Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[CONTRIBUTION] Authorize Net AIM module


Vger

Recommended Posts

>You can modify the module to use $_POST for the error and then tie it into the error messages that >osCommerce already supplies.

 

I just don't know how to do this or where. And I definitely don't know how to tie it to the error messages osCommerce already supplies.

 

Does anyone have the relevant modified file(s) where this has already been done?

 

Thanks.

Link to comment
Share on other sites

Storing CC#s

 

I have this contrib installed and working fine. One concern I have is storing CC#s. When I have the options set to authorize the transaction does not get completed by Authorize.net. (Customers account is not credited). When it is set to authorize/capture the customers account is credited but the CC#s are stored clear text in MySQL.

 

Is this by design or do I have something set incorrectly?

 

Regards, Jeff

Link to comment
Share on other sites

Storing CC#s

 

I have this contrib installed and working fine. One concern I have is storing CC#s. When I have the options set to authorize the transaction does not get completed by Authorize.net. (Customers account is not credited). When it is set to authorize/capture the customers account is credited but the CC#s are stored clear text in MySQL.

 

Is this by design or do I have something set incorrectly?

 

Regards, Jeff

Link to comment
Share on other sites

No, you have everything set correctly. Unfortunately osCommerce does not store credit card numbers in an encrypted format. You may be able to find a contribution which does that, but I don't know f one offhand.

 

Vger

Link to comment
Share on other sites

Thanks. There is an MD5 contrib. Is there any problem simply deleting the cc#s after the transaction has been completed?

 

Jeff

 

 

 

No, you have everything set correctly. Unfortunately osCommerce does not store credit card numbers in an encrypted format. You may be able to find a contribution which does that, but I don't know f one offhand.

 

Vger

Link to comment
Share on other sites

Hi Vger. I've added the Visa and M/C logos to the payment page.

 

I'm trying to figure out how to get the error messages to display on the payment page when people get dumped back because their cards are declined. I think that the code to modify is below. Could you or someone please help me with getting the errors to display in the body of the page rather than in the url? It would be great if different error messages were displayed for each of the different responses from A.net. Thanks much.

 

 // Parse the response code and text for custom error display
  $response_code = explode(',', $response[0]);
  $response_text = explode(',', $response[3]);
  $x_response_code = $response_code[0];
  $x_response_text = $response_text[0];
  // If the response code is not 1 (approved) then redirect back to the payment page with the appropriate error message
  if ($x_response_code != '1') {
	tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . $x_response_text . ' - ' . urlencode(MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_DECLINED_MESSAGE), 'SSL', true, false));

  }
}

function after_process() {
  return false;
}

function get_error() {
  global $_POST;

  $error = array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_ERROR,
				 'error' => stripslashes(urldecode($_POST['error'])));

  return $error;
}

Link to comment
Share on other sites

Once I get to checkout_confirmation, the credit card type, credit card owner, credit card number, credit card expiration date and cvv number all appear correctly on the page. Then click confirm order and transaction goes to success. The issue I am seeing is that on the 'orders' table, all fields are being correctly updated except cc_owner. Any ideas what file this code would be in: checkout_confirmation, checkout_process?

Link to comment
Share on other sites

in includes/languages/english/modules/payment/authorizenet_aim.php i changed the define ('MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE', line to:

 

define('MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE', 'Credit Card - Visa and MasterCard only <img src="includes/modules/payment/paypal/images/visa.gif" width="37" height="21" align="absmiddle" border="0" alt=" Visa " title=" Visa "><img src="includes/modules/payment/paypal/images/mastercard.gif" width="37" height="21" align="absmiddle" border="0" alt=" MasterCard " title=" MasterCard ">'); // Payment option title as displayed to the customer

Link to comment
Share on other sites

While it may be a bad security move, it has merits too. For example: sometimes I need to modify an order (we do a lot of custom items to the poducts we sell), then I have to hit their credit card again (with their permission ofcourse). Currently I have to go into my ANET config and disable the "Code Card Verification" so that I can run the additional money, then turn the "Code Card Verification" back on.

 

I do not see any more harm in capturing the code, we are already retaining the card number and expiration date.

 

I do not want to sound negative here, I think this contrib is great! This has made my life much easier! Thanks!

 

I just worked out what it takes to save the CVV if you want to take the security risk in exchange for the benefit you describe. I just submitted it as a contribution called "Save CVV with orders".

