Authorize.net API with Card on File transactions support thread...

Quote:

---

Originally Posted by apollowilcox

So, we've been testing this mod a bit. We didn't even realize that the plug-in included one feature that it going to be super helpful.

With this plug-in, we can capture a partial amount and it will create a new authorization for the balance. The balance is displayed on the order-admin and can be easily captured later after the backorder ships. Super cool. Thanks Carl! We would have asked for this long ago but never even thought it possible.:D

---

Quote:

---

Originally Posted by apollowilcox

Okay... that's good for me to understand. It seems a bit misleading to the customer. If it were me, I would expect that I truly deleted the card from existence with this vendor/ website.

Any thoughts or advice on the other issue: where the card is being stored despite the customer unchecking the "save this card" checkbox?

This is a complex plug-in. Amazing how well it works with Authorize CIM.

---

matt,
perhaps you can see the contradictions in the things that you say here. perhaps not....

there is a reason why everything is done the way it is done.

with regards to thoughts or advice, if you want to change the way the plugin operates, you are free to do so. if you would like me to do it, feel free to PM me.

best.

v2.3.2 now ready for downloading!

reminder that php 7.0 is required for this version.

if your server is running less than php7.0, time to upgrade!

more fixes with regards to mysql strict mode; running under php 8.1; new notifier; and further bug fixes. also removes all references to the deprecated (under php 8.1) strftime method.

enjoy!

nbl.

In getTransactionDetails(), I'm seeing logs on includes/modules/payment/authorizenet_cim.php" line 1263

PHP Fatal error: Uncaught Error: Call to a member function getMessages() on null

Should the two lines

$errorMessages = $response->getMessages()->getMessage();
$logData .= "Response : " . $errorMessages[0]->getCode() . " " . $errorMessages[0]->getText() . "\n";

be wrapped in a check for ($response != null)?

Quote:

---

Originally Posted by swguy

In getTransactionDetails(), I'm seeing logs on includes/modules/payment/authorizenet_cim.php" line 1263

PHP Fatal error: Uncaught Error: Call to a member function getMessages() on null

Should the two lines

$errorMessages = $response->getMessages()->getMessage();
$logData .= "Response : " . $errorMessages[0]->getCode() . " " . $errorMessages[0]->getText() . "\n";

be wrapped in a check for ($response != null)?

---

@swguy,
i do not think so. i would look into why the $response is null. that method seems real simple to me:

• it creates a request.
• it populates the request with the merchant credentials.
• it populates the transaction id.
• it then makes a request via the controller.

i have not been able to get a $response of null, despite trying. (and i do see this line, where that same conditional seems superfluous):

https://github.com/proseLA/authorize..._cim.php#L1256

if i populate $transactionId with a random numeric, i still get a response. the message is:

The record cannot be found.

if i populate $transactionId with null or a character string, i get the following message:

The element 'getTransactionDetailsRequest' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd' has incomplete content. List of possible elements expected: 'refId, transId' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd'.

something seems much further off in the implementation to be getting a null value as the $response.

is this a new install? are you sure the merchant credentials are correct?

For the setting Validation Mode (liveMode validates cardInfo) what should it be set to? None or Livemode

I set it to Livemode initially but that generates two transitions per sale one the actual sale and another which is voided with he following statement:
"Test transaction for ValidateCustomerPaymentProfile."

Quote:

---

Originally Posted by marcopolo

For the setting Validation Mode (liveMode validates cardInfo) what should it be set to? None or Livemode

I set it to Livemode initially but that generates two transitions per sale one the actual sale and another which is voided with he following statement:
"Test transaction for ValidateCustomerPaymentProfile."

---

hi marco,
you can read about it here:

https://tinyurl.com/24lbescc

so what you are seeing is correct.

copied from that page:

Specifies how the payment gateway will validate the customer's card prior to creating the profile. Either liveMode or testMode. The field defaults to liveMode.

liveMode generates a transaction to the processor in the amount of 0.01 or 0.00. If successful, the transaction is immediately voided. Visa authorizations in liveMode use 0.00 for all processors. All other credit card types use 0.01.

Standard gateway and merchant account fees may apply to the authorization transactions. For Visa transactions using 0.00, the billTo address and billTo postal code fields are required.

testMode performs field validation only. All fields are validated. However, fields with unrestricted field definitions, such as telephone number, do not generate errors.

If you set this parameter to testMode, a 1.00 test transaction is submitted using the Luhn mod 10 algorithm to verify that the credit card number is in a valid format. This test transaction is not authorized at the processor, and does not appear on the customer's card statement, but it will generate and send a transaction receipt email to the merchant.

best.

Found a bug:

If a credit card that was previously used to make an order and customer choose NOT to save it then looking at the table customers_cc the enable field is N which hides the card from the customer update card screen and having it available as a saved card for future COF orders.

Now if the customer on a future order uses the same card but this time chooses to save it then the table customers_cc enabled field is not being updated to Y from N.

If you ADD the card from the update card page that does work.

Another Bug:

If you try to update the billing address from the card_update page it does not change it on Authorize.net CIM online profile. You can update the credit card expiration date from card_update page just the address is not updating. Also when adding a new address from the card_update the company name is not being populated on Authorize.net CIM online profile.

i will look at it when i can...

best.

Quote:

---

Originally Posted by carlwhat

i will look at it when i can...

best.

---

Great thank you. Below fixes the one issue where the company name is not being populated when adding a new address from the update_card page.

