dkap Posted November 7, 2003 Author Share Posted November 7, 2003 I don't think you'll have any luck with either method, in that case. I'm not exactly a Curl expert, though, so you might want to consult the documentation: http://www.php.net/manual/en/ref.curl.php You might be able to use fsockopen() and fputs()/fgets() as an alternative approach: http://us4.php.net/fsockopen That's the method generally used for PayPal IPN scripts. Dan Quote Link to comment Share on other sites More sharing options...
anaams Posted November 7, 2003 Share Posted November 7, 2003 Dan/All, I found a forum topic that showed me the use of the php-curl.dll method. I utilized it as shown on the authorizenet_direct.php file. I did not get any errors and the page seems to process for a few seconds and then goes to checkout_success.php and displays the sucess message. I also get the order recorded correctly into my orders table. Now I need to verify the following: 1. In test mode, how can I check to see if Authorize.net did receive the test order from my site? Is there any configuration necessary to set at Authorize.net's site? 2. On the checkout_success.php page, when I click on "Continue", the page tries to redirect me to a non-existent page. I have to spend more time studying this php page but I'm wondering if it is tied in with Authorize.net? Any help will be appreicated! Thank you for all your suggestions. Anaam. Quote Link to comment Share on other sites More sharing options...
anaams Posted November 7, 2003 Share Posted November 7, 2003 I was able to fix the error with #2. It was a simple reference issue tied in with configure.php and HTTPS. Any help with #1 will be great. Thanks again, Anaam. Quote Link to comment Share on other sites More sharing options...
dkap Posted November 7, 2003 Author Share Posted November 7, 2003 Well, I stand corrected with regards to php-curl.dll. Happy to be wrong in this case! :) 1. In test mode, how can I check to see if Authorize.net did receive the test order from my site? The way to check that is by processing the $response response code. I think I mentioned earlier in the thread that the example test code from the contributions falsely assumes the Authorize.net response to be an array. It is actually a comma delimited (by default; recommended to change it to something else less common -- wouldn't want commas in an address (i.e. street, apt. #) to break things up) string that can be exploded to form the array for data processing. Near the bottom of checkout_process.php, after the line: // send emails to other people add: echo "<p>authorize.net response code ($response) for order #$insert_id:</p>"; and comment out the redirect line at the bottom of the script so that it stays on that page and echoes the above addition: // tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')); If you want to do any processing of the Authorize.net response code (wise, in my opinion), consult the manual for what the various positions in the code represent. Note: All the versions of authorizenet.php I've seen also make the assumption that the response code is an array in function before_process(). $response_vars = explode(',', $response[0]); Unless that $response is being re-processed somewhere else that I can't find, that will never work for echoing the response code. It should be: $response_vars = explode(',', $response); 2. On the checkout_success.php page, when I click on "Continue", the page tries to redirect me to a non-existent page. I had some problems with that, too. I just deleted the "Continue" button from that page. Serves absolutely no purpose that I can see. There are links all over the cart to continue shopping... Putting a Continue button on the final page just confuses the customer into thinking they aren't fully checked out yet. I was able to fix the error with #2. It was a simple reference issue tied in with configure.php and HTTPS. No surprise there. I've stumbled across countless SSL/NONSSL glitches in the code. Not really bugs so much as bad assumptions. osCommerce was apparently built with the idea that all servers that run it will be set up with the SSL and non-secure files sharing the same web space, with the only difference being the URL they are accessed through. That isn't always the case, however. My sysAdmin values security very highly and has deemed it better to have the SSL files completely separate. Unfortunately, much of the osCommerce code has hard coded NONSSL values throughout (you would only know if the SSL and NONSSL URLs differ), so the bulk of the links in the cart and admin area were broken. Lots of cleanup work... Dan Quote Link to comment Share on other sites More sharing options...
