travtele615 Posted March 13, 2007 Posted March 13, 2007 I've got this installed. everything works great in test mode so far with the exception of 1 detail. When the transaction is submitted (after filling out CC info on Auth.net server) the receipt page comes back to "Your Order has been processed" finished page for checkout in the store with the URL of https://secure.authorize.net/gateway/transact.dll When you click the "Continue" button which will redirect to index.php both firefox 2.0.0.2 and opera give warning messages that the info you're submitting is not encrypted. Internet Explorer 6 doesn't complain at all. (Not a big surprise given MS track record for Security) I have checkout_process.php set as the return receipt. Am I missing something in the hand off from Authorize.net that will return to the store without the conflicting https to http warning. I would prefer to use AIM but the client doesn't want to purchase an SSL just yet so we're trying to get this SIM working. Thanks Travis
vasttech Posted March 13, 2007 Posted March 13, 2007 Most browsers will warn when you go from an secure page (HTTPS) to an unsecure page (HTTP) unless you have the error message suppressed in the options for that browser. I would also check to make sure your return receipt url setting in authorize.net is set to return to http and not https. Lastly, from the checkout success page you want to make sure it is pointing to a http and not https url for index.php on the continue button. Finally, if you do have a SSL certificate you may see this error if you try to load images on a secure page with an unsecure url as the source. For example if the image is loaded as: <img src="http://www.yourdomain.com"> instead of <img src="https://www.yourdomain.com"> You will see errors. Hope that helps (and makes sense, it has been a long day). osCommerce Knowledge Base osCommerce Documentation Contributions
jasonabc Posted March 13, 2007 Posted March 13, 2007 I would prefer to use AIM but the client doesn't want to purchase an SSL just yet so we're trying to get this SIM working. Do you mean you are using this method with no SSL installed?? A.net AIM *and* A.net SIM both require a full SSL on your store as you are transmitting credit card information between the store and Authorize.net. This data must be encrypted. Tell your client the fee for buying an SSL (a few bucks) is nothing compared to the fines and legal fees that will be levied at him if some idle hacker grabs the numbers that his site is failing to encrypt and uses them. Your host should even have provided a free one so there is no excuse to not use it. The SIM module that comes with OSC is several years old. A.net are phasing this method out soon. Upgrade to Vger's AIM module. The return/receipt fields on the A.net side should both be blank. You are recieving the "not encrypted" message because there are elements on your page that are being pulled in over ordinary http:// connection. Get your SSL sorted out and the problem should disappear. Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix
travtele615 Posted March 13, 2007 Author Posted March 13, 2007 Do you mean you are using this method with no SSL installed?? A.net AIM *and* A.net SIM both require a full SSL on your store as you are transmitting credit card information between the store and Authorize.net. This data must be encrypted. Tell your client the fee for buying an SSL (a few bucks) is nothing compared to the fines and legal fees that will be levied at him if some idle hacker grabs the numbers that his site is failing to encrypt and uses them. Your host should even have provided a free one so there is no excuse to not use it. The SIM module that comes with OSC is several years old. A.net are phasing this method out soon. Upgrade to Vger's AIM module. The return/receipt fields on the A.net side should both be blank. You are recieving the "not encrypted" message because there are elements on your page that are being pulled in over ordinary http:// connection. Get your SSL sorted out and the problem should disappear. Thanks for the help and to clarify This is not the standard module that is included. The Credit Card transaction takes place completely on Authorize.net servers. With the module I'm using, the checkout routine only allows you to select Authorize.net as the payment method for the transaction. It does not allow or even have the option to let the customer enter any credit card info under our domain. After selecting the authorize.net for payment the next screen is the summary that allows the user to edit order info and from there they are taken to Authorize.nets server and they complete the transaction entering CC info on the Authorize.net server. Upon submitting that, Authorize.net shows the order finished page from our domain but it is under the URL of the secure Authorize.net page. Thanks Travis
Recommended Posts
Archived
This topic is now archived and is closed to further replies.