be an invalid URL. You have to make corrections in this URL. About the ""Change password"" page under ""My account"", change the URL of this page from https://www.domain.com/dashboard/changePassword to https://www.domain.com/my-account/change-password. The URL https://www.domain.com/dashboard should not be used in any link. Currently, in this ""Change password"" page, there's a title line – ""Reset password"". Change this title line to ""Change password"". Also currently the page name of this page (the name that appears in the browser's address bar) is ""Reset password"". Change this name into ""Change password"". Similarly, currently, the URL of the mobile number changing page is https://www.domain.com/dashboard/changePhone. Rename this URL into https://www.domain.com/my-account/change-mobile-no. Similarly, currently, the time zone changing page URL is https://www.domain.com/dashboard/changeTimezone. Rename this URL into https://www.domain.com/my-account/change-time-zone. You should ensure that there will be no URL like https://www.domain.com/dashboard/my-account in the site. And also ensure that there is no URL like https://www.domain.com/dashboard in the site either." victor 33 Password : Validation : implement password strength requirement for all password fields defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Additional tasks for ITCPay.docx About password strength validation in ITCPay, as mentioned in 11th document, ITCPay site is accepting passwords like 12345678 in personal account sign up page and business account sign up page even though the password doesn't meet our password strength requirement. Our password strength requirement is- The password must contain – at least 8 characters, at least 1 letter, at least one number/special character. Now we have found that not only in the 2 sign up pages (personal and business), password strength validation is not working correctly in other pages containing password boxes as well. For example, password strength validation is not working in the password changing page under ""My account"". Password strength validation is also not working in the password resetting page that appears after clicking the password retrieval link sent to the user's email address following a ""Forgot password"" request. Password strength validation is not working in the ""Change password"" page in the admin panel. In all the cases, passwords like 12345678 are being accepted. So you have to make necessary correction now so that password strength validation works correctly in all the pages." victor 34 Password : Mobile browser - field contains ********** even if no password were previously set defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Additional tasks for ITCPay.docx When we visit ITCPay log in page from a mobile phone browser, we see ********** in the Password box even if no password has been entered. Also in password changing page of ""My account"" page, we see ********** in ""New password"" and ""Confirm new password"" boxes and maybe in ""Current password"" box as well (can't remember) even when no password is entered, when we visit the page from mobile phone browser. Also in the password resetting page that appears after clicking the password retrieval link sent to the user's email address following a ""Forgot password"" request, ********* appears in both of the password boxes (‘password' and ‘confirm password') even when no password is entered [I guess, haven't got a chance to check it practically], when we visit the page from mobile browser. Also in ""Change password"" page of admin panel, we see ********* in all the password boxes even when no password is entered, when we visit the page from mobile phone browser. Now you have to remove all these ********** those appear unnecessarily in all those password boxes for mobile browsers when no password is actually entered." victor 35 Business verification - add fileds and change text defect new 2018-02-22T16:59:16+02:00 2018-02-22T16:59:16+02:00 "document: Additional tasks for ITCPay.docx In ""Business verification"" page, after ""Company registration document (Certificate of Incorporation)"" part, add an additional part with this title – ""Memorandum & Article of Association"". In ""Memorandum & Article of Association"" part, there will be an upload box. And this upload box field will be a mandatory field. Now you have to edit the texts posted in ""Details of shareholders, directors and beneficial owners"" part. Please post this text in that part ""Please enter the names, percent of shares and addresses of the directors, shareholders and beneficial owners (who hold 25% or more shares) of the company on a company letterhead and have this signed and stamped."" replacing the previous text. Now you have to edit the texts posted in ""Authorization letter (if applicable)"" part. Post this text in this part ""If neither of the above documents mentions the accountholder's name as a director or as an authorized representative of the company, submit an authorization letter under your company's letterhead signed by one of your directors to authorize you to operate this account on behalf of your company."" Replacing the previous text." victor 36 Time zone auto detection and changes in account pages general defect somebody new 2018-02-22T16:59:16+02:00 2018-02-22T17:17:13+02:00 "document: Additional tasks for ITCPay.docx Now you have to make ""Time zone"" dynamic in ITCPay site. Each time an user log in to his account, his time zone will get reset automatically. For example, if the user log in to his account from a different time zone, his ITCPay account's time zone will automatically be updated upon his login. Apart from logging in to the account, when the user is already logged in, each time he clicks on any link in his account, his time zone will get reset automatically. For example, when an user is already logged in, if he visits to a place that has a different time zone and then clicks on any link in his account, his time zone will automatically get reset. Please enable this feature. After you enable this feature, you can remove time zone field from personal account sign up page and business account sign up page as we do not need to ask users for this information anymore. And you can remove time zone changing option from ""My account"" page as well. Though we remove time zone from personal account sign up page, business account sign up page and ""My account"" page, a time zone will always be associated with the user's account. This is because when an user receives a payment in his account, time of receiving payment should appear in the ""Date and table"" column of the ""Transaction table"" and in the ""Details"" page of that transaction in the ""Transaction table"". For calculating this time, a time zone is always need to be associated with the account. When an user sends money, the system will detect the user's time zone upon his click on the ""Send money"" button and the time of sending money should be calculated based on that time zone. But when an user receives money, time of receiving money needs to be calculated as well. For this calculation, a time zone always need to be associated with the user's account. So, our system will automatically update the user's time zone each time he log in to his account. And furthermore, even when an user is logged in to his account, our system will automatically update his time zone each time he clicks on any link in his account. Please note that the time zone associated with the user's account is used to calculate the date and time that appears in the ""Date and time"" column of the ""Transaction table"" and to calculate the date and time that appears in the ""Details"" page of any transaction in the ""Transaction table"". Also note that the date and time that appears in the ""Transaction table"" in the sender's account may not be same as the date and time that appears in the ""Transaction table"" in the receiver's account for the same transaction. Because sender's account and receiver's account may have different time zones. Our system calculates the time in the sender's account and time in the receiver's account separately. So even for same transaction, the date and time that appears in the sender's ""Transaction table"" and in the receiver's ""Transaction table"" may not be same. But I am not sure how to detect an user's time zone accurately. Will it be IP address based? How reliable is IP address based time zone? Some countries like United States, Russia have multiple time zones. Also we can detect the time of the user's computer. But how reliable is it? What if the user's computer's time is not correct. So how do online services like Gmail detect the accurate time zone of the users? You should use the accurate method of time zone detection." victor 37 Password : cookies storage - test and fix general defect somebody new 2018-02-22T17:06:04+02:00 2018-02-22T17:06:04+02:00 "'''document''': ITCPay email function issue fixing.docx Also, you should check that whether password is encrypted in cookies in ITCPay site or not. If password is not encrypted in cookies in ITCPay site, encrypt the password in cookies." victor