♥Vger Posted July 5, 2006 Author Share Posted July 5, 2006 I already explained that the use of $_GET puts the error into the url and not onto the page. Vger Quote Link to comment Share on other sites More sharing options...
eilonwy Posted July 5, 2006 Share Posted July 5, 2006 >You can modify the module to use $_POST for the error and then tie it into the error messages that >osCommerce already supplies. I just don't know how to do this or where. And I definitely don't know how to tie it to the error messages osCommerce already supplies. Does anyone have the relevant modified file(s) where this has already been done? Thanks. Quote Link to comment Share on other sites More sharing options...
jmurch Posted July 6, 2006 Share Posted July 6, 2006 Storing CC#s I have this contrib installed and working fine. One concern I have is storing CC#s. When I have the options set to authorize the transaction does not get completed by Authorize.net. (Customers account is not credited). When it is set to authorize/capture the customers account is credited but the CC#s are stored clear text in MySQL. Is this by design or do I have something set incorrectly? Regards, Jeff Quote Link to comment Share on other sites More sharing options...
jmurch Posted July 6, 2006 Share Posted July 6, 2006 Storing CC#s I have this contrib installed and working fine. One concern I have is storing CC#s. When I have the options set to authorize the transaction does not get completed by Authorize.net. (Customers account is not credited). When it is set to authorize/capture the customers account is credited but the CC#s are stored clear text in MySQL. Is this by design or do I have something set incorrectly? Regards, Jeff Quote Link to comment Share on other sites More sharing options...
♥Vger Posted July 6, 2006 Author Share Posted July 6, 2006 No, you have everything set correctly. Unfortunately osCommerce does not store credit card numbers in an encrypted format. You may be able to find a contribution which does that, but I don't know f one offhand. Vger Quote Link to comment Share on other sites More sharing options...
jmurch Posted July 6, 2006 Share Posted July 6, 2006 Thanks. There is an MD5 contrib. Is there any problem simply deleting the cc#s after the transaction has been completed? Jeff No, you have everything set correctly. Unfortunately osCommerce does not store credit card numbers in an encrypted format. You may be able to find a contribution which does that, but I don't know f one offhand. Vger Quote Link to comment Share on other sites More sharing options...
eilonwy Posted July 6, 2006 Share Posted July 6, 2006 Hi Vger. I've added the Visa and M/C logos to the payment page. I'm trying to figure out how to get the error messages to display on the payment page when people get dumped back because their cards are declined. I think that the code to modify is below. Could you or someone please help me with getting the errors to display in the body of the page rather than in the url? It would be great if different error messages were displayed for each of the different responses from A.net. Thanks much. // Parse the response code and text for custom error display $response_code = explode(',', $response[0]); $response_text = explode(',', $response[3]); $x_response_code = $response_code[0]; $x_response_text = $response_text[0]; // If the response code is not 1 (approved) then redirect back to the payment page with the appropriate error message if ($x_response_code != '1') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . $x_response_text . ' - ' . urlencode(MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_DECLINED_MESSAGE), 'SSL', true, false)); } } function after_process() { return false; } function get_error() { global $_POST; $error = array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_ERROR, 'error' => stripslashes(urldecode($_POST['error']))); return $error; } Quote Link to comment Share on other sites More sharing options...
eilonwy Posted July 6, 2006 Share Posted July 6, 2006 I was looking for a solution to this as well. Here is the one I found that seemed best (Credit Card Mask), but I haven't installed it yet. http://www.oscommerce.com/community/contributions,2509 Quote Link to comment Share on other sites More sharing options...
golfman2006 Posted July 6, 2006 Share Posted July 6, 2006 Once I get to checkout_confirmation, the credit card type, credit card owner, credit card number, credit card expiration date and cvv number all appear correctly on the page. Then click confirm order and transaction goes to success. The issue I am seeing is that on the 'orders' table, all fields are being correctly updated except cc_owner. Any ideas what file this code would be in: checkout_confirmation, checkout_process? Quote Link to comment Share on other sites More sharing options...