Around line 603 added the line that is in green below:
$return['company'] = $_POST['company'];

PHP Code:

---

 if ($_POST['address_selection'] == 'new') {
                $this->addNewAddress();

                $return['firstname'] = $_POST['firstname'];
                $return['lastname'] = $_POST['lastname'];
                $return['company'] = $_POST['company'];
                $return['street_address'] = $_POST['street_address'];
                $return['city'] = $_POST['city'];
                if (empty($_POST['zone_id'])) {
                    $return['state'] = $_POST['state'];
                } else {
                    $return['state'] = zen_get_zone_name($_POST['zone_country_id'], $_POST['zone_id'],
                        ($_POST['state'] ?? ''));
                }
                $return['postcode'] = $_POST['postcode'];
                $return['country']['title'] = zen_get_country_name($_POST['zone_country_id']); 


---

The following are just recommendations for a future update to this module:

1: The billing address address book id is not being saved so when you go to update a credit card you do not know which address is currently associated with that CC # on authorize.net

2: When capturing the credit card store what type of card it is like Visa, Master Card, Amex, Discover. That can then be used to show the credit card's logo associated with the credit card being updated on the card_update page.

3: Shipping address is not being populated on authorize.net Transaction Detail page at time of order, that is helpful to have as a backup way of confirming what shipping address was selected by a customer when the order was placed.

marco,
i would suggest using the public github repo as opposed to having these discussions here.

best.

Quote:

---

Originally Posted by carlwhat

marco,
i would suggest using the public github repo as opposed to having these discussions here.

best.

---

Ok no problem I submitted the code changes on there and added the remaining billing address update issue there as well.

I did not see anyplace to add the three feature recommendations let me know if there is a place for that.

Quote:

---

Originally Posted by marcopolo

Found a bug:

If a credit card that was previously used to make an order and customer choose NOT to save it then looking at the table customers_cc the enable field is N which hides the card from the customer update card screen and having it available as a saved card for future COF orders.

Now if the customer on a future order uses the same card but this time chooses to save it then the table customers_cc enabled field is not being updated to Y from N.

If you ADD the card from the update card page that does work.

---

this has been fixed on the repo.

Quote:

---

Originally Posted by marcopolo

Great thank you. Below fixes the one issue where the company name is not being populated when adding a new address from the update_card page.

Around line 603 added the line that is in green below:
$return['company'] = $_POST['company'];

PHP Code:

---

 if ($_POST['address_selection'] == 'new') {
                $this->addNewAddress();

                $return['firstname'] = $_POST['firstname'];
                $return['lastname'] = $_POST['lastname'];
                $return['company'] = $_POST['company'];
                $return['street_address'] = $_POST['street_address'];
                $return['city'] = $_POST['city'];
                if (empty($_POST['zone_id'])) {
                    $return['state'] = $_POST['state'];
                } else {
                    $return['state'] = zen_get_zone_name($_POST['zone_country_id'], $_POST['zone_id'],
                        ($_POST['state'] ?? ''));
                }
                $return['postcode'] = $_POST['postcode'];
                $return['country']['title'] = zen_get_country_name($_POST['zone_country_id']); 


---

---

this has also been fixed on the repo.

Quote:

---

Originally Posted by marcopolo

The following are just recommendations for a future update to this module:

1: The billing address address book id is not being saved so when you go to update a credit card you do not know which address is currently associated with that CC # on authorize.net

2: When capturing the credit card store what type of card it is like Visa, Master Card, Amex, Discover. That can then be used to show the credit card's logo associated with the credit card being updated on the card_update page.

3: Shipping address is not being populated on authorize.net Transaction Detail page at time of order, that is helpful to have as a backup way of confirming what shipping address was selected by a customer when the order was placed.

---

i'm not sure about these recommendations. i will give them some thought.

my opinion is that auth.net is for getting paid. it is not for verifying order details.

1. i have never felt that the address is necessary to save and to verify it. currently every zen-cart order has 3 address fields; so now you want to verify the credit card address with the zen-cart address? i have never been a fan of ensuring that the billing address with the credit card is in the ZC db. most times it already is... but for me, have auth.net validate the card details, send me a token, and as long as that token works, use that for charging a customer. feel free to convince me other wise (although lets move it over to an issue on the repo...).

2. a database change. maybe.

3. codd-date normal form. if auth.net does not match, which address are you going to use?

in the 10+ years this module has been in use at my clients, they have never made these requests. but maybe...

1: Real world use in my companies case is sometimes customers will state that they selected a shipping address and that we sent it to the wrong address and this is just another way to confirm what was captured at the time of order. We could login to auth's website to confirm what was captured at the time of order. Not a big deal just that extra spot to check something.

3: If I was a customer and recently moved I would change my stored billing addresses with companies I have stored cc's with. The update card page edit cc section now does not show what address is stored for the credit card just gives a list of address(s) I have in my address book. So if I was the customer and was trying to update this I (me personally) would select the address or add a new one if not listed then submit. I would then go back in to verify it is now the billing address.

This is where I pointed out the recommendation for capturing the address id so it can be confirmed back to the customer that the billing address has been updated if they want to confirm it.

If you do update the logic on this page I would simply store the address id that the customer selected for the card and if still in the database have it be auto be selected with a message saying current billing next to the address. If the address has been deleted over time then keep current logic in which case the customer will update the address and if goes back into the screen to verify it will work as intended.

Note there is a bug now if you try updating the address it says you did but does not update on auth's website.

Two more feature ideas I had for this module.

1: Allow customer to set a default card to be auto selected at checkout if they have multiple cards saved.

2: If an ADMIN is placing the order give an option to Authorize only or Authorize+Capture the sale at checkout.

