phi148

@Hotclutch nice information there. I think it would be good to modify this addon to tie the captcha to the form submission (rather than on pageload). That will get rid of the 2 minute problem entirely. It probably isn't a good thing to display that informational alert... most customers probably have no idea what a captcha even is

The 2 minute window is the only reason I haven't implemented this. I think there is a way to do it only when the user clicks "submit" for example, but I haven't looked into how that would change this add on. Is anyone using this currently? How are you getting around the 2 minute issue? I think a lot of people take longer than 2 minutes for the contact us or for the create account forms.

Anybody know how to modify this add-on to return categories as well (instead of just products?)

I also use this and I am willing to help as well.

Don't you have to edit contact_us.php and create_account.php as well to make the call to initReCaptcha ? For example, in "contact_us.php" don't you have to have this command somewhere? echo $OSCOM_Hooks->call('contact_us', 'initReCaptcha');

I think I fixed it. Downloaded this new file http://curl.haxx.se/ca/cacert.pem And replaced it here: /home/xxxx/public_html/ext/modules/payment/authorizenet/authorize.net.crt I *think* this is the answer. Will keep you all posted if it fails again.

I was able to capture some output: * Trying 198.241.207.102:443... * TCP_NODELAY set * Connected to secure.authorize.net (198.241.207.102) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /home/xxxx/public_html/ext/modules/payment/authorizenet/authorize.net.crt CApath: none * SSL certificate problem: self signed certificate in certificate chain * Closing connection 0 Notice the error --> * SSL certificate problem: self signed certificate in certificate chain

All, today an update was rolled out with authorize.net They call it Phase 4b. You can see it here: https://support.authorize.net/s/article/Authorize-Net-Network-Change-FAQ Ever since this happened, I noticed something very odd. Intermittently I couldn't connect to authorize.net. I narrowed it down to the IP address 198.241.207.102 Interestingly enough, the other IP that they use (198.241.206.93) works fine. These 2 IP addresses seem to change at random times. You can see these are the IPs that are allocated to: secure.authorize.net/gateway/transact.dll as shown here: https://support.authorize.net/s/article/Authorize-Net-Domains-and-IP-Addresses So essentially, depending on which IP that the endpoint resolves to, either a payment goes through or it doesn't. I think this must be a problem that has to do with me having an outdated certificate (This is my guess) Does anyone else have this problem AND does anybody have an updated certificate that goes here /public_html/ext/modules/payment/authorizenet/authorize.net.crt I was able to temporarily get around this problem by setting Verify SSL Certificate to False in my authorize.net settings in oscommerce. Thank you,

I fixed it by adding this code to create a customer profile which now lets me save the customers information so I can rebill them easily. I just added this as a last minute feature after a successful credit card transaction. Seems to work just fine for me. I also have it send me an email if it fails for some reason. That part has not been tested yet since it seems to be working and not executing that code. if ($error == false) { $g_loginname = substr(MODULE_PAYMENT_AUTHORIZENET_CC_AIM_LOGIN_ID, 0, 20); $g_transactionkey = substr(MODULE_PAYMENT_AUTHORIZENET_CC_AIM_TRANSACTION_KEY, 0, 16); $posturl = "https://api.authorize.net/xml/v1/request.api"; $content = "<?xml version=\"1.0\" encoding=\"utf-8\"?>" . "<createCustomerProfileFromTransactionRequest xmlns=\"AnetApi/xml/v1/schema/AnetApiSchema.xsd\">" . "<merchantAuthentication>" . "<name>" . $g_loginname . "</name>". "<transactionKey>" . $g_transactionkey . "</transactionKey>" . "</merchantAuthentication>" . "<transId>" . $response['x_trans_id'] . "</transId>" . "</createCustomerProfileFromTransactionRequest>"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $posturl); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, Array("Content-Type: text/xml")); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_POSTFIELDS, $content); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $response_cim = curl_exec($ch); curl_close($ch); $parsedresponse = @simplexml_load_string($response_cim, "SimpleXMLElement", LIBXML_NOWARNING); if ($parsedresponse->messages->resultCode == "Error") { $to_name = STORE_OWNER; $to_email_address = STORE_OWNER_EMAIL_ADDRESS; $email_subject = '!!! Customer Information Manager Alert !!!'; $email_text = '<span style="color:red;">Customers information was not stored in authorize.net</span>'; $from_email_name = 'Authorize.net ALERT Notification'; $from_email_address = STORE_OWNER_EMAIL_ADDRESS; tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address); } }

I need to find out for sure. You may be right. Assuming you are correct, then it looks like I need to implement Authorize.net "CIM". Which doesn't exist either right now

Hey all. I’m currently using AIM. However the “rebill” function is going away and AIM is also end of life. Having to call customers to get their payment info over and over will really become a pain and I was hoping to avoid that.

