Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[CONTRIBUTION] Authorize Net AIM module


Vger

Recommended Posts

Vger -

 

Well, after many hours of tracking down my problem, I figured it out. Like most things it's pretty simple.

 

I needed to make sure that in checkout_process.php the call to $payment_modules->before_process() happened after the call to $order_total_modules->process()

 

My code now looks like this:

 

$order_totals = $order_total_modules->process();

 

// load the before_process function from the payment modules

$payment_modules->before_process();

 

before_process() was calculating the totals before the discounts were applied with $order_total_modules->process()

 

Seems embarassingly simple but I figured I'd post it back here in the hopes that it helps someone else out or that it can be included in future ccgv updates.

 

Thanks.

 

 

 

Outstanding! Fixed the issue I mentioned earlier with the Authorize.net AIM module. Definitely include in future releases. :D

Link to comment
Share on other sites

The placement of that code in checkout_process.php is altered by the installation of CCGV - normally it would be in a different place on the page. I will definitely include it in my next update of CCGV(trad) - my latest Contribution.

 

Vger

 

Edit - code change applied to checkout_process.php in CCGV(trad) and uploaded.

Edited by Vger
Link to comment
Share on other sites

I'm trying to find the best Authorize.net solution for my customers.

How does this compare to Authorizenet ADC Direct Connection?

 

I have avoided storing credit card # because I only know the basics about site security/hacking...and I don't want the liability of being hacked.

This line from the installation file is unsettling....because I don't know what I don't know. B)

 

The card details are stored unencrypted, so please make sure that your site is secure - YOU ARE RESPONSIBLE for the security of that information!

What are the "risks" or vulnerabilities for someone hacking osC and getting credit card info out of a properly set up/secure mySQL database

 

Is it possible to encrypt the numbers...or not even store them to eliminate the risk?

 

I truly appreciate any feedback you have about storing CC info.

Sam M. - Seattle

Link to comment
Share on other sites

I have a couple questions about the process_button() function

 

	function process_button() {
  // Hidden fields on the checkout confirmation page
  $process_button_string = tep_draw_hidden_field('cc_owner', $_POST['authorizenet_aim_cc_owner']) .
						   tep_draw_hidden_field('cc_expires', $this->cc_expiry_month . substr($this->cc_expiry_year, -2)) .
						   tep_draw_hidden_field('cc_type', $this->cc_card_type) .
						   tep_draw_hidden_field('cc_number', $this->cc_card_number);
  if (MODULE_PAYMENT_AUTHORIZENET_AIM_USE_CVV == 'True') {
	$process_button_string .= tep_draw_hidden_field('cc_cvv', $_POST['authorizenet_aim_cc_cvv']);
  }

  $process_button_string .= tep_draw_hidden_field(tep_session_name(), tep_session_id());

  return $process_button_string;
  return false;
}

 

1) Why are there two returns from this function? The second isn't reachable. Just a cleanup item?

 

2) Why is the tep_session added as a hidden field? All the other payment modules, except for the default Authorize.net (SIM) and this (AIM) module do not set the tep_session into the string. The reason I'm asking about the tep_session is that this causes the checkout_success.php page to show the SID in the URL. I would like to avoid the SID in the URL unless it's really needed.

 

Thoughts?

 

Thanks!

Link to comment
Share on other sites

// Hidden fields on the checkout confirmation page

 

The above quote is a clue. When you have session ids being generated by your site, and you reach that page with most other payment providers, if you do a View Source you can see the session id on the page - this function hides it.

 

Hiding the session id on the checkout_confirmation page shouldn't have anything to do with it appearing in the url.

 

This module works fine with Force Cookie Use enabled, when the session id is wrapped in a cookie and not displayed on the site at all.

 

Vger

Link to comment
Share on other sites

I currently have curl 7.9.2 and openssl 0.9.6b. Will it be a problem ?

 

Simple answer is - I don't know. But there are so many different servers with different setups and different versios of cuRL and OpenSSL that I'm guessing that the versions are not critical.

 

Vger

Link to comment
Share on other sites

Selecting the type of card being used would be a nice add on for this.

 

Also I like the idea of leaving off the customers credit card info all together.

 

Other then that module looks promising however my programmer is still having some issues that are all mentioned above.

 

Thanks for the effort and time. :thumbsup:

Link to comment
Share on other sites

Is it possible to encrypt the numbers...or not even store them to eliminate the risk?