@carlwhat would you please review and provide feedback for:

https://docs.zen-cart.com/user/payme...horizenet_cim/

I just realized last week that there was no documentation for this plugin.

Quote:

---

Originally Posted by swguy

@carlwhat would you please review and provide feedback for:

https://docs.zen-cart.com/user/payme...horizenet_cim/

I just realized last week that there was no documentation for this plugin.

---

done!

minor changes.

great - merged.

I have a customer whose customers.customers_default_address_id values are getting scrambled - sometimes 0, sometimes another customer's address_book entry. Have you ever heard of this? Running authorizenet_cim version 2.3.2.

Quote:

---

Originally Posted by swguy

I have a customer whose customers.customers_default_address_id values are getting scrambled - sometimes 0, sometimes another customer's address_book entry. Have you ever heard of this? Running authorizenet_cim version 2.3.2.

---

i have not had problems with customers_default_address_id getting scrambled as part of this module. my customers who use this module also use FEC.

i have one customer who uses OPC along with this module, and that customer would occasionally have problems associated with their address book entries being screwed up. i think the latest version of OPC addressed those problems.

on sites where you are seeing that problem, i would look to see if admins had placed an order for a different customer just prior to the customer getting screwed up. a difficult bug to track down, but that has been my only experience where address_book_id entries getting out of sync.

if you think it is related to this module, there is only 1 spot where this module updates the default address book entry and i would think that could be commented out with no ill effect.

best.

> if you think it is related to this module, there is only 1 spot where this module updates the default address book entry and i would think that could be commented out with no ill effect.

Agreed, I might do that.

The trouble is, this customer has a template from the vendor which must not be named, so that could be the root cause and auth.cim could be a victim. Still digging.

I put a log create in updateDefaultCustomerBillto() just before the update when the value of $id (cast as an int).
The original value was 'new'. Hope this casts some light.

Quote:

---

Originally Posted by swguy

I put a log create in updateDefaultCustomerBillto() just before the update when the value of $id (cast as an int).
The original value was 'new'. Hope this casts some light.

---

it does.

there are a few changes to 2 files that you can see in this commit.

in addition, can test this whole branch. that branch should work with php 8.2; although the sdk was updated by some users and not authorize.net.

you can see the discussion over here.

at some point, i will create a new release for this most awesome payment module.

best.

Quote:

---

Originally Posted by carlwhat

i am working on a new release of this most excellent, IMO (inherently biased), payment module. it should address all bugs documented by you and verified by me. including the verified bugs associated with guest checkout.

thanks for pointing them out.

best.

---

We've run into this problem again except this time deleting the cards from the guest account is not working. We did move the client to a new server, so maybe the cards are not actually deleting? I'm not sure what table they are in. I see 1275 entries in authorize_cim_payments

This client does tend to place a lot of orders for her clients and uses the guest checkout.

Quote:

---

Originally Posted by jeking

We've run into this problem again except this time deleting the cards from the guest account is not working. We did move the client to a new server, so maybe the cards are not actually deleting? I'm not sure what table they are in. I see 1275 entries in authorize_cim_payments

This client does tend to place a lot of orders for her clients and uses the guest checkout.

---

jim,
i do not have a lot of time to devote to this situation right now. i have paying customers that require my attention.

and i have no idea exactly what problem to which you refer. you are quoting something from over 3 years ago?

no one else seems to be having problems deleting customer credit cards. in fact, i happened to do it today on one of my paying customers sites.

perhaps you can do some more digging and be SPECIFIC about what problem your client is currently experiencing.

getting back to basics, the authorize_cim_payments stores payments. i would NOT suggest deleting any records in there.

the customers_cc table is where card tokens are kept. if you were to delete the records in there, the tokens still exist at auth.net; and if you are having a problem with too many credit cards being stored at auth.net, they really need to be deleted up there. which i know my module does. as again, i did it today.

best.

Quote:

---

Originally Posted by carlwhat

jim,
i do not have a lot of time to devote to this situation right now. i have paying customers that require my attention.

and i have no idea exactly what problem to which you refer. you are quoting something from over 3 years ago?

no one else seems to be having problems deleting customer credit cards. in fact, i happened to do it today on one of my paying customers sites.

perhaps you can do some more digging and be SPECIFIC about what problem your client is currently experiencing.

getting back to basics, the authorize_cim_payments stores payments. i would NOT suggest deleting any records in there.

the customers_cc table is where card tokens are kept. if you were to delete the records in there, the tokens still exist at auth.net; and if you are having a problem with too many credit cards being stored at auth.net, they really need to be deleted up there. which i know my module does. as again, i did it today.

best.

---

Paul,

I appreciate the quick reply and completely respect paying clients come first.

The short answer, although still puzzling, is the new server was the issue. Reverting the account back to the old server fixed the problem. Now why that is the case, I don't know. I'll have to spend some time trouble shooting. I will post back any information I find.

Thanks!

@carlwhat I thought there was more documentation than there is on the use cases for this module. Would you please either create a PR for

https://docs.zen-cart.com/user/payme...horizenet_cim/

or just add notes in this thread about the problems this module solves for storeowners? I think it would grow the adoption of this module if people understood its advantages more fully.

if you are running v1.5.8 or greater, there is a new version of this payment module available.

support is only for php 8.0 or greater.

the few of you who use it know what a most excellent payment module it is. but then again i am biased.

Quote:

---

Originally Posted by carlwhat

if you are running v1.5.8 or greater, there is a new version of this payment module available.

support is only for php 8.0 or greater.

the few of you who use it know what a most excellent payment module it is. but then again i am biased.

