authorizenet / sdk-php Goto Github PK
View Code? Open in Web Editor NEWPHP SDK for Authorize.Net API
License: Other
PHP SDK for Authorize.Net API
License: Other
There is a weird issue that was not happening few days/weeks ago.
It keeps looking for phplog
file, I've defined (as for the php-samples) my AUTHORIZENET_LOG_FILE
but it looks like it's not being used.
Looking at the source or the error, here is where is being defined ANET_LOG_FILE
with phplog
.
Deleting/changing that line from that file solves the issue.
I've personally deleted that line and defined ANET_LOG_FILE
when I set the credentials (instead of AUTHORIZENET_LOG_FILE
), it works like a charm.
Line 14 of AuthorizeNetRequest.php
public $VERIFY_PEER = true; // Set to false if getting connection errors.
94 through 98
if ($this->VERIFY_PEER) {
curl_setopt($curl_request, CURLOPT_CAINFO, dirname(dirname(__FILE__)) . '/ssl/cert.pem');
} else {
curl_setopt($curl_request, CURLOPT_SSL_VERIFYPEER, false);
}
This is bad advice, bad code, and will result in connection errors turning into MITM exploits via peerjacking. Fix the code and issue a USN.
This was initially reported in 2011 and is apparently still not fixed, http://www.unrest.ca/peerjacking
It appears that there is no functionality for createCustomerProfileFromTransactionRequest, available in the API but not here.
When querying CMI in sandbox mode (and probably also if no customers exist yet), I receive a PHP notice.
$request = new AuthorizeNetCIM;
$response = $request->getCustomerProfileIds();
$customers = $response->getCustomerProfileIds();
A PHP Error was encountered
Severity: Notice
Message: Undefined index: numericString
Filename: lib/AuthorizeNetCIM.php
Line Number: 491
The $this->xml->ids
property is empty if there are no customers, and hence it can't access the "numericString" values.
Reported by tdietsche9 http://community.developer.authorize.net/t5/Integration-and-Testing/Card-Present-PHP-SDK-BUG/m-p/40220#M21872
Comparing the new and old AuthorizeNetCP.php files shows that only the
"undefined offset" errors were fixed. The "undefined property" error was NOT fixed.
It doesn't define a class property for _custom_fields (like AuthorizeNetAIM.php does).
I added this code after line 50 and it seems to prevent this php error:
/**
* Only used if merchant wants to send custom fields.
*/
private $_custom_fields = array();
Also, the "error_message" property is only defined and returned if there IS an error.
It would be better if it always returned a value (empty string if trx is approved, otherwise an error message string). I fixed my script to only obtain the value of this response property if there was an error, not always.
Dear lord, I can be daft sometimes. Delete this post.
I m using Authorize.net SDK 1.8.3.3 , SDK 1.8.3.1 Also have same problem
Issue: LineItems in Transaction Request not adds "quantity" key value pair if quantity is '0'. Which causes error in response.
Line Items Trace:
array (size=2)
0 =>
object(AuthorizeNetLineItem)[71]
public 'itemId' => string '1' (length=1)
public 'name' => string 'xxxItem1' (length=14)
public 'description' => string '' (length=0)
public 'quantity' => string '0' (length=1)
public 'unitPrice' => string '8.99' (length=4)
public 'taxable' => string 'false' (length=5)
1 =>
object(AuthorizeNetLineItem)[68]
public 'itemId' => string '2' (length=1)
public 'name' => string 'xxxxItem2' (length=15)
public 'description' => string '' (length=0)
public 'quantity' => string '300' (length=3)
public 'unitPrice' => string '9.99' (length=4)
public 'taxable' => string 'false' (length=5)
Transaction Request trace:
[transaction] => SimpleXMLElement Object
(
[profileTransAuthCapture] => SimpleXMLElement Object
(
[amount] => 9.95
[lineItems] => Array
(
[0] => SimpleXMLElement Object
(
[itemId] => 1
[name] => xxxItem1
[unitPrice] => 8.99
[taxable] => false
)
[1] => SimpleXMLElement Object
(
[itemId] => 2
[name] => xxxItem2
[quantity] => 300
[unitPrice] => 9.99
[taxable] => false
)
Response Trace:
<?xml version="1.0" encoding="utf-8"?><ErrorResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd"><messages><resultCode>Error</resultCode><message><code>E00003</code><text>The element 'lineItems' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd' has invalid child element 'unitPrice' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd'. List of possible elements expected: 'description, quantity' in namespace 'AnetApi/xml/v1/schema/AnetApiSchema.xsd'.</text></message></messages></ErrorResponse>
Composer has unresolved MITM security issues, and is probably unsafe for use in a PCI environment.
