LaughingHorse Posted November 30, 2015 Share Posted November 30, 2015 I have authnet set up see attached:[Authnet settings Screenshot from 2015-11-30 10:13:24.png]When I click on checkout, the page refreshes, and I have to click on checkout again.It brings me over to authorize.net and I get a 99 errorSee attached screenshot[Authnet-error 99 Screenshot from 2015-11-30 10:10:27.png]I called authnet because the error was happening on their site.The information I got from them was the error is either the Transaction Key. I get a new one and entered it while the rep from authnet was on the phone. It was entered correctly, as was the API login ID.The rep told me the error 99 is caused either because the wrong transaction key and/or wrong API Login ID was entered. We doublechecked and found it was correct.ORit is caused because"Amount has to be set in scripting prior to the generation of the fingerprint hashmay not be properly posting all required fields for AIMx_loginx_underscorefp_sequencex_fp_timestampx_fp_hasx_amount"The error log and system error log on my system are clean. (No errors registered)Thank you in advance for your help. AN update from an email just received from authnet:Issues with these values or with the generation process can cause Error 99. The three most likely causes of Error 99 are: 1) The Transaction Key that you have embedded in your script is not correct. Just to be sure, generate a new transaction key, disable the old transaction key, enter the new value in your script and test the connection.2) The amount has to be set in your scripting prior to the generation of the fingerprint hash. This usually means that the amount should be set in a previous form and posted to the script that generates the fingerprint hash. 3) You may not be properly posting all the required fields for SIM. The following fields must be present in your payment form request in order for the transaction to be accepted: 1. API Login ID (x_Login) 2. The sequence number of the transaction (x_FP_Sequence) 3. The time when the sequence number was generated (x_FP_Timestamp) 4. The Fingerprint Hash (x_FP_Hash) 5. The amount of the transaction (x_Amount) 4) If you are attempting to pass the field x_currency_code with your payment form request, you must include this field in your fingerprint hash generation. Since Authorize.Net currently handles transaction amounts in the merchant's local currency by default, you may alternately stop passing x_currency_code. Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 30, 2015 Share Posted November 30, 2015 The control panel is set for SIM (customer is taken to Authorize.net's site to complete transaction). The module's SIM mode, not AIM, creates a fingerprint. The module's AIM mode, not SIM, will log a request in the Request Log.My Authorize.net module in SIM mode is working fine.I have two concerns:$fp_sequence = $this->_basket['cart_order_id'].time();$fp_timestamp = time();The 'x_fp_sequence' is specified to be 'numeric'. So, if the cart_order_id has alphabetic characters (not including dashes, apparently), this may not be acceptable.The 'x_fp_timestamp' contains the UTC unixtime value. PHP's time() function relies on your PHP installation having the server be at the correct time -- the server's local time with the correct matching PHP.INI config setting for date.timezone. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted November 30, 2015 Author Share Posted November 30, 2015 (edited) So I need my host to fix this then? (time stamp)I have it set for SIM currently, and that is where I am getting the errors.I also have not done anything to edit any of the internals - with the exception of the look.So the fp_sequence is stock as installed.The test order # is: 151130-150953-2043 Edited November 30, 2015 by LaughingHorse additn to reply Quote Link to comment Share on other sites More sharing options...
bsmither Posted November 30, 2015 Share Posted November 30, 2015 In your hosting account's control panel (Cpanel?), you should be able to tell the server's time.Also, in CubeCart's administration, Store Settings, Advanced, there is a setting for timezone. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted November 30, 2015 Author Share Posted November 30, 2015 I have the Store Settings time set for New York TimeBecause we ship in a New york minute (heh heh heh)I'll check and see if I can find it in the Control panel.Thank you! Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 3, 2015 Author Share Posted December 3, 2015 I adjusted the store setting in the control panel to CST which is what the server is.I am still getting the Authnet-error 99I have the Timezone set to America/ChicagoThe UTC Offset is at 0Do I need to change that as well to -6 hours (the current difference) And if so, will I need to change it back when time changes in the Spring.Further:I'm about to implement a SSL. When I do that so I need to switch to AIM?If so, should I wait to try and fix the error 99 issue till the SSL is installed? Also do I need to change anything regarding thePassword Required Mode Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 3, 2015 Share Posted December 3, 2015 Do not change the UTC Offset. There is nothing to be concerned about with respect to daylight savings time.Ignore the Password Required.A Security Certificate is for the benefit of your customers while at your site. Once they go to the Authorize.net hosted page, they are no longer at your site. You probably want to keep it that way because when using AIM, the customer remains at your site and, even with SSL, you now must implement PCI Compliance. You are not forced to use AIM after having installed a Security Certificate on your site.I'll have more instruction on how to discover what the fingerprint contains. