Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

authorize.net difficulties


edschaum

Recommended Posts

There is an orders.php in the /admin... But the instructions call for order.php file in that location... (/catalog/includes/class/) ???

 

Changes have been made in file /catalog/checkout_process

 

 

// It is used to be included after $payment_modules->before_process()

// Now it needs to be included before Authorizenet ADC Direct Connection

require(DIR_WS_CLASSES . 'order.php');

$order = new order;

 

//************************************************************

// Authorizenet ADC Direct Connection

// Make sure the /catalog/includes/class/order.php is included

// and $order object is created before ADC Direct Connection!!!

if(MODULE_PAYMENT_AUTHORIZENET_STATUS) {

include(DIR_WS_MODULES . 'authorizenet_direct.php');

}

//************************************************************

 

// load the before_process function from the payment modules

$payment_modules->before_process();

 

I'm using the contrib found here:

http://www.oscommerce.com/downloads.php/co...ions,421/type,1

Is there a different one?

Link to comment
Share on other sites

  • Replies 128
  • Created
  • Last Reply

I just checked my site and downloaded the newest snapshot... order.php is in the newest snapshot, not in the one I used for my site. Has anybody implemented this in an older version? I'm using one from April 2002... :(

Link to comment
Share on other sites

Hi Tewlz,

 

My contribution was uploaded on August 28, 2002, and this is the only version of ADC Direct Connection that I uploaded for osc2.2. I wrote it for my snapshot on June5, 2002, but it is working for all snapshot starting from June5, 2002 up to today. You need to twist around it for the older version.

 

Here are the instructions that help people to debug the problems when they encountered installing my ADC Authorizenet module.

 

You need to build Curl with SSL support in order for it to talk https://

// Post order info data to Authorize.net, make sure you have curl installed

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);

 

Step1. Please verify after you build Curl with SSL support!!!

 

Did you run the command /usr/bin/curl -V ?

It will return something like "curl 7.8 (i386-redhat-linux-gnu) libcurl 7.8 (OpenSSL 0.9.6b) (ipv6 enabled)". This means you already have curl installed. Your path to curl is /usr/bin/curl .

 

If it does not display anything, you can try the following command:

$ whereis curl

curl: /usr/bin/curl /usr/include/curl /usr/share/man/man1/curl.1.gz

$ which curl

/usr/bin/curl

 

If you found the curl's path, then replace it in file

catalog/includes/modules/authorizenet_direct.php .

// Post order info data to Authorize.net, make sure you have curl installed

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);

 

If you have curl installed, you also need to check if OpenSSL libraries is installed. cURL will need SSL libraries installed for it to talk https://

 

$ whereis openssl

openssl: /usr/bin/openssl /usr/local/bin/openssl /usr/local/lib/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ss l.gz

$ which openssl

/usr/bin/openssl

$ type openssl

openssl is /usr/bin/openssl

 

If you see one of the above, then SSL libraries is installed

 

Step2. Verify your data before you send it to Authorizen.net

 

Please use the following code to echo out the $key and $value before they are passed to authorizenet server. If the $value is empty, check $order->customer and $order->delivery in your /catalog/includes/class/order.php

 

In file /catalog/includes/modules/authorizenet_direct.php, modify it to echo data out for testing. If you can not make it work, send me this testing data so that I can take a look at (don't send your username and password!!!)

 

I have attached authorize_direct_step2.php for you, you can replace your current file /catalog/includes/modules/authorizenet_direct.php to test step2.

 

===================================================

// concatenate order information variables to $data

while(list($key, $value) = each($form_data))

{ // testing only

$test_data .= "$key=$value<br>";

 

$data .= $key . '=' . urlencode(ereg_replace(',', '', $value)) . '&';

}

 

// take the last & out for the string

$data = substr($data, 0, -1);

 

unset($response);

// Post order info data to Authorize.net, make sure you have curl installed!!!

