Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Authorize.net questions


dkap

Recommended Posts

I've got osCommerce set up and pretty much configured the way I want it. I just got my Authorize.net account going and started playing around with it in test mode.

 

The built-in authorizenet.php module seems to work, but the 'contributions' warnings about it not working in a lot of Netscape and AOL browsers is concerning. Also, I noticed that the payment confirmation emails from Authorize.net do not contain any of the following rather important transaction details:

 

Invoice

Company

Products Ordered (Description?)

 

I've seen Invoice mentioned in other threads from last year as something that is not produced until after the response from Authorize.net. If that really is [still] the case, then that's a truly bizarre design decision. If the transaction doesn't go through, just skip over that ID and use the next available one the next time through. Doesn't make much sense to not report it. Anyway, that's a relatively minor issue. Ditto for Company, but it would be nice to have.

 

The biggest concern is not having the ordered products listed in the notification. A dollar value does little good unless you want to log into the admin area or database each time to figure out what was ordered... It isn't entirely clear what needs to be added to the payment module to pass along that info. (As an aside, probably my biggest complaint with osCommerce so far is the level of difficulty in tracking down where various data and settings come from.) Has anyone successfully added these variables to the info sent to Authorize.net?

 

In the process of trying to figure out the above, I decided to give the Authorize.net ADC module a try. Only problem is, I can't find any mention of how to actually put it to use, and searching the forums is turning up nothing. I uploaded the file to the /includes/modules/payment/ directory and a copy of the authorizenet.php language file (as authorizenet_direct.php) to the /includes/languages/modules/payment/ directory, but nothing shows up for it in the admin payment modules area. I'm assuming there's a setting somewhere for which modules to show, but I can't find any such thing and modules.php sure looks like it's supposed to be reading in everything from the modules directory. Some documentation would be nice... Is it intended to be a drop-in replacement for the default authorizenet.php? I wouldn't think so, because it doesn't contain all the pre-submission checking and configuration setup pieces.

 

I'm guessing there's a tutorial of some sort that explains most of this, but I'll be darned if I can find it. I was getting seemingly endless pages of unrelated search results.

 

Final question: Is there any documentation on processing the response from Authorize.net? I'm hoping to be able to work with it to do some automated processing of the transaction once an ok'd transaction is received.

 

By the way, for the next ADC module release, I would think the following:

 

// set x_PASSWORD to your authorizenet admin password!!!

x_PASSWORD => 'Enter Password',

 

could be changed to:

 

x_PASSWORD => MODULE_PAYMENT_AUTHORIZENET_TXNKEY,

 

Seeing as how that is defined in the db; might as well follow the example of x_Login and have less to configure.

 

Dan

Link to comment
Share on other sites

  • Replies 78
  • Created
  • Last Reply

Top Posters In This Topic

The following works for adding Company to the Billing Information and Shipping Information sections, respectively:

 

tep_draw_hidden_field('x_company', $order->customer['company']) .

tep_draw_hidden_field('x_ship_to_company', $order->delivery['company']) .

 

I'm not having much luck figuring out where the Products Ordered info comes from, though.

 

Dan

Link to comment
Share on other sites

Hmm, I guess I'm not allowed to edit the last post...

 

Re: the Description field, x_description appears to be the necessary item (in the default authorizenet.php setup), but getting the product data into it is the challenge. Also, it isn't clear if doing it that way will leave me with a way of processing multiple products in the Authorize.net approvale response. Will x_description be an array of products?

 

Dan

Link to comment
Share on other sites

Ah, now I get it. Downloading the latest file form the contributions section doesn't provide the whole package! Sheesh, no wonder I couldn't find any documentation or figure out how to put the single file to use. I guess you have to know how to use the system before using it...

