PHP/CURL/Authorize.net problem

jrbarkhu

I have a credit card processing page built in PHP that uses
CURL to send/receive the information to authorize.net. The
page is on a secure server (https and SSL) and it was
working fine for over a month. As of last Tuesday, it has
stopped working and it returns this error:

(92) The gateway no longer supports the requested method of
integration

I built the page following all of the requirements for AIM.

It seems as though authorize.net thinks the form data is being posted from a regular http form.

Here is the PHP/CURL code I'm using:
$ch = curl_init();
curl_setopt($ch, CURLOPT_REFERER, $authNetReferrer);
curl_setopt($ch, CURLOPT_URL, $authNetURL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$return_string = curl_exec($ch);
// close connection
curl_close($ch);

Here is information about the versions of PHP and libcurl:
PHP version 4.2.3
libcurl 7.9.8 (OpenSSL 0.9.6d)

Any help would be greatly appreciated.

batman

You have to have a time-stamp passed to authorize.net or it will decline the transaction. You also have to have the mhash function installed on your server, and implimented into your site correctly.

-Blake

jrbarkhu

Please excuse my ignorance, but I am unfamiliar with the mhash function and how to implement it into my site.

Any URL's or examples?

Thank you so much!

batman

To be honest with you, I would recomend SIM instead of AIM.
Here are the scripts I use.

simlib.php -- just upload to server.

<?

// DISCLAIMER:
//     This code is distributed in the hope that it will be useful, but without any warranty; 
//     without even the implied warranty of merchantability or fitness for a particular purpose.

// Main Interfaces:
//
// function InsertFP ($loginid, $txnkey, $amount, $sequence) - Insert HTML form elements required for SIM
// function CalculateFP ($loginid, $txnkey, $amount, $sequence, $tstamp) - Returns Fingerprint.


// compute HMAC-MD5
// Uses PHP mhash extension. Pl sure to enable the extension
function hmac ($key, $data)
{
return (bin2hex (mhash(MHASH_MD5, $data, $key)));
}

// Calculate and return fingerprint
// Use when you need control on the HTML output
function CalculateFP ($loginid, $txnkey, $amount, $sequence, $tstamp, $currency = "")
{
return (hmac ($txnkey, $loginid . "^" . $sequence . "^" . $tstamp . "^" . $amount . "^" . $currency));
}


// Inserts the hidden variables in the HTML FORM required for SIM
// Invokes hmac function to calculate fingerprint.

function InsertFP ($loginid, $txnkey, $amount, $sequence, $currency = "")
{

$tstamp = time ();

$fingerprint = hmac ($txnkey, $loginid . "^" . $sequence . "^" . $tstamp . "^" . $amount . "^" . $currency);

echo ('<input type="hidden" name="x_fp_sequence" value="' . $sequence . '">' );
echo ('<input type="hidden" name="x_fp_timestamp" value="' . $tstamp . '">' );
echo ('<input type="hidden" name="x_fp_hash" value="' . $fingerprint . '">' );


return (0);

}

?>

simdata.php -- modify then upload to server.

<?
// You may want to store this more securely in a DB or Registry or a Encrypted File
$loginid = "";
$txnkey = "";
?>

sim.php -- the page that the form's action is pointing to.

<?

// authdata.php contains the loginid and txnkey. 
// You may use a more secure alternate method to store these (like a DB / registry).

include ("simdata.php"); 
include ("simlib.php");

$amount = $x_Amount;

// Trim $ sign if it exists
if (substr($amount, 0,1) == "$") {
	$amount = substr($amount,1);
}
// I would validate the Order here before generating a fingerprint

// Seed random number for security and better randomness.

srand(time());
$sequence = rand(1, 1000);
// Insert the form elements required for SIM by calling InsertFP
$ret = InsertFP ($loginid, $txnkey, $amount, $sequence);

?>

Upload simlib and simdata.php pages to the server. On the form that the user inputs all the info, have the action point to sim.php Make the sim page a confirmation page, that the user can validate all info. Then have it post to authorize.net

If you are having troubles doing this, then I can help you, but it would have to be for a small fee.

Hope the above info helps any,
-Blake

jrbarkhu

Unfortunately, I don't have the time to switch the files from SIM to AIM.