Link to comment
Share on other sites

Once I get to checkout_confirmation, the credit card type, credit card owner, credit card number, credit card expiration date and cvv number all appear correctly on the page. Then click confirm order and transaction goes to success. The issue I am seeing is that on the 'orders' table, all fields are being correctly updated except cc_owner. Any ideas what file this code would be in: checkout_confirmation, checkout_process?

 

It looks like my authorize.net.php file looks consistent with the cc.php payment module when searching on cc_owner.

 

Here is the code to display on checkout_confirmation correctly which is currently happening. I don't think this code is this issue as this is the function selection.

	// Display Credit Card information on the checkout_payment.php page
function selection() {
  global $order;

  for ($i=1; $i<13; $i++) {
	$expires_month[] = array('id' => sprintf('%02d', $i), 'text' => strftime('%B',mktime(0,0,0,$i,1,2000)));
  }

  $today = getdate();
  for ($i=$today['year']; $i < $today['year']+10; $i++) {
	$expires_year[] = array('id' => strftime('%y',mktime(0,0,0,1,1,$i)), 'text' => strftime('%Y',mktime(0,0,0,1,1,$i)));
  }
  if (MODULE_PAYMENT_AUTHORIZENET_AIM_USE_CVV == 'True') {
  $selection = array('id' => $this->code,
					 'module' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE,
					 'fields' => array(array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_OWNER,
											 'field' => tep_draw_input_field('authorizenet_aim_cc_owner', $order->billing['firstname'] . ' ' . $order->billing['lastname'])),
									   array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_NUMBER,
											 'field' => tep_draw_input_field('authorizenet_aim_cc_number')),
									   array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_EXPIRES,
											 'field' => tep_draw_pull_down_menu('authorizenet_aim_cc_expires_month', $expires_month) . ' ' . tep_draw_pull_down_menu('authorizenet_aim_cc_expires_year', $expires_year)),
									   array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CVV,
											 'field' => tep_draw_input_field('authorizenet_aim_cc_cvv','',"size=4, maxlength=4") . ' <a style="cursor: pointer; cursor: hand;" onClick="window.open(\'cvv_help.php\',\'jav\',\'width=500,height=550,resizable=no,toolbar=no,menubar=no,status=no\')"><u>Click for info on CVV</u></a>')));
  } else {
  $selection = array('id' => $this->code,
					 'module' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE,
					 'fields' => array(array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_OWNER,
											 'field' => tep_draw_input_field('authorizenet_aim_cc_owner', $order->billing['firstname'] . ' ' . $order->billing['lastname'])),
									   array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_NUMBER,
											 'field' => tep_draw_input_field('authorizenet_aim_cc_number')),
									   array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_EXPIRES,
											 'field' => tep_draw_pull_down_menu('authorizenet_aim_cc_expires_month', $expires_month) . ' ' . tep_draw_pull_down_menu('authorizenet_aim_cc_expires_year', $expires_year))));
  }
  return $selection;
}

 

Then, later on in the code, there is another reference but as function_confirmation as shown below. Could it be this code that is not allowing the cc_owner field to be written to the orders table? All other fields are correctly written, such as cc_number, cc_type.

	// Display Credit Card Information on the Checkout Confirmation Page
function confirmation() {
  global $HTTP_POST_VARS;

  if (MODULE_PAYMENT_AUTHORIZENET_AIM_USE_CVV == 'True') {
  $confirmation = array(//'title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE, // Redundant
						'fields' => array(array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_TYPE,
												'field' => $this->cc_card_type),
										  array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_OWNER,
												'field' => $HTTP_POST_VARS['authorizenet_aim_cc_owner']),
										  array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_NUMBER,
												'field' => substr($this->cc_card_number, 0, 4) . str_repeat('X', (strlen($this->cc_card_number) - 8)) . substr($this->cc_card_number, -4)),
										  array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_EXPIRES,
												'field' => strftime('%B, %Y', mktime(0,0,0,$HTTP_POST_VARS['authorizenet_aim_cc_expires_month'], 1, '20' . $HTTP_POST_VARS['authorizenet_aim_cc_expires_year']))),
										  array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CVV,
												'field' => $HTTP_POST_VARS['authorizenet_aim_cc_cvv'])));
  } else {
  $confirmation = array(//'title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE, // Redundant
						'fields' => array(array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_TYPE,
												'field' => $this->cc_card_type),
										  array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_OWNER,
												'field' => $HTTP_POST_VARS['authorizenet_aim_cc_owner']),
										  array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_NUMBER,
												'field' => substr($this->cc_card_number, 0, 4) . str_repeat('X', (strlen($this->cc_card_number) - 8)) . substr($this->cc_card_number, -4)),
										  array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_EXPIRES,
												'field' => strftime('%B, %Y', mktime(0,0,0,$HTTP_POST_VARS['authorizenet_aim_cc_expires_month'], 1, '20' . $HTTP_POST_VARS['authorizenet_aim_cc_expires_year'])))));
  }

  return $confirmation;
}

 