What would it take to enter the CC# into the database as 4111********1234?

 

The CC# is already in the Authorize.net virtual terminal, so I don't want to store it in the mySQL DB if possible.

Sam M. - Seattle

Link to comment
Share on other sites

The following facts are based on my observation of my own entries. Perhaps I am looking at the problem but do not realize it because I wrote it.

 

When checking out in test mode (both osCommerce and authorize.net set to test):

 

1. I use the test card numbers listed in the contribution.

 

2. I have an account with authorize.net that I have been using for some time on another site that has since been shut down (by me). This is confirmed by the fact that I can log into the authorize net site.

 

3. I have SSl certified for https://www.j-w-electronics.com

The pad lock appears in ie and the URl address background colorizes in firefox.

 

4. I have entered the url https://www.j-w-electronics.com/catalog/checkout_process.php as the Relay and Receipt URL.

 

5. I am not using the Pay pal module.

 

6. Direct response is set for Delimited Response [No] , Default Field Separator ,(comma) and Field Encapsulation Character blank.

 

7. I have re-loaded the contribution several times and obtained a new Transaction key several times.

 

8. The transactin version is 3.1

 

The result is that when I confirm the transaction, I am returned to 'https://www.j-w-electronics.com/catalog/checkout_payment.php?error_message=' URL with no error message listed on the page.

 

Feel free to enter the site at http://www.j-w-electronics.indexnew/html and check it out.

 

Please advise if any other information is needed to help me out.

 

Thank you for your time and effort on this contribution.

Link to comment
Share on other sites

Try not entering a Relay & Receipt URL in the Authorize Net account.

 

Vger

 

Using no Relay & Receipt URLs, created new transaction key. Logged back onto the site. Still no joy, returned to the payement page.

Link to comment
Share on other sites

I need to get a SIM mod for Authorize.net. I have an account setup with them now and they will take care of processing the order and the SSL cert. I just need to pass the total and info to them. Then the customers enters the cc number and the process it and take them to my order done page. I have seen something like this on sites that use 2CO, when you go to pay after selecting ship method it takes you to a new page has companies name "i.e yours" and the total you enter cc info here and pay.

 

 

Please someone help me out on this SIM mod for Authorize.net

 

 

Thanks

Link to comment
Share on other sites

As this was an existing account did you change the setting in your Authorize Net account from SIM to AIM?

 

Vger

Using no Relay & Receipt URLs, created new transaction key. Logged back onto the site. Still no joy, returned to the payement page.
Link to comment
Share on other sites

This is the support thread for the Authorize Net AIM module. This thread has nothing to do with any SIM module.

 

Vger

I need to get a SIM mod for Authorize.net. I have an account setup with them now and they will take care of processing the order and the SSL cert. I just need to pass the total and info to them. Then the customers enters the cc number and the process it and take them to my order done page. I have seen something like this on sites that use 2CO, when you go to pay after selecting ship method it takes you to a new page has companies name "i.e yours" and the total you enter cc info here and pay.

Please someone help me out on this SIM mod for Authorize.net

Thanks

Link to comment
Share on other sites

Is it possible to encrypt the numbers...or not even store them to eliminate the risk?

I set up a manual CC# mask function.

Click a button below CC info and change CC# to xxxxxxxxxxxx2222 and email the masked digits to SEND_EXTRA_ORDER_EMAILS_TO.

 

I modified this contribution to suit my needs. See v1.2

I've included screen shots with contribution.

http://www.oscommerce.com/community/contributions,2509

 

I suppose it wouldn't be too difficult to make this automatic, but it works for me.

Maybe this could be integrated into 4019-AIM with automatic enable/disable.

Sam M. - Seattle

Link to comment
Share on other sites

What would it take to enter the CC# into the database as 4111********1234?

 

The CC# is already in the Authorize.net virtual terminal, so I don't want to store it in the mySQL DB if possible.

 

We discussed this topic in the thread for my "Encrypt Credit Card with mcrypt" contrib. You can find the thread by Clicking Here

 

In that discussion a person didn't want the encryption for just the same reason (auth.net saves it) The example sets all credit card numbers in the db to the format xxxxxxxxxxxx1234. You could modify the example though to come up with 1234xxxxxxxx1234.