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 3, 2015 Author Share Posted December 3, 2015 Thank you! This is a really perplexing problem. the authnet 99 issue Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 4, 2015 Author Share Posted December 4, 2015 OK, just had a long talk with someone in support of Authorize.netShe told me I need to find where CubeCart is generating the Fingerprint Code. She said it's somewhere in the back end.x_loginx_tran_keyx_fp_timestampx_fp_sequencex_amountx_currency_codeI was also told that authorize.net "developer section' advises to avoid generating x_currency_code because it is causing issues.They have a tool to help track down errors athttps://developer.authorize.net/api/reference/responseCode99.htmlAnd there is a guide athttp://www.authorize.net/content/dam/authorize/documents/SIM_guide.pdfFrom the Authorize.net guide (pg26)Generating the UniqueTransaction FingerprintTransaction authentication for SIM is a transaction fingerprint, or a hash of merchant- and transaction-specific information using the HMAC-MD5 hashing algorithm (Hash-based Message Authentication Code) (MD5 RFC 1321 with a 128-bit hash value). The HMAC-MD5 algorithm is used only for generating the unique transaction fingerprint. The transaction fingerprint must be generated for each transaction by a server-side script on the merchant’s web server and inserted into the transaction request. The payment gateway uses the same mutually exclusive merchant information to decrypt the transaction fingerprint and authenticate the transaction.You can develop a script for generating a fingerprint in two ways:By using the API field information inthis section to customize your script.By using a free Authorize.Net sample code available on the Developer Center athttp://developer.authorize.net Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 4, 2015 Share Posted December 4, 2015 Let's try this. We will try to capture the values being included in the fingerprint, and then capture the fingerprint string.In the file /modules/gateway/authorize/gateway.class.php: Near lines 41-43, find: $fp_sequence = $this->_basket['cart_order_id'].time(); // Enter an invoice or other unique number. $fp_timestamp = time(); $fingerprint = $this->_getFingerprint($this->_module['acNo'],$this->_module['txnkey'], $this->_basket['total'], $fp_sequence, $fp_timestamp); After that, add the following: $GLOBALS['debug']->errorLogger(null,$this->_module['acNo'],'x_login',''); $GLOBALS['debug']->errorLogger(null,$fp_sequence,'x_fp_sequence',''); $GLOBALS['debug']->errorLogger(null,$fp_timestamp,'x_fp_timestamp',''); $GLOBALS['debug']->errorLogger(null,$this->_basket['total'],'x_amount',''); $GLOBALS['debug']->errorLogger(null,$this->_module['txnkey'],'x_tran_key',''); $GLOBALS['debug']->errorLogger(null,$fingerprint,'x_fp_hash',''); This should show the results in the debug section under PHP Errors. The data should also be logged in the CubeCart administration System Error Log.According to the documentation, the fingerprint has four (five if you count currency code) elements and uses the x_tran_key to encode it. But the x_tran_key is never sent with the transaction request (so why it is expressed as x_tran_key, I don't know).I haven't tried this myself, but I have every confidence it will work. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 5, 2015 Author Share Posted December 5, 2015 Does that go between$fp_sequence = $this->_basket['cart_order_id'].time(); // Enter an invoice or other unique number. $fp_timestamp = time(); $fingerprint = $this->_getFingerprint($this->_module['acNo'],$this->_module['txnkey'], $this->_basket['total'], $fp_sequence, $fp_timestamp); And$hidden = array( 'x_type' => $this->_module['payment_type'], //AUTH_CAPTURE or AUTH_ONLY 'x_login' => $this->_module['acNo'], 'x_fp_hash' => $fingerprint, 'x_amount' => $this->_basket['total'], 'x_fp_timestamp' => $fp_timestamp, 'x_fp_sequence' => $fp_sequence, 'x_version' => '3.1', 'x_show_form' => 'payment_form', 'x_test_request' => 'false', 'x_method' => 'cc', 'x_invoice_num' => $this->_basket['cart_order_id'], 'x_description' => "Payment for order #".$this->_basket['cart_order_id'],Thank You Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 5, 2015 Author Share Posted December 5, 2015 Just noticed in the Fingerprint, is it collectingx_loginAlso is the nomenclature being transmitted to Authnet the way Authnet wants e.g.x_tran_keyx_amount I'm guessing the "txnkey" is the private transaction key Authnet assigned to my account. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 5, 2015 Share Posted December 5, 2015 "Does that go between..."Yes.The txnkey is NOT being included as a separate data item, nor is it supposed to be included. It is used in the fingerprint generation but not included in the fingerprint. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 5, 2015 Author Share Posted December 5, 2015 OK too a screenshot of the system error log, and covered up the LoginId and Transaction key. Left the rest alone so you can see them. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 5, 2015 Share Posted December 5, 2015 Ok, all looks good. Now, plug those values in the ResponseCode99 tool. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 5, 2015 Author Share Posted December 5, 2015 It gave me a generated Fingerprint: E6339D021AA25A8A9AF5466717498730 Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 5, 2015 Author Share Posted December 5, 2015 (edited) Just noticed below the Fingerprint it gave me this Troubleshoot a Response Code 99Verify that you are using the current transaction key. [NOTE: I am using a current transaction key]Obtain a new transaction key in the Merchant Interface and update all scripts that require a transaction key accordingly.Please note that once a new transaction key has been obtained, the old transaction key will expire and become invalid after 24 hours. Be sure that all sites using SIM are updated with the new transaction key before the old key expires.To obtain a transaction key:Log into the Merchant Interface at: https://account.authorize.net/.Click