spencermjax Posted July 8, 2006 Share Posted July 8, 2006 eilonwy, How did you add the visa/MC logo? Quote Link to comment Share on other sites More sharing options...
eilonwy Posted July 8, 2006 Share Posted July 8, 2006 in includes/languages/english/modules/payment/authorizenet_aim.php i changed the define ('MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE', line to: define('MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE', 'Credit Card - Visa and MasterCard only <img src="includes/modules/payment/paypal/images/visa.gif" width="37" height="21" align="absmiddle" border="0" alt=" Visa " title=" Visa "><img src="includes/modules/payment/paypal/images/mastercard.gif" width="37" height="21" align="absmiddle" border="0" alt=" MasterCard " title=" MasterCard ">'); // Payment option title as displayed to the customer Quote Link to comment Share on other sites More sharing options...
[email protected] Posted July 9, 2006 Share Posted July 9, 2006 While it may be a bad security move, it has merits too. For example: sometimes I need to modify an order (we do a lot of custom items to the poducts we sell), then I have to hit their credit card again (with their permission ofcourse). Currently I have to go into my ANET config and disable the "Code Card Verification" so that I can run the additional money, then turn the "Code Card Verification" back on. I do not see any more harm in capturing the code, we are already retaining the card number and expiration date. I do not want to sound negative here, I think this contrib is great! This has made my life much easier! Thanks! I just worked out what it takes to save the CVV if you want to take the security risk in exchange for the benefit you describe. I just submitted it as a contribution called "Save CVV with orders". Quote Link to comment Share on other sites More sharing options...
golfman2006 Posted July 9, 2006 Share Posted July 9, 2006 (edited) Once I get to checkout_confirmation, the credit card type, credit card owner, credit card number, credit card expiration date and cvv number all appear correctly on the page. Then click confirm order and transaction goes to success. The issue I am seeing is that on the 'orders' table, all fields are being correctly updated except cc_owner. Any ideas what file this code would be in: checkout_confirmation, checkout_process? It looks like my authorize.net.php file looks consistent with the cc.php payment module when searching on cc_owner. Here is the code to display on checkout_confirmation correctly which is currently happening. I don't think this code is this issue as this is the function selection. // Display Credit Card information on the checkout_payment.php page function selection() { global $order; for ($i=1; $i<13; $i++) { $expires_month[] = array('id' => sprintf('%02d', $i), 'text' => strftime('%B',mktime(0,0,0,$i,1,2000))); } $today = getdate(); for ($i=$today['year']; $i < $today['year']+10; $i++) { $expires_year[] = array('id' => strftime('%y',mktime(0,0,0,1,1,$i)), 'text' => strftime('%Y',mktime(0,0,0,1,1,$i))); } if (MODULE_PAYMENT_AUTHORIZENET_AIM_USE_CVV == 'True') { $selection = array('id' => $this->code, 'module' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE, 'fields' => array(array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_OWNER, 'field' => tep_draw_input_field('authorizenet_aim_cc_owner', $order->billing['firstname'] . ' ' . $order->billing['lastname'])), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_NUMBER, 'field' => tep_draw_input_field('authorizenet_aim_cc_number')), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_EXPIRES, 'field' => tep_draw_pull_down_menu('authorizenet_aim_cc_expires_month', $expires_month) . ' ' . tep_draw_pull_down_menu('authorizenet_aim_cc_expires_year', $expires_year)), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CVV, 'field' => tep_draw_input_field('authorizenet_aim_cc_cvv','',"size=4, maxlength=4") . ' <a style="cursor: pointer; cursor: hand;" onClick="window.open(\'cvv_help.php\',\'jav\',\'width=500,height=550,resizable=no,toolbar=no,menubar=no,status=no\')"><u>Click for info on CVV</u></a>'))); } else { $selection = array('id' => $this->code, 'module' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE, 