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);

 

// testing only

echo $test_data;

exit;

===================================================

 

If your data show that x_Country=Array is due to the snapshot version, in file /catalog/includes/modules/authorizenet_direct.php make the following changes:

 

$order->customer['country']

change to

$order->customer['country']['title']

 

$order->delivery['country']

change to

$order->delivery['country']['title']

 

These changes had been applied in testing files authorizenet_direct_step2.php and authorizenet_direct_step3.php . Most people are using the latest snapshot version of osc2.2 so the

variables changed.

 

This is not the problem that you are encountering!!!

Your data for each element of form_data array should not be empty. This is only to verify the integrity of your data before they are being send to authorize.net.

 

Step3. Verify the result from authorize.net

 

With the original file /catalog/includes/modules/authorizenet_direct.php, add the following codes at the end of that file /catalog/includes/modules/authorizenet_direct.php to echo out the result from authorizenet.

 

I have attached authorize_direct_step3.php for you, you can replace your current file /catalog/includes/modules/authorizenet_direct.php

 

// add the following to echo out the result from authorizenet

foreach($response as $key=>$value)

{ echo "$key: $value<br>";

}

exit;

 

I think this should help most of you to solve the problem!!!

Send me this result if it does not for you. I can look up the implementation guide line to see why Authorize.net declined your credit card. Don't send me username, password, or real credit card number!!!

 

Hope this will help most of you,

Bn

 

authorizenet_direct_step2.php

<?php

/*

osCommerce 2.2, Open Source E-Commerce Solutions

Authorizenet ADC Direct Connection

Last Update: 08/28/02

Author: Bao Nguyen

Email: [email protected]

*/

 

unset($form_data);

// set x_PASSWORD to your authorizenet admin password!!!

$form_data = array(

x_Login => MODULE_PAYMENT_AUTHORIZENET_LOGIN,

x_PASSWORD => 'your_password',

x_ADC_Delim_Data => 'TRUE',

x_ADC_URL => 'FALSE',

x_Version => '3.0',

x_Type => 'AUTH_CAPTURE',

x_Method => MODULE_PAYMENT_AUTHORIZENET_METHOD,

x_Amount => number_format($order->info['total'], 2),

x_Card_Num => "$x_Card_Num",

x_Exp_Date => "$x_Exp_Date",

x_Email_Customer => MODULE_PAYMENT_AUTHORIZENET_EMAIL == '1' ? 'TRUE': 'FALSE',

x_Email_Merchant => MODULE_PAYMENT_AUTHORIZENET_EMAIL_MERCHANT == '1' ? 'TRUE': 'FALSE',

x_Cust_ID => "$customer_id",

x_First_Name => "{$order->customer['firstname']}",

x_Last_Name => "{$order->customer['lastname']}",

x_Address => "{$order->customer['street_address']}",

x_City => "{$order->customer['city']}",

x_State => "{$order->customer['state']}",

x_Zip => "{$order->customer['postcode']}",

x_Country => "{$order->customer['country']['title']}",

x_Phone => "{$order->customer['telephone']}",

x_Email => "{$order->customer['email_address']}",

x_Ship_To_First_Name => "{$order->delivery['firstname']}",

x_Ship_To_Last_Name => "{$order->delivery['lastname']}",

x_Ship_To_Address => "{$order->delivery['street_address']}",

x_Ship_To_City => "{$order->delivery['city']}",

x_Ship_To_State => "{$order->delivery['state']}",

x_Ship_To_Zip => "{$order->delivery['postcode']}",

x_Ship_To_Country => "{$order->delivery['country']['title']}",

x_Customer_IP => "{$HTTP_SERVER_VARS['REMOTE_ADDR']}",

x_Description => 'Your Products Description',

tep_session_name() => tep_session_id(),

prod => "$prod");

 

if(MODULE_PAYMENT_AUTHORIZENET_TESTMODE == '1')

{ $form_data['x_Test_Request'] = 'TRUE'; }

 

// concatenate order information variables to $data

while(list($key, $value) = each($form_data))

