topic Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php in Integration and Testing

test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

apasalic — Thu, 02 Feb 2012 20:02:15 GMT

I think I'm doing someting wrong but can't figure out what.

In Account > Settings > Receipt Page > Receipt Method > Default Receipt Link URL
I entered http://mysite.com/sim.php (sample code).
Receipt Metod is POST.
In Account > Settings > Relay Response > Default Relay Response URL > I entered http://mysite.com/relay_reponse.php with only this code:
<?php
print_r($_POST);
?>
In sim.php I added to sample coe the following form code
<input type="hidden" name="x_relay_response" value="true">
<input type="hidden" name="x_relay_url" value="https://mysite.com/ relay_reponse.php">

When I submit the credit card form I’ll get the POST array on screen, as I requested on relay_reponse.php file but the URL is still showing https://test.authorize.net/gateway/transact.dll ?!? Shouldn’t it be http://mysite.com/ relay_reponse.php? Why?

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

RaynorC1emen7 — Thu, 02 Feb 2012 20:25:29 GMT

First paragraph from http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Relay-Response-Basics-and-Troubleshooting/ba-p/9536

Relay Response Basics

Relay Response is a feature available to merchants using Server Integration Method (SIM) or Simple Checkout. It instructs the payment gateway to return transaction results to the merchant using an HTML form POST to a specified URL on the merchant's Web server. A script or program at the URL can be used to create a custom receipt page using the transaction information. The custom receipt page is then relayed back to the customer's browser. Relay Response does not redirect the end user back to the merchant’s server, but relays the page content to the end user instead of displaying the Authorize.Net default receipt page.

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

TJPride — Thu, 02 Feb 2012 20:52:19 GMT

Or, to put it graphically...

Order Form -> Authorize.net -> Receipt Page

| ^ -> Error Page

v |

Relay Response Page

(checks error status, returns receipt or error page URL)

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

apasalic — Thu, 02 Feb 2012 21:32:55 GMT

Thanks. I got it. :manhappy:

But, since I have to store submitted data in my database and do some $_SESSION changes, I was thinking to use the following code in reley_response.php

<form method='post' action="https://mysite.com/relay_response2.php" id="authdotnet">
<?php foreach ($_POST as $key => $value) { ?>
<input type="hidden" name="<?=$key?>" value="<?=$value?>">
<?php } ?>
</form>

to switch from authorize.net to mysite.com and finish "my" work and then show thankyou.php (there are multiple method payments on my site that use the same thankyou page)

Is this logic "ok:" or there is better solution?

Thanks for help.

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

TJPride — Thu, 02 Feb 2012 22:10:48 GMT

An internal POST from Authorize.net is not the same as a browser going to your page - the Javascript will be ignored and nothing will happen. You need your PHP code to call your database and/or session and update them before returning the receipt URL to Authorize.net, not do something weird like generate a form and call a second relay response page (what would that gain you, exactly?) Incidently, the session won't trigger automatically either, since it's Authorize.net calling the page and not your customer, so you have to pass the session ID as part of the order data if you want to load the session from the relay response page and modify it.

Generally better to avoid sessions entirely, and just use a database record with a passed idn, but I don't have time right now to rewrite your entire ordering process. I wish you good luck.

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

RaynorC1emen7 — Thu, 02 Feb 2012 22:18:38 GMT

Why not try it anyway. It might work.

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

apasalic — Thu, 02 Feb 2012 22:39:10 GMT

"... An internal POST from Authorize.net is not the same as a browser going to your page - the Javascript will be ignored and nothing will happen..."

- Sorry, but didn't understand this :-(

"... You need your PHP code to call your database and/or session and update them before returning the receipt URL to Authorize.net,..."

- I can't update my database before the cc form is submitted beacuse I need Billiing and Shipping data. But if you think to do it after the form is submitted but before relay_respond.php file is called - I have no idea how nor where to put the code?!!?

"... not do something weird like generate a form and call a second relay response page (what would that gain you, exactly?)..."

- The reason is once I'm back on mysite.com I can use my session ID (it's not lost) to update database. Within the relay_response.php I can't do anything? I can't connect to database.

"... Incidently, the session won't trigger automatically either, since it's Authorize.net calling the page and not your customer, so you have to pass the session ID as part of the order data if you want to load the session from the relay response page and modify it.

Generally better to avoid sessions entirely, and just use a database record with a passed idn, but I don't have time right now to rewrite your entire ordering process. I wish you good luck..."

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

apasalic — Thu, 02 Feb 2012 22:51:36 GMT

@RaynorC1emen7

It works fine. But I wonder if it's correct way to do? Or maybe is bad security solution, or... I don't know. :-)

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

RaynorC1emen7 — Fri, 03 Feb 2012 00:49:09 GMT

I think is fine as long as is https. There shouldn't be any confidential info in the post data anyway. The only thing I could think of is you might not know if an error occur between relay_response.php and relay_response2.php, but it should be well tested anyway, right?

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

TJPride — Fri, 03 Feb 2012 01:19:02 GMT

I just don't understand what he could possibly gain by posting the data from the first relay response page to another relay response page. The first page already has all the data, just do whatever you're going to do there and move on. It's not a matter of security (though I would try to avoid passing around the last 4 of the credit card whenever possible just on general principle), but rather one of it being entirely pointless and increasing the chances of the data being lost before it gets to his database.

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

apasalic — Fri, 03 Feb 2012 15:11:33 GMT

@TJ

"... I just don't understand what he could possibly gain by posting the data from the first relay response page to another relay response page..."

- I think we don't understand each other. The reason I'm doing that is because I can't (or I don't know how) to use session data from mysite,com (relay_respond.php is shown on authorize.net) nor connect to my database for update. Actually I think it's impossible? that's only reason I'm sending POST (submitted) data from relay_response.php (URL authorize.net) to relay_response.php (mysite.com). only reason.

debating about why I use session etc is not relevant here. I just have to update session array as well as database with submitted data.

"... The first page already has all the data,.."

- as a "first page, you mean sim.php or relay_response.php?

"... just do whatever you're going to do there and move on..."

- If you are talking about relay_response.php - how can I connect to my database if I'm on authorize.net server?

""... It's not a matter of security (though I would try to avoid passing around the last 4 of the credit card whenever possible just on general principle), but rather one of it being entirely pointless and increasing the chances of the data being lost before it gets to his database..."

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

RaynorC1emen7 — Fri, 03 Feb 2012 15:24:58 GMT

On the first relay_response.php where you do the javascript form submit. It already have all the post data from authorize.net.

Even though the URL is authorize.net. They(authorize.net) post the data to your first relay_response.php in code, not sure what language they use but it something like fsockopen in php. Then display the result(your web page). So it will run just like a browser going to the page, except the javascript which will only run on a browser.

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

apasalic — Fri, 03 Feb 2012 15:51:36 GMT

Ok. I think I found (at leat one) thing I was wrong.

Before, when I was trying to connect to mysql in relay_response.php I was gettig the error page

An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.

This transaction has been approved.
It is advisable for you to contact the merchant to verify that you will receive the product or service.

and I was thinking I can't connect to mysql.

I just tried again but not using db classes and functions then using mysql_connect() and mysql_select_db() and I was able to connect to my database?!!?!?

Re: test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

RaynorC1emen7 — Fri, 03 Feb 2012 19:09:23 GMT

If you need help with the php problem, post your code and php expert here might be able to help.