Also, I would still like to use AIM and according to everything I've read, the code should work.

here is the complete script of the processing page:

<?
$authNetURL = "https://secure.authorize.net/gateway/transact.dll";

// Set Array for all data to be sent to Authorize.net
$post_array = array(
//variables that are defined in this page
"x_Test_Request" => "TRUE",
"x_Login" => "xxxxxxxxxx",
"x_Password" => "xxxxxxxxxx",
"x_Version" => "3.1",
"x_Type" => "AUTH_CAPTURE",
"x_Method" => "CC",
"x_Email_Customer" => "TRUE",
"x_Customer_IP" => $HTTP_SERVER_VARS['REMOTE_ADDR'],
"x_Delim_Char" => "'",
"x_Delim_Data" => "TRUE",
"x_Encap_Char" => "",
//variables that are received from an outside form
"x_Amount" => trim($HTTP_POST_VARS['x_Amount']),
"x_Description" => trim($HTTP_POST_VARS['x_Description']),
"x_Card_Num" => trim($HTTP_POST_VARS['x_Card_Num']),
"x_Exp_Date" => trim($HTTP_POST_VARS['x_Exp_Date']),
"x_First_Name" => trim($HTTP_POST_VARS['x_First_Name']),
"x_Last_Name" => trim($HTTP_POST_VARS['x_Last_Name']),
"x_Company" => trim($HTTP_POST_VARS['x_Company']),
"x_Address" => trim($HTTP_POST_VARS['x_Address']),
"x_City" => trim($HTTP_POST_VARS['x_City']),
"x_State" => trim($HTTP_POST_VARS['x_State']),
"x_Zip" => trim($HTTP_POST_VARS['x_Zip']),
"x_Country" => trim($HTTP_POST_VARS['x_Country']),
"x_Email" => trim($HTTP_POST_VARS['x_Email']),
"x_Ship_To_First_Name" => trim($HTTP_POST_VARS['x_Ship_To_First_Name']),
"x_Ship_To_Last_Name" => trim($HTTP_POST_VARS['x_Ship_To_Last_Name']),
"x_Ship_To_Company" => trim($HTTP_POST_VARS['x_Ship_To_Company']),
"x_Ship_To_Address" => trim($HTTP_POST_VARS['x_Ship_To_Address']),
"x_Ship_To_Address_2" => trim($HTTP_POST_VARS['x_Ship_To_Address_2']),
"x_Ship_To_City" => trim($HTTP_POST_VARS['x_Ship_To_City']),
"x_Ship_To_State" => trim($HTTP_POST_VARS['x_Ship_To_State']),
"x_Ship_To_Zip" => trim($HTTP_POST_VARS['x_Ship_To_Zip']),
"x_Ship_To_Country" => trim($HTTP_POST_VARS['x_Ship_To_Country']),
"x_Phone" => trim($HTTP_POST_VARS['x_Phone']),
"Fax" => trim($HTTP_POST_VARS['fax']),
"username" => trim($HTTP_POST_VARS['username']),
"job_title" => trim($HTTP_POST_VARS['job_title']),
"business_type" => trim($HTTP_POST_VARS['business_type'])
);

$data = "";

reset($post_array);
while (list ($key, $val) = each($post_array)) {
$data .= $key . "=" . urlencode($val) . "&";
}

// strip the trailing '&'
$data = preg_replace("/&$/", '', $data);

// initiate connection and set parameters
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $authNetURL);
curl_setopt($ch, CURLOPT_USERAGENT, "X-Cart");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

// execute curl and return values
$return_string = curl_exec($ch);

// close connection
curl_close($ch);

// split $return_string by the separating ','
$response = explode(",",$return_string);

// add 1 value to the front of $response so that
// $response index matches up with Authorize.net Response Positions
array_unshift($response,"blank");

if($response[1] == 1){
// successful transaction actions
}else{
// unsuccessful transaction actions
}

I have no idea why I still get the "(92) The gateway no longer supports the requested method of integration." error.

This is driving me crazy.

Thanks, justin

batman

I don't know if you've seen this yet or not, but take a look at it. It has all the information about the AIM method. Go to authorize.net and login. Once loged in, then go to help and look for the aim guide.

Did you write the script, or did someone else?

-Blake

mikesurf

check this out, it seems to work for me. I still can't seem to correctly calculate the same MD5 HMAC hash value that the gateway spits back; the hmac function doesn't work right. Here is the code:

$ch = curl_init ("https://secure.authorize.net/gateway/transact.dll");

curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields); //set the fields to post, $fields is just all the fields in one variable
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //make sure we get response back

$buffer = curl_exec($ch);

curl_close ($ch);

$details = explode($x_Delim_Char, $buffer);

//making the hash string, where "mike" is my hash value
$the_string = "mike"."$x_Login"."$details[6]"."$x_Amount";

//echo "$the_string - ";

function hmac($key, $data)
{
return (bin2hex (mhash(MHASH_MD5, $data, $key)));
}

echo hmac("mike", $the_string);

jrbarkhu

As it turns out, the problem wasn't with the code. One of the settings in the Authorize.net Control Panel was not configured correctly. I figured this out no thanks to authorize.net :mad:!

Thank you to everyone for your help.

Cheers,
Justin

mrmph22

So, what was the setting? I think I have the same issue. thanks, mph

mrsocks

yes, what was the setting you needed to change and is this now funcitoning as AIM?

thanks

jrbarkhu

I wish I could tell you what setting was fixed, someone else fixed it and I haven't been able to get ahold of him. As soon as I do, I'll post it.

