When I change the url in the php script below to a php script consisting of just <?php print_r($_POST); ?>, I see that authorize.net is receiving a different fingerprint than when I use the Response Code 99 tool.
I can only guess that the amount obtained via $_REQUEST is different than the amount being sent to authorize.net (which the test script verifies is correct and which matches the one displayed on screen at the top of the following script.) I know it's a numeric value because it's $1 higher when I add +1 to the variable name.
I'm not an expert at the $_REQUEST command and tried unsuccessfully to research its format to answer my question; could it be that here it's not properly formatted for my variable name? Should I reformat it to POST or GET?
Thanks. Sorry if I missed anything in my hours of searching authorize.net and this forum.
<!-- This sample code is designed to connect to Authorize.net using the SIM method. For API documentation or additional sample code, please visit: http://developer.authorize.net Most of this page can be modified using any standard html. The parts of the page that cannot be modified are noted in the comments. This file can be renamed as long as the file extension remains .php --> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang='en'> <head> <title> Sample SIM Implementation </title> </head> <body> <!-- Print the Amount and Description to the screen. --> Amount: <?php echo (trim($x_amount)); ?> <br /> Description: <?php echo $x_description; ?> <br /> <!-- This section generates the "Submit Payment" button using PHP --> <?php // This sample code requires the mhash library for PHP versions older than // 5.1.2 - http://hmhash.sourceforge.net/ // the parameters for the payment can be configured here // the API Login ID and Transaction Key must be replaced with valid values $loginID = "verified_correct"; $transactionKey = "udon'twant2know"; //$amount = 19.95; //$description = "Test"; $label = "Submit Payment"; // The is the label on the 'submit' button $testMode = "true"; // By default, this sample code is designed to post to our test server for // developer accounts: https://test.authorize.net/gateway/transact.dll // for real accounts (even in test mode), please make sure that you are // posting to: https://secure.authorize.net/gateway/transact.dll $url = "https://secure.authorize.net/gateway/transact.dll"; /////$url = "formprocessor2.php"; // If an amount or description were posted to this page, the defaults are overidden if (array_key_exists("amount",$_REQUEST)) { $amount = $_REQUEST["amount"]; } if (array_key_exists("amount",$_REQUEST)) { $description = $_REQUEST["description"]; } // an invoice is generated using the date and time $invoice = date(YmdHis); // a sequence number is randomly generated $sequence = rand(1, 1000); // a timestamp is generated $timeStamp = time(); // The following lines generate the SIM fingerprint. PHP versions 5.1.2 and // newer have the necessary hmac function built in. For older versions, it // will try to use the mhash library. if( phpversion() >= '5.1.2' ) {$fingerprint = hash_hmac("md5", $loginID . "^" . $sequence . "^" . $timeStamp . "^" . $amount . "^", $transactionKey); } else { $fingerprint = bin2hex(mhash(MHASH_MD5, $loginID . "^" . $sequence . "^" . $timeStamp . "^" . $amount . "^", $transactionKey)); } ?> <!-- Create the HTML form containing necessary SIM post values --> <form method='post' action='<?php echo $url; ?>' > <!-- Additional fields can be added here as outlined in the SIM integration guide at: http://developer.authorize.net --> <input type='hidden' name='x_login' value='<?php echo $loginID; ?>' /> <input type='hidden' name='x_amount' value='<?php echo $x_amount; ?>' /> <input type='hidden' name='x_description' value='<?php echo $x_description; ?>' /> <input type='hidden' name='x_invoice_num' value='<?php echo $invoice; ?>' /> <input type='hidden' name='x_fp_sequence' value='<?php echo $sequence; ?>' /> <input type='hidden' name='x_fp_timestamp' value='<?php echo $timeStamp; ?>' /> <input type='hidden' name='x_fp_hash' value='<?php echo $fingerprint; ?>' /> <input type='hidden' name='x_test_request' value='<?php echo $testMode; ?>' /> <input type='hidden' name='x_show_form' value='PAYMENT_FORM' /> <input type='submit' value='<?php echo $label; ?>' /> </form> </body> </html>
08-08-2011 10:12 AM
$_REQUEST is essentially a combination of both the $_POST and $_GET arrays into a combined larger array. Using $_REQUEST in the sample code allows you to change the amount for testing by simply putting in the url like: http://example.com/sample.php?amount=9.99
If you choose to modify the amount either in the URL or by posting a new amount to the script, that amount is placed into the script exactly as it was entered. It is not trimmed or transformed in any way before being used to generate the fingerprint. It may be that I'm not exactly understanding the problem you are describing, but if $_REQUEST["amount"] has a value, then there should be no way that that value would differ from what is used to generate the fingerprint.
08-11-2011 03:38 PM
08-12-2011 09:52 AM
08-12-2011 10:16 AM
<input type='hidden' name='x_amount' value='<?php echo $x_amount; ?>' />
Yep, you're right - the problem is that the code sample is mixing up amount and x_amount, rather than using one or the other all the way through. amount is being used in the hashing, but x_amount is what's being put into the form.
I should also mention that the example code quoted is rather messy. It should be printed as a single block with embedded values, rather than having a million echo statements. For instance, something like this:
/* Create the HTML form containing necessary SIM post values Additional fields can be added here as outlined in the SIM integration guide at: http://developer.authorize.net */ print <<<BLOCK <form method='post' action='$url' > <input type='hidden' name='x_login' value='$loginID' /> <input type='hidden' name='x_amount' value='$x_amount' /> <input type='hidden' name='x_description' value='$x_description' /> ... BLOCK;
Putting a whole pile of variables into your global namespace is bad coding as well. I generally either process from $_POST (after the usual validation to prevent inserts or bugs), or transfer from post to a secondary array like $data. You can insert array variables into a print block by wrapping them in curly brackets, like so:
print <<<BLOCK <form method='post' action='{$data['url']}' > BLOCK;
Just thought I'd mention this because I started with echo and global variables and it just made for horribly sloppy code. I learned better back a few years ago.
08-12-2011 02:19 PM - edited 08-12-2011 02:32 PM