{ // testing only

$test_data .= "$key=$value<br>";

 

$data .= $key . '=' . urlencode(ereg_replace(',', '', $value)) . '&';

}

 

// take the last & out for the string

$data = substr($data, 0, -1);

 

unset($response);

// Post order info data to Authorize.net, make sure you have curl installed

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);

 

// testing only

echo $test_data;

exit;

 

?>

 

 

authorizenet_direct_step3.php

<?php

/*

osCommerce 2.2, Open Source E-Commerce Solutions

Authorizenet ADC Direct Connection

Last Update: 08/28/02

Author: Bao Nguyen

Email: [email protected]

*/

 

unset($form_data);

// set x_PASSWORD to your authorizenet admin password!!!

$form_data = array(

x_Login => MODULE_PAYMENT_AUTHORIZENET_LOGIN,

x_PASSWORD => 'your_password',

x_ADC_Delim_Data => 'TRUE',

x_ADC_URL => 'FALSE',

x_Version => '3.0',

x_Type => 'AUTH_CAPTURE',

x_Method => MODULE_PAYMENT_AUTHORIZENET_METHOD,

x_Amount => number_format($order->info['total'], 2),

x_Card_Num => "$x_Card_Num",

x_Exp_Date => "$x_Exp_Date",

x_Email_Customer => MODULE_PAYMENT_AUTHORIZENET_EMAIL == '1' ? 'TRUE': 'FALSE',

x_Email_Merchant => MODULE_PAYMENT_AUTHORIZENET_EMAIL_MERCHANT == '1' ? 'TRUE': 'FALSE',

x_Cust_ID => "$customer_id",

x_First_Name => "{$order->customer['firstname']}",

x_Last_Name => "{$order->customer['lastname']}",

x_Address => "{$order->customer['street_address']}",

x_City => "{$order->customer['city']}",

x_State => "{$order->customer['state']}",

x_Zip => "{$order->customer['postcode']}",

x_Country => "{$order->customer['country']['title']}",

x_Phone => "{$order->customer['telephone']}",

x_Email => "{$order->customer['email_address']}",

x_Ship_To_First_Name => "{$order->delivery['firstname']}",

x_Ship_To_Last_Name => "{$order->delivery['lastname']}",

x_Ship_To_Address => "{$order->delivery['street_address']}",

x_Ship_To_City => "{$order->delivery['city']}",

x_Ship_To_State => "{$order->delivery['state']}",

x_Ship_To_Zip => "{$order->delivery['postcode']}",

x_Ship_To_Country => "{$order->delivery['country']['title']}",

x_Customer_IP => "{$HTTP_SERVER_VARS['REMOTE_ADDR']}",

x_Description => 'Your Products Description',

tep_session_name() => tep_session_id(),

prod => "$prod");

 

if(MODULE_PAYMENT_AUTHORIZENET_TESTMODE == '1')

{ $form_data['x_Test_Request'] = 'TRUE'; }

 

// concatenate order information variables to $data

while(list($key, $value) = each($form_data))

{ $data .= $key . '=' . urlencode(ereg_replace(',', '', $value)) . '&'; }

 

// take the last & out for the string

$data = substr($data, 0, -1);

 

unset($response);

// Post order info data to Authorize.net, make sure you have curl installed

exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);

 

// add the following to echo out the result from authorizenet

foreach($response as $key=>$value)

{ echo "$key: $value<br>";

}

exit;

 

?>

Link to comment
Share on other sites

Thanks again for this very comprehensive post, I will try to implement it step by step asap.

 

%whereis curl

curl: /usr/local/bin/curl /usr/local/man/man1/curl.1.gz

%/usr/local/bin/curl -V

curl 7.9.8 (i386--freebsd4.6) libcurl 7.9.8 (OpenSSL 0.9.6e)

 

I've modified catalog/includes/modules/authorizenet_direct.php to reflect this. OpenSSL is in the location you specify in your post and in the installation instructions.