Account from the main toolbar.Click API Login ID and Transaction Key.Under Create New Transaction Key, enter the answer to your Secret Question.To disable the old transaction key, check the box titled Disable Old Transaction Key(s). Note: If the Disable Old Transaction Key(s) box is not checked, the old transaction key will automatically expire and become invalid in 24 hours.Click Submit.Remember to store the transaction key in a secure location. Do not share it with anyone, as it is used to protect your transactions.Check to see if you have a properly formatted value for x_amount. Verify that there is no dollar sign. The value should be strictly numeric. Additionally, our sample scripts require a numeral with two decimal places. Fingerprints created with an invalid amount value may result in Response Code 99.Compare the case of x_amount that is being posted to your script with the case of x_amount in the fingerprint generating script. Some scripting languages (such as Perl and PHP) are case sensitive. If you post x_Amount to your SIM script and the script is programmed for x_amount, the uppercase version may be ignored by the script and result in an incorrect fingerprint. Correct the case of either your post variable or the variable in the script to fix the error. Note: The sample Perl script is written to accept the amount field as x_amount. The sample PHP script is designed to accept this field as x_Amount. Edited December 5, 2015 by LaughingHorse Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 5, 2015 Share Posted December 5, 2015 Ok. There are a few things we can verify.Did you copy/paste the Login Key and TRX Key into CubeCart's Authorize.net control panel? As opposed to manually entering it?If so, it may be the case the string includes a trailing space or some other invisible character that the select/copy picked up from the Authorize page.That may explain the difference in the fingerprint.If that's not likely the cause, then we might try to verify that the encryption process is the same for your version of PHP. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 5, 2015 Author Share Posted December 5, 2015 Yes, I copied and pasted the key. I'll try manually entering it. run another order and see what happens. Be right back. Got the same error messages with a different Fingerprint The generated fingerprint:E6339D021AA25A8A9AF5466717498730Troubleshoot a Response Code 99Verify that you are using the current transaction key.Obtain a new transaction key in the Merchant Interface and update all scripts that require a transaction key accordingly.Please note that once a new transaction key has been obtained, the old transaction key will expire and become invalid after 24 hours. Be sure that all sites using SIM are updated with the new transaction key before the old key expires.To obtain a transaction key:Log into the Merchant Interface at: https://account.authorize.net/.Click Account from the main toolbar.Click API Login ID and Transaction Key.Under Create New Transaction Key, enter the answer to your Secret Question.To disable the old transaction key, check the box titled Disable Old Transaction Key(s). Note: If the Disable Old Transaction Key(s) box is not checked, the old transaction key will automatically expire and become invalid in 24 hours.Click Submit.Remember to store the transaction key in a secure location. Do not share it with anyone, as it is used to protect your transactions.Check to see if you have a properly formatted value for x_amount. Verify that there is no dollar sign. The value should be strictly numeric. Additionally, our sample scripts require a numeral with two decimal places. Fingerprints created with an invalid amount value may result in Response Code 99.Compare the case of x_amount that is being posted to your script with the case of x_amount in the fingerprint generating script. Some scripting languages (such as Perl and PHP) are case sensitive. If you post x_Amount to your SIM script and the script is programmed for x_amount, the uppercase version may be ignored by the script and result in an incorrect fingerprint. Correct the case of either your post variable or the variable in the script to fix the error. Note: The sample Perl script is written to accept the amount field as x_amount. The sample PHP script is designed to accept this field as x_Amount. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 5, 2015 Share Posted December 5, 2015 Got the same error messages with a different Fingerprint.The generated (from the tool?) fingerprint: E6339D021AA25A8A9AF5466717498730Consider that each order's fingerprint will be different (and think about it -- it must be different) because of the order number and the exact time it is at the moment of creating the fingerprint.The first test where you posted the image of the System Error Log: the timestamp equals:GMT: Sat, 05 Dec 2015 17:12:08 GMTfor an order transacted at 11:12 amSo, does GMT/UTC less 6 hours equal the local time? Are you six hours from UTC? You said Chicago, so I assume so.The folks at Authorize were not able to break apart a fingerprint? Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 5, 2015 Author Share Posted December 5, 2015 Yes, Chicago would be -6 from GMT and the server is on CSTI can check with them regarding breaking apart the fingerprint.I was only able to get the info to put in the test URL on Authnet today after you gave me the code to capture the errors. I did generate both fingerprints from the Authnet tool. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 5, 2015 Share Posted December 5, 2015 Well, according to an Authorize.net knowledgebase article, "Because of the complex nature of the mathematical function, the individual input values used to create the digital fingerprint cannot be determined through analysis of the fingerprint." Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 5, 2015 Author Share Posted December 5, 2015 You mentioned above