And yes, it is working in AIM mode.

mrsocks

excellent, thanks.
if you find out please let me know, and if i find out, i will let you know.

currently, i am trying to compile php with curl. (just another step i have to read about before i move forward.... 🙂

mrsocks

hello again.

i seem to have everything working and the result does distinguish between the successful and unsuccessful results.
i have removed the array_unshift fucntion and just changed the key to "0" and it stil works fine.

my next question is how do i do anything with the info sent back?
i am trying to just print the results as a test;
echo $response[2];
echo $response[3];
echo $response[4];
echo $response[5];
echo $response[6];
echo $response[7];

but nothing shows up. if i add ."<BR>"; to the end the <BR> shows in the source but no info from the $response vars.

am i missing something?
thanks

mrsocks

after a little tweaking and backtracking....

in your code: you have
x_Delim_Char" => "'"

and then later in the code you have"
$response = explode(",",$return_string);

that difference was what was causing the returned array to not be exploded. i just changed the explode delimiter to the "'" and it all works perfectly now.

thanks again for the code and the help.

(maybe that what was changed on the admin side, the dimliter value that is used as the info is sent back....??)

phplearner

Hey batman:

I'm trying to implement the SIM approach (really wanted to go AIM) to Authorize.Net. My tests work fine EXCEPT that I can not get a pre-sim.php page $variable read within the sim.php page.

Maybe you can help (I've been seeking help with no luck).

pre-sim.php page code section:

    } elseif (($taxrate != "info" ) && (!isset($notaxrate))) { 
          $_SESSION['salestax'] = $taxrate; 
//          $salestax = $_POST['taxrate'];
		  header('Location: sim.php');

I've tried umpteen things to read the $salestax amount from the pre-sim.php page WITHIN sim.php but no dice.

Any help is muchly appreciated. Ultimately, on that sim.php page it will be assigend to the x_sales_tax field (or whatever it's called)...but must be displayed 1st.

Thank you.

phplearner

(magiclab-Percy) in another thread SOLVED my problem with:

header("Location: nexturl.php?salestax=$salestax");

...and to use:

echo "Sales Tax: ".$HTTP_GET_VARS['salestax'];

in the next page.

Still would like to go with AIM at some point.

mrsocks

it would be great if anyone could give some feedback as to what the setting in the Auth.net panel was. I think i am having the same problem. It worked the other day and now no longer works.

any help or adice would be great.

thansk

batman

I'm sorry to hear that a lot of you guys are having problems with authorize.net. I've messed with my code for a long time now and have it working awesome. If anyone would like some help with authorize.net stuff, let me know. If you have AOL messanger, then give me a message to: eradicatordfdk

I will be happy to help,

dephi

Hi, Batman,

I saw your 2003 post and thought I would write to hopefully get a reply and help from you. I have just released a website that has php.cart, SIM and authorize.net that has a major problem with authorize that noone can seem to fix. I am not a programmer, and my designer has worked his brain trying to get this to fix and the way it is now is horrible. We can't get any specific error code messages with authorize, ie, wrong cvs card code, exp date, and or billing address entered just comes up "declined" and doesn't say why. As a fix we have had to enter on the page "please wait three minutes before reentering your exp date, card code and billing address. If you card is declined again, please call"

http://www.virginiafouche.com/phpcart/phpcart.php?action=view

And then go to authorize

If you could help us we would be so appreciative!!

Thank you.

jonathanB

If you stumble across this from Google, here's how I made this work:

Make sure that you are submitting as www-form-urlencoded instead of multipart/form-data

PHP's cURL implementation (or, at least mine out of the box on CentOS) will submit this as multipart/form-data:


    $ch=curl_init($this->urlString); 
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postarray);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    $body = curl_exec($ch);
    curl_close($ch);

if $postarray is an array. So, first fix -- I converted that to my own urlencoded string:

        $poststring = "";

    foreach (array_keys($postvals) as $key) {
            if ($poststring != "") {
                    $poststring .= "&";
            }

            $poststring .= $key . '=' . urlencode($postvals[$key]);
    }

    $poststring .= '&';

    $ch=curl_init($this->urlString); 
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $poststring);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    $body = curl_exec($ch);
    curl_close($ch);

You can verify it by changing the target URL to: https://developer.authorize.net/tools/paramdump/index.php

Before, with the postarray, it was not showing any values. When I made my own post string, it echoed back the values.

The ampersand is a stop character, not a delimiter.

In the above code, you'll notice this line:

        $poststring .= '&';

If this were a normal form, I wouldn't have to do that -- it would pick things up from the content length header. Not so with Authorize.Net AIM interface. On the "Minimum Requirements" page of the AIM guide, you may quickly have skipped over the part that defines name/value pairs with the syntax:

x_name_of_field=value of field&

Try that and the (92) error should go away.