 

If the $value is empty, check $order->customer and $order->delivery in your /catalog/includes/class/order.php

 

This file doesn't exist in my snapshot (April 2002). Using the /catalog/includes/classes/order.php from a more recent snapshot doesn't work. Can anything be done to remedy this? I'd rather not upgrade to a more recent snapshot due to the many changes I made to the site since.

 

You need to twist around it for the older version.

This is where I'm stuck :cry:

Link to comment
Share on other sites

  • 2 weeks later...

Well, there are several threads regarding the usage of the ADC Authorize.Net contribution, so I wasn't too sure where to post this question. Since this thread started with my nearly-exact problem (other than it's based on a snapshot before the Nov. 11th time when Bao Nguyen put up more recent info), it's going here.

 

I am running on a snapshot from Nov 14th, 2002, with CVS updates installed from up to Nov 19th. I manually added most of the code into the relevant files since I wasn't sure what else was updated after BN's contribution. I'm currently getting this error message on the /catalog/checkout_payment.php page after entering a test (4111..) number with a valid expiry date:

"There has been an error processing you credit card, please try again."

 

The one thing I see currently that may not be quite right is my installation of cURL. Here is the response I get that leads me to wonder if it's set up correctly to "speak" SSL:

 

# /usr/bin/curl -V

curl 7.9.2 (i386-redhat-linux-gnu) libcurl 7.9.2

 

That doesn't include all the other OpenSSL info and such as per the various docs and tips I've seen. I do have OpenSSL 0.9.6b installed and working, but since it's not appearing on the above version line, does that mean cURL isn't using it?? If so, please advise how to remedy that. (I would also appreciate a response to the earlier claim that cURL and SSL don't play nice together... if that's really an issue, I would hate to cause server instabilities!!)

 

It's still possible that I may not have ALL settings correct in the Authorize.Net's admin settings, since I keep coming across more info as I find innovative ways to search through these forums for helpful bits.. :? However, I've been thorough with what I do know, so if the above issue isn't a sign of a problem, then I'll look elsewhere.

 

Thanks for the help! :)

 

Regards,

Hoza[/b]

Link to comment
Share on other sites

Hi,

 

Obviously, Curl has not been build with SSL libraries on your server. You can compile it yourself or request your ISP provider to take care for you.

 

1. Download and install OpenSSL libraries if you don't have it.

http://www.openssl.org/source/

 

2. Download curl if you don't have it.

http://curl.haxx.se/download.html

 

Change to Curl source code directory and make sure the prefix paths to curl and openssl are correct before compiling curl by running the following command.

 

./configure --prefix=/usr/local/curl --with-ssl=/usr/local/openssl

./make

./make install

 

I totally disagree that Curl and SSL cause instabilities. The Red Hat 6.0 server at my former company had been running Curl and SSL for almost 2 years without any issues. We had 10 to 15 thousand hits a day on that server; and there were about 50 transactions per day using Curl command line.

 

// exec("/usr/bin/curl -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);

 

Most Red Hat distribution already had Curl with SSL Support!!!

 

Regards,

Bn

Link to comment
Share on other sites

Thanks for the reply. Currently, I'm having trouble getting cURL to configure using the suggested methods.

 

First, here are my locations of various components:

# which curl

/usr/bin/curl



# which openssl

/usr/bin/openssl



# /usr/bin/curl -V

curl 7.9.2 (i386-redhat-linux-gnu) libcurl 7.9.2



(OpenSSL is version 0.9.6b)

I downloaded the latest version of cURL (7.10.2) source and ran the following: (I used the prefix matching my existing cURL with the hopes that it will overwrite/upgrade my existing cURL install...please tell me if that's wrong)

./configure --prefix=/usr/bin/curl --with-ssl=/usr/bin/openssl

 

After many lines of "checking ...", I get this:

 

"configure: error: OpenSSL libs and/or directories were not found where specified!"

