Welcome to the JaguarPC Community
JaguarPC
Sales: (888) 338-5261
Support: (888)-551-3050
Results 1 to 2 of 2

This is a discussion on Forms and SSL Help in the Shared & Semi-Dedicated forum
I wish to receive information that is submitted by a form. The information that is received will then be securely sent to another site and ...

  1. 04-29-2003, 03:14 PM #1
    Roger
    Roger is offline
    JPC Senior Member
    Join Date
    Mar 2002
    Posts
    93

    Forms and SSL Help

    I wish to receive information that is submitted by a form. The information that is received will then be securely sent to another site and that site will securely return responses.

    The code below is setup just for testing purposes so that I can tell what is going on with the program. Eventually it will send information to Authorizenet.

    1. I have looked all over the web with keywords such as NET::SSL and "Authorize.net CGI" and various combinations and nothing helpful is presented.
    2. The Authorize.net site doesn't explain this process.
    3. I have researched other areas as well, and all I seem to come up with is more confusion on how to accomplish this goal.

    My temporary setup goes like this:

    I use a form with just a simple box and the form posts to authorizenettest.cgi. The authorizenettest.cgi file posts to submit_to_me.cgi (this would eventually be Authorize.net). The submit_to_me.cgi is simply supposed to return the values it receives. However, it doesn't do so.

    Here's what I have so far...
    PHP Code:
    THE authorizenettest.cgi FILE (receiving info from a form)

    #!/usr/bin/perl

    print "Content-type: text/html\n\n";

    require     Net::SSL;
    read(STDIN$data$ENV{'CONTENT_LENGTH'});
    $ENV{SSL_CIPHER}="EXP-RC4-MD5";

    $sock Net::SSL->new(PeerAddr => "nucleic-secure.com"PeerPort => 443) || die "Can't connect";

    $mlength=length($data);

    $sock->print("POST /~activewe/cgi-bin/submit_to_me.cgi HTTP/1.0\n\n");
    $sock->print("Accept: www/source\n");
    $sock->print("Accept: text/html\n");
    $sock->print("Accept: text/plain\n");
    $sock->print("User-Agent: Mozilla/4.0\n");
    $sock->print("Content-type: application/x-www-form-urlencoded\n");
    $sock->print("Content-length: $mlength\n\n");
    $sock->print("$data\n");

    while (    $sock->read($buf1024)) { $resp.=$buf; }

    print     "<font face=Arial>\$resp=$resp <p>"
    PHP Code:
    THE submit_to_me.cgi FILE (receiving info from authorizenettest.cgi)

    #!/usr/bin/perl
    use CGI;
    my $in = new CGI;

    # print "Content-type: text/html\n\n";

    print $in->header('text/plain');

     foreach (    $in->param) {
       print     "$_ => "$in->param($_), "<br>\n\n";
      } 
    The only response that I get is:

    $resp=HTTP/1.1 200 OK Date: Tue, 29 Apr 2003 21:17:07 GMT Server: Apache/1.3.27 (Unix) DAV/1.0.3 mod_log_bytes/1.2 mod_bwlimited/1.0 PHP/4.3.1 FrontPage/5.0.2.2510 mod_ssl/2.8.12 OpenSSL/0.9.6b PHP-CGI/0.1b Connection: close Content-Type: text/plain; charset=ISO-8859-1

    If I remove the print command and the print "Content-type: text/html\n\n"; from authorizenettest.cgi, I simply receive a 500 error.

    I know that both programs are correct in the syntax (I did run Perl via Telnet on both).

    I'm also worried that Net::SSL is depreciated and may not be the best choice to use. I'd rather not rely upon something that could disappear in an upgrade.

    Any help is highly appreciated.

    Roger
    Reply With Quote Reply With Quote
  2. 05-01-2003, 12:46 PM #2
    Roger
    Roger is offline
    JPC Senior Member
    Join Date
    Mar 2002
    Posts
    93

    Authorize.net Connection Code

    Wow, this was much easier than I thought to connect with Authorize.net. I was making it harder than it should've been.

    I did get it to work using Net::SSL but I was worried that since it appears depreciated, it could result in problems down the road.

    So I looked at using Net::SSLeay and it now works as well. Plus by using Net::SSLeay there is less necessary code.

    I did see some people online charging anywhere from $100 to $200 for Authorize.net code (and I was tempted), but I kept plugging away at the code and I'm much more satisfied.

    I don't claim the code below does everything that the $100 code does, but it works and should be considered as ground work to build upon.

    PHP Code:
    #!/usr/bin/perl

    # Using style #3 in Net::SSLeay documentation
    # ####################################################################
    # Send a message and receive a reply from server.

