OK this was a major pain in the ass to find and fix, but I think I found it.
I am using an OSCMax installation with Ponce's authorize.net module. I looked through the code on oscommerce and it did not appear this was a problem.
I was getting the same generic error message:
There has been an error processing your credit card. Please try again and if problems persist, please try another payment method.
and the corresponding URL:
https://www.mydomain.com/checkout_payment.p...p;error=general
To troubleshoot this, generally speaking, this is what I did:
* intercept the "post" variable to see what was being passed through
* intercept the request to authorize.net
* intercept the response from authorize.net
What I discovered was...
* the actual request to authorize.net was not providing a credit card number
* the complete error message from authorize.net was something along the lines of "you didn't provide a credit card number"
The best way to check to see if this is the case is as follows:
* Add a product to your cart
* Go through the checkout process until you get to the checkout_confirmation.php (where you enter your credit card information)
* View the source of the web page and look for this:
<form name="checkout_confirmation"
action="https://example.com/catalog/checkout_process.php?osCsid=bnoalmp85jr96tv56nne19qp13"
method="post">
<input type="image" src="includes/languages/english/images/buttons/button_confirm_order.gif" border="0" alt="Confirm Order" title=" Confirm Order "></form>
The key here is the location of the opening <form> tag. If the opening form tag is on the line preceding the closing </form> tag, then my solution should work for you.
The problem... a web page will ONLY submit the information in the <input> tags that is enclosed between the opening and closing <form> tags. Since your payment information tags actually are rendered BEFORE the opening <form> tag, oscommerce will never actually "get" the credit card number as submitted.
On my oscMax installation, I edited the following file:
catalog/templates/fallback/content/checkout_confirmation.tpl.php
Around line 215, look for this:
<?php
if (isset($$payment->form_action_url)) {
$form_action_url = $$payment->form_action_url;
} else {
$form_action_url = tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL');
}
echo tep_draw_form('checkout_confirmation', $form_action_url, 'post');
if (is_array($payment_modules->modules)) {
echo $payment_modules->process_button();
}
Add a closing and opening PHP tag after the "echo tep_draw_form line", so it looks like this:
<?php
if (isset($$payment->form_action_url)) {
$form_action_url = $$payment->form_action_url;
} else {
$form_action_url = tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL');
}
echo tep_draw_form('checkout_confirmation', $form_action_url, 'post');
?>
<?php
if (is_array($payment_modules->modules)) {
echo $payment_modules->process_button();
}
Take the code between the first opening and closing PHP tag:
<?php
if (isset($$payment->form_action_url)) {
$form_action_url = $$payment->form_action_url;
} else {
$form_action_url = tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL');
}
echo tep_draw_form('checkout_confirmation', $form_action_url, 'post');
?>
Cut this text from this location, and paste it after line 138 (which looks something like this:
<td class="main"><b><?php echo HEADING_PAYMENT_INFORMATION; ?></b></td>
If you refresh your browser, you should see that the opening FORM tag now occurs before the payment tags. You can verify this by looking through the source code and finding the name and credit card number fields:
<input type="text" name="cc_owner" value="Joe Schmoe">
<input type="text" name="cc_number_nh-dns">
<select name="cc_expires_month">
<select name="cc_expires_year">
<input type="text" name="cc_cvc_nh-dns" size="5" maxlength="4">
I looked through the source code on oscommerce, and the opening <form> tag looks to be in the correct location.
If you want to intercept and view what is being submitted to a.net, or view the actual respone from a.net, you can do this. This is risky, so here are my disclaimers:
* Use this code at your own risk. I do no take any responsibility for your use of this code. If you pass a credit card number through, this will "log" the number, so be very careful.
* I did this with my site offline to the rest of the world. You are responsible for maintaining your own PCI compliance on your site.
* If you are on a shared host, do this at your own risk. I don't use a shared host. I did this with my own "real" credit card number, and made sure to wipe the log file clean when I was done.
* Use SFTP and SSH to ensure that information is not compromised at any point along the way.
In catalog/includes/modules/payment/authorizenet_cc_aim.php, after line 182:
$transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string);
paste this...
// begin logging of post variables, authorize.net request, and authorize.net response
$myFile = "/home/my_path/authorize_net.log";
$fh = fopen($myFile, 'a') or die("can't open file");
$stringData = "\nSENT: ".$post_string;
fwrite($fh, $stringData);
$stringData = "\nRESPONSE: ".$transaction_response;
fwrite($fh, $stringData);
foreach($HTTP_POST_VARS as $key => $value) {
$stringData = "\nPOST: $key=$value";
fwrite($fh, $stringData);
}
fwrite($fh, "\nDone.\n");
fclose($fh);
// end logging
You'll need to modify the $myfile variable to your own server. It is critical that the $myFile location not be anywhere where the web server can read it and serve it up. You may need to create $myfile as an empty text file on your server before running this.
Once you type in a credit card number and click Submit, it will log the request sent to authorize.net, the response back from authorize.net, and the actual post variables from the web form (including the credit card number).
Be sure to remove this chunk of code before putting your site back into production.
Jeff Wigal
www.referee-assistant.com