baddog

For what it's worth, I've never been able to get the stock AIM module to work but I did get the AIM contribution started by Vger to work. If you're using the stock AIM module, you might try Vger's version.

Take a look at the section entitled Integration Methods Explained in the Authorize.net knowledge base. You might consider using the AIM integration method. Personally, I use http://addons.oscommerce.com/info/4091

There is some configuring you need to do at the authorize.net end to make sure the order is accepted by them and the customer is returned to your site (where the order is captured on your end). You need to log in to your authorize.net control panel to do that.

Response Reason Code: 98 Response Reason Text: This transaction cannot be accepted. Notes: Applicable only to the SIM API. The transaction fingerprint has already been used. Integration Team Suggestions: Part of the security feature for SIM (Simple Integration Method) includes the generation of a fingerprint hash. The fingerprint hash is generated by a function in the scripting that uses five parameters to calculate the fingerprint. The parameters are: amount, sequence number, timestamp, transaction key and login ID. Any fingerprint hash can only be used once in 24 hours. If a customer fills in incorrect information and the transaction is declined, they cannot click Back and re-enter the information as this will attempt to use the same fingerprint hash in resubmitting the transaction request, which will result in error 98. The customer must be directed back to the page that establishes the amount of the transaction request, then re-enter information from that point on. See http://developer.authorize.net/tools/responsereasoncode/

I'd start by reviewing the configuration at authorize.net's end. See http://www.authorize.net/support/SIM_guide.pdf

I've never used that tool before. I'll play around with it. Can you suggest what I should enter in the boxes to set up RedCarpet as a new User Agent? Description: User Agent: App Name: App Version: Platform: Vendor: Vendor Sub: Thanks.

Well, I have Prevent Spider Sessions set to True and I can tell you that this thing puts stuff in a cart.

66.235.127.136 - - [01/Apr/2009:06:00:56 -0400] "GET /catalog/index.php?cPath=326&sort=products_sort_order&action=buy_now&products_id=735 HTTP/1.1" 302 680 "-" "RedCarpet/1.4 (http://www.pronto.com/robots.html)" Maybe it wasn't Teoma after all.......... This is what made me think it was: NetRange: 66.235.112.0 - 66.235.127.255 CIDR: 66.235.112.0/20 OriginAS: AS16798 NetName: ASK-DOT-COM-NETWORK NetHandle: NET-66-235-112-0-1 Parent: NET-66-0-0-0-0 NetType: Direct Assignment NameServer: NAME1.ASK.COM NameServer: NAME2.ASK.COM NameServer: NAME5.ASK.COM NameServer: NAME6.ASK.COM Comment: http://www.ask.com Need to add RedCarpet?

I think I'm seeing Teoma getting sessions and adding stuff to carts now (based on the IPs I see on Who's Online). Has anyone else seen this, or am I wrong? Should the / be removed? Can it be listed both with and without the /?

Looks okay now. When I first pulled it up all I saw was a page explaining how it worked with a dead link to the "install instructions" that used to be on the originator's Web site. Maybe I opened up the wrong file or something. BTW, I could never get those pesky watermarks to work right either.

I uploaded the instructions I had for v1.14 minus the sql query. If anyone needs the sql query (it's in the zip files), I can post it.

Interesting installation instructions............................did you look at them before uploading? :huh:

http://forums.oscommerce.com/index.php?showtopic=162244

I'd start a new thread on that point. No need to hijack your own thread. ;)

Tell the guy you want him to tell you how to set up a self-signed SSL on your site. Bet he can't do it unless you upgrade to a dedicated IP. Tell him it's false advertising to say all accounts come with a shared SSL if they don't. Better yet, ask to speak to someone who knows what a shared SSL is and how to use theirs on your site. Or ask what you need to do to get your money back under their money-back guarantee.

I don't think that's right. I don't think the shared certificate will be a self-signed one. If it is, it's a rip off and I'd look for another host.

This is the warning I get: web31.justhost.com uses an invalid security certificate. The certificate is not trusted because it is self signed. (Error code: sec_error_untrusted_issuer)

BTW, regarding self-signed certificates: They won’t be trusted in any web browsers and will throw a big error message unless you tell each web browser to trust them. See Article

They are trying to sell you an upgrade. That's all. There is no reason you can't run an osCommerce store using a shared SSL. I've done it more than once. They just need to tell you how to set up the path in your configure.php files. Again, you might be able to find it by poking around in your Control Panel. I didn't find it (big surprise) on their support pages. They claim to have great support. Doesn't sound like they deliver on that claim.

A shared SSL Certificate is provided with every Just Host account. Click Here

Check this out: http://www.verisign.com/ssl/ssl-information-center/ I think your first decision after deciding to go with your own SSL is whether or not you want an Extended Validation SSL. For now though, I'd still go with the shared SSL if it was me.

I've seen plenty of sources for an SSL for $30 or less. Your host should be able to provide the path to use if you want to use the shared SSL (which I would do if in your shoes). If they won't or can't, try looking at their support site or Google it to see what you can come up with. There might even be something under your Control Panel that would point you in the right direction. Which host are you using?

You should Google both PCI and SSL. On PCI, you can read up on what you can or can't do when it comes to collecting and storing CC information. There is a contribution that will let you clean out your database entries to X out all but the last 4 numbers of any CC number stored in your database. On SSL, you'll find that they are pretty inexpensive. The expensive part is having a dedicated server or VPS where you install it yourself or getting your host to install it for you. You should get the same protection out of a shared SSL as you get out of a dedicated one, you just have to know what paths to use in your configure.php files. If that's not true on your host server, I'd suggest looking for another host as soon as you can.

I've run stores on a shared SSL before. It's not my preference but it does work. For a smaller account you can use the CC module to capture the CC number and expiration date (but I think that puts you out of compliance when it comes to PCI) or start out with PayPal until you think it will pay to set up an account with a supported gateway. I'd hold off going with the dedicated IP and SSL until I got comfortable with running the store unless you don't mind spending the cash to upgrade right up front.

Live or test mode?