'fields' => array(array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_OWNER, 'field' => tep_draw_input_field('authorizenet_aim_cc_owner', $order->billing['firstname'] . ' ' . $order->billing['lastname'])), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_NUMBER, 'field' => tep_draw_input_field('authorizenet_aim_cc_number')), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_EXPIRES, 'field' => tep_draw_pull_down_menu('authorizenet_aim_cc_expires_month', $expires_month) . ' ' . tep_draw_pull_down_menu('authorizenet_aim_cc_expires_year', $expires_year)))); } return $selection; } Then, later on in the code, there is another reference but as function_confirmation as shown below. Could it be this code that is not allowing the cc_owner field to be written to the orders table? All other fields are correctly written, such as cc_number, cc_type. // Display Credit Card Information on the Checkout Confirmation Page function confirmation() { global $HTTP_POST_VARS; if (MODULE_PAYMENT_AUTHORIZENET_AIM_USE_CVV == 'True') { $confirmation = array(//'title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE, // Redundant 'fields' => array(array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_TYPE, 'field' => $this->cc_card_type), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_OWNER, 'field' => $HTTP_POST_VARS['authorizenet_aim_cc_owner']), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_NUMBER, 'field' => substr($this->cc_card_number, 0, 4) . str_repeat('X', (strlen($this->cc_card_number) - 8)) . substr($this->cc_card_number, -4)), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_EXPIRES, 'field' => strftime('%B, %Y', mktime(0,0,0,$HTTP_POST_VARS['authorizenet_aim_cc_expires_month'], 1, '20' . $HTTP_POST_VARS['authorizenet_aim_cc_expires_year']))), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CVV, 'field' => $HTTP_POST_VARS['authorizenet_aim_cc_cvv']))); } else { $confirmation = array(//'title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CATALOG_TITLE, // Redundant 'fields' => array(array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_TYPE, 'field' => $this->cc_card_type), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_OWNER, 'field' => $HTTP_POST_VARS['authorizenet_aim_cc_owner']), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_NUMBER, 'field' => substr($this->cc_card_number, 0, 4) . str_repeat('X', (strlen($this->cc_card_number) - 8)) . substr($this->cc_card_number, -4)), array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_CREDIT_CARD_EXPIRES, 'field' => strftime('%B, %Y', mktime(0,0,0,$HTTP_POST_VARS['authorizenet_aim_cc_expires_month'], 1, '20' . $HTTP_POST_VARS['authorizenet_aim_cc_expires_year']))))); } return $confirmation; } Here is the last bit of code I see related to cc-owner which works with function process_button. function process_button() { // Hidden fields on the checkout confirmation page $process_button_string = tep_draw_hidden_field('cc_owner', $HTTP_POST_VARS['authorizenet_aim_cc_owner']) . tep_draw_hidden_field('cc_expires', $this->cc_expiry_month . substr($this->cc_expiry_year, -2)) . tep_draw_hidden_field('cc_type', $this->cc_card_type) . tep_draw_hidden_field('cc_number', $this->cc_card_number); if (MODULE_PAYMENT_AUTHORIZENET_AIM_USE_CVV == 'True') { $process_button_string .= tep_draw_hidden_field('cc_cvv', $HTTP_POST_VARS['authorizenet_aim_cc_cvv']); } Any help is greatly appreciated! Just need to get the cc_owner field to write to the database table 'orders'. Do these files look good or is there someplace else I should be looking? Edited July 9, 2006 by golfman2006 Quote Link to comment Share on other sites More sharing options...
♥Vger Posted July 9, 2006 Author Share Posted July 9, 2006 Just need to get the cc_owner field to write to the database table 'orders' Have you managed to generate encryption for those entries? Because if you haven't then storing those details in the database, along with the cc owner name, in an unecrypted format would be a major security risk for your customers. In many countries you would actually be violating criminal law by doing so. That's certainly the case in the UK. Vger Quote Link to comment Share on other sites More sharing options...
