Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[CONTRIBUTION] Authorize Net AIM module


Vger

Recommended Posts

Hello,

I followed the instructions provided with this module. When I am on the checkout_payment.php page there is no option to use this method for paymet. I double checked to make sure it was enabled in the admin page and it was. Any suggestions? I need to get Authorize.net and osCommerce working together by this Tuesday.

 

Before installing this module, I was trying to use the original Authorize.net module. We processing it returned me to the login page.

 

Here is my phpinfo page http://racewayonline.com/phpinfo.php

 

Thanks,

Jeffrey Wray

 

Do you have configutation cache (or "faster page loads,less database queries") installed? If so, in your admin, click configuration -> my store -> edit and then click save. the reason is that you need to update the cached configuration file. This is only if you have that contribution installed.

Link to comment
Share on other sites

Try uninstalling the Authorise Net AIM module via your admin panel and then reinstalling it. But if the previous module did not work then you probably have your includes/configure.php file set up incorrectly.

 

Both your http and https cookie domain settings should be 'www.racewayonline.com' - neither should have http:// or https:// as part of them - it's a domain and not a url setting.

 

Vger

 

The problem I was having is now fixed. I forgot to remove the Authorize.net module that came with osC.

Link to comment
Share on other sites

  • 2 weeks later...

This contribution is simply awesome!

 

I just have a question about authorize.net's order_id field , For some reason once the orders go through the order id is always "1" instead of what the actual order id is.

 

I'm pretty sure it has something to do with this : but i'm no php expert or sql expert by anymeans

 

// Calculate the next expected order id

$last_order_id = tep_db_query("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");

$new_order_id = $last_order_id->fields['orders_id'];

$new_order_id = ($new_order_id + 1);

 

 

The description and product information passes through to authorize just fine is great, From authroize I can tell what product was orderd which is perfect. Just the order ID is giving me a headache as we use that to reconcile or orders.

 

Any help would be great! Thanks!

-Chowpay

Link to comment
Share on other sites

This contribution is simply awesome!

 

I just have a question about authorize.net's order_id field , For some reason once the orders go through the order id is always "1" instead of what the actual order id is.

 

I'm pretty sure it has something to do with this : but i'm no php expert or sql expert by anymeans

 

// Calculate the next expected order id

$last_order_id = tep_db_query("select * from " . TABLE_ORDERS . " order by orders_id desc limit 1");

$new_order_id = $last_order_id->fields['orders_id'];

$new_order_id = ($new_order_id + 1);

The description and product information passes through to authorize just fine is great, From authroize I can tell what product was orderd which is perfect. Just the order ID is giving me a headache as we use that to reconcile or orders.

 

Any help would be great! Thanks!

-Chowpay

 

 

Comment out that code and use the following:

 

// BOF: Authorize Net AIM Invoice Number Fix
// Calculate the next expected order id to pass as x_Invoice_Num
  $new_order_id = '';
  $inv_id = tep_db_query("select orders_id from " . TABLE_ORDERS . " order by orders_id DESC limit 1");
  $last_order_id = tep_db_fetch_array($inv_id);
  $new_order_id = $last_order_id['orders_id']+1;
// EOF: Authorize Net AIM Invoice Number Fix

Link to comment
Share on other sites

Comment out that code and use the following:

 

// BOF: Authorize Net AIM Invoice Number Fix
// Calculate the next expected order id to pass as x_Invoice_Num
  $new_order_id = '';
  $inv_id = tep_db_query("select orders_id from " . TABLE_ORDERS . " order by orders_id DESC limit 1");
  $last_order_id = tep_db_fetch_array($inv_id);
  $new_order_id = $last_order_id['orders_id']+1;
// EOF: Authorize Net AIM Invoice Number Fix

[/quote

 

Thanks I'll test this out tonight! I was just looking at the original code, it looked alright to me what was the problem?

 

Thanks again!

Edited by chowpay
Link to comment
Share on other sites

All,

 

I had problems with this and other modules using CURL when I moved from my test server to my provider's server. The root of the problem was that the provider requires the use of their CURL Proxy. Not using this resulted in the server->client connection hanging for about 5 minutes and returning a standard DNS Name not found error in IE.

 

After tracking this down, I decided to add support to one of the modules I found. I selected this module, as it appears the most stable and clean implementation. I just posted the new addition and kept the clean installation that Vger began.

 

The hack is simple, but useful if you are using a provider that requires the use of a CURL Proxy.

