Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

authorize.net difficulties


Recommended Posts

I'm trying to get my authorize.net gateway working but I'm having some problems.


First, I got the gateway working with the regular authorize.net module, but it would only process payments with IE. Mozilla 1.1 gives an error of "The referrer, relay response or receipt link URL is invalid". This is documented in several places on here, so I expected it.


As suggested here, I then moved to Bao Quoc Nguyen's ADC Direct Connect module. After setting it up I get an error of "There has been an error processing you credit card, please try again."


I went back and checked everything again, this time looking more closely at the requirements, specifically the part about checking for cURL. Uh-oh, doesn't seem to be installed.


I'm on a hosted account, not sure if this is something I can install as a user with shell access, or if this is something that only the host can do?!?


I sure could use a little guidance, I'm on major burnout already from trying to absorb all of this in a week. Is the error I'm getting consistent with not having cURL?


Not sure where to go from here - Should I go back to the original module and only service IE customers? Is there additional progress I can make with cURL?


Any help would be much appreciated.





Link to comment
Share on other sites

  • Replies 128
  • Created
  • Last Reply

Hi Ed,


Did you run the command /usr/bin/curl -V ?

It will return something like "curl 7.8 (i386-redhat-linux-gnu) libcurl 7.8 (OpenSSL 0.9.6b) (ipv6 enabled)". This means you already have curl installed. Your path to curl is /usr/bin/curl .


If it does not display anything, you can try the following command:

$ whereis curl

curl: /usr/bin/curl /usr/include/curl /usr/share/man/man1/curl.1.gz

$ which curl



If you found the curl's path, then replace it in file /catalog/includes/modules/authorizenet_direct.php .


Most of the ISP host has curl installed as shell command, and your PHP does not need to be recompiled with it.


// Post order info data to Authorize.net, make sure you have curl installed

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);


Many others already installed my ADC Direct Connection module, and it is working well for them!!!




Link to comment
Share on other sites

Hi Ed,


Did you run the command /usr/bin/curl -V ?


Yes, that returns:

bash: /user/bin/curl: No such file or directory


If it does not display anything, you can try the following command:

$ whereis curl

curl: /usr/bin/curl /usr/include/curl /usr/share/man/man1/curl.1.gz

That returns:



$ which curl


That gives me:

no curl in (/usr/local/bin:/bin:/usr/bin:/usr/local/bin:.)


So it looks like I've got no curls :(


For the moment, I've turned on the manual card processing module and put a note on the payment screen for IE users to use authorize.net and others to use the Credit Card method.


I guess the next thing to do would be to determine browser and only present the module that works. I have bigger ideas than abilities though, so that one may have to wait.


In the meantime, I wrote to my host and asked about adding cURL. I'll post back what they say.


Many thanks!



Link to comment
Share on other sites

Hey folks...


I installed the ADC module...and still get the same error.......

you know...."processing the card" error...like the one mentioned above...


It's got to be something else...I followed the instructions completely.


Can anyone help.....I'd like to get this over with so I can start adding products to my site....it's bad enough I have to worry about OSC's inability to be spidered...etc....I'd at least like to get it functioning!


Thanks...please respond.



Link to comment
Share on other sites

Hi Bn,


Thought I'd post an update on this. I heard back from my host, and although they haven't made a final determination, it's not looking good.


Here's what they say:


The admins are still looking into this, but a review of reports

indicate that installing cURL without openSSL support works OK.

Problems develop when PHP and SSL is activated causing cURL to

make the server unstable. RESULT: you can't use SSL with cURL and

more or less defeats the purpose of using it.


I don't know enough about what they are saying to know if this is true.


I'll post their final comments when they decide.



Link to comment
Share on other sites

Hi Ed,


All you need is to ask them to install curl as a shell command line but not as a module in PHP. However, I don't think curl will cause the server unstable when php and ssl are activated.


They need to do the following:


- Install SSL libraries if they don't have it. http://www.openssl.org/source/

- Download curl at http://curl.haxx.se/download.html

- Make sure the paths to curl and openssl are correct before compiling curl by running this command.

