Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

A little help with Authorize.Net ADC


SsZERO

Recommended Posts

I have been using the authnet ADC connection mod provided in the contributions without a problem for several months, up until now. Whenever someone tries to pay using a credit card, they get sent back to the payment method screen with the standard osC error.

 

I have tried all I could think of to fix this and due to the lack of information provided by the error, I really have no way of pinpointing the problem. It seems like no data is ever sent to authorize.net in the first place.

 

Anybody else have a similar problem? My site is running PHP 4.3.2 and Redhat Linux 7.3 with Apache 1.32 as the web server.

 

-= SsZERO =-

-= SsZERO =-

Link to comment
Share on other sites

FINALLY!! I found the problem and fixed it!!!

 

THe problem is like this:

 

Authorize.net made a nasty little change to their system which they did not well inform many clients about. If you switch to using ADC/AIM, you MUST delete ALL relay response / weblink URLS within the admin area of authorize.net. I had a few relay URLS from when I was using weblink and before the Authorize.net change, having these URLS there did not affect ADC. But after the change, for "security" reasons, I was not able to establish a connection to auth.net.

 

So hopefully this will help someone out who is in a similar situation.

 

-= SsZERO =-

-= SsZERO =-

Link to comment
Share on other sites

SsZERO:

Hey, something I've been asking others using Authorize.net. How does it integrate into your site? Does it send people to an Authorize.net site or do you stay on your site? If it sends you to an Authorize.net site, how does it look?

 

Austin519

Link to comment
Share on other sites

I'm pretty sure I read somewhere it keeps the customer on your site. I just got my merchant account and I'm looking for the best shopping cart to work with Authorize.net

 

 

SsZERO:

Hey, something I've been asking others using Authorize.net. How does it integrate into your site? Does it send people to an Authorize.net site or do you stay on your site? If it sends you to an Authorize.net site, how does it look?

 

Austin519

Uncensored Hosting, Photography, Video, Graphic & Web Design!

"Your Satisfaction Is Our Art!"

Link to comment
Share on other sites

The ADC (aka AIM) connection method keeps customers on your site. The data is sent to authorize.net, and a response is received by osC immediately, thus the customer never leaves your site.

 

The "stock" auth.net module included with MS1 and newer versions of osC uses SIM, and that actually takes customers to the authorize.net site. Most customers would not be able to tell unless they looked at the address bar in their browser.

 

I do not like SIM, and it does not work right with all browsers anyway. AIM/ADC works right with any browser, and is the most secure way of processing cards in realtime.

 

If I can help anyone out with setting up their payment system, just reply to this thread. If you want more help with your site, PM me, my company does extensive work with osC customization.

 

-= SsZERO =-

-= SsZERO =-

Link to comment
Share on other sites

CISP is an initiative started by VISA to provide a set of guidelines for keeping customer account data secure. Below are the 12 basic requirements.

 

The CISP Requirements:

 

1) Install and maintain a working firewall to protect data

2) Keep security patches up-to-date

3) Protect stored data

4) Encrypt data sent across public networks

5) Use and regularly update anti-virus software

6) Restrict access by "need to know"

7) Assign unique ID to each person with computer access

8) Don't use vendor-supplied defaults for passwords and security parameters

9) Track all access to data by unique ID

10) Regularly test security systems and processes

11) Implement and maintain an information security policy

12) Restrict physical access to data

 

As you can see, most of CISP has to do with how your set up your webserver and how you manage the sensitive data. Basically, for realtime transactions the only applicable point is #4, and AIM/ADC is the best way of achieving this.

 

Using PHP, you can post the data to the payment processor using an external program like cURL or PHP's built in fsockopen(), fwrite() and fread() commands. In my opinion, PHP's fsock commands are better to use because they will work on virtually all servers, whereas with cURL you tend to run into issues if it is not set up properly and compiled with SSL.

 

As far as setting up a recurring charge, that is a bit misleading. Last time I checked the docs, recurring charge only sets the type of payment, but you still need to initiate a transaction from your server (you will want to double check that, I am not sure off the top of my head). My company has done a few subscription sites that needed recurring billing and we used a crontab to handle automated recurring billing. Whether you decide to go with PHP, ASP or ColdFusion, there are similar ways of working that type of functionality into your system. I recommend PHP because it is free, and it is very robust. :) But there are some cool things you can do with ASP for people using IE (85% of the net) that are not as easily done with PHP.

 

I do not know what specific information you want, but if you already have an account with authorize.net, I would suggest logging into your control panel at https://secure.authorize.net and read up on their online documentation for AIM integration.

 

-= SsZERO =-

-= SsZERO =-

Link to comment
Share on other sites

LOL The online reading is the steep learning curve I was referring to . . . My severs are all *nix based. I don't do winwoes :lol:

 

Since I will have to this at least three times over the next few months I will take my time on integration/reading.

 

Thanks for the insight.

Uncensored Hosting, Photography, Video, Graphic & Web Design!

"Your Satisfaction Is Our Art!"

Link to comment
Share on other sites

You asked for a synopsis. :)

 

If you have any specific questions, feel free to ask. If I cannot answer them for you, maybe someone else here can.

 

-= SsZERO =-

-= SsZERO =-

Link to comment
Share on other sites

SSzero,

Quick question for you. How hard is the switch from SIM to ADC/AIM? I just got my authorize.net account set up and working with SIM, but I wanted to add the CVV contrib and it seems the best way to do it is to switch to the ADC.

 

I haven't had time to try installing it yet, but I just wanted to know if it is going to work right away or if it would take more tweaking.