 

Regards,

Brent

Edited by wheeloftime
Link to comment
Share on other sites

Comment out that code and use the following:

 

// BOF: Authorize Net AIM Invoice Number Fix
// Calculate the next expected order id to pass as x_Invoice_Num
  $new_order_id = '';
  $inv_id = tep_db_query("select orders_id from " . TABLE_ORDERS . " order by orders_id DESC limit 1");
  $last_order_id = tep_db_fetch_array($inv_id);
  $new_order_id = $last_order_id['orders_id']+1;
// EOF: Authorize Net AIM Invoice Number Fix

 

Doh.

 

Parse error: syntax error, unexpected T_VARIABLE in /includes/modules/payment/authorizenet_aim.php on line 230

Everything's funny but nothing's a joke...

Link to comment
Share on other sites

When did you see this error? Mine ran through ok (I just havent checked a.net yet)

 

That was my fault. Picked up some unicode characters on copying from the forum here. Deleted them and

 

========= ORDER INFORMATION =========

Invoice : 7

Description : Blade Runner - Director's Cut(qty: 1)

Amount : 37.46 (USD)

Payment Method : Visa

Type : Authorization and Capture

 

Thanks,

Iggy

Everything's funny but nothing's a joke...

Link to comment
Share on other sites

hmm...it shouldnt be off by one unless you just deleted the most recent order before placing another order....

 

 

That is possible that someone deleted an order from the sql db. in anycase what would you suggest to remedy this? is there a way I can add a bougus order to get the count up?

 

Thanks

Link to comment
Share on other sites

Thanks for this contribution and support thread. This is responding to some earlier posts, sorry to break the continuity. I was getting the default oscommerce message '-Your credit card could not be authorized for this reason. Please correct any information and try again or contact us for further assistance', even after trying all the fixes discussed. I printed out the curl_exec() return value, which was

 

error setting certificate verify locations:

CAfile: /usr/local/share/curl/curl-ca-bundle.crt

CApath: none

 

Although my certificate was set up properly for my site, my shared web host had not set things up so that curl could verify certificates. I am talking to them about fixing this, but in the meantime I was able to get around the problem by adding the options

 

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

 

just before curl_exec() is called. This prevents curl from verifying SSL certificates. The question is whether this fix will compromise security for this module. It seems to me that it shouldn't, since you know exactly who you're communicating with (Authorize.net). Any thoughts on this?

 

I suspect this is a problem many people are having. Having curl compiled in PHP and having SSL working are not sufficent for this module to work. Curl has to be set up with a proper CAfile as well.

Link to comment
Share on other sites

Authorize Net requires an https connection with https headers being sent. Provided you get the padlock on https pages it should work, but how secure it is (given that there is no host verification) I don't know.

 

Vger

Link to comment
Share on other sites

As you can tell from my earlier posts, I have been trying to get this module working since the start of July.

I appreciate your help during my earlier posts and would very glad of one last nudge in the right direction.

 

I am having the same problem as many people on this forum in that when I click 'confirm order' I get sent back to checkout_payment.php

It seems that people have sorted out this problem, but they never post how they do it.

 

The website in question is www.fliton.com/catalog.

It has full SSL set up and working, my base ref is correct.

I have my delimiters set up as suggested, PHP is compiled in cURL to the best of my knowledge. Force cookies is off.

 

Please help me out, the money I am being paid for this project does not even begin to reflect the amount of time I have spent on it, I just want to get it working so I don't feel like I have wasted my summer holidays sitting in my garage on the computer.

 

Thank you,

Ian

Link to comment
Share on other sites

The banner in the footer is hardcoded to an http address, which gives a mixed content 'secure/insecure' warning. If you do not allow it to display you get a secure webpage, but if you alow it to display then you don't get a secure https page. The pathway for the banner just needs to be:

'new/doc/img/inspire_main.gif'

 

See if that helps.

 

Vger

Link to comment
Share on other sites

Thanks for spotting the image, that did clear up the whole secure/not secure situation. Unfortunately I still can't process transactions.

I have gone through the whole thread and tried to make sure that everything is set up as you suggested, here is my current set-up...

 

 

I am using my API login and the correct transaction key.

My delimiters are set to No, comma and blank (No, comma and double-quote also failed to work).

PHP is compiled in cURL and as you can see SSL is working.

I have the latest version of Authorize.net AIM installed and running on test mode using the test credit card numbers provided.

My authorize.net account is AIM ready, running transaction version 3.1 and I do not have any response/receipt URLs set up.

I have forced cookies turned off because they do not seem to work on this site (ie. if I turn them on it thinks that nobody has cookies).

 

When I click 'confirm order' on checkout_confirmation.php I am returned to checkout_payment.php, the session id in the URL is replaced with a blank error message (error_message=).

If there is any more information I can provide to make it more likely that you will find the problem just let me know. I am very new to oscommerce so I am probably missing something reaaaaaally obvious.