 

Dan

Link to comment
Share on other sites

After further trial and error, here's a variety of things I've found with regards to the Authorize.net ADC module:

 

----------

 

authorizenet_direct.php stuff:

 

- should be password after all, not transaction id (my bad)

 

- 'prod' undefined; still haven't figured out where it comes from or how it's intended to be used

 

- neither of these are defined in the db (first one should be MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER):

x_Email_Customer => MODULE_PAYMENT_AUTHORIZENET_EMAIL == '1' ? 'TRUE': 'FALSE',

x_Email_Merchant => MODULE_PAYMENT_AUTHORIZENET_EMAIL_MERCHANT == '1' ? 'TRUE': 'FALSE',

 

- I added:

x_Company => "{$order->customer['company']}",

x_Ship_To_Company => "{$order->delivery['company']}",

 

- the country fields are incorrect.

x_Country => "{$order->billing['country']}",

x_Ship_To_Country => "{$order->delivery['country']}",

 

should be:

 

x_Country => "{$order->billing['country']['title']}",

x_Ship_To_Country => "{$order->delivery['country']['title']}",

 

- post-response testing never echos anything

Does the Direct Response Delimiter in the Authorize.net admin setup need changing? $response is looking for any array, but it isn't clear what the non-delimited default setup response sends.

 

----------

 

checkout_process.php stuff:

 

- 'comments' field doesn't belong - $sql_data_array -> TABLE_ORDERS (should be in order status history)

 

- 'new_value' field doesn't belong - $sql_data_array -> TABLE_ORDERS_STATUS_HISTORY (should be 'orders_status_id')

 

----------

 

admin stuff:

 

MODULE_PAYMENT_AUTHORIZENET_EMAIL_MERCHANT actually is added, but is set up as a text input box with no label, not a radio box like it should be:

 

<input type="radio" name="configuration[MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER]" value="True" CHECKED> True<br>

<input type="radio" name="configuration[MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER]" value="False"> False

...

<input type="text" name="configuration[MODULE_PAYMENT_AUTHORIZENET_EMAIL_MERCHANT]">

 

But it sure looks like it's ok in authorizenet.php's keys() and install() functions...

 

----------

 

I've got the module apparently working ok, but without being able to test the Authorize.net response, it's difficult to tell for sure. The proper confirmation emails are being sent (I had to hard code the customer and merchant email notifications to 'TRUE' because of the above problems), so that's a good sign.

 

Is there any word from the osCommerce development team if an official ADC/AIM module will be put together for a future release? It would be comforting to know that all the code versions properly match and that the correct stuff is being submitted.

 

Dan

Link to comment
Share on other sites

Another authorizenet_direct.php note: According to minimum AIM requirements, x_version must be 3.1 (set to 3.0 in the contribution) and x_relay_response must be False (not set in contribution). x_tran_key should also be set (ditto).

 

Dan

Link to comment
Share on other sites

Boy, popular topic.

 

I've started unravelling what goes where and how to do various things. One thing I found that explains why I was having little luck testing the Authorize.net response code is that $response is not an array, so the foreach() loop in authorizenet_direct.php doesn't echo anything.

 

In checkout_success.php, all the necessary transaction variables are present for post-purchase processing. $insert_id as the order_id and $products_ordered for the list of products, although the latter's format is more for display than for processing, so I opted to use the order_id for a database lookup of product id/title.

 

Also, as best I can tell, position 38 in $response (key 37 when you explode the comma delimited string -- Authorize.net's instructions number from 1, not 0 like with an array) is a md5() encrypted transaction key corresponding to the purchase. I sure hope that's right, because it's what I'm using for a post-purchase processing tie-in to identify the transaction... If anyone knows otherwise, I'd appreciate the info.

 

I think that's all for now.

 

Dan

Link to comment
Share on other sites

Are these issues resolved in any Contribution??

 

I started to set up osCommerce and had to log onto AuthorizeNet to provide them the URL from the osCommerce cart and have now started the 29-day clock ticking because I was using the old, obsolete web connect feature.

 

I'm a bit scared reading these posts.

Link to comment
Share on other sites

Are these issues resolved in any Contribution??

Not that I'm aware of. And as best I can tell, there's been no activity surrounding these contributions since April. Yours is the first response of any kind I've gotten.

 

Dan

Link to comment
Share on other sites

A buddy of mine told me that processing payments with osCommerce and Authorize.Net was easy, since the payment module was included in the vanilla download. I haven't gotten to this part in my development, but it will happen this week.

 

I'm concerned about these posts, were you not getting the desired results with the module included with osCommerce? Is that why you went to the contribution?

 

I haven't been able to hunt any documentation down with Authorize.Net settings as used with osCommerce. I'm realizing that I don't know enough about the Authorize.Net settings to even get close. For example, what is the Default Relay Response URL for osCommerce? Seems like an important thing to know... If anyone could give me a list of the Authorize.Net settings that work with osCommerce, I'd love to see it. If I get it working before then, I'll try and post my results.