Here is the last bit of code I see related to cc-owner which works with function process_button.

	function process_button() {
  // Hidden fields on the checkout confirmation page
  $process_button_string = tep_draw_hidden_field('cc_owner', $HTTP_POST_VARS['authorizenet_aim_cc_owner']) .
						   tep_draw_hidden_field('cc_expires', $this->cc_expiry_month . substr($this->cc_expiry_year, -2)) .
						   tep_draw_hidden_field('cc_type', $this->cc_card_type) .
						   tep_draw_hidden_field('cc_number', $this->cc_card_number);
  if (MODULE_PAYMENT_AUTHORIZENET_AIM_USE_CVV == 'True') {
	$process_button_string .= tep_draw_hidden_field('cc_cvv', $HTTP_POST_VARS['authorizenet_aim_cc_cvv']);
  }

 

Any help is greatly appreciated! Just need to get the cc_owner field to write to the database table 'orders'. Do these files look good or is there someplace else I should be looking?

Edited by golfman2006
Link to comment
Share on other sites

Just need to get the cc_owner field to write to the database table 'orders'

 

Have you managed to generate encryption for those entries? Because if you haven't then storing those details in the database, along with the cc owner name, in an unecrypted format would be a major security risk for your customers. In many countries you would actually be violating criminal law by doing so. That's certainly the case in the UK.

 

Vger

Link to comment
Share on other sites

Have you managed to generate encryption for those entries? Because if you haven't then storing those details in the database, along with the cc owner name, in an unecrypted format would be a major security risk for your customers. In many countries you would actually be violating criminal law by doing so. That's certainly the case in the UK.

 

Vger

 

Actually, I applied the CC Mask contribution which masks the credit card numbers in d-base, other then last four digits. I also am not storing CVV data, so on the security side, we should be good. But, we do need to capture the cc_owner that was keyed on on payment page. Currently, cc_owner displays correctly on checkout_confirmation page, with all other fields(i.e. cc_number, cc_type and cc_expires). Once user clicks confirm order, all data is written to d-base table 'orders' excep cc_owner.

 

In looking in SQL, the field cc_owner exists in the d-base as a type = VARCHAR, Length/Value = 64, NULL = NULL and Default = NULL. Actually, now that I look deeper, the Default is set to NULL in the d-base for field cc_owner is that correct or should it be blank? This may be the issue.

 

Thanks for you help and great contribution!

Link to comment
Share on other sites

I think that your problem is this. The data sent to A Net submits these three fields:

x_card_num => $_POST['cc_number'],

x_exp_date => $_POST['cc_expires'],

x_card_code => $_POST['cc_cvv'],

 

It draws the credit card owner from two other fields:

x_first_name => $order->billing['firstname'],

x_last_name => $order->billing['lastname'],

 

Somehow you have to get the system to take those two fields and insert them as cc_owner in the database.

 

Vger

Link to comment
Share on other sites

I think that your problem is this. The data sent to A Net submits these three fields:

x_card_num => $_POST['cc_number'],

x_exp_date => $_POST['cc_expires'],

x_card_code => $_POST['cc_cvv'],

 

It draws the credit card owner from two other fields:

x_first_name => $order->billing['firstname'],

x_last_name => $order->billing['lastname'],

 

Somehow you have to get the system to take those two fields and insert them as cc_owner in the database.

 

Vger

 

Vger...thanks for your response. So, by default your Authorize.net contribution does not write the cc_owner to the d-base without a modification? Being as though this merchant account is new to us, question for you. Do you know if Authorize.net stores the cc_owner which was keyed on the checkout_payment? Just trying to figure out reconciliation of data entered in osCommerce website with Authorize.net.

 

It looks like the cc_owner should always match the billing name, according to how the system grabs the credit card owner above, is this correct? If so, I guess thee is no need to store cc_owner on our side, if it always is the billing name from A.net. Just not sure how to find out what cc_owner is keyed by the customer on the website if an issue occurs and we need the A.net side to look into it.

 

I take it your store does not store this info? Have you run ino any issues with not having cc_owner?

 

Thanks again for your help!

Link to comment
Share on other sites

Hi, I don't actually use A Net for our own website. We are UK based. I used an A Net Test Developer Account to test run the module.

