Posted: August 11, 2012 at 10:48 am
|
I have discovered several problems in the authorize.net SIM processing code. The version I was looking at was 3.1.26. In Authorize.php the existing code looks like this:
The testing of $result is wrong. It’s either “1” or it isn’t, so the md5 check is never done. In addition, it is returns false whenever $result is not “1” (ie: not a successful transaction) so the code in authnet_ipn.php where the call is made from, never has a chance to display the cause of the problem properly (it displays (IPN response did not validate) instead, which is not necessarily true.) To fix this problem I have re-written the function as follows:
This seems to work just fine. Please confirm and add to your next release. As the md5 transaction ID is never getting checked right now, this is a security issue. Also there is a benign typo in authnet_ipn.php on line 85:
The ?> doesn’t belong there. Hope this helps!
|
|
On thing I should have noted, if you make the changes I outlined, it is ESSENTIAL that you configure the MD5 Hash in your authorize.net account to match the value you put in the Espresso Payment Settings for the Authorize.net Transaction Key, because now it’s being checked and all transactions will fail if it’s wrong. |
Thanks Colin. We just re-wrote the gateway system. I will let the developers know. |
|
|
I am currently working with gateway developer on this issue and he/I will have some final suggested hack code to the current version soon. I would suggest not implementing my changes above until then as there may be other side effects I was not aware of when I wrote it. |
|
I am using the Authorize.net settings with the new release. And, I keep getting this error message: #5 “A valid amount is required.” It seems it doesn’t recognize the dollar amount as a number. Nothing will process. HELP! |
|
Could you fill out the form here: https://eventespresso.com/contact/ and choose “I am sending login information as requested” from the dropdown. Please include ftp login information as well as wp-admin login information, as I may need to put some debugging code into the code installed on your site in order to diagnose the problem. I suspect that the mysql query on line 52 of process_payments.php is returning empty due to a database collation definition mismatch, but it’s hard to say for sure until I can run some tests and get some feedback. Thanks. |
The support post ‘Authorize.net SIM bugs’ is closed to new replies.
Have a question about this support post? Create a new support post in our support forums and include a link to this existing support post so we can help you.