Related issue, over two years old now, composer/composer#1074
CIM methods such as the "getPaymentProfile" return XML objects with no simple way to convert them into SDK objects for followup methods such as "updatePaymentProfile"
The SDK places "customerPaymentProfileId" before the payment and billTo elements. This is invalid according to our API.
The new Akamai transaction URLs that are available now are:
This documentation is hardly detailed:
https://github.com/AuthorizeNet/sdk-php/blob/master/doc/CIM.markdown
How does one supply the CCV card number when creating a payment profile? How about a billing address?
Also, who does this?
$this->tax = (object)array();
Have you never heard of stdClass?
QV: http://php.net/manual/en/reserved.classes.php
Finally, why a generic object in this case? Too lazy to define an actual object with proper JavaDoc comments? And how about some validation? This SDK needs a lot of work.
Do the certificates need to be updated? I've been unable to connect with ssl the last 2 days (for sandbox). I went to test.authorize.net and downloaded the certs and it appears to be working with the downloaded ones.
If one needs to create a subscription for a credit-card registered to "Jim & Jane Plain", for example, this is problematic; invalid XML will be produced. The escaping should probably extend to every field that could conceivably have an ampersand, which would easily include company, address -- probably even country (though usually it's best to just escape everything for good measure).
For my purposes I only needed the name fields escaped (for now), so I patched my local copy of AuthorizeNetTypes.php
, adding a method to AuthorizeNet_Subscription
like this:
/**
* Escape the given string for inclusion in XML.
*/
private function escape($s) {
return htmlspecialchars($s, ENT_QUOTES | ENT_XML1);
}
Then I escape the values like this:
<firstName>{$this->escape($this->billToFirstName)}</firstName>
<lastName>{$this->escape($this->billToLastName)}</lastName>
Not found on packagist?
I'm running into a this fatal error:
Fatal error: Class 'Symfony\Component\Yaml\Yaml' not found in ...includes\gateways\authorize-sdk-php\vendor\jms\serializer\src\JMS\Serializer\Metadata\Driver\YamlDriver.php on line 35
I've run composer update
and am not sure what the issue is...
getSubscriptionStatus reads "Status" with a capital "S", while it should read "status", see sdk-php//lib/AuthorizeNetARB.php
They're both being sent with the response and "Status" was always "active" on my tests, while "status" had the correct value.
If one uses a CIM request to charge a non-existent user, your gateway responds with a well-formed response:
<?xml version="1.0" encoding="utf-8"?><createCustomerProfileTransactionResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="AnetApi/xml/v1/schema/AnetApiSchema.xsd"><messages><resultCode>Error</resultCode><message><code>E00040</code><text>Customer Profile ID or Customer Payment Profile ID not found.</text></message></messages></createCustomerProfileTransactionResponse>
HOWEVER, your code returns an AuthorizeNetAIM_Response object that says there was a connection problem. This problem would apparently be due to the fact that the getTransactionResponse function is trying to parse a non-existent XML element, directResponse:
public function getTransactionResponse()
{
return new AuthorizeNetAIM_Response($this->_getElementContents("directResponse"), ",", "|", array());
}
See https://github.com/AuthorizeNet/sdk-php/blob/master/lib/AuthorizeNetCIM.php#L459
Your code should be at least intelligent enough to recognize that it has in fact connected the gateway successfully and parse out the appropriate error message. Jeeze.