 

However, with any credit card based payment system the customers name, first line of the address, and the zip/post code must match the cardholders credit card statement address. If they don't match then the card is declined.

 

Vger

Link to comment
Share on other sites

Hi, I don't actually use A Net for our own website. We are UK based. I used an A Net Test Developer Account to test run the module.

 

However, with any credit card based payment system the customers name, first line of the address, and the zip/post code must match the cardholders credit card statement address. If they don't match then the card is declined.

 

Vger

 

Great!...Thanks for all your help!

Link to comment
Share on other sites

Hey Guys,

My question to you is I am setting up a new store front with Authorize.net This is my fourth store to develop so I have a little bit of experience with OSC. This is the first time to deal with Authorize.net, and i wanted to know simply i want to be able to charge cards via the credit card processing via checkout. This contrib is stable to do this correct?

 

Also I saw some communication about somebody could simply edit an order and re-charge a customer for an update to there account if they changed the order and simply charge them for the additional via teh admin screen?

 

Also on another hand can this be implemented to automate the batch card processing? So when an order is updated to the shipped status the card then gets charged automatically?

 

Thanks for your help upfront!

Link to comment
Share on other sites

First off, let me thank you Vgers for such a FANTASTIC contribution. You have no idea how much your work means to everyone! It is much appreciated.

 

I've followed all the suggestions on this post and everything works well. I've included the Order_id change which allows Authorize.net to match the order numbers and that's helped a bunch.

 

However, life just isn't that simple huh? I have encountered 1 problem. When the customer's personal and credit card information is correct, everything works swimmingly. However, when the credit card is rejected, no error message is available to the customer. The user gets sent back to the payment page, using this URL:

 

website.com/catalog/checkout_payment.php?error_message=This%20transaction%20has%20been%20declined.%20-%20Your+credit+card+could+not+be+authorized+for+this+reason.+Please+correct+any+i

nformation+and+try+again+or+contact+us+for+further+assistance.

 

Is there a way to parse this so the user can actually see the error message somewhere other than in the URL? This would mean so much....thank you in advance!

Edited by seanhsueh
Link to comment
Share on other sites

If you read some of the earlier posts you'll see that I mention replacing $_GET with $_POST - but I don't have the time to modify this contribution in that way.

 

Vger

Edited by Vger
Link to comment
Share on other sites

I apologize if my problem is a repeat but i've read through the entire post and I haven't been able to fix the problem. I've tried changing $_GET to $_POST and the result is the same.

 

This is where I made the changes:

 

catalog/includes/modules/payment/authorizenet_aim.php (line 348)

 

function get_error() {

global $_
POST
;

 

$error = array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_ERROR,

'error' => stripslashes(urldecode($_
POST
['error'])));

 

 

catalog/checkout_payment.php (line 152)

 

<?php

if (isset($HTTP_
POST
_VARS['payment_error']) && is_object(${$HTTP_
POST
_VARS['payment_error']}) && ($error = ${$HTTP_
POST
_VARS['payment_error']}->get_error())) {

?>

 

I have no idea what i'm doing....i'm just going by trial and error and I'm not PHP savvy enough to figure it out. I would really appreciate some help on this.

 

btw, my a.net account is setup correctly....

 

Direct Response

Delimited Response: No

Default Field Separator: Comma

Field Encapsulation Character: blank

 

Thanks to everyone who can guide me in the right direction!

Link to comment
Share on other sites

If you read some of the earlier posts you'll see that I mention replacing $_GET with $_POST - but I don't have the time to modify this contribution in that way.

 

Vger

 

 

I understand you're busy. Thanks anyway. It's a great contribution either way!

Link to comment
Share on other sites

First off, let me thank you Vgers for such a FANTASTIC contribution. You have no idea how much your work means to everyone! It is much appreciated.

 

I've followed all the suggestions on this post and everything works well. I've included the Order_id change which allows Authorize.net to match the order numbers and that's helped a bunch.

 

However, life just isn't that simple huh? I have encountered 1 problem. When the customer's personal and credit card information is correct, everything works swimmingly. However, when the credit card is rejected, no error message is available to the customer. The user gets sent back to the payment page, using this URL:

 

website.com/catalog/checkout_payment.php?error_message=This%20transaction%20has%20been%2declined...etcetc

 

Is there a way to parse this so the user can actually see the error message somewhere other than in the URL? This would mean so much....thank you in advance!

 

 

I found the solution....check the LINK! Thanks dmanrash. Many thanks to Vgers as well.

 

http://www.oscommerce.com/forums/index.php?sho...2629&st=10#

Edited by seanhsueh
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...