 

Additionally, I've tried some variants on the ./configure pulled from the cURL Install docs (http://curl.haxx.se/docs/install.html):

The configure script always tries to find a working SSL library unless explicitly told not to. If you have OpenSSL installed in the default search path for your compiler/linker, you don't need to do anything special. If you have OpenSSL installed in /usr/local/ssl, you can run configure like:

 

./configure --with-ssl

Even though my "which openssl" returned /usr/bin/openssl, I decided to try the above just to see, but it exited with the same error. Thus, I'm not sure whether my OpenSSL is in the right spot or not. Anyway, the following resulted in the same error:

 

./configure --prefix=/usr/bin/curl --with-ssl

 

Each time I ran the ./configure, I deleted the folder and re-extracted the .tar file to start from scratch... yeah, I know it may not be the best way of doing things, but I don't know an alternative. I'm trying to be cautious about things here, ya know??

 

Thank you very much for any help you all can provide.

 

Regards,

Hoza

Link to comment
Share on other sites

Hi,

 

./configure --prefix=/usr/bin/curl --with-ssl=/usr/bin/openssl

You are pointing them to the Shell Command Line of Curl and OpenSSL. The above command is totally wrong!!!

 

Go to Curl source code directory and run the following command:

./configure --prefix=/usr/local/curl --with-ssl=/usr/local/openssl

./make

./make install

 

Make sure the prefix paths to curl and openssl are correct before compiling curl.

 

The prefix paths are the source code directory of Curl and SSL, respectively. /usr/local/curl is the path to Curl source code and /usr/local/openssl is the path to OpenSSL source code.

 

Regards,

Bn

Link to comment
Share on other sites

Thanks again for your help... your patience is greatly appreciated!!

 

Your last instructions didn't work either, but I'm thinking the problem is somewhat different. I understand what you mean about my previous pointing to shell commands... changed that now. However, when I look in /usr/local/ there is nothing in there for curl or openssl.

 

Okay... if I understand right, I need to point the "--prefix=" option to wherever my directory with all the cURL source code is that I just extracted, right? Thus, my prefix would look like this since that's where the tarball was extracted to and where I'm running ./configure from:

--prefix=/home/admin/curl/curl-7.10.2

 

Would that be correct??

 

Next, I don't think I have the source for OpenSSL on my server... it was pre-configured with version OpenSSL 0.9.6b and cURL 7.9.2. Since I've never personally built OpenSSL, am I right to think that I wouldn't have the source anywhere on my server (I didn't build the server, it's a Virtual Private Server.) ...ugh... now I'm wondering if it's an issue with a VPS server configuration... :?

 

Would I need to snag OpenSSL source so I can continue setting up cURL?? If so, would I need to make sure to get the same version of OpenSSL, rather than a newer version?... I'm just not sure what happens when you compile cURL. IE: does it update OpenSSL also, or does it just affect cURL.

 

I'm very sorry to pull you into all this, but it's not necessarily easy to find this kind of specific info... not that I've found, anyway. I really appreciate that you've done the ADC/AIM module and I really want to implement it.

 

Thanks again,

Hoza

Link to comment
Share on other sites

Hi,

 

/usr/local/curl and /usr/local/openssl are the examples for you, and these are the standard folders where they are usually being untar to.

 

You need to replace with your actual source code directories. That was why, I mentioned in previous posts "make sure the prefix paths to curl and openssl are correct" and if you don't have the source code, you can download them with the links I provided in previous posts.

 

Also, I mentioned that you can request your ISP provider to re-compile Curl with SSL support on your server. Most servers already came with Curl and SSL support, and this step is skipped.

