Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Getting Authorize.net SIM working without SSL


Guest

Recommended Posts

First, I am running OSC 2.2 MS2. I have installed UPS Tracking, OSC Affiliate, and Easypopulate.

 

I am trying to make the authorize.net modules functional for my situation.

 

I do not have SSL on this site.

 

I have ran the process through successfully using a test card number and in test mode.

 

My problem comes in more with the current procesing. The current method requires the card number be entered on my website and then be passed to authorizenet.com. That is not secure becasue I do not have a SSL Cert.

 

I am postive that if the card number and exp. date are not sent via the script to authorizenet, authorizenet will get that info from the customer on their secure server. (I have done it before with html.) Additionally, their page can be customized to match my site.

 

My question: How do I modify the module so that it doesn't require the card number before sending data to authorizenet?

 

Or.. Is there a contribution out there that does this already?

 

I am an "experiences novice" with perl, but have not done much programming in php. Any guidance in this matter is appreciated.

Link to comment
Share on other sites

First, I am running OSC 2.2 MS2. I have installed UPS Tracking, OSC Affiliate, and Easypopulate.

 

I am trying to make the authorize.net modules functional for my situation.

 

I do not have SSL on this site.

 

I have ran the process through successfully using a test card number and in test mode.

 

My problem comes in more with the current procesing. The current method requires the card number be entered on my website and then be passed to authorizenet.com. That is not secure becasue I do not have a SSL Cert.

 

I am postive that if the card number and exp. date are not sent via the script to authorizenet, authorizenet will get that info from the customer on their secure server. (I have done it before with html.) Additionally, their page can be customized to match my site.

 

My question: How do I modify the module so that it doesn't require the card number before sending data to authorizenet?

 

Or.. Is there a contribution out there that does this already?

 

I am an "experiences novice" with perl, but have not done much programming in php. Any guidance in this matter is appreciated.

 

As an update. I now have a functional (not real pretty yet) module to use SIM without SSL.

 

Now the customer chooses authorizenet from the payment options. After confirming everything about their order thay are taken to the secure payment form on authorizenet's server for them to enter their card number and expiration date. :D

 

The only problem that I am working on now is customizing the payment form. I need to somehow dynamically change the php to html before passing it to the authorizenet's server. :( If anyone can help me with that I would appreciate it.

 

If I can get this area working I will share the contribution with anyone that wants it.

Link to comment
Share on other sites

  • 3 weeks later...

David,

 

This is something that I am also trying to work out.

Have you been able to get things worked out?

I would be very interested in seeing your code if you're

willing to share.

 

I am a novice at php, but I'm learning.

I would love to see what you have, maybe I can help

you get it working. :)

Link to comment
Share on other sites

  • 1 year later...

I am not an OsCommerce user (yet), but I can add some relevant info.

 

I am currently using Authorize.net to process transactions using SIM with a special purpose commerce system I wrote from scratch. I provide headers html, footer HTML, custom fields to pass back to my app, and a request for the Authorize/net provided SIM checkout form. This allows my customers to enter their credit card data directly at authorize.net, and the headers'footers allow me to give it some identity. I could hide their form in my frameset, but customers would not see a secure URL and icon - so I had to choose between letting customers see the authorize.net URL or not showing up as secure to the casual user. I chose the former.

 

Authorize.net relays data back to me using a URL I provide (stuffing lots of info in POST fields), and uses an MD5 checksum (not HMAC-MD5 like it uses in the other direction) so I can authenticate it as from Authorize.net.

 

This works wonderfully, and I can use Authorize.net for my "secure" stuff.

 

So, YES, it *CAN* be done. If OsCommerce supports it, I'll be very interested in learning more since that would make it a viable system for me. Maintaining a "hardened" server, and incurring the notification/legal hassles if it's rooted, is just too much of a pain for me to even consider.

 

One thing though - Authorize.net notifies me about successful authorizations, not settlements. On rare occasion an "authorized" transaction can fail at settlement time, and would need to be manually resubmitted. The only way I have found to check for this so far is to look at the settlement report from the Authorize.net web site.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...