anaams Posted November 7, 2003 Share Posted November 7, 2003 Dan, First of all, thank you for all your comments. There is so much on this forum to absorb everything! I appreciate all your help. Good news is that your suggestion worked for verifying that my authorize.net is working. This is the message I'm seeing on my screen: "authorize.net response code (1,1,1,This transaction has been approved.,000000,P,0,, ... for order #7:" I'm guessing that the "This transaction has been approved" part of the message means that the authorization for authorize.net has succeeded. Am I right in assuming this? So now if I take everything out of test mode, a real money making transaction will actually take place? Can you also verify the following... you said: $response_vars = explode(',', $response); You removed the [0]. But the next line in authorizenet.php reads: $x_response_code = $response_vars[0]; So the full block of code looks like this: $response_vars = explode(',', $response); $x_response_code = $response_vars[0]; Should we not remove [0] on this second line too? And finally when I view my string being sent to authorize.net I find that x_method read "credit card" instead of "CC". I see that it doesn't matter and I read your writing that for good code sake it should be "CC". Where do we change this? On the admin/module/authorize.net section there is no option for CC but only for credit card. Do we hard code it into authorize_direct.php file. Thanks again, Anaam. Quote Link to comment Share on other sites More sharing options...
dkap Posted November 7, 2003 Author Share Posted November 7, 2003 I'm guessing that the "This transaction has been approved" part of the message means that the authorization for authorize.net has succeeded. Am I right in assuming this? Yep. :) More precisely, the first '1' in the response string indicates a successful transaction. The approval text is subject to change at any time, but the numerical code will remain 1 for success. The manual is very helpful for listing all that info. So now if I take everything out of test mode, a real money making transaction will actually take place? It would appear so. You removed the [0]. But the next line in authorizenet.php reads: $x_response_code = $response_vars[0]; So the full block of code looks like this: $response_vars = explode(',', $response); $x_response_code = $response_vars[0]; Should we not remove [0] on this second line too? No. When you explode() a string, you are creating an array of the exploded pieces. So, $response_vars becomes an array based on the comma-delimited $response string. That's why $response_vars[0] is correct -- it refers to position 0 (the first position, i.e. the response code) of the $response_vars array. x_method read "credit card" instead of "CC". The CCV contribution has most of the above mentioned bugs fixed, including this one. x_Method => MODULE_PAYMENT_AUTHORIZENET_METHOD == 'Credit Card' ? 'CC' : 'ECHECK', That looks to see if it is set to 'Credit Card' in the database and submits it as 'CC' if so. Dan p.s. I really wish the post reply notifications in this forum would work consistently... Quote Link to comment Share on other sites More sharing options...
thome Posted November 10, 2003 Share Posted November 10, 2003 I would be great if you could sum up all the changes you did to make OSC work with Authorize.net . Step by step changes and what contribution these changes were made on. I'm not a good programmer and don't know how to check if I have curl. much appreciated!!!!!!! -tom Quote Link to comment Share on other sites More sharing options...
dkap Posted November 10, 2003 Author Share Posted November 10, 2003 It looks like the CCV (credit card verification) contribution contains the necessary info for passing the products ordered info to Authorize.net. It also has corrected a fair number of the bugs I've reported in this thread, which is a good sign. http://www.oscommerce.com/community/contributions,613 I believe that's the most current of the 3 Authorize.net CCV contributions I found. Haven't tried it out yet, though. Start with that contribution. It's got pretty much every bug fix handled from the stuff I've mentioned in this thread. The only one I remember it not having fixed is the $response string being treated as an array, as mentioned in the previous couple of posts. I'm not a good programmer and don't know how to check if I have curl. The help file for the contribution explains how to test for it. Dan Quote Link to comment Share on other sites More sharing options...