 

Thanks,

Graham

Link to comment
Share on other sites

The default module *works* but is not recommended by community members or by Authorize.net themselves. If security isn't a concern, then you're probably fine with it. Otherwise, prepare to get your hands dirty...

 

Dan

Link to comment
Share on other sites

Actually, I think that "Vanilla" really isn't a choice anymore.

 

See my previous posts, I was using their web connect, which appears to be osCommerce "Vanilla." As soon as I gave my admin password, AuthorizeNet advised me that I had 30 days to change to AIM, which appears to be what this Contribution is all about; no?

 

With 28 days and counting, and blood pressure climbing,

 

Tom

Edited by TBK3
Link to comment
Share on other sites

Hey folks

Has anyone found a solution for the authorize.net problems.

 

This is the one I have chosen for merchant account / credit card processing and at this point I am afraid to make the change since the default mod in osc2 is being said to be outdated and there is nothing new posted in the mod's section.

 

Any advise?

 

Regards

Tom

Link to comment
Share on other sites

What is AIM?

 

And what are the security concerns with the "vanilla" module that comes in the oscommerce download? My "vanilla" install with authorize.net seems to be working fine, but I guess there might be security issues?

 

In regards to the email receipt, why not just use the oscommerce receipt email which can be customized easily?

Link to comment
Share on other sites

Odd, I stopped getting replies to this topic. I was just checking back to post a couple more things I found that might help people get the AIM/ADC contribution set up properly.

 

authorizenet_direct.php

 

if(MODULE_PAYMENT_AUTHORIZENET_TESTMODE == '1')

 

> That line should be checking for 'Production' or 'Test', not 0/1. Since it's recommended to run tests with osCommerce in Production mode and Authorize.net in Test mode, that doesn't really matter (it'll never be a true check, so it won't default to Test mode in osCommerce), but still, it's always nice to have correct code. :rolleyes:

 

exec("/usr/bin/curl -d \"$data\" https://secure.authorize.net/gateway/transact.dll", $response);

 

> If you're getting basically no response, it might be that exec() commands are disabled on your server (safe_mode issues). In my case, I got no response and no error log entries, so it was a bit tough to troubleshoot. If you've done the setup tests to see if Curl is installed and everything looks good but there's no response, try commenting out that line and using the php-curl.dll section that follows it.

 

Ok, on to the responses...

 

change to AIM, which appears to be what this Contribution is all about; no?

Correct. AIM and ADC are apparently one and the same. AIM stands for Advanced Integration Method.

 

Has anyone found a solution for the authorize.net problems.

That question is a bit vague... I think if you follow along with the problems I've highlighted in this thread, you'll end up with a working solution. So, the answer to your question would have to be yes.

 

And what are the security concerns with the "vanilla" module that comes in the oscommerce download?

Probably best to read the respective white papers for the AIM/SIM approaches. It has to do with how your server communicates with the Authorize.net server, i.e. how data is exchanged. If the "simple" approach is working fine for you, then I suppose you've already answered your question. The advanced method is recommended those who require the extra security for whatever reason.

 

In regards to the email receipt, why not just use the oscommerce receipt email which can be customized easily?

I'm assuming that's a question directly for me? The problem I had with the email receipts doesn't exactly have to do with confirmation. The Authorize.net one does not contain much of the pertinent info, but the osCommerce one does, as you pointed out. What I needed, however, was a way to process in real time the results of the Authorize.net response. As I recall, I was trying to backtrack from the emailed content to the Authorize.net response (that's how I figured that the product info and invoice number are never sent to Authorize.net) to figure out what needed to go where. Working through that process, I finally came up with checkout_process.php as the key to the overall equation. It would still be nice to have all the product info in the Authorize.net email for record keeping purposes, but it isn't essential at this point.

 

Dan

Link to comment
Share on other sites

Here's another technically incorrect item, although it doesn't seem to matter. x_method expects "CC", not "Credit Card" like is set for MODULE_PAYMENT_AUTHORIZENET_METHOD in the admin menu. It appears Authorize.net views that mismatch as the same as an undefined x_type which defaults to CC, so the net effect is the same.