    # Variables that should be periodically changed for increased security
    # ####################################################################
    # The following two variables are established using the Authorize.net
    # Merchant Interface, clicking "Settings" and can be found under "Security."
    $transaction_key "PUTYOURKEYHERE"# Submitted with every transaction so that Authorize.net knows it's you
    $md5_key "PUT_MD5_KEYHERE";        # Not submitted, used to ensure the response is from Authorize.net

    # Other Variables:
    # ####################################################################
    # $host = Just the domain and should not include [url]https://[/url]
    $host 'certification.authorize.net'# FOR TESTING TURN THIS ON
    # $host = 'secure.authorize.net';        # FOR TESTING TURN THIS OFF

    # Your login ID
    $login_id "your_login_id";

    # $port = 443 for secure (SSL) transport. This should almost always be 443
    $port 443;

    # $posttome = The path and filename to post to
    $posttome '/gateway/transact.dll';

    # $msg = The text you wish to send.  In this case the transaction to verify and post if accepted.
    # $var should be replaced with your variables since the data will be changing often.
    # CC # 4007 below is for testing per Authorize.net
    $msg "x_Version=3.1"               "&" .
               "x_Login=$login_id"           "&" .
               "x_Tran_Key=$transaction_key" "&" .

               "x_Invoice_Num=$var"          "&" .
               "x_Description=$var"  "&" .
               "x_Amount=$var"               "&" .
               "x_Method=CC"                 "&" .
               "x_Type=AUTH_ONLY"            "&" .

               "x_Card_Num=4007000000027"    "&" .
               "x_Card_Code=001"             "&" .
               "x_Exp_Date=0109"             "&" .

               "x_Cust_ID=$var"        "&" .
               "x_First_Name=First"          "&" .
               "x_Last_Name=Last"            "&" .
               "x_Company=Company Name"      "&" .
               "x_Address=Address"           "&" .
               "x_City=City"                 "&" .
               "x_State=ST"                  "&" .
               "x_Zip=33333"                 "&" .
               "x_Country=USA"               "&" .
               "x_Phone=333-333-3333"        "&" .
               "x_Email=email@email.com";

    # MAIN PROGRAM LOGIC
    # ####################################################################
    use Net::SSLeay qw(post_https);
    $Net::SSLeay::slowly 1;   # Add sleep so slow servers can keep up

    # Using style #3 as documented in Net::SSLeay documentation
    # $page contains the return from Authorize.net.
    # Please review the official Authorize.net PDF document for
    # clarification of the returned data under "Gateway Response API"
    # [url]http://www.authorizenet.com/support/AIM_guide.pdf[/url]
    ($page$response, %reply_headers)
             =     post_https("$host""$port""$posttome"''"$msg"); # 3

    # MD5 HASH
    # ####################################################################
    # Data has been returned, now let's ensure the data is
    # officially from Authorize.net (and not intercepted).

    # The returned MD5 hash code is used to ensure that the
    # reply was in fact sent by Authorize.net is returned
    # in field 38. This should be implemented for additional
    # security.

    # The remote hash is returned in field 38.  The remote
    # hash is generated by Authorize.net and is compared
    # with a locally generated hash by using the following
    # fields:
    # "MD5 Hash Value" "Login ID" "Trans ID" " Amount"
    # But it must be all together such as:
    # "MD5HashValueLoginIDTransIDAmount"

    # Incoming MD5 Hash is 32 characters in length.

    # Field # 7 in the returning Authorize.net data has the
    # transaction ID needed for the hash.

    # Returned string example:
    # 1 2 3 4                                   5      6 7 8    9            10   11 12
    # 1|1|1|This transaction has been approved.|000000|P|0|0001|Long Details|1.00|CC|auth_only|
    # 13      14    15        16             17            18        19 20    21  22           23
    # INV0001|First|Last|Business Name|Address|City|ST|33333|USA|333-333-3333||
    # 24         25    -  37  38               39 40-68 Reserved              69+ User Fields
    # [email]email@email.com[/email]||||||||||||||THEHASHCODE|  ||||||||||||||||||||||||||||| 

    @AuthorizeList split (/|/,$page);

    $response_code $AuthorizeList[0];
    $response_reason $AuthorizeList[2];
    $response_text $AuthorizeList[3];
    $avs_result $AuthorizeList[5];
    $trans_id $AuthorizeList[6];
    $md5_hash $AuthorizeList[37];
    $card_code $AuthorizeList[38];

    print     "Content-type: text/html\n\n";

    print     "<p>The returned response was $page<p>";

    use     Digest::MD5 qw(md5_hex);

    $digest "$md5_key" "$login_id" "$trans_id" "1.00";

    $local_md5 md5_hex($digest);

    $local_md5 uc($local_md5);

    if (    $local_md5 eq $md5_hash)
     { print     "<p> MD5 SUCCESS!"; }
    else
     { print     "<p> MD5 Failure Security Failure"; } 
    Enjoy!
    Roger
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules