Serra — Sat, 12 Mar 2005 19:27:12 +0000

I tried Authnetscript.com's Authorize.net AIM PHP script and it is fairly nice, but I am totally afraid to use it. The script requires that you put your Authorize.net username and password in the script. Normally, you would use a transaction ID, which allows the script to communicate with Authorize.net, but not to log into the account and get access to your records and the virtual terminal. However, Authnet's script doesn't use the terminal ID. It uses the password. That means that everyone at your hosting company, any hacker that gets access to your PHP files or anyone who has access to your source code (on your PC or a backup disk) can access your Authorize.net account and get EVERYTHING about you and your customers.

That just doesn't work for me. Seems like it is a $45.00 security risk waiting to happen.

Greg K — Wed, 02 Mar 2005 00:23:49 +0000

Update: Well the credit card script I wrote seems to be working fine. I wrote a module that has an array listed out so you set the elements to values from your script (all the order info), it then calls Authorize.net, gets a result back and places it into another array , with the elements properly named.

If anyone needs help writing their own, or would like a copy of mine, let me know. I may just post it here. It will come with disclaimers from me saying I'm not responsible though LOL.

-Greg

Greg K — Wed, 23 Feb 2005 21:56:19 +0000

Update. Well we got the script, and it's sample form works, however BEWARE, their script cannot be used inside of a function. I narrowed the problem we were having down to this (took their working "sample" script and put that code in a function, now it don't work either). Upon contacting them (never did fget responce back via e-mail, caught them on their "Online help system after two days of trying), I sent them the question "how do use include ('./scriptname.php'); inside of a function?" I received the following simple message "That type of support is not available on this product".

So now, i'm going off of the info at authorize.net to write my own system. (see
Advanced Integration Method (AIM) Implementation Guide at http://authorize.net/support/guides.php for details on how to do this).

-Greg

Greg K — Thu, 17 Feb 2005 23:34:48 +0000

Well, we finally got our payment system online. We use Authorize.Net to process our payments, and got a script from http://www.authnetscripts.com which takes data from our web page and passes it on to authorize.net, gets their responce back, and gives us the info we need to either save the transaction, or tell them it failed.

Using this method lets us completely customize our signup system, as it all stays on our site. We are also able to use this to process recurring monthly fees by having a cron run a script each night that automatically rebills the card on file if it is time to do so.

-Greg

EGS — Wed, 16 Feb 2005 19:46:15 +0000

PayPal - It's fast, free, and secure! Upgrade your account to a Premiere or Business Account.

Good luck.

dbanners — Sun, 13 Feb 2005 22:45:24 +0000

most payment gateways - e.g. 2checkout.com can be configured to call a page on your website when the processing is complete. the payment gateway will pass in all the required information regarding the sale and your page can then be used to send an email to yourself and save the information into a database.

Greg K — Tue, 14 Dec 2004 06:05:38 +0000

I'm in the middle of setting this up myself. We are setting up a signup for a service that will automatically rebill each month until cancelled. Not that hard, just making sure all bases are covered.

Tonight I'm focussing on the best method of encrypting the card info to store into the database.

-Greg

syawilim — Tue, 14 Dec 2004 04:36:34 +0000

Thanks heaps!
Didn't think it would be all that hard just haven't done anything with online transactions before.

Greg K — Mon, 13 Dec 2004 15:21:21 +0000

Should be easy, just wiat till you get result back from whoever does your processing before you do an insert.

1. User fills out form

2. Your script gets the info, does all the data validating

3. Your script calls a program [that takes the payment info and contacts authorize.net] and gets a responce back

4. If the responce indicates the payment went through, call the sql with the INSERT to place the data in the database.
-- or --
If the responce indicates it didn't go through, take them back to the form to reenter data with notice that the current info didn't work.

-Greg