./configure --prefix=/usr/local/curl --with-ssl=/usr/local/openssl


cURL will need SSL libraries installed for it to talk https://

Here is the example:

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);




Link to comment
Share on other sites

Hi Rick,


The contribution of ADC Direct Connection that I uploaded at oscommerce should be working because I have been using it for a long time. Also, other people have downloaded it, and it worked for them too. If it does not work for you, the osc2.2 snapshot that you are using might have changed the structure or it is an old version. I used the snapshot on June_05_2002. I know that people have used osc2.2 snapshot from June 05, 2002 up to the current snapshot, and it is working well!!! Some of them even used osc2.1, but they had to twist around and it worked too!!!


Can you make sure that you go over the instruction from file Installation.txt again ? If you already done that, then you should check your authorizenet setting.


1. Log into your Authorize.Net account:

- Choose 'Settings' --> 'Automated Direct Connect' --> 'ADC (Automated Direct Connect) Direct

Response' you should have set:

Delimited Response --> No

Default Field Separator --> ,(comma)

Field Encapsulation Character --> shoule be empty and just leave it blank


- Choose 'Settings' --> 'General Connection Setup' --> 'Response String Version' you should have set:

Current Version --> 3


- Choose 'Settings' --> 'General Connection Setup' --> 'ADC Secret Value' you should have set:

Value Set --> No (equivalent to no value has been set)


2. In your OsCommerce admin, make sure you have set:

Allow Authorize.net --> 1 (must set to 1 for it to work)

Authorize.net Login --> (Your actual login authorizenet LoginID must be set.)

Authorize.net Test Mode --> 0 (I always set this to 0; to do testing turn it on/off in

authorizenet account)

Authorize.net E-Mail Client --> 0 (can be 0 or 1)

Authorize.net E-Mail Merchant --> 1 (can be 0 or 1)

Authorize.net Method --> CC (should be CC)


Open file /catalog/includes/modules/authorizenet_direct.php and make sure your x_PASSWORD is set to your Authorize.Net password!!!


3. To place a test order, in your Authorize.Net and switch it to test mode:

- Choose 'Settings' --> 'Test Mode' --> Click on 'Turn Test On' Button


Go ahead and place a test order by entering real credit card number and expiration date. It should be working.



If it does not, try the following code to echo out the $key and $value before they are passed to authorizenet server. If the $value is empty, check $order->customer and $order->delivery in your /catalog/includes/class/order.php


In file /catalog/includes/modules/authorizenet_direct.php, modify it to echo data out for testing.

// concatenate order information variables to $data

while(list($key, $value) = each($form_data))

{ // testing only

$test_data .= "$key=$value<br>";


$data .= $key . '=' . urlencode(ereg_replace(',', '', $value)) . '&';



// take the last & out for the string

$data = substr($data, 0, -1);



// Post order info data to Authorize.net, make sure you have curl installed!!!

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);


// testing only

echo $test_data;





Hope this will help,


Link to comment
Share on other sites



I downloaded the latest "developer" version and not the stable one.


There isn't any "authorizenet_direct.php" in the directory mentioned but there is a authorizenet.php


There is no space for password or string in the file, I searched.


Everything else is fine, I have the AuthorizeNet and the other settings are set based on your specs. I do not understand why when in the module setup via the OSCommerce Admin menu does not allow you to add the user name and password.


I remember how MIVA had it's module setup. Where the URL for the dll was at, the user name and password, test mode or not and one or two other options.


Do I need to download additional modules or I should download the stable version (2.1) instead of the v2.2 OSCommerce.

Link to comment
Share on other sites

I am also having difficulty with this module. I believe my problem must lie in the version or snapshot I have installed. My snapshot does not have the following file...




Any suggestions?


I performed the check that was mentioned above which echos the field values sent to Authorizenet. Most of the field values are empty, and I'm not sure how to pull them from a different source. I'm capable of tweaking, but not redesigning.

Link to comment
Share on other sites

I have to look on my AuthorizeNET control panel and check few things out. It wasn't working right and than I got it to sort of work and get the red message saying that couldn't authorize it.


I used a real/good credit card.


I am not sure why the defaulted authorizenet.php file in the include is not working and we have to download the other(s) the contributors file.


I also have to figure out and see if I can link MS Access or other DB to the remote SQL server and have prices updated from a Windows Based program. Maybe do some B2B with others and use their Product#ID and have maybe 1-3 Letter or Number in front or ending to identify my own part number.