 

Dan

Link to comment
Share on other sites

It looks like the CCV (credit card verification) contribution contains the necessary info for passing the products ordered info to Authorize.net. It also has corrected a fair number of the bugs I've reported in this thread, which is a good sign.

 

http://www.oscommerce.com/community/contributions,613

 

I believe that's the most current of the 3 Authorize.net CCV contributions I found. Haven't tried it out yet, though.

 

Dan

Link to comment
Share on other sites

admin stuff:

 

MODULE_PAYMENT_AUTHORIZENET_EMAIL_MERCHANT actually is added, but is set up as a text input box with no label, not a radio box like it should be:

 

<input type="radio" name="configuration[MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER]" value="True" CHECKED> True<br>

<input type="radio" name="configuration[MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER]" value="False"> False

...

<input type="text" name="configuration[MODULE_PAYMENT_AUTHORIZENET_EMAIL_MERCHANT]">

 

But it sure looks like it's ok in authorizenet.php's keys() and install() functions...

I finally figured out why the above is the case. a 'configuration' table entry needs to be added for MODULE_PAYMENT_AUTHORIZENET_EMAIL_MERCHANT, following the format of MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER. I would have thought the format is defined by function install() in authorizenet.php, but apparently not.

 

Dan

Link to comment
Share on other sites

I just generated my transaction key, etc. My cart is set to Test mode.

 

When I processed a transaction using the testing CC# in OSC, I received:

The following errors have occurred.

(14) The referrer, relay response or receipt link URL is invalid.

 

Is this a good reply or the other kind?

 

Also, it's a little difficult for a new user to figure out whether one needs every one of the contributions listed for this Contribution. Can someone clarify this.

 

Finally, if anyone is interested I generated a pdf version of the AuthorizeNet AIM Implementation Guide with response codes.

Link to comment
Share on other sites

Definitely not a good response code. Do you have a return URL set for your old web connect method? I believe that needs to be cleared out when using AIM/ADC.

 

it's a little difficult for a new user to figure out whether one needs every one of the contributions listed for this Contribution.

Agreed. Several of them appear to be duplicates, but the only way to tell (that I could tell) is to download each and compare the file dates and possibly contents. I think it might have only been the last two that were actually duplicates, which probably means the previous package actually got updated (there's a novel idea!). It's a bizarre system where old distributions don't get updated but new ones don't contain all the files. Talk about making things needlessly confusing.

 

Dan

Link to comment
Share on other sites

Needlessly confusing? Agreed! It's baffling to me and I only figured it out because in another forum, someone mentioned having to download the earlier version and then overlaying the newer version because the revisions didn't have everything necessary to run. Who do we have to talk to???

 

I do have a response set because I was using webconnect. Unfortunately, AN's solution is to change the settings on my account, which will kill the cart currently in use.

 

Needless to say, best done at 2 AM!

 

Unfortunately, I can't make the cut over yet, but can't cut over until I know everything is working.

Link to comment
Share on other sites

Who do we have to talk to???

Wish I knew... I was plenty baffled by the documentation goose chase at the start of this thread.

 

I do have a response set because I was using webconnect. Unfortunately, AN's solution is to change the settings on my account, which will kill the cart currently in use.

Ouch, that's a tough situation. I was thinking you said you had Anet in Test mode, but looking back I see it was the cart you put in Test mode. I guess that explains things...

 

I just went live with my cart, otherwise I would offer to set up a temporary transaction key for you to test with on my Anet account. Maybe someone else operating in Test mode would be willing to do the same? Anyone? As long as they don't provide you their account password and change the transaction key when you're done testing, I can't think of any security issues there.

 

Dan

Link to comment
Share on other sites

Oh wait, I just thought of something else. Check out Appendix F - Certification in your manual. You might be able to use that for testing, although I'm not sure if that will bypass your regular account settings.

 

Dan

Link to comment
Share on other sites

Dan, you wrote:

 

exec("/usr/bin/curl -d \"$data\" https://secure.authorize.net/gateway/transact.dll", $response);

 

If you've done the setup tests to see if Curl is installed and everything looks good but there's no response, try commenting out that line and using the php-curl.dll section that follows it.

 

I've just found that my host provider does not support cURL. Is php-curl.dll another way to execute the same as frist quote? If not, is there any replacement to using cURL for conveying data to Authorize.Net?

 

Any and all help will be extremely appreciated!

 

Thanks,

Anaam.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...