golfman2006 Posted July 9, 2006 Share Posted July 9, 2006 Have you managed to generate encryption for those entries? Because if you haven't then storing those details in the database, along with the cc owner name, in an unecrypted format would be a major security risk for your customers. In many countries you would actually be violating criminal law by doing so. That's certainly the case in the UK. Vger Actually, I applied the CC Mask contribution which masks the credit card numbers in d-base, other then last four digits. I also am not storing CVV data, so on the security side, we should be good. But, we do need to capture the cc_owner that was keyed on on payment page. Currently, cc_owner displays correctly on checkout_confirmation page, with all other fields(i.e. cc_number, cc_type and cc_expires). Once user clicks confirm order, all data is written to d-base table 'orders' excep cc_owner. In looking in SQL, the field cc_owner exists in the d-base as a type = VARCHAR, Length/Value = 64, NULL = NULL and Default = NULL. Actually, now that I look deeper, the Default is set to NULL in the d-base for field cc_owner is that correct or should it be blank? This may be the issue. Thanks for you help and great contribution! Quote Link to comment Share on other sites More sharing options...
♥Vger Posted July 9, 2006 Author Share Posted July 9, 2006 I think that your problem is this. The data sent to A Net submits these three fields: x_card_num => $_POST['cc_number'], x_exp_date => $_POST['cc_expires'], x_card_code => $_POST['cc_cvv'], It draws the credit card owner from two other fields: x_first_name => $order->billing['firstname'], x_last_name => $order->billing['lastname'], Somehow you have to get the system to take those two fields and insert them as cc_owner in the database. Vger Quote Link to comment Share on other sites More sharing options...
golfman2006 Posted July 9, 2006 Share Posted July 9, 2006 I think that your problem is this. The data sent to A Net submits these three fields:x_card_num => $_POST['cc_number'], x_exp_date => $_POST['cc_expires'], x_card_code => $_POST['cc_cvv'], It draws the credit card owner from two other fields: x_first_name => $order->billing['firstname'], x_last_name => $order->billing['lastname'], Somehow you have to get the system to take those two fields and insert them as cc_owner in the database. Vger Vger...thanks for your response. So, by default your Authorize.net contribution does not write the cc_owner to the d-base without a modification? Being as though this merchant account is new to us, question for you. Do you know if Authorize.net stores the cc_owner which was keyed on the checkout_payment? Just trying to figure out reconciliation of data entered in osCommerce website with Authorize.net. It looks like the cc_owner should always match the billing name, according to how the system grabs the credit card owner above, is this correct? If so, I guess thee is no need to store cc_owner on our side, if it always is the billing name from A.net. Just not sure how to find out what cc_owner is keyed by the customer on the website if an issue occurs and we need the A.net side to look into it. I take it your store does not store this info? Have you run ino any issues with not having cc_owner? Thanks again for your help! Quote Link to comment Share on other sites More sharing options...
♥Vger Posted July 9, 2006 Author Share Posted July 9, 2006 Hi, I don't actually use A Net for our own website. We are UK based. I used an A Net Test Developer Account to test run the module. However, with any credit card based payment system the customers name, first line of the address, and the zip/post code must match the cardholders credit card statement address. If they don't match then the card is declined. Vger Quote Link to comment Share on other sites More sharing options...
golfman2006 Posted July 9, 2006 Share Posted July 9, 2006 Hi, I don't actually use A Net for our own website. We are UK based. I used an A Net Test Developer Account to test run the module. However, with any credit card based payment system the customers name, first line of the address, and the zip/post code must match the cardholders credit card statement address. If they don't match then the card is declined. Vger Great!...Thanks for all your help! Quote Link to comment Share on other sites More sharing options...
xearoth Posted July 10, 2006 Share Posted July 10, 2006 Hey Guys, My question to you is I am setting up a new store front with Authorize.net This is my fourth store to develop so I have a little bit of experience with OSC. This is the first time to deal with Authorize.net, and i wanted to know simply i want to be able to charge cards via the credit card processing via checkout. This contrib is stable to do this correct? Also I saw some communication about somebody could simply edit an order and re-charge a customer for an update to there account if they changed the order and simply charge them for the additional via teh admin screen? Also on another hand can this be implemented to automate the batch card processing? So when an order is updated to the shipped status the card then gets charged automatically? Thanks for your help upfront! Quote Link to comment Share on other sites More sharing options...