Guest Posted November 10, 2003 Share Posted November 10, 2003 I'm not a good programmer and don't know how to check if I have curl. -tom Hey Thom To check for curl, you can go into the admin panel and select tools on the left panel, then choose Server Info and look down the page of information it gives you, if you have curl on the server it will list it there. for me,, with my server,, curl is listed about half way down the page.. right below ctype hope this helps Regards Tom Quote Link to comment Share on other sites More sharing options...
crock Posted November 11, 2003 Share Posted November 11, 2003 Ok, here's a question... How would we store the transaction ID from Authorizenet? I already know that it's returned in $response_vars[6] and have set a variable to it's value by doing $x_transid = $response_vars[6]. The problem I'm having is storing it into the order. I have the field for it defined in the order table as 'transid' and attempt to store it in checkout_process with a... 'transid' => "$x_transid" with no success. This is important since we do "auth_only" transactions and need the transaction ID to capture funds once the order is filled. Quote Link to comment Share on other sites More sharing options...
dkap Posted November 11, 2003 Author Share Posted November 11, 2003 (edited) Man, these forum non-notifications are really driving me crazy. I never know there's a reply unless I happen to check back in just for the heck of it. Tom, that's a good point. I hadn't thought to use phpinfo() for that... How would we store the transaction ID from Authorizenet? ... 'transid' => "$x_transid" I don't quite follow where you're going with that. As far as I know, checkout_process.php doesn't store anything. It just recieves the gateway response and redirects to the appropriate page (re-submit payment or success). If you want to store any info as returned from Authorize.net, I believe you need to create your own SQL query to add it to the database. One thing that is worth doing first is checking that the transaction is a valid response from Authorize.net. Here's what I came up with after a bit of experimentation: // Authorize.net system-generated md5() hash; consists of 'MD5 hash value - Login ID - Transaction ID - Amount' $hash_string = "your_Anet_hash_value_here" . MODULE_PAYMENT_AUTHORIZENET_LOGIN . $response_vars[7] . $response_vars[10]; $hash_check = strtoupper(md5($hash_string)); // Authorize.net hash is all upper case if ($hash_check == $response_vars[38]) { Note that I paddded the first array element (position 0) so that my array numbers would match up with the Authorize.net manual's numbering (starts from 1) -- helps to avoid mistakes when going back and forth between code and manual -- so your $response_vars array keys may need to be reduced by one from what I've shown above. Dan Edited November 11, 2003 by dkap Quote Link to comment Share on other sites More sharing options...
crock Posted November 12, 2003 Share Posted November 12, 2003 I don't quite follow where you're going with that. As far as I know, checkout_process.php doesn't store anything. It just recieves the gateway response and redirects to the appropriate page (re-submit payment or success). If you want to store any info as returned from Authorize.net, I believe you need to create your own SQL query to add it to the database. Checkout Process does the SQL query and stores the order information. I added the 'transid' => "$x_transid", to the SQL query that exists in checkout_process. I'm beginning to think I need to set it to "global" somewhere. Quote Link to comment Share on other sites More sharing options...