Link to comment
Share on other sites

Do we need to be having https:// active and working or not. For the domain I am testing OsCommerce is not enabled. I could enable it but I wanted to know if it plays a major role.


It is important because of the 'lock' people like to see but I wanted to know if that caused the transaction to not go through.


In authorizenet_direct.php it has the:


// Post order info data to Authorize.net, make sure you have curl installed

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);

Link to comment
Share on other sites

Hi All,


Here is the information how to connect to your authorizenet merchant account. First of all, you need to know what method of connection do you want to use for authorizenet, ADC Relay Response or ADC Direct Connection ? You can go here and read about these two connection methods:







If you want to use ADC Relay Response then osc2.2 already came with it.


All you need to do is to register with a reseller of authorizenet.com, and that reseller will send you the LoginID and Password. You need to add only the LoginID in osc2.2 admin. That's all you need to do with osc2.2.


From your authorizenet merchant account, originally your account is in password required mode. You will need to take it out of password required mode in order for you to test the site without error like "There has been an error processing you credit card, please try again.".


Log into your Authorize.Net account and choose 'Settings' --> 'Security'. Within 'Security Settings' uncheck the box 'Require Password for ALL Transactions' press the Submit button.


The Password Only mode setting mandates that the system to only accept transactions that are sent with the password, therefore eliminating unauthorized outside transaction requests. That is why, I prefered to use ADC Direct Connection.


Also, in 'Settings' --> 'Automated Direct Connect' --> 'ADC (Automated Direct Connect) Relay Response' you need to add in 'URL' field:


Click on the 'Submit' button to add it in. This is your "Default Relay Response URL".


Next, you need to add this same URLs by clicking the 'here' link at the bottom of that page and click on 'Add URL' to add in 'URL' field:


Click on the 'Submit' button to add it in. This is your 'Default Receipt Link URL'.


Referrer URLs are required as an additional security feature for the ADC Relay Response!!!


Go to 'Setting' --> 'General Connection Setup' --> 'Referrer URLs' --> 'Add URL' to add in 'URL' field:


Click on the 'Submit' button to add it in. This is your "Valid Browser Referrer URL".


That's all you need to do for ADC Relay Response!!!



If you want to use ADC Direct Connection then go to the following link and read my instruction how to replace and change authorizenet code. ADC Relay Response came with OsCommerce doesn't work in Netscape6.1 and older Netscape versions and some of AOL browsers due to the error "Invalid Referer". I suggest that you should use ADC Direct Connection method so that your customer can check out from any browsers.


Go to contribution and download my codes:




Here is the info for getting authorizenet account:

Here is the link to the lowest cost that I found for applying authorizenet merchant account. There is a once time setup fee of $150, which is much cheaper than any other resellers. My merchant bank is iPayment Inc. (Humboldt Bank of Eureka. CA), and I registered my merchant account here.




You can contact Sue 1-800-446-1127 ext 208 to ask any question; she will help you to setup an account.


Merchant Account:

-$10 monthly statement fee

-Discount rate of 2.15-2.47% and .30 per transaction

-Monthly minimum of $25 (only charged if you do not meet the monthly minimum in processing.


Authorize.Net Payment Gateway:

-One time fee of only $150 for the ADC, web link, and virtual terminal

-$15 monthly gateway fee

-Free E-Check acceptance

-Free Air Pay software.


The approval process is quick. The bank documents are sent to you with a deposit of $50 paid. Upon receiving them back, as long everything is complete, they will have a merchant number for you within 24-48 hours. You will then become operational the following day.


This is the cheapeast price that I have found, and my current total monthly fee for authorizenet merchant account is only $25. I signed up for 2checkout.com before, but their discount rate is too high and their service is not that good.



https:// does not need to be active and working for ADC Direct Connection, but you need SSL libraries installed in order for Curl to talk https://

Here is the example:

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);


Also, https:// does not need to be active and working for ADC Relay Response. However, I think we should always use SSL for customers to be safe when they enter sensitve information like credit card number and password.



Best Regards,


Link to comment
Share on other sites

I've tried everything to make this authorize.net work....I can't even get it working again with the relay method.....I'm using 2.2.....I believe the snapshot was from back in July....(my ISP installed it...and he's out of town...)...I'm not familiar on how to install the new snapshots......because of the changes I made...I did not want to overwrite them....