---

I can attest, the plugin is great and carlwhat does a great job of supporting it too.

users of this module, please take note:

there have been some administrative challenges on my part of getting version 3.0.x ready for use.

if you are running any version of 3.0.x; update to v3.0.3

this should available in the downloads hopefully soon. if not one can get it directly from the github repo.

if using this module, please consider a donation. and after considering it, then proceed to do it! you will feel better and so will i.

best.

Quote:

---

Originally Posted by carlwhat

users of this module, please take note:

there have been some administrative challenges on my part of getting version 3.0.x ready for use.

if you are running any version of 3.0.x; update to v3.0.3

this should available in the downloads hopefully soon. if not one can get it directly from the github repo.

if using this module, please consider a donation. and after considering it, then proceed to do it! you will feel better and so will i.

best.

---

Hello,

I am running ZenCart 1.5.7d and tried installing 2.3.3 version of this plugin. After installation, the only payment modules that are appearing are Aunthorize.net (SIM) and (AIM) that we previously present. I am getting an error " PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /includes/languages/english/modules/payment/authorizenet_cim.php on line 48."

Quote:

---

Originally Posted by allmart

Hello,

I am running ZenCart 1.5.7d and tried installing 2.3.3 version of this plugin. After installation, the only payment modules that are appearing are Aunthorize.net (SIM) and (AIM) that we previously present. I am getting an error " PHP Parse error: syntax error, unexpected 'define' (T_STRING) in /includes/languages/english/modules/payment/authorizenet_cim.php on line 48."

---

look at line 46 here:

https://github.com/proseLA/authorize...im.php#L46-L49

it is missing a semi-colon at the end of the line.

it should look like:

PHP Code:

---

define('MODULE_PAYMENT_AUTHORIZENET_CIM_FRAUD_WARNING', 'Sorry, due to the increasing amount of fraud we are forced to limit credit card usage.'); 


---

best.

Many thanks ... worked like a charm, Cheers!

Went live on my test site and tested a small transaction which worked like a charm but when a pushed the red button in order details to void the transaction, I got this error "PHP Warning: Illegal string offset 'id' in /includes/modules/payment/authorizenet_cim.php on line 107."
Thanks again for you help and an awesome plugin.

Quote:

---

Originally Posted by allmart

Went live on my test site and tested a small transaction which worked like a charm but when a pushed the red button in order details to void the transaction, I got this error "PHP Warning: Illegal string offset 'id' in /includes/modules/payment/authorizenet_cim.php on line 107."
Thanks again for you help and an awesome plugin.

---

i am not sure why your order does not have a country id there. it could be indicative of other problems.

between lines 104 and 105 you can add the following code (i have included both lines below for clarity):

PHP Code:

---


    global $order, $db;
    if (empty($order->billing['country']['id'])) {
                return;
        }
    if (($this->enabled == true) && ((int)MODULE_PAYMENT_AUTHORIZENET_CIM_ZONE > 0)) { 


---

best.

Quote:

---

Originally Posted by carlwhat

i am not sure why your order does not have a country id there. it could be indicative of other problems.

between lines 104 and 105 you can add the following code (i have included both lines below for clarity):

PHP Code:

---


    global $order, $db;
    if (empty($order->billing['country']['id'])) {
                return;
        }
    if (($this->enabled == true) && ((int)MODULE_PAYMENT_AUTHORIZENET_CIM_ZONE > 0)) { 


---

best.

---

This worked, thanks again. I'm sorry to keep bothering you but I am having another issue. I am using One Page Checkout with Guest Checkout. When trying to process the order as a guest after a long delay, I get the following error "PHP Notice: 10437 was logged off and should be looked at! in /includes/modules/payment/authorizenet_cim.php on line 918". I tried increasing the time from 45 to 60 but no luck, which is already a long wait.

Regards,

i would review this thread.

and potentially turn guest checkout off.

i’ll be without development resources for a bit.

perhaps some one else can help out.

best.

Thanks Carl, unfortunately since implementing Guest Checkout I have seen a noticeable increase in orders. Don't understand why, even many customers that have accounts are using it.

In the constructor, after setting sort_order and enabled, you should do a check:

if (null === $this->sort_order) return;

otherwise you get a bunch of logs for undefined constants.

[21-May-2024 11:42:03 America/Anchorage] PHP Fatal error: Uncaught Error: Undefined constant "MODULE_PAYMENT_AUTHORIZENET_CIM_TESTMODE" in /home/thatsoftwareguy4/client/includes/modules/payment/authorizenet_cim.php:104

Does this module have some sort of BNPL (buy now pay later) functionality?

Quote:

---

Originally Posted by swguy

In the constructor, after setting sort_order and enabled, you should do a check:

if (null === $this->sort_order) return;

....

---

i only write code that conforms to the PSR-12 standard...

Quote:

---

Originally Posted by swguy

Does this module have some sort of BNPL (buy now pay later) functionality?