crock Posted November 12, 2003 Share Posted November 12, 2003 Actually, this is what is in my Authorizenet.php... function before_process() { global $response; // Change made by using ADC Direct Connection $response_vars = explode(',', $response[0]); $x_response_code = $response_vars[0]; $x_transid = $response_vars[6]; if ($x_response_code != '1') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode(MODULE_PAYMENT_AUTHORIZENET_TEXT_ERROR_MESSAGE), 'SSL', true, false)); } } Note the added $x_transid that I added. This is what is in my checkout_process.php... // load the before_process function from the payment modules $payment_modules->before_process(); require(DIR_WS_CLASSES . 'order_total.php'); $order_total_modules = new order_total; $order_totals = $order_total_modules->process(); $sql_data_array = array('customers_id' => $customer_id, 'customers_name' => $order->customer['firstname'] . ' ' . $order->customer['lastname'], 'customers_company' => $order->customer['company'], 'customers_street_address' => $order->customer['street_address'], 'customers_suburb' => $order->customer['suburb'], 'customers_city' => $order->customer['city'], 'customers_postcode' => $order->customer['postcode'], 'customers_state' => $order->customer['state'], 'customers_country' => $order->customer['country']['title'], 'customers_telephone' => $order->customer['telephone'], 'customers_email_address' => $order->customer['email_address'], 'customers_address_format_id' => $order->customer['format_id'], 'delivery_name' => $order->delivery['firstname'] . ' ' . $order->delivery['lastname'], 'delivery_company' => $order->delivery['company'], 'delivery_street_address' => $order->delivery['street_address'], 'delivery_suburb' => $order->delivery['suburb'], 'delivery_city' => $order->delivery['city'], 'delivery_postcode' => $order->delivery['postcode'], 'delivery_state' => $order->delivery['state'], 'delivery_country' => $order->delivery['country']['title'], 'delivery_address_format_id' => $order->delivery['format_id'], 'billing_name' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'billing_company' => $order->billing['company'], 'billing_street_address' => $order->billing['street_address'], 'billing_suburb' => $order->billing['suburb'], 'billing_city' => $order->billing['city'], 'billing_postcode' => $order->billing['postcode'], 'billing_state' => $order->billing['state'], 'billing_country' => $order->billing['country']['title'], 'billing_address_format_id' => $order->billing['format_id'], 'payment_method' => $order->info['payment_method'], 'cc_type' => $order->info['cc_type'], 'cc_owner' => $order->billing['firstname'] . ' ' . $order->billing['lastname'], 'cc_number' => "$x_Card_Num", 'cc_expires' => "$x_Exp_Date", 'transid' => "$x_transid", 'cc_type' => $order->info['cc_type'], 'date_purchased' => 'now()', 'orders_status' => $order->info['order_status'], 'currency' => $order->info['currency'], 'customer_ip_address' => $REMOTE_ADDR, 'currency_value' => $order->info['currency_value']); tep_db_perform(TABLE_ORDERS, $sql_data_array); Note the added 'transid' => "$x_transid", I made the assumption that $x_transid would be passed from the before process routine. Quote Link to comment Share on other sites More sharing options...
dkap Posted November 12, 2003 Author Share Posted November 12, 2003 $response_vars = explode(',', $response[0]); $x_response_code = $response_vars[0]; $x_transid = $response_vars[6]; Have you confirmed that $response_vars[6] contains any data? I maintain that $response is a string, not an array, and that $response[0] is rather meaningless... Unless anyone can convince me otherwise, of course. :) Dan Quote Link to comment Share on other sites More sharing options...
crock Posted November 12, 2003 Share Posted November 12, 2003 Interesting how the ADC add on has been working all this time with the $response_vars = explode(',', $response[0]); But, you are correct. I checked the contents of $x_transid = $response_vars[6]; and it was empty. Removed the [0] from $response_vars = explode(',', $response[0]); and it then fills var[6]. Testing now to see if it gets stored in the order the way I want. Thanks! Quote Link to comment Share on other sites More sharing options...
dkap Posted November 12, 2003 Author Share Posted November 12, 2003 It is indeed odd. I haven't quite figure out how it's passing the following condition... if ($x_response_code != '1') { tep_redirect(tep_href_link(..., 'error_message=' . urlencode(...), 'SSL', true, false)); } I'm thinking the != '1' portion is unintentionally being treated the same as == 'false', which sort of makes sense in that it would be a false condition due to processing $response wrong, but doesn't make sense in that I would expect the code to choke prior to that. If I'm right about that, then it would never return a negative response from Authorize.net. Details... That's my best guess, at any rate. :) Dan Quote Link to comment Share on other sites More sharing options...
crock Posted November 13, 2003 Share Posted November 13, 2003 I think I may have figured out why this works.. $response_vars = explode(',', $response[0]); The [0] is limiting the explode to the first item in the string. If you do this... echo $response_vars[1]; The remainder of the response from authorizenet is there. Quote Link to comment Share on other sites More sharing options...