 

Thanks

Link to comment
Share on other sites

To get ADC working is fairly simple. You download the contrib, put the files in the appropriate folders. Add a chunk of code to the catalog/checkout_process.php file, and edit authorize_direct.php with your password, and you're all set. You would then log into your auth.net control panel and delete all relay response / weblink URLs that you may have entered to get SIM working, otherwise ADC won't work right.

 

It is not complicated, but you should make sure you have cURL installed on your web server, or it will not work. ADC is much better than SIM in terms of security and IMO quality.

 

-= SsZERO =-

-= SsZERO =-

Link to comment
Share on other sites

Ok I have installed the ADC contrib, but now I am getting "There has been an error processing your credit card. Please try again."

 

I have installed the updated checkout_process.php, and inserted my password into the authorizenet_direct.php. Is there something else I am missing? The instructions basically just said to replace the files.

 

Please help!

Link to comment
Share on other sites

okay- lets say I have 4 response/receipt urls - can i delete these and reinstall them after I get ADC working or do i have to keep them deleted forever?

 

There are 2 different sites connecting to authorize.net in different ways - i need to know asap if this will work!

 

Thank you,

-Evan

Link to comment
Share on other sites

In my experience, you would need to delete all relay response URLs. At least for me, that was the only way to get my site working. It is stupid, isn't it? You used to be able to have the URLs in there, in addition to ADC and it would work fine. You can always give authorize.net support a call to confirm this, they actually have pretty decent tech support.

 

-= SsZERO =-

-= SsZERO =-

Link to comment
Share on other sites

This is a common problem, here are a few things to check:

 

- Check if cURL is installed

- Check if cURL is latest version

- Check if PHP has exec() command disabled (should be enabled)

- Delete all relay response/weblink URLs within authorize.net

- Make sure you authorize.net user id is entered in the osC admin area > modules > payment > authorize.net

 

-= SsZERO =-

 

Ok I have installed the ADC contrib, but now I am getting "There has been an error processing your credit card. Please try again."

 

I have installed the updated checkout_process.php, and inserted my password into the authorizenet_direct.php.  Is there something else I am missing?  The instructions basically just said to replace the files.

 

Please help!

-= SsZERO =-

Link to comment
Share on other sites

I know I have curl installed, I'm not sure if it is the latest version. Nor do I know if the exec command is enabled.

 

I don't have any relay response links, and my username is in the right place.

 

You can see my server setup at: http://12.129.198.136/phpinfo

 

Maybe you can tell me whether I have the latest version, or if the exec command is enabled. Thanks for your help.

Link to comment
Share on other sites

Nevermind, forgot Win32 was surprisingly forgiving on that whole thing...I uncommented php_curl.dll so now it shows:

 

curl

CURL support enabled

CURL Information libcurl/7.10.5 OpenSSL/0.9.7b

 

 

On my php info...so I assume I'm golden.

 

SsZERO:

In reference to your very helpful information...I assume that just allowing the dll has installed cURL (my php version was compiled with it previously I assume). It's not 7.10.6 but it's close. As for the exec()...where is that to enable (forgive my ignorance)?. And after that I should be good?

 

Austin519

Link to comment
Share on other sites

Erg...okay another post...it still doesn't work. Here are my steps, what am I missing?

1)Edited the authorizenet_direct.php with my password (I assume it means the one they sent me via email?)

2) updated the checkout_process.php with the newer contribution

3) uncommented php_curl.dll in my php.ini file so my server now shows cURL running

4) enabled test mode on my authorize.net settings page

5) enabled test mode (test vs. production) in the Authorize.net payment module

6) checked that Authorize.net was using transaction version 3.1 (or whatever that is).

7) tried test CC # 4007000000027 with CVV 999 and an expiry date later than the current date

 

Still nada. This is literally all I have configured, nothing more. Do I need to at the moment change the response/receipt URL's or anything else just to see if it works? Any idea what's still throwing this problem? SsZERO it'd probably help everyone to do a literal step-by-step from when they grant you the account to how you have yours working...if you don't mind doing it. Thanks all.

 

Austin519

Link to comment
Share on other sites

Okay thank god...it works. Now I'm going to try with my own credit card. Here's what I left out

 

8) At the bottom of Authorizenet_direct, change the cURL path to your cURL path

9) Add libeay32.dll and libssl32.dll to your cURL folder

 

One thing I am curious to try is using my transaction key instead of my authorize.net password in the authorizenet_direct.php. It should work fine, and would be a lot safer than having your Authorize.net password in there...

 

Austin519

Link to comment
Share on other sites

Okay guys...yeah...it works. I talked with Auth net tech support, and this is definitely the better way to go...inside your authorizenet_direct.php you will see:

 

$form_data = array(

x_Login => MODULE_PAYMENT_AUTHORIZENET_LOGIN,

x_tran_key => 'Your Trans Key',

// removed: x_PASSWORD => 'Your Password',

x_Delim_Data => 'TRUE',

 

Add the x_tran_key as I showed above and remove x_PASSWORD. This is a safer implementation.

 

Austin519

Link to comment
Share on other sites

I have the AIM (ADC) working, but when I run it on the test mode, there is absolutely no mention of the CVV verification like there is on the AVS (code P = not processed). Is this the case for everyone or is there a problem with my CVV settings? I have echoed the pre-process data and the concatenated string and the CVV is included in the submission to the gateway. No manual mentions anything about it and I was just curious so I don't make myself crazy looking for something that's not there anyway :)

 

Yes, I have AN set to 3.1 and yes I have x_version => '3.1' in the string, still no sign of CVV checking info.

 

Thanks...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...