---

this module is based on the authorize.net sdk.

even though authorize.net is now owned by visa/mastercard, they have not updated the sdk in quite some time.

thankfully some other members of the opensource community have updated the sdk to be php 8.x compliant (which i am now using in this module). what happens to the sdk going forward is anyone's guess.

while the sdk "may" support BNPL, i have not looked into it. and given the sdk's uncertain future, i am hesitant (to say the least) of doing any unfunded development. if someone wants to fund development of BNPL functionality with this module, feel free to PM me.

else, this BNPL module has been out and functioning in the wild without problems for quite some time.

best

Quote:

---

Originally Posted by carlwhat

this module is based on the authorize.net sdk.

even though authorize.net is now owned by visa/mastercard, they have not updated the sdk in quite some time.

thankfully some other members of the opensource community have updated the sdk to be php 8.x compliant (which i am now using in this module). what happens to the sdk going forward is anyone's guess.

while the sdk "may" support BNPL, i have not looked into it. and given the sdk's uncertain future, i am hesitant (to say the least) of doing any unfunded development. if someone wants to fund development of BNPL functionality with this module, feel free to PM me.

else, this BNPL module has been out and functioning in the wild without problems for quite some time.

best

---

so, right after i wrote the last post, it seems that the authorize.net people updated the sdk. you can read that here:

https://github.com/AuthorizeNet/sdk-...ent-2137942712

so the sdk is still supported.

back to your original question, i do not see the sdk as providing a BNPL feature. not saying it is not there... i just do not see it.

This could just be client confusion - thanks for checking into it.

CIM is showing refund/capture for one order id (paid by CIM) on the admin/orders screen for a second order id which was *not* paid by CIM. Has anyone else seen this?
CIM version 3.0.0/ Zen Cart 2.0.0.

It looks as though ./includes/classes/authnet_order.php start() function needs a way to indicate that the order was not paid with CIM, and ./includes/classes/observers/class.cim_admin_observer.php NOTIFY_ADMIN_ORDERS_PAYMENTDATA_COLUMN2 observer needs to check for this condition.

Quote:

---

Originally Posted by swguy

CIM is showing refund/capture for one order id on the admin/orders screen for a second order id. Has anyone else seen this?

---

if you are saying that the payment record is for a different order, then yes, i have seen it.

it is related to this bit of code, as well as a timing issue.

if 2 customers place orders at almost the same time, it is entirely possible that the order number for the payment records can get screwed up.

i have played around with different solutions over the years, but it really depends on how frequent the issue happens for any client.

i would find the records using mySql; correct them; make a note of it; and see if it happens again.

if it happens frequently, i can dig into the code and perhaps come up with a new solution.

best.

Quote:

---

Originally Posted by swguy

It looks as though ./includes/classes/authnet_order.php start() function needs a way to indicate that the order was not paid with CIM, and ./includes/classes/observers/class.cim_admin_observer.php NOTIFY_ADMIN_ORDERS_PAYMENTDATA_COLUMN2 observer needs to check for this condition.

---

i'm not sure about this one.

again, i would check the payments table to see if the records are there and correct.

this idea seems to be compounding a problem as opposed to resolving it. unless i have the problem wrong.

best.

When you add the code I have described, it correctly shows the table on the CIM order and correctly does not show the table on the non-CIM order.

Why would you ever want start() in ./includes/classes/authnet_order.php to look at non-CIM orders?

I don't think it's a race - here are the two timestamps from the orders table:

| 45291 | 2024-06-04 09:34:25 |
| 45293 | 2024-06-04 10:47:51 |

Also: why are you adding MODULE_PAYMENT_AUTHORIZENET_CIM_ALLOW_MORE to the check in admin/includes/classes/observers/class.cim_admin_observer.php line 70 -

I think you want the Get Money button to appear if there's a balance due, don't you?

... and I agree there are bad records in the payments table because the buttons for charging show up on orders that were not paid by authorize CIM.

Query I used for tracking down anomalies:

select c.orders_id, c.payment_name, o.customers_name, o.payment_module_code from authorize_cim_payments c, orders o where o.orders_id = c.orders_id;

be suspicious of entries where payment_module_code is not authorize_cim *or* the two name fields don't match - they could be problems.

Quote:

---

Originally Posted by swguy

Query I used for tracking down anomalies:

select c.orders_id, c.payment_name, o.customers_name, o.payment_module_code from authorize_cim_payments c, orders o where o.orders_id = c.orders_id;

be suspicious of entries where payment_module_code is not authorize_cim *or* the two name fields don't match - they could be problems.

---

@swguy, you have a lot of things going on here; most of which look to be of your own doing.

looking at your sql statement above, is rather curious. you are telling me that you have records in the authorize_cim_payments table where the order has a different payment module? how could that be?

those are both rhetorical questions, of which i am not looking for an answer.

years ago, i started a discussion about creating a payments table/abstract payment class that other payment modules could use to store payment records. but alas, that never resulted in any new code in the repo...

the fact that you are writing payment records to that table has nothing to do with this payment module.

with regards to the allow money and all of the observer information you are talking about, i would suggest you look for this notifier:

PHP Code:

---

$zco_notifier->notify('NOTIFY_AUTHNET_PAYMENTS', '', $this); 


---

which can be found here.

i believe you can do everything you want using that notifier.

that is what i do with my clients.

best.

These issues occurred prior to making any changes.

> looking at your sql statement above, is rather curious. you are telling me that you have records in the authorize_cim_payments table where the order has a different payment module? how could that be?

Easy. The original code shows those buttons on orders which were not paid by authorize. Someone accidentally clicks them, and you get bad records.
The ./includes/classes/authnet_order.php start() function should not return data if the original $oID is not an authorize_* order.

If the shop *only* accepts cim/cof, you wouldn't see this issue. But if it accepts other payment methods, and you look at an order paid by some other payment method in admin, you still see the CIM table.

Quote:

---

Originally Posted by carlwhat

@swguy, you have a lot of things going on here; most of which look to be of your own doing.

with regards to the allow money and all of the observer information you are talking about, i would suggest you look for this notifier:

PHP Code:

---

$zco_notifier->notify('NOTIFY_AUTHNET_PAYMENTS', '', $this); 


---

which can be found here.

i believe you can do everything you want using that notifier.

that is what i do with my clients.

best.