thome Posted November 13, 2003 Share Posted November 13, 2003 I ended up using the Authorize.net Consolidated v.1.3 for AIM contrib. Right out of the box everthing worked fine. I tested it with several orders with no problems. This contrib had a more recent date. And it looks like it doesn't keep the CC# in the database. http://www.oscommerce.com/community/contributions,1453 So, I was just wondering with all the changes you guys have been making, have they all been based on Authorizenet module with CVV contrib? and why not the contrib 1453? http://www.oscommerce.com/community/contributions,613 All I want to make sure is that I have done everything possible to make this connection to Authorize.net as secure as we can. So, it would be great if someone could list out things you they have found or suggested changes to make on boths sides to make it as secure as possible. thanks!!! -tom Quote Link to comment Share on other sites More sharing options...
dkap Posted November 13, 2003 Author Share Posted November 13, 2003 The [0] is limiting the explode to the first item in the string. That could be. In which case, it would die oh so ungracefully if you were using a field delimiter on the Authorize.net response (which is recommended by them). thome, I can't remember if I looked at contribution #1453 or not... I've been recommending #613 because it fixes most of the bugs in the original contribution that #1453 appears to be an update to. I'll take a look at that one and see if it looks all cleaned up. Dan Quote Link to comment Share on other sites More sharing options...
crock Posted November 13, 2003 Share Posted November 13, 2003 Just a note to let you know I've been successful storing the transaction number into the order. $response is already declared as global in authorizenet.php, so it can be manipulated in checkout_process.php. Now to automate the process of capturing authorized transactions. :unsure: Quote Link to comment Share on other sites More sharing options...
dkap Posted November 13, 2003 Author Share Posted November 13, 2003 Cool, glad that worked. I knew $response is accessible in checkout_process.php -- that's where I did my post-transaction processing -- but it's good to know the method you used is also the way to write custom fields to the db. Now to automate the process of capturing authorized transactions. What sort of capturing are you doing? Dan Quote Link to comment Share on other sites More sharing options...
dkap Posted November 13, 2003 Author Share Posted November 13, 2003 Thom, I took a look at contribution #1453, and it looks pretty much the same as the CVV contribution (#613). Neither has the php-curl.dll section in authorizenet_direct.php for servers where exec() doesn't work, but it does add x_tran_key back in instead of x_password. That's smarter, in my opinion. It also retains the unwise JavaScript requirement for a non-empty CVV submission in authorizenet.php. That's a sure way to generate failed transactions... Ditto for the incorrect $response[0] processing still being there in authorizenet.php. It does add some of the original MODULE_PAYMENT_AUTHORIZENET_* config options back into authorizenet.php (something I recommended doing in one of these threads). All in all, #1453 and #613 look to be pretty much interchangeable, with a slight edge to #1453. Dan Quote Link to comment Share on other sites More sharing options...
crock Posted November 13, 2003 Share Posted November 13, 2003 What sort of capturing are you doing? We to auth_only with authorizenet. Thus the need for the transaction numbers being stored with orders. The transaction number is required to capture funds once the order is shipped. Quote Link to comment Share on other sites More sharing options...
dkap Posted November 13, 2003 Author Share Posted November 13, 2003 Gotcha. Why do you wait until the order ships to capture, though? I assume it has to do with not wanting irate customers wondering why they've been charged for something that hasn't been shipped yet, but with fraud growing so rapidly, I would want to make sure the funds are captured prior to shipping... Am I missing another aspect? Dan Quote Link to comment Share on other sites More sharing options...
drbill Posted November 13, 2003 Share Posted November 13, 2003 The big reason is that it is illegal to charge the card until the item ships. If you have captured, and your batch runs automatically, then they will be charged... and if you are waiting on an item to come in (say it is due in next day), it is best not to capture until the item is out the door. Quote - Dr. Bill http://www.lowcarbnexus.com Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.