Authorize.net Function Problem

liebhabe

I am using SIM for Authorize.net and have been trying for a few days now to get it to work properly. It doesn't seem to be calling the simlib.php file correctly. Everytime sim.php is called, it stops processing as soon as it hits the function call to InsertFP. I have checked all other portions of the script and they are all perfect. I know I have MHASH and all required pieces. Here's my code... I have dumbed it down to the basic stuff you get from them only with MySQL access as I initially thought that it was a problem with my form customization.

SIMLIB.PHP:

<?php

// DISCLAIMER:
// This code is distributed in the hope that it will be useful, but without any warranty;
// without even the implied warranty of merchantability or fitness for a particular purpose.

// Main Interfaces:
//
// function InsertFP ($loginid, $txnkey, $amount, $sequence) - Insert HTML form elements required for SIM
// function CalculateFP ($loginid, $txnkey, $amount, $sequence, $tstamp) - Returns Fingerprint.

// compute HMAC-MD5
// Uses PHP mhash extension. Pl sure to enable the extension
function hmac ($key, $data)
{
return (bin2hex (mhash(MHASH_MD5, $data, $key)));
}

// Calculate and return fingerprint
// Use when you need control on the HTML output
function CalculateFP ($loginid, $txnkey, $amount, $sequence, $tstamp, $currency = "")
{
return (hmac ($txnkey, $loginid . "^" . $sequence . "^" . $tstamp . "^" . $amount . "^" . $currency));
}

// Inserts the hidden variables in the HTML FORM required for SIM
// Invokes hmac function to calculate fingerprint.

function InsertFP ($loginid, $txnkey, $amount, $sequence, $currency = "")
{

$tstamp = time ();

$fingerprint = hmac ($txnkey, $loginid . "^" . $sequence . "^" . $tstamp . "^" . $amount . "^" . $currency);

echo ('<input type="hidden" name="x_fp_sequence" value="' . $sequence . '">' );
echo ('<input type="hidden" name="x_fp_timestamp" value="' . $tstamp . '">' );
echo ('<input type="hidden" name="x_fp_hash" value="' . $fingerprint . '">' );

return (0);

}

SIM.PHP:

<!--

DISCLAIMER:
This code is distributed in the hope that it will be useful, but without any warranty;
without even the implied warranty of merchantability or fitness for a particular purpose.

Main PHP that demonstrates how to use the SIM library.
Input (Form or QueryString):
x_Amount
x_Description
-->

<HTML>
<HEAD>
<TITLE>Order Form</TITLE>
</HEAD>
<BODY>
<H3>Final Order</H3>

<?
$x_Description = $HTTP_GET_VARS['x_Description'];
$x_Amount = $HTTP_GET_VARS['x_Amount'];

// IF YOU WANT TO PASS CURRENCY CODE do the following:
// Assign the transaction currency (from your shopping cart) to $currencycode variable

if ($x_Description == "")
$x_Description = $HTTP_POST_VARS['x_Description'];

if ($x_Amount == "")
$x_Amount = $HTTP_POST_VARS['x_Amount'];

Description: <?=$x_Description?> <BR />
Total Amount : <?=$x_Amount?>

<BR /><BR />
<FORM action="https://certification.authorize.net/gateway/transact.dll" method="POST">
<?

// authdata.php contains the loginid and txnkey.
// You may use a more secure alternate method to store these (like a DB / registry).

include ("simdata.php");
include ("simlib.php");

$amount = $x_Amount;

// Trim $ sign if it exists
if (substr($amount, 0,1) == "$") {
$amount = substr($amount,1);
}
// I would validate the Order here before generating a fingerprint

// Seed random number for security and better randomness.

srand(time());
$sequence = rand(1, 1000);
// Insert the form elements required for SIM by calling InsertFP
$ret = InsertFP ($loginid, $txnkey, $amount, $sequence);

// IF YOU ARE PASSING CURRENCY CODE uncomment and use the following instead of the InsertFP invocation above
// $ret = InsertFP ($loginid, $txnkey, $amount, $sequence, $currencycode);

// Insert rest of the form elements similiar to the legacy weblink integration
echo ("<input type=\"hidden\" name=\"x_description\" value=\"" . $x_Description . "\">\n" );
echo ("<input type=\"hidden\" name=\"x_login\" value=\"" . $loginid . "\">\n");
echo ("<input type=\"hidden\" name=\"x_amount\" value=\"" . $amount . "\">\n");

// IF YOU ARE PASSING CURRENCY CODE uncomment the line below **
//echo ("<input type=\"hidden\" name=\"x_currency_code\" value=\"" . $currencycode . "\">\n");

?>
<INPUT type="hidden" name="x_show_form" value="PAYMENT_FORM">
<INPUT type="hidden" name="x_test_request" value="TRUE">
<INPUT type="submit" value="Accept Order">
</FORM>
</BODY>
</HTML>

SIMDATA.PHP:

<?
// You may want to store this more securely in a DB or Registry or a Encrypted File
require("config.php");

$idstring = "12345";

	$res2 = mysql_query("SELECT * FROM PaymentID WHERE PayID = $idstring");

	$pay_info = mysql_fetch_row( $res2 );

	mysql_close( $hd );

$loginid = $pay_info[2];
$txnkey = $pay_info[1];

Any help would be appreciated. The script is running on a secure server. You can see the problem at https://www.compcoach.com/sim.php?x_Amount=5&x_Description=Test+Product

Thanks.