This project is incredibly inconsistent. For the AuthorizeNetAIM class, properties can be set magically or using the setField() function. On the response properties are accessed directly without getter functions.
On the AuthorizeNet_Subscription() class, properties are set directly without setters. On the AuthorizeNetARB_Response class, there are getter methods for all the properties.
Can you please unify and standardize this across all classes?
If I send this in for a subscription to a production account:
$subscription = new AuthorizeNet_Subscription;
$subscription->name = "Short subscription";
$subscription->intervalLength = "12";
$subscription->intervalUnit = "months";
$subscription->startDate = "2015-11-20";
$subscription->totalOccurrences = "9999";
$subscription->amount = 235;
$subscription->creditCardCardNumber = "5551766170335085";
$subscription->creditCardExpirationDate = "2018-03";
$subscription->creditCardCardCode = "897";
$subscription->billToFirstName = "Happy";
$subscription->billToLastName = "Gilmore";
The CC info is bogus, but it does validate as a proper card number.
This is my response:
AuthorizeNetARB_Response Object
(
[xml] => SimpleXMLElement Object
(
[messages] => SimpleXMLElement Object
(
[resultCode] => Ok
[message] => SimpleXMLElement Object
(
[code] => I00001
[text] => Successful.
)
)
[subscriptionId] => 26519381
)
[response] => OkI00001Successful.26519381
[xpath_xml] => SimpleXMLElement Object
(
[messages] => SimpleXMLElement Object
(
[resultCode] => Ok
[message] => SimpleXMLElement Object
(
[code] => I00001
[text] => Successful.
)
)
[subscriptionId] => 26519381
)
)
From what I've gathered subscriptions are processed in batch at 2am or something, but is there no type of validation done on the information submitted prior to that batch processing?
I use this function ALL THE TIME, I also push everything to my server with git autodeploy webhook that does a composer install (Envoyer.io). I have to SSH into my server every time I deploy to add this function to AuthorizeNetCIM.php
/**
* @param $transId
* @return AuthorizeNetCIM_Response
*/
public function createCustomerProfileFromTransaction($transId)
{
$this->_constructXml("createCustomerProfileFromTransactionRequest");
$this->_xml->addChild("transId", $transId);
return $this->_sendRequest();
}
This is a problem I've encountered with the version 1.8.3.1 SDK using the Authorize.net sandbox server. I'm currently unable to test it on the live server.
This function in the AuthorizeNetCIM_Response
class,
public function getValidationResponse()
{
return new AuthorizeNetAIM_Response($this->_getElementContents("validationDirectResponse"), ",", "|", array());
}
is passing the AuthorizeNetAIM_Response
constructor an $encap_char
value of "|". However, the Authorize.net server isn't using an encapsulating character, so the AuthorizeNetAIM_Response
fields fail to populate. Reverting the $encap_char
value back to "", like it was in version 1.1.8, fixes the problem.
The related AuthorizeNetCIM_Response::getValidationResponses()
function is still using a value of "" for $encap_char
.
I've scoured the internet looking for PHP code examples that use this sdk to create a payment profile (createCustomerPaymentProfile) and have yet to find one that provides more than just customerType, cardNumber, and expirationDate. That's barely a fraction of the perhaps two dozen inputs described on page 24 of the CIM XML guide:
http://www.authorize.net/support/CIM_XML_guide.pdf
Given that this SDK uses irregular nested object structures and doesn't have any javadoc comments to elucidate what they are for (or to even standardize what methods and properties an instance of AuthorizeNetPaymentProfile->payment->creditCard might have), it would be most helpful if your project were to provide an example of how to create a payment profile while supplying this additional information.
Hi,
We are using CIM and are using Auth.net to handle storing all of our CC info.
We are also using the built in logging mechanisms in the SDK to troubleshoot any issues we have.
The problem is that when you make a createCustomerPaymentProfileRequest, one of the fields is the CC number so that is stored in plain text in the log file.
Is there anyway you could update the logging to mask the actual CC number and cvv code so we can continue to use the logging, but also not have access to the sensitive data?