 

Regards,

Bn

Link to comment
Share on other sites

Okay, now I have cURL installed properly:

# /usr/bin/curl -V

curl 7.10.2 (i386-redhat-linux-gnu) libcurl/7.10.2 OpenSSL/0.9.6b zlib/1.1.3

 

That alone didn't make it all work, so this continues... Here is the output from running your code to test the data sent to Authorize.net.:

x_Login=my_login_is_here

x_PASSWORD=my_password_is here

x_ADC_Delim_Data=TRUE

x_ADC_URL=FALSE

x_Version=3.0

x_Type=AUTH_CAPTURE

x_Method=Credit Card

x_Amount=119.46

x_Card_Num=4111111111111111

x_Exp_Date=0305

x_Email_Customer=FALSE

x_Email_Merchant=FALSE

x_Cust_ID=3

x_First_Name=Test

x_Last_Name=Icle

x_Address=1234 Street Rd.

x_City=Big City

x_State=California

x_Zip=81234

x_Country=United States

x_Phone=123-122-1332

[email protected]

x_Ship_To_First_Name=Test

x_Ship_To_Last_Name=Icle

x_Ship_To_Address=1234 Street Rd.

x_Ship_To_City=Big City

x_Ship_To_State=California

x_Ship_To_Zip=81234

x_Ship_To_Country=United States

x_Customer_IP=12.254.my.IPaddy

x_Description=Your Products Description

osCsid=02c5785fdaa74922a518fc7bc56a1865

prod=

Additionally, when I run your other code to spit out the response from AuthNET, the page comes up completely empty. Any ideas about these problems?

 

Also, something I noticed is that there are slight discrepencies between the code you posted in this thread and the code I downloaded with your module around last week or so. I used your code from this thread as well as trying the other with manual inputting of test blocks... same results...

"There has been an error processing you credit card, please try again."

 

Thanks again for your continued help.

Link to comment
Share on other sites

Hi,

 

Make sure you comment out function exit; it was only used for testing.

//exit;

 

There are two contributions!!!

 

If you are having the old API checkout, then you need to download my contribution on August 28,

2002 (written for snapshot on June 5, 2002).

http://www.oscommerce.com/downloads.php/co...ions,421/type,1

 

If you are having the new API checkout, then you need to download my contribution on November 10,

2002 (written for snapshot on November 10, 2002).

http://www.oscommerce.com/downloads.php/co...ions,650/type,1

 

old --> has file catalogincludesfunctionsccval.php

new --> doesn't have file catalogincludesfunctionsccval.php

 

old --> doesn't have file catalogincludesclassescc_validation.php

new --> had file catalogincludesclassescc_validation.php

 

Regards,

Bn

Link to comment
Share on other sites

I have a snapshot from roughly Nov 14th. I made sure to get the proper contribution, but I just got done starting over, just to be sure I had things straight. I still have the same problems as before:

 

When I install everything normally, I get a "There has been an error processing you credit card, please try again." message. When I switch out the authorizenet_direct.php file to use the testing code (taken directly from the installation.txt file) to check the outgoing message, I get this:

x_Login=my_login_here

x_PASSWORD=my_password_here

x_ADC_Delim_Data=TRUE

x_ADC_URL=FALSE

x_Version=3.0

x_Type=AUTH_CAPTURE

x_Method=CC

x_Amount=118.34

x_Card_Num=4111111111111111

x_Exp_Date=0204

x_Email_Customer=FALSE

x_Email_Merchant=TRUE

x_Cust_ID=3

x_First_Name=Test

x_Last_Name=Icle

x_Address=1234 Street Rd.

x_City=Big City

x_State=California

x_Zip=81234

x_Country=United States

x_Phone=123-122-1332

[email protected]

x_Ship_To_First_Name=Test

x_Ship_To_Last_Name=Icle

x_Ship_To_Address=1234 Street Rd.

x_Ship_To_City=Big City

x_Ship_To_State=California

x_Ship_To_Zip=81234

x_Ship_To_Country=United States

x_Customer_IP=12.my.IP.addy

x_Description=Your Products Description

osCsid=eb179cad88da02a633c42db1c0e4360f

When I replace authorizenet_direct.php with the test code for printing out response from Authorize.Net, I get a completely blank page.