Does anybody have their's working?....Direct or Relay????!!!!


I was on the phone with A/Net for awhile...they tried to help...but said it must be in the cart's script somewhere.


Thanks Folks....

Link to comment
Share on other sites

It works now. Thanks for sharing your settings on AuthorizeNet.


I don't think I would have been able to figure it out without some extensive work and research. I was about to cancell my Merchant ( I haven't used it in over a year ). Waste of money but I might just add a shopping cart for the heck of it.


If people owe me money I'll tell them to go send me money via shopping cart of PayPal :)

Link to comment
Share on other sites

I had to change a lot of the file authorizenet_direct.php to make it work. The biggest change was the x_Verison number. I deleted that completely as Authorize.net is on 3.1 now, not 3.0.


Also, on line 119 of catalogincludesmodulespaymentauthorizenet.php, it's written:


if ($x_response_code != '1') {


You have to make sure that you have the correct settings in your Authorize.net account, because mine was by default sending back the success code as '1'. This if statement isn't checking for '1', it's checking for 1 (sans quotes). I made a simple change to:


if ($x_response_code != '|1|' {


And then went into my my authorize.net account (settings/automated direct connect/adc direct response/) and make it report back with field encapsulation character of the | (pipe) and everything worked fine.


Great script, though.




Link to comment
Share on other sites

Hi Patrick,


The version 3.0 response string is different from the version 3.1 response string. The version 3.0 response string contains system fields 1-38 and echoes merchant defined fields from field 39 on, in the order the system received them. The version 3.1 response string contains 68 system fields with field number 39 representing the x_cvv2_resp_code. In the version 3.1 response string, merchant defined fields are echoed from field 69 on. Merchants wishing to use the CVV2 response code must switch to response string version 3.1. The response string version is set from within the Merchant Interface.


I am using 'Response String Version' 3.0 . Click on that pull down by following this step. I think either version 3.0 or 3.1 will work fine, but if you are using 3.1, you need to twisted the codes when you want to get the correct merchant defined field.


- Choose 'Settings' --> 'General Connection Setup' --> 'Response String Version' you should have set:

Current Version --> 3.0


From Implementation Guide of Authorizenet

Field 1

x_response_code --> Indicates the result of the transaction.

1 = Approved

2 = Declined

3 = Error


How can I take the results from authorize.net and return customers to a success or error page based on approval or denied response from authorize.net?


In the file /catalog/includes/modules/authorizenet_direct.php of my contribution the function exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll",

$response) will return an array $response from authorize.net. Base on this info and $payment_modules->before_process() is called after that, which is the function before_process() in



function before_process()

{ global $response;


// Change made by using ADC Direct Connection

$response_vars = explode(',', $response[0]);

$x_response_code = $response_vars[0];


if ($x_response_code != '1')

{ tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' .





In this function, the array is exploded by the comma (your default delimiter), and base on the first element of this array, if it is not equal to 1 (invalid credit card), then it is being redirected back to the checkout_payment.php with the error message like "There has been an error in your credit card. Please try again." If it is equal to 1(valid credit card and has been approved), then your checkout_process.php is continue and insert the order into db and send email confirmation. At the end of checkout_process.php, it has the

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')) which redirect to the success page.


Hope this will give more detail,


Link to comment
Share on other sites

Excellent information, thanks. We prefer to use 3.1 because I am going to attempt to intergrate CVV down the road.


Any idea why we consistently get Array as the country in the Merchant email from Authorize.net? Could it be because I am using different version? If it matters, here are the settings in authorizenet_direct.php:


	$form_data = array(

x_Login => '[i]my username[/i]',

x_PASSWORD => '[i]my password[/i]',

x_ADC_Delim_Data => 'TRUE',


x_Type => 'AUTH_ONLY',

x_Method => 'CC',

x_Amount => number_format($order->info['total'], 2),

x_Card_Num => "$x_Card_Num",

x_Type => "AUTH_ONLY",	

x_Exp_Date => "$x_Exp_Date",

x_Email_Customer => 'FALSE',

               x_Email_Merchant => 'TRUE',

x_Cust_ID => "$customer_id",

x_First_Name => "{$order->customer['firstname']}",

x_Last_Name => "{$order->customer['lastname']}",

x_Address => "{$order->customer['street_address']}",

x_City => "{$order->customer['city']}",

x_State => "{$order->customer['state']}",

x_Zip => "{$order->customer['postcode']}",

x_Country => "{$order->customer['country']}",

x_Phone => "{$order->customer['telephone']}",

               x_Email => "{$order->customer['email_address']}",

x_Ship_To_First_Name => "{$order->delivery['firstname']}",

x_Ship_To_Last_Name => "{$order->delivery['lastname']}",

x_Ship_To_Address => "{$order->delivery['street_address']}",

x_Ship_To_City => "{$order->delivery['city']}",

x_Ship_To_State => "{$order->delivery['state']}",

x_Ship_To_Zip => "{$order->delivery['postcode']}",

x_Ship_To_Country => "{$order->delivery['country']}",

x_Customer_IP => "{$HTTP_SERVER_VARS['REMOTE_ADDR']}",


Thanks for the great contribution, BTW.




Link to comment
Share on other sites

I still haven't received a reply from my host on the cURL situation, but I did find this line in the Server Info display of OSC.


'./configure' '--with-config-file-path=/etc' '--enable-safe-mode=yes' '--enable-force-cgi-redirect=yes' '--with-gdbm' '--with-mysql' '--with-exec-dir=/www/cgi-bin' '--bindir=/www/cgi-bin' '--enable-ftp' '--with-jpeg-dir=/usr' '--with-gd' '--with-curl=/home/software/php-4.1.2-curl/libcurl-static'


It mentions cURL, so maybe I have it somewhere?!?!?!? Anyone know what that config command indicates in terms of cURL?





Link to comment
Share on other sites



I went back and started over. Downloaded all the files afresh and went through your installation instructions. I've incorporated all the other tips you have in this thread. I'm still not getting anywhere.


A couple of things:


1) I think I'm using a snapshot that I downloaded on 9/19/02. I'm not sure if that is the snapshot "version" or not. Could that be any kind of problem?


2) Regardless of the snapshot, I am using your latest contribution files and directions.


3) cURL is exactly where it's supposed to be according to my hosting folks.


4) SSL is enabled for my site through my hosting firm. Is there anyplace where I need to tell osCommerce that secure transactions go through




rather than





5) Does veverkap's recommendation to use the "|" encapsulation character in authorizenet make sense or would it help?


I guess I'm getting a little frustrated that others can make this work, but I don't seem to be able to. It's the only thing keeping me from going live.


jerry Nielsen

Link to comment
Share on other sites

  • 3 weeks later...

Well, now I'm totally confused...before the October 30th Authorizenet changes were announced, I had a shopping cart that processed payments through authorize.net just fine, not a hitch. I downloaded the contribution and followed all the steps, and now we get error messages saying the credit card cannot be processed. For now I've switched back to credit card module and turned off the authorize.net module, but I would really love to get it working again. I'm using 2.2 snapshot which I downloaded and installed in late September.

Link to comment
Share on other sites

First, thanks for getting this going, I've had problems with authorize.net for over 6 months.


I followed the directions in install.txt, however I'm unable to get it going either. I'm getting:

Call to undefined function: tep_db_prepare_input() in /usr/www/path/to/authorizenet.php on line 25

I am also missing a file mentioned in the instalation instructions, /catalog/includes/class/order.php


Did I miss something? I don't even have a class subdir (I have classes) in includes.

Where can I find this file? Is there another upgrade I should do before I can make this work?

Link to comment
Share on other sites

Maybe what's happened is that the instructions and contribution were written for an earlier version/snapshot of OsCommerce than we are using...and if so, we need something to update the instructions so we're all on the same page. I did read that 2.2 (which is what I'm using) didn't need all the page tweaking to work with authorize.net, so I didn't tweak anything...until last week when I read that I might need to change how I worked with authorize.net, and I added the contribution. I really ought to write stuff down when I work with files, but once I got it working I was so relieved to have accomplished that much I didn't bother (figured I didn't have to fix it if it wasn't broken). But now that I've added the contribution and made the changes, I don't know how to take it back where it was before. I can't handle doing a complete reinstall, I've done so much customizing

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...