---

my previous post, referenced here, has all of the information to solve your problem.

my client(s) have multiple payment modules enabled.

if you do not want the more money button to appear on non authorize orders i would suggest using that notifier and adding:

PHP Code:

---

$p2->amount_applied = $p2->order_total; 


---

problem solved.

TIS.

Thank you for this suggestion. The correct notifier name is NOTIFY_ADMIN_AUTHNET_PAYMENTS; once I changed this, your recommendation worked.

The next issue is stranger still. When you call nextOrderNumber, you pass in $order->info. But in the body of nextOrderNumber, you look for $order['orders_id'], which doesn't exist in the info array. Shouldn't this be $order['order_id'] (singular)?

Quote:

---

Originally Posted by swguy

Thank you for this suggestion. The correct notifier name is NOTIFY_ADMIN_AUTHNET_PAYMENTS; once I changed this, your recommendation worked.

The next issue is stranger still. When you call nextOrderNumber, you pass in $order->info. But in the body of nextOrderNumber, you look for $order['orders_id'], which doesn't exist in the info array. Shouldn't this be $order['order_id'] (singular)?

---

yes. that looks correct.

although in looking at the code, the method nextOrderNumber will never get called when there is an order_id.

change forthcoming.

thanks for pointing that out.

The context here might be admin?

Next issue - really crazy-making, not sure how this can happen. COF transactions failing. Possibly related: The enabled field gets flipped to N when this happens.

[26-Jun-2024 09:36:49 America/New_York] PHP Fatal error: Uncaught Error: Typed property authorizenet_cim::$transID must not be accessed before initialization in /home/thatsoftwareguy4/client/includes/modules/payment/authorizenet_cim.php:382
Stack trace:
#0 /home/thatsoftwareguy4/client/includes/classes/payment.php(297): authorizenet_cim->after_process()
#1 /home/thatsoftwareguy4/client/includes/modules/pages/checkout_process/header_php.php(16): payment->after_process()
#2 /home/thatsoftwareguy4/client/index.php(82): require('/home/thatsoftw...')
#3 {main}
thrown in /home/thatsoftwareguy4/client/includes/modules/payment/authorizenet_cim.php on line 382

[26-Jun-2024 09:36:49 America/New_York] Request URI: /index.php?main_page=checkout_process, IP address: 68.73.117.78
--> PHP Fatal error: Uncaught Error: Typed property authorizenet_cim::$transID must not be accessed before initialization in /home/thatsoftwareguy4/client/includes/modules/payment/authorizenet_cim.php:382
Stack trace:
#0 /home/thatsoftwareguy4/client/includes/classes/payment.php(297): authorizenet_cim->after_process()
#1 /home/thatsoftwareguy4/client/includes/modules/pages/checkout_process/header_php.php(16): payment->after_process()
#2 /home/thatsoftwareguy4/client/index.php(82): require('/home/thatsoftw...')
#3 {main}
thrown in /home/thatsoftwareguy4/client/includes/modules/payment/authorizenet_cim.php on line 382.

Quote:

---

Originally Posted by swguy

The context here might be admin?

Next issue - really crazy-making, not sure how this can happen. COF transactions failing. Possibly related: The enabled field gets flipped to N when this happens.

[26-Jun-2024 09:36:49 America/New_York] PHP Fatal error: Uncaught Error: Typed property authorizenet_cim::$transID must not be accessed before initialization in /home/thatsoftwareguy4/client/includes/modules/payment/authorizenet_cim.php:382
Stack trace:
#0 /home/thatsoftwareguy4/client/includes/classes/payment.php(297): authorizenet_cim->after_process()
#1 /home/thatsoftwareguy4/client/includes/modules/pages/checkout_process/header_php.php(16): payment->after_process()
#2 /home/thatsoftwareguy4/client/index.php(82): require('/home/thatsoftw...')
#3 {main}
thrown in /home/thatsoftwareguy4/client/includes/modules/payment/authorizenet_cim.php on line 382

[26-Jun-2024 09:36:49 America/New_York] Request URI: /index.php?main_page=checkout_process, IP address: 68.73.117.78
--> PHP Fatal error: Uncaught Error: Typed property authorizenet_cim::$transID must not be accessed before initialization in /home/thatsoftwareguy4/client/includes/modules/payment/authorizenet_cim.php:382
Stack trace:
#0 /home/thatsoftwareguy4/client/includes/classes/payment.php(297): authorizenet_cim->after_process()
#1 /home/thatsoftwareguy4/client/includes/modules/pages/checkout_process/header_php.php(16): payment->after_process()
#2 /home/thatsoftwareguy4/client/index.php(82): require('/home/thatsoftw...')
#3 {main}
thrown in /home/thatsoftwareguy4/client/includes/modules/payment/authorizenet_cim.php on line 382.

---

i am not sure how this module is getting disabled in your setup.

line 382 does NOT correspond to the after_process method in my code.

in this situation, you have clearly modified my code.

i can debug problems that i can replicate from a vanilla install.

the information provided here seems to suggest putting me on some sort of wild goose chase:

• not sure how this can happen.
• maybe the admin?
• maybe disabled?
• incorrect line numbers from my own code?

my time for free support is limited; and the error that you are now presenting here is out of that limitation.

In case you see this again, my context is PHP 8.1/ZC 1.5.8.
It's not the module that gets disabled, it's the card in the customers_cc table. Sorry, should have clarified.