Link to comment
Share on other sites

In that discussion a person didn't want the encryption for just the same reason (auth.net saves it) The example sets all credit card numbers in the db to the format xxxxxxxxxxxx1234. You could modify the example though to come up with 1234xxxxxxxx1234.

THANK YOU nfrobertson!

I put the two ideas together and made an automatic mask that sends the masked numbers via email.

I've reposted http://www.oscommerce.com/community/contributions,2509

Sam M. - Seattle

Link to comment
Share on other sites

Whoa, after days of virtually no response they all come at once. I may end up regretting putting this module together! I'll try to answer them as best I can.

 

1. Default field seperator = comma (as some have found out)

2. Transaction version = 3.1 (this is AIM)

3. If you previously had an account it is probably set to SIM and you need to change this.

4. "Why did you take out CVV?" I didn't - but you do have to activate it in your account at Authorize Net.

5. "the new testing a.net server is https://certification." - only if you plan to apply for certification of the module, so that osCommerce can be added to the list of shopping carts displayed by Authorize Net. I don't plan to do this.

6. As it says in the Install file - if you wish to change your Authorize Net setting to Live and change your module setting to Live but to still run transactions against the Test server then you need to edit 'secure' to 'test' in the address in includes/modules/payment/authorizenet_aim.php

7. People on Windows servers may have problems with the path to cURL. There are several possible fixes for this general problem posted elsewhere in the forums, but you need to search for them.

 

Vger

 

 

Vger - I still receive this error - can you think of anything else that could be wrong with my setup?

 

Your credit card could not be authorized for this reason. Please correct any information and try again or contact us for further assistance.

 

I have read all the forum posts:

-I set up the Authorize.net account with transaction version 3.1

-Here is what I put for my Authorize.net Response/Receipt URLs:

https://www.9fishsurf.com/catalog/checkout_process.php

-I followed your installation notes, and confirmed that my website host provider has cURL compiled (though I have no idea how I can figure out the path to it).

 

It seems like it is close to working - really appreciate your help!

 

Wes

[email protected]

Link to comment
Share on other sites

Leave the Response & Receipt URL's blank - they're used for the SIM version. Please read previous posts in this thread.

 

Vger

 

Vger -

 

Thanks - dId that, but still same error message. ANy other ideas?

 

Wes

Link to comment
Share on other sites

It would help if you said what the error was? You do have ssl installed don't you?

 

Vger

 

Vger - the error is:

 

- Your credit card could not be authorized for this reason. Please correct any information and try again or contact us for further assistance.

 

Yes SSL is installed. I can connect to my site by typing https://9fishsurf.com so I know it is working. I also made the changes to the OSCommerce configure.php script that this thread told me to:

 

http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75

 

Wes

Link to comment
Share on other sites

Vger - the error is:

 

- Your credit card could not be authorized for this reason. Please correct any information and try again or contact us for further assistance.

 

Yes SSL is installed. I can connect to my site by typing https://9fishsurf.com so I know it is working. I also made the changes to the OSCommerce configure.php script that this thread told me to:

 

http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75

 

Wes

 

 

One thing is that my host provider gives me a shared SSL certificate. They had me define a 3rd level domain for this - https://9fishsurf.websitesource.net/catalog - I can connect to this and see my website there. However, I can also connect to https://9fishsurf.com/catalog and this works too. I wonder what I am supposed ot put int he configure.php file for the HTTPS server now.

 

Considering this, do you think this is an SSL problem?

Link to comment
Share on other sites

Can someone please help me answer some of these questions:

 

1) I have a shared SSL setup from my host provider - so I have some reason to think that my HTTPS_SERVER should be set to this: https://mydomain.websitesource.net

However, I can type into a browser https://mydomain.com and it works, so is that ok to use that for HTTPS_SERVER? I'd obviously prefer to use mydomain rather than this weird websitesource.net URL.

 

2) Although I have set 'ENABLE_SSL' to true, I never see OSCommerce switching to SSL mode when I am making a purchase (no padlock, no nothing) - why is that?

 

3) For my setup, these are my values in configure.php - does this look ok?

 

Can anyone with a shared SSL certificate give me these settings so I can compare with my own (below)

define('HTTP_SERVER', 'http://www.9fishsurf.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://9fishsurf.com); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.9fishsurf.com');

define('HTTPS_COOKIE_DOMAIN', '9fishsurf.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...