 

I've followed your instructions exactly from the installation.txt file, as well as reading up on various posts throughout these forums on the subject. I've gone through the AuthNET Admin settings very thoroughly and everything looks like it should. The only thing that looks wrong now is that I'm set to use response version 3.1, instead of 3 or 3.0... there is not an option for me to switch to anything but 3.1. Is that a problem? Should I switch the authorizenet_direct.php file to use 3.1 instead of 3.0??

 

Also, I don't know for sure if my site has access to cURL, since it was installed from root. Is there a way to test this so I know if that's causing a problem? When I run /usr/bin/curl -V from #root, it comes back with a proper response, like I mentioned before. However, when running that command from the site administrator account, I get a file-not-found kind of message.

 

If this is a problem, do I need to create a link to the /usr/bin/curl program from the virtual site space??? Please tell me how to do that properly, if so.

 

Again, I apologize for taking so much of your time, but I've been trying everything I can think of.

 

Regards,

Hoza

Link to comment
Share on other sites

I also got blank response pages and did the following to fix:

 

You should check php info and note if you are in safe mode. You can get there by going to admin->tools->Server Info

 

If you are, you need to add the location of your curl executable (/usr/bin?) to safe_mode_exec_dir in your php init file - usually /etc/php.ini

 

That will allow you to run curl.

 

You'll have to HUP, or restart your webserver for the change to take effect.

 

Secondly if you are using a newer version of curl you'll have to add -k to the exec string, because it appears that curl chokes on the ssl connection to authnet and -k allows an insecure connection.

 

I couldn't get it to work any other way.

 

BUT.

 

I am still having problems (maybe because of the -k option? Am I NOT getting a secure connection and authnet is failing because of this?) in that the response I get back is an erro 13 - Invalid Merchant Login or Account Inactive.

 

So I may have caused myself more problems and can still not get ADC direct to work.

 

So hopefully this is helpful and can anyone else help further?

 

eric.

Link to comment
Share on other sites

Thanks for the tips.

 

I am currently running in safe mode, but I have found info on disabling safe mode for an individual site on my server, rather than the whole server... would that be smart to do? I know that safe mode does good for security issues, but if I could turn safe mode off for a particular domain on the server, and leave it on for the rest, I'd do that. There are other applications that occasionally complain about safe mode also.

 

Otherwise, I'll do as you describe and see how that goes.

Link to comment
Share on other sites

Um....

 

DUDE!!!!!

:!:

 

Holy crap, man. I usually try to avoid saying "dude", but it seems quite appropriate for some reason! I couldn't decide to respond like that or a simple: "Really."... they're both very appropriate. I'm trying to say that I'm elated at having it work. Thanks a TON for the suggestions.

 

However, there's still a kink to iron out: I really want to run curl in secure mode, ie, without the '-k' switch in there. I'm running same curl as you:

 

curl 7.10.2 (i386-redhat-linux-gnu) libcurl/7.10.2 OpenSSL/0.9.6b zlib/1.1.3

 

I'm wondering if it's an issue with the OpenSSL version, since 0.9.6b is a bit old now... 'f' and 'g' are most recent. I don't know about this stuff, so I'm going to ask my sys admin friends about it. If you or anyone else figures out anything there, please disclose.

 

So...in summary (to add detail to the thread): I tried turning off safe mode for the site, but that had no effect. I got the thing to work using Eric's suggestion above of adding /usr/bin to safe_mode_exec_dir in /etc/php.ini with safe mode turned on still. Also, removing the " from around $data worked like a charm... what's that all about, anyway?? I was getting same errors as Eric until I killed the ".

 

Big happy day, this! :)

Link to comment
Share on other sites

It IS runnign securely with the -k option, it just isn't checking the cert.

 

I haven't figured this one out yet, but it appears curl, or openssl doesn't know where to look for the default CA files that curl is supposed to install.

 

I know you can specify some authorities directly and get to them by adding the --cacert option to curl, so I may look into that.

 

But if you attemt to connect using http. instead of https you will be denied.

 

So it is secure, but you rn the risk of someone spoofing authnet, with a self signed cert or somesuch which isn't good obviously...