In case anyone else is getting mismatches between authorize's invoice number and Zen Cart's order number for orders which are NOT placed at the same time, it may be worth changing includes/modules/payment/authorizenet_cim.php nextOrderNumber() function to do

$result = $db->Execute("SELECT max(orders_id)+1 AS orders_id FROM " . TABLE_ORDERS . " ORDER BY orders_id");
$next_order_id = $result->fields['orders_id'];
return $next_order_id;

instead of pulling the auto_increment value from SHOW TABLE STATUS.

The use of max(orders_id) mirrors the "next id prediction" logic used by other parts of Zen Cart, such as the attributes controller and specials/featured product management.

At the end of before_process() in authorizenet_cim.php you call chargeCustomerProfile(). Should this be wrapped in a check like

if ($this->authorizationType != 'Authorize')

I'm asking because I have configured CIM to Auth Only but it seems to be charging.

Quote:

---

Originally Posted by swguy

At the end of before_process() in authorizenet_cim.php you call chargeCustomerProfile(). Should this be wrapped in a check like

if ($this->authorizationType != 'Authorize')

I'm asking because I have configured CIM to Auth Only but it seems to be charging.

---

scott,
I am really trying to understand your question. I suppose I could understand it if it was coming from a store owner with limited coding experience. but as you are one of the big machers in ZC, I do not understand it.

in a word:

NO.

I would suggest looking at the code. and then looking at it again.

$this→authorizationType gets initialized to `Authorize`. and then it does not get changed and or used until the method (chargeCustomerProfile) that you are asking to not be called.

I could go on. and on. but I will not.

if you would like me to figure out what is happening on your clients site with regards to this module, I am certainly available for hire.

this payment module is mature. the ability to authorize only or authorize and capture together has been well established since I initially made this payment module available for community use.

best.

for those of you using this most excellent payment module, and who read this post; and then breathed a sigh of relief; that post is not applicable to this payment module.

this payment module WILL require an update to the new certificates to continue working after the cutoff date.

best.

Quote:

---

Originally Posted by carlwhat

for those of you using this most excellent payment module, and who read this post; and then breathed a sigh of relief; that post is not applicable to this payment module.

this payment module WILL require an update to the new certificates to continue working after the cutoff date.

best.

---

Thank you for clarifying. I assumed the opposite, of course.

Will you make an updated version available?

Quote:

---

Originally Posted by jeking

Thank you for clarifying. I assumed the opposite, of course.

Will you make an updated version available?

---

i am now unclear as to whether the cert file will need to get replaced. it is a definite maybe...

in any event, i will be supporting this module for whatever needs to get done. i am still working out some of the details.

and i am following the situation rather closely.

best.

Thanks for taking care of this, @carlwhat.

Quote:

---

Originally Posted by carlwhat

i am now unclear as to whether the cert file will need to get replaced. it is a definite maybe...

in any event, i will be supporting this module for whatever needs to get done. i am still working out some of the details.

and i am following the situation rather closely.

best.

---

I'm also confused. I'm assuming that the SPK needs to be updated, or at least the PEM file. I checked GitHub for the latest release yesterday, but it hasn't been updated yet.

https://github.com/AuthorizeNet/sdk-php

https://github.com/AuthorizeNet/sdk-...master/lib/ssl

Quote:

---

Originally Posted by marcopolo

I'm also confused. I'm assuming that the SPK needs to be updated, or at least the PEM file. I checked GitHub for the latest release yesterday, but it hasn't been updated yet.

https://github.com/AuthorizeNet/sdk-php

https://github.com/AuthorizeNet/sdk-...master/lib/ssl

---

that repo is the source of much consternation...

this PR has an updated version of the pem file that i have tested and currently works... as to whether it will work on 10/23 is the big question.

best.

for those of you waiting on the new certificate file, you can get it here.

there is no charge for this file, although you will probably need to create an account on my site.

this file has all of the latest certificates as stated in the authorize.net knowledgebase articles.

i have tested this file on 2 live sites located in the US with zero problems. in addition to having run cursory tests, those 2 sites are both now using this new certificate file in production environments with no ill effect.

for now, i know this new file works in the environments i have tested. when authorize.net makes the changeover on October 23rd and 24th, 2024 will be the real test.

i will be closely monitoring the situation at that time, so that users of this module can continue using it hopefully uninterrupted.

best.

Quote:

---

Originally Posted by carlwhat

for those of you waiting on the new certificate file, you can get it here.

there is no charge for this file, although you will probably need to create an account on my site.

this file has all of the latest certificates as stated in the authorize.net knowledgebase articles.

i have tested this file on 2 live sites located in the US with zero problems. in addition to having run cursory tests, those 2 sites are both now using this new certificate file in production environments with no ill effect.

for now, i know this new file works in the environments i have tested. when authorize.net makes the changeover on October 23rd and 24th, 2024 will be the real test.

i will be closely monitoring the situation at that time, so that users of this module can continue using it hopefully uninterrupted.

best.

---

Thank you for this!

Just to make sure the certs installed, what should we be seeing? I was looking at the DigiCert Root page and I see G5 Root Certificates along with other certs. I see some of the other certs after importing your file, but none of the G5. I didn't see a specification of required certs from the notification email.

Quote:

---

Originally Posted by bustin98

Just to make sure the certs installed, what should we be seeing? I was looking at the DigiCert Root page and I see G5 Root Certificates along with other certs. I see some of the other certs after importing your file, but none of the G5. I didn't see a specification of required certs from the notification email.

---

you only need to replace 1 file...

all of the research that i have done suggests that file has the correct certificates.

i will be monitoring the situation very closely on the 23rd and 24th. and if there is a problem, i will be posting the situation here as well as any solutions.

with regards to what you should be seeing, feel free to do your own research and correct anything you think i may have done wrong. for me to post the contents of the file seems superfluous and unnecessary. if you got the file from my site as i suggested, you should be good to go.

best.