AuthorizeNetResponse is looking for "x_email_address" instead of "x_email".
https://github.com/AuthorizeNet/sdk-php/blob/master/lib/AuthorizeNetAIM.php#L289
should be $bank_acct_name
I received "Important Authorize.Net Networking Change" email today:
http://app.payment.authorize.net/e/es.aspx?s=986383348&e=913189&elq=aeac1910433b4fd7af65680cda3d5e0e
But how do I send AIM transactions to "https://secure2.authorize.net/gateway/transact.dll" URL using the official SDK?
Thanks!
If you provide a log file name in the AUTHORIZENET_LOG_FILE, the log file will dutifully store the XML sent to Authorize.net, including the credit card number and the CVV value. If you're trying to adhere to PCI compliance rules, this is a violation, and a pretty egregious one at that since the data are stored unencrypted in the clear. It also violates the credit card vendors' rules against ever storing the CVV in any way.
My suggestion would be to obfuscate the card number with Xs and reveal only the last four digits of the card number. I would also obfuscate the entire CVV with Xs. A fancy version would make this an optional switch that is on by default, meaning I, the developer, have to set a flag explicitly to store these values in the clear.
Thanks,
Steve
As I understand it, the customerProfileID is something Auth.Net assigns.
But merchantCustomerID is something I assign at creation.
that means if I can only get a customer profile using profileID, I need to store that profileID on my side...
But... HOW can I fetch a profile based on merchantCustomerID instead so that I dont need to do that?
My whole system is not charging, Do you know if there is a know issue with this class?
We've recently run into the requirement of using CIM profiles through transactions. I believe the "old" AIM approach doesn't cover this so that's the primary motivation for my switch to the new model.
I have a few suggestions:
Overall, I really do prefer this approach once I got through some of the transition. I feel it follows http://developer.authorize.net/api/reference/index.html much more closely. The few tweaks above should make the transition from the old model to the new much easier.
$an = new AuthorizeNetCIM();
$result = $an->getCustomerProfile(xxxxxx); //xxxxxx is customer profile ID
var_dump($result->getCustomerPaymentProfileIds());
And I discovered there is no numericStrings
when I am calling getCustomerProfile(xxxxxx) in the response. So either the response is different or the extraction of ids are wrong! (just for deep digging purpose)
getCustomerPaymentProfileIds
is returning null all the time when this customer has multiple payment profile
sdk-php / lib / AuthorizeNetARB.php : Line 171
For an already canceled ARB subscription, and when querying the status of the subscription with getSubscriptionStatus, the element "Status" in the response is 'active' and the element "status" (small 's') is 'canceled'
...
<status>canceled</status>
<Status>active</Status>
</ARBGetSubscriptionStatusResponse>
@Package AuthorizeNet
@subpackage AuthorizeNetSIM
AuthorizeNetSIM.php#41
Need to update $map array with:
'invoice_number' => 'x_invoice_num',
'transaction_type' => 'x_type',
'zip_code' => 'x_zip',
'email_address' => 'x_email',
'ship_to_zip_code' => 'x_ship_to_zip',
'account_number' => 'x_account_number',
I get this error when I try and update the SDK to the latest version (happens on 1.8.5.1)
Problem 1
Merge was from here: c43a425
PHP 5.3+ (>=5.3.10 recommended)
but goetas/xsd2php requires 5.4+
In tag 1.8.3 the composer.json file indicated a dependency on "jms/serializer": “*”. In subsequent versions, your composer file indicates a dependency on "jms/serializer": "xsd2php-dev as 0.18.0" but it does not seem like that version of serializer package is available?
https://packagist.org/packages/jms/serializer
authorizenet/authorizenet 1.8.5.1 requires jms/serializer xsd2php-dev as 0
.18.0 -> no matching package found.
While it is possible to save transactional data to a log file, this gets unwieldy to leave on for any length of time. Thus, I would like to save the transactional data to my database.
To do this, I need access to the _xml class variable which is protected. Can someone add a public getter method that retrieves the xml sent and the xml received, respectively?