 

I really am impressed by all the work your put into this module Vger and I appreciate enormously all the help you have given me.

Edited by UglyNephew
Link to comment
Share on other sites

If you have a full ssl certificate and 'Force Cookie Use' does not work then there is something else wrong with your website. Check in your includes/configure.php file to make sure that both http and https_cookie_domain settings are 'fliton.com' with no http:// or https:// and no www. Sorting that out should enable Force Cookie Use to work, but if it doesn't then there is something else wrong.

 

Try setting your Authorize Net osCommerce module to run in Production mode while having your Authorize Net Account set to Test mode.

 

Vger

Link to comment
Share on other sites

Default field seperator = comma (as some have found out)

 

PLEASE HELP .....i need to change this to PIPE ...because of an existing application that is coded to use PIPE

 

is there anyway to modify the module to do this? i know its the problem cause as soon as i say comma instead of pipe it works

 

thank you !!

Link to comment
Share on other sites

i just wanted to clarify.......i am referring to the setting in authorize.net direct response that let's you switch what the default field seperator is ....i need the AIM module to accept PIPE instead of a COMMA from authorize.net so i can leave that setting on authorize.net at PIPE. this is because an existing application/site will stop working if i switch it to comma (which i found out today much to the chagrin of everyone) thank you so much for an amazing module and such clear instructions to install!! i hope everyone is sending the author paypal!

 

Default field seperator = comma (as some have found out)

 

PLEASE HELP .....i need to change this to PIPE ...because of an existing application that is coded to use PIPE

 

is there anyway to modify the module to do this? i know its the problem cause as soon as i say comma instead of pipe it works

 

thank you !!

Link to comment
Share on other sites

so, as I've been working on credit card storage and using some of this module as a basis for my work (I need to authorize the card the first time to verify the cvv value being as I'm not allowed to store it), I noticed a glaring, well not glaring, but somewhat significant flaw in this module. Everything is fine except for the process_button function, where you write as a hidden form field the entire credit card number. Technically you should not be writing the cvv value either as a hidden form field (which you are) or as a plain text display to the customer.

 

Unfortunately my personal fix involves a custom mcrypt-based encryption class, but to outline essentially what can be done to get around this is:

 

in confirmation() remove the cvv display.

 

in process_button():

 

I am concatenating the card number and cvv value and delimiting them with a |

I then 3des encrypt this (using my mycrypt-based class), base64 encode that (so it won't have problems in the html) and write that to the hidden cc_num input field.

 

in before_process():

 

base64 decode $_POST['cc_num']

decrypt the field and list ($cc_num,$cc_cvv) explode('|',$decoded_cc_num)

 

and I now have a cc_number (and cvv if applicable), all the while never having them in plain text.

 

I only bring this up relating mainly to either someone leaving the checkout confirmation screen on their computer unattended, in which even when their session timed-out someone could still view source and grab the credit card number, or if the page is cached and if they could view source on the cached page and grab it from there.

 

anyway, this post really explains how to do it, you just need to figure out the encryption part. I created my own mcrypt class but if you do a search for mcrypt you will find a few already made classes out there that can handle the encrypting. sure a static in the source isn't the utmost in security either, but at least a lot more secure than the plain text credit card number in the html source itself.

Link to comment
Share on other sites

i just wanted to clarify.......i am referring to the setting in authorize.net direct response that let's you switch what the default field seperator is ....i need the AIM module to accept PIPE instead of a COMMA from authorize.net so i can leave that setting on authorize.net at PIPE. this is because an existing application/site will stop working if i switch it to comma (which i found out today much to the chagrin of everyone) thank you so much for an amazing module and such clear instructions to install!! i hope everyone is sending the author paypal!

oh, I wanted to comment on this post also..

 

in the before_process() function, simply add

 

x_delim_char => ',',

 

somewhere in the passed data. this will override whatever you actually have set on auth.net

 

actually IMHO this should be set by default in the module. that way customers with existing auth.net accounts using a non-comme delimiter don't have to worry about the module not working out of the box as the module will automatically set comma as the delimiter.

Link to comment
Share on other sites

Hi there

 

I am in test mode.

After submitting my checkout_confirmation.php, I am sent back to the checkout_payment.php page with an error in the red stripe, reagrdless of the number used (I tried all the testing numbers) I got:

 

"- Your credit card could not be authorized for this reason. Please correct any information and try again or contact us for further assistance."

 

Can't get the reason, can't get through.

 

Please note that I receive the email from AN just fine.

 

Does this happen because of the test mode and will run the order all the way through in production?

 

Thanks!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...