 

I'd also like to see the authnet module checking the MD5 hash that gets returned to verify the autheticity - that would be a cool addition.

 

I may do this if I get the rest of my problems solved... :)

 

e.

Link to comment
Share on other sites

Okay, in the interest of leaving bread crumbs for this thread, here's another tidbit of info on this topic...

 

I've gotten everything working through a post-Nov15 snapshot, using BN's Authorize.Net ADC module. (Yay!!) However, there were a few changes to my setup since the last post with my details. Here's the current versions of cURL/OpenSSL that are working for me now:

# /usr/bin/curl -V

curl 7.9.8 (i386-redhat-linux-gnu) libcurl 7.9.8 (OpenSSL 0.9.6b)

 

Moving to the older 7.9.8 version seems to have cleared up the '-k' issues, (in fact, I don't think that switch is relevant to pre-7.10 versions anyway,) and is working smoothly. I still had to remove the " from around $data on the call to make it work, like Eric figured out (again, I ask anyone that knows... what's up with that?? What were they there for in the first place if it doesn't work?) Here's the final code for the call:

 

// Post order info data to Authorize.net, make sure you have curl installed

exec("/usr/bin/curl -d $data https://secure.authorize.net/gateway/transact.dll", $response);

 

I'm still waiting on a response from the cURL mailing list about the issue, since I want to understand this all a bit better. 7.10.x added some stuff that Eric references, that seems to fuzz things up a bit. I will hopefully find out more info and will post it here at that time.

 

Until now, I'm stoked, and very thankful for the help... well, two of you helped, anyway! ;) Now I'll just look forward to the MD5 hash addition and we'll be spiffy! :D

 

Regards,

Hoza

Link to comment
Share on other sites

I am still getting an error message using the new module:

 

There has been an error processing your credit card. Please try again.

 

anyone have any ideas??

 

using a snapshot from last week (around Nov 27 or 28th)

Link to comment
Share on other sites

we reloaded a clean copy of Bao's mod for the new snapshot and everything seems to be working fine

 

try reloading the 3 files and see if that makes a difference

Link to comment
Share on other sites

It's very helpful to create 3 separate files based on the code in the installation.txt file of the module. I made these three:

authorizenet_direct.php

authorizenet_direct_send.php

authorizenet_direct_receive.php

 

Then I would rename files and try the transaction again to see the various messages. For instance, rename 'authorizenet_direct.php' to 'authorizenet_direct.php.old' and then change the *_send.php file to 'authorizenet_direct.php' and run the transaction. That would show the messages being sent to AuthNet.

 

In other words, I'm suggesting you try running a transaction with the *_receive.php code running so you can see what error message is coming back from AuthNet. That may give you a clue about any problems.

 

The error you're receiving is very generic and basically like a catch-all error, it seems. I got it for any of several different things I was doing wrong. It's generated by OSC and/or the ADC module, not Authorize.Net, if I figured it right.

 

If you still get the error even though AuthNet shows everything okay, then you might double-check your code for any stray punctuation or something that might make the authorizenet_direct.php module think there's an error... I don't know too much about what might be wrong, but this came to mind. I'm no expert on the subject.

 

HTH... Hoza

Link to comment
Share on other sites

HFS I finally got it working, it only took a month. :roll:

 

// Post order info data to Authorize.net, make sure you have curl installed

exec("/usr/local/bin/curl -k -d "$data" https://secure.authorize.net/gateway/transact.dll", $response);

 

(using curl 7.10.1 (i686-pc-linux-gnu) libcurl/7.10.1 OpenSSL/0.9.6 zlib/1.1.4)

(This is for the Bao's contribution from August, not using the new checkout)

 

So in the end the only piece of Bao's code that I changed was the path to curl and adding a -k for the new version of curl...

 

This after trying different security certificates, field encapsulation characters, and having my server people recompile curl several times. The code was right all along. 8)

 

Thanks, Bao

Thanks, everyone else who posted advice here.

 

Ryan

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...