I'm in need of this too. Looks like I may have to switch payment processors if the community no longer wants to support authorize.net

Really need this to be updated! Anybody working this by chance?

I don't believe this has been done yet, but I also would be interested in this... if and when I upgrade to Phoenix.

Hi John, Yes, SSL does provide security - but only between the client and the server. It does not ensure the data itself traversing the SSL is accurate. Hashing, encryption, etc.. protects the data itself from breaches and verifies the validity of said data. Is it overkill? Probably... and again personal preference. In my opinion, if the option to further validate my data is there, I'll take it. Notice they say "not as useful for AIM or CP merchants". If it was completely "not useful" then I imagine it would of been abandoned entirely.

I use the MD5 code and I highly suggest everybody else use the new method with the sha512 hash. From a security perspective it is critical. Is security optional? Yes. However, why wouldn’t you take the extra five minutes to implement this for you and your customers security?

I don't think any exist right now. I stumbled into this just today as I was searching for a solution to the same problem.....

I always use the MD5 hash ... simply for added security. It is optional. However, as Wiljen and John stated above, this is not good news that AIM is now deprecated. I was not aware of that. We probably will survive for quite some time still... however, this will eventually bite us if we don't create a new OSC addon for the new authorize.net API

Authorize.Net is phasing out the MD5 based transHash element in favor of the SHA-256 based transHashSHA2. The setting in the Merchant Interface which controls the MD5 Hash option will be removed by the end of January 2019, and the transHash element will stop returning values at a later date to be determined. Please contact and work with your web developer or solutions provider to verify if you are still utilizing MD5 based hash and if still needed to move to SHA-256 hash via Signature Key. Please refer your developer or solution provider to our Transaction Hash Upgrade Guide for more details and information on this change. **** I received the above in an email from authorize.net. Just curious if anyone is planning on updating the module to support this? More info here: https://developer.authorize.net/support/hash_upgrade/?utm_campaign=19Q2 MD5 Hash EOL Merchant&amp;utm_medium=email&amp;utm_source=Eloqua

I haven't noticed a change in speed since switching to XML. I think it boils down to personal preference. The XML module is nice in that it should be more accurate based on the fact that it takes L, W and H into account and ties directly into your own UPS account number and negotiated rates. Probably best practice to get both versions working so you can switch easily should this happen again. We lost some sales because of it

I think I just have a super old UPS shipping module that finally bit the dust... probably due to the fact that UPS doesn't support older versions of TLS... I switched to UPS XML and that works. I'm sure there are others that may be using the old one... they'll figure it out soon enough

Anyone else having problems with UPS being down? I can't reach 153.2.228.50 which is hard coded in the UPS shipping module....

| Id | User | Host | db | Command | Time | State | Info | +------+------------------+-----------+------------------+---------+------+---------------------------------+------------------------------------------------------------------------------------------------------+ | 1330 | xxx | localhost | xxx | Query | 1 | Waiting for table metadata lock | TRUNCATE `usu_cache` | | 1331 | xxx | localhost | xxx | Query | 1 | checking permissions | TRUNCATE `usu_cache` | | 1332 | xxx | localhost | xx | Query | 1 | Waiting for table metadata lock | TRUNCATE `usu_cache` Hey all I'm running into alot of metadata locks with my SQL database (you can see above what I'm talking about). I went and looked and the "usu_cache" table is empty. Is this even used?

Is this module compatible with OSC edge (bootstrap)? Is this also still supported?

I really like this search feature, except for 1 thing. It auto-selects the first item in the search results that appear below the search window. I'd rather not have any of them autoselected, so if the user just clicks "enter" it will automatically do an advanced_search rather than always picking the first item below the search box. Any idea how to change the code to do that?