seanhsueh Posted July 10, 2006 Share Posted July 10, 2006 (edited) First off, let me thank you Vgers for such a FANTASTIC contribution. You have no idea how much your work means to everyone! It is much appreciated. I've followed all the suggestions on this post and everything works well. I've included the Order_id change which allows Authorize.net to match the order numbers and that's helped a bunch. However, life just isn't that simple huh? I have encountered 1 problem. When the customer's personal and credit card information is correct, everything works swimmingly. However, when the credit card is rejected, no error message is available to the customer. The user gets sent back to the payment page, using this URL: website.com/catalog/checkout_payment.php?error_message=This%20transaction%20has%20been%20declined.%20-%20Your+credit+card+could+not+be+authorized+for+this+reason.+Please+correct+any+i nformation+and+try+again+or+contact+us+for+further+assistance. Is there a way to parse this so the user can actually see the error message somewhere other than in the URL? This would mean so much....thank you in advance! Edited July 10, 2006 by seanhsueh Quote Link to comment Share on other sites More sharing options...
♥Vger Posted July 10, 2006 Author Share Posted July 10, 2006 (edited) If you read some of the earlier posts you'll see that I mention replacing $_GET with $_POST - but I don't have the time to modify this contribution in that way. Vger Edited July 10, 2006 by Vger Quote Link to comment Share on other sites More sharing options...
seanhsueh Posted July 10, 2006 Share Posted July 10, 2006 I apologize if my problem is a repeat but i've read through the entire post and I haven't been able to fix the problem. I've tried changing $_GET to $_POST and the result is the same. This is where I made the changes: catalog/includes/modules/payment/authorizenet_aim.php (line 348) function get_error() { global $_POST; $error = array('title' => MODULE_PAYMENT_AUTHORIZENET_AIM_TEXT_ERROR, 'error' => stripslashes(urldecode($_POST['error']))); catalog/checkout_payment.php (line 152) <?php if (isset($HTTP_POST_VARS['payment_error']) && is_object(${$HTTP_POST_VARS['payment_error']}) && ($error = ${$HTTP_POST_VARS['payment_error']}->get_error())) { ?> I have no idea what i'm doing....i'm just going by trial and error and I'm not PHP savvy enough to figure it out. I would really appreciate some help on this. btw, my a.net account is setup correctly.... Direct Response Delimited Response: No Default Field Separator: Comma Field Encapsulation Character: blank Thanks to everyone who can guide me in the right direction! Quote Link to comment Share on other sites More sharing options...
seanhsueh Posted July 10, 2006 Share Posted July 10, 2006 If you read some of the earlier posts you'll see that I mention replacing $_GET with $_POST - but I don't have the time to modify this contribution in that way. Vger I understand you're busy. Thanks anyway. It's a great contribution either way! Quote Link to comment Share on other sites More sharing options...
seanhsueh Posted July 10, 2006 Share Posted July 10, 2006 (edited) First off, let me thank you Vgers for such a FANTASTIC contribution. You have no idea how much your work means to everyone! It is much appreciated. I've followed all the suggestions on this post and everything works well. I've included the Order_id change which allows Authorize.net to match the order numbers and that's helped a bunch. However, life just isn't that simple huh? I have encountered 1 problem. When the customer's personal and credit card information is correct, everything works swimmingly. However, when the credit card is rejected, no error message is available to the customer. The user gets sent back to the payment page, using this URL: website.com/catalog/checkout_payment.php?error_message=This%20transaction%20has%20been%2declined...etcetc Is there a way to parse this so the user can actually see the error message somewhere other than in the URL? This would mean so much....thank you in advance! I found the solution....check the LINK! Thanks dmanrash. Many thanks to Vgers as well. http://www.oscommerce.com/forums/index.php?sho...2629&st=10# Edited July 10, 2006 by seanhsueh Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.