Thanks,
Steve
Hello Team,
I am facing this issue and am not able to fix it. can you guys please suggest me why is it showing error. This code creates Customer profile ID, Payment Profile ID and saving address successfully but when i make transaction it give error. Please help me. Thanks
My Code:
$customerProfile = new AuthorizeNetCustomer;
$customerProfile->description = "Description of customer";
$customerProfile->merchantCustomerId = $user->id;
$customerProfile->email = $user->email;
$address = new AuthorizeNetAddress;
$address->firstName = "john";
$address->lastName = "Doe";
$address->phoneNumber = "555-555-5555";
$customerProfile->shipToList[] = $address;
$paymentProfile = new AuthorizeNetPaymentProfile;
$paymentProfile->customerType = "individual";
$paymentProfile->payment->creditCard->cardNumber = "4111111111111111";
$paymentProfile->payment->creditCard->expirationDate = "2017-10";
$customerProfile->paymentProfiles[] = $paymentProfile;
$request = new AuthorizeNetCIM;
$response = $request->createCustomerProfile($customerProfile);
$new_customer_id = $response->xml->customerProfileId;
$paymentProfileId = $response->xml->customerPaymentProfileIdList->numericString;
$customerAddressId = $response->xml->customerShippingAddressIdList->numericString;
$transaction = new AuthorizeNetTransaction;
$transaction->amount = "9.79";
$transaction->customerProfileId = $new_customer_id;
$transaction->customerPaymentProfileId = $paymentProfileId;
$transaction->customerShippingAddressId = $customerAddressId;
$transaction->cardCode = "111";
$response = $request->createCustomerProfileTransaction("AuthCapture", $transaction);
print_r($response);
Error -
[code] => E00003
[text] => Name cannot begin with the '0' character, hexadecimal value 0x30. Line 2, position 291.
Currently I can't find any documentation on how to get my authentication working.
I'm sure the functionality is there, but it isn't included in any of the docs.
We are currently testing PHP 7 Support using the current RC5 to try to get ahead of the curve. However when installing the Authorize.net PHP SDK with composer we're stuck:
authorizenet/authorizenet dev-master requires php ~5.3 -> your PHP version (7.0.0RC5) or "config.platform.php" value does not satisfy that requirement.
Could we get the PHP version changed in the composer.json file to something like >=5.3 instead of ~5.3? I'll make the PR is needed, that's no big deal. I don't see anything in the code base that would cause problems unless I've missed something.
@brianmc Please add a develop
branch for me to pull my namespacing feature into without affecting the master
branch.
Thanks!
Error is following :
swati@swati-pc:/opt/lampp/htdocs/sdk-php-master$ composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package authorizenet/authorizenet No version set (parsed as 1.0.0) could not be found.
Potential causes:
Read https://getcomposer.org/doc/articles/troubleshooting.md for further common problems.
Just received an email about the new Akamai URLs.
Should we expect this change in the SDK anytime soon?
It appears to be a new issue while using $authnetcp->authorizeAndCapture().
I did a workaround for this:
if (!$response->transaction_id && $response->card_code_response)
{
$response->transaction_id = $response->card_code_response;
}
The article Production Certificate Upgrades begin May 27 2015 states that the certificate "Baltimore CyberTrust Root" is required, but the currently shipping version of the SDK (1.8.3.3 as of this writing) doesn't appear to include it in cert.pem https://github.com/AuthorizeNet/sdk-php/blob/1.8.3.3/lib/ssl/cert.pem
Shouldn't that certificate be there?
The autoload.php echo's a class not found message when it does not find a class
"
} else {
echo 'Class not loaded: ' . $className;
"
That's OK. However when used with a AJAX within a framework such as Wordpress or Joomla it corrupts the output with class not found messages. This output conflicts with the intended output of the class that instantiates the A.NET class. So, if the php program being called by a jQuery script via $.post and the php returns die(json_encode($output)); the return contains all the echo from the autoload, which are not relevant.
PHP's SimpleXML module doesn't have native support for inserting CDATA strings. The SDK instead does a replace for "" which fails in some versions of PHP that use the shorthand "".
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.