Quote:

---

Originally Posted by carlwhat

you only need to replace 1 file...

all of the research that i have done suggests that file has the correct certificates.

i will be monitoring the situation very closely on the 23rd and 24th. and if there is a problem, i will be posting the situation here as well as any solutions.

with regards to what you should be seeing, feel free to do your own research and correct anything you think i may have done wrong. for me to post the contents of the file seems superfluous and unnecessary. if you got the file from my site as i suggested, you should be good to go.

best.

---

I downloaded your file and when I compared it to the pem file I already have on the server it is the same? Can you confirm the file you have available to downland "cert-mcj9hl.pem" is actually the new version.

Quote:

---

Originally Posted by marcopolo

I downloaded your file and when I compared it to the pem file I already have on the server it is the same? Can you confirm the file you have available to downland "cert-mcj9hl.pem" is actually the new version.

---

Hello,

Pardon my ignorance, but where does one install this certificate?

Thanks,

Quote:

---

Originally Posted by marcopolo

I downloaded your file and when I compared it to the pem file I already have on the server it is the same? Can you confirm the file you have available to downland "cert-mcj9hl.pem" is actually the new version.

---

we all make mistakes!

good catch. thank you.

the new file name is:

cert-3rlvqi.pem

for those of you who have already ordered and created an account, please just login and go to your downloads page.

you will see the new file there ready for download.

as indicated in the products description, here is how to change the file:

the certificates file contained here needs to replace the existing file in this location:

YOUR_STORE_ROOT/includes/modules/payment/authorizenet/authorizenet-sdk/lib/ssl/cert.pem

there is only 1 file that needs to be replaced.

when you download the file, you want to rename the file to cert.pem and upload it to the directory above using an FTP manager.

the file has been tested and has been in production for a few weeks now without problem.

apologies about the little extra work.

and thanks to marcopolo for the good catch!

Quote:

---

Originally Posted by carlwhat

we all make mistakes!

good catch. thank you.

the new file name is:

cert-3rlvqi.pem

for those of you who have already ordered and created an account, please just login and go to your downloads page.

you will see the new file there ready for download.

as indicated in the products description, here is how to change the file:

the certificates file contained here needs to replace the existing file in this location:

YOUR_STORE_ROOT/includes/modules/payment/authorizenet/authorizenet-sdk/lib/ssl/cert.pem

there is only 1 file that needs to be replaced.

when you download the file, you want to rename the file to cert.pem and upload it to the directory above using an FTP manager.

the file has been tested and has been in production for a few weeks now without problem.

apologies about the little extra work.

and thanks to marcopolo for the good catch!

---

Many thanks to all!!!

@carlwhat Are you sure you have updated your client sites with the new cert? It seems as though they were saying that the new cert wouldn't work until the cutover, so I thought we'd all have to scramble and do it at the last minute.

Quote:

---

Originally Posted by swguy

@carlwhat Are you sure you have updated your client sites with the new cert? It seems as though they were saying that the new cert wouldn't work until the cutover, so I thought we'd all have to scramble and do it at the last minute.

---

100% sure. without question.

best.

Thanks for confirming!

Older versions of this plugin (2.3.3 and prior) also have a file called cacert.pem. Does that need to be refreshed as well?

Quote:

---

Originally Posted by swguy

Older versions of this plugin (2.3.3 and prior) also have a file called cacert.pem. Does that need to be refreshed as well?

---

yes. that file will need to be replaced.

With the contents of cert.pem? I'm asking because in the older versions, the two .pem files were not identical.

Quote:

---

Originally Posted by swguy

With the contents of cert.pem? I'm asking because in the older versions, the two .pem files were not identical.

---

sorry. i misunderstood your question.

i do not believe that file is needed. as such i would just leave it alone.

Thank you!

Seeing some of these in 1.5.8a/PHP 8.2. None of these are coincident with an error message in cim_response.log.

[18-Mar-2025 20:24:12 America/New_York] Request URI: /index.php?main_page=card_update, IP address: xx.xxx.x.xx, Language id 1
#0 [internal function]: zen_debug_error_handler()
#1 /home/client/public_html/includes/templates/bootstrap/common/html_header.php(22): header()
#2 /home/client/public_html/index.php(86): require('/home/client...')
--> PHP Warning: Cannot modify header information - headers already sent by (output started at /home/client/public_html/includes/templates/template_default/templates/tpl_message_stack_default.php:13) in /home/client/public_html/includes/templates/bootstrap/common/html_header.php on line 22.

Quote:

---

Originally Posted by swguy

Seeing some of these in 1.5.8a/PHP 8.2. None of these are coincident with an error message in cim_response.log.

[18-Mar-2025 20:24:12 America/New_York] Request URI: /index.php?main_page=card_update, IP address: xx.xxx.x.xx, Language id 1
#0 [internal function]: zen_debug_error_handler()
#1 /home/client/public_html/includes/templates/bootstrap/common/html_header.php(22): header()
#2 /home/client/public_html/index.php(86): require('/home/client...')
--> PHP Warning: Cannot modify header information - headers already sent by (output started at /home/client/public_html/includes/templates/template_default/templates/tpl_message_stack_default.php:13) in /home/client/public_html/includes/templates/bootstrap/common/html_header.php on line 22.

---

see:

https://docs.zen-cart.com/user/troub..._already_sent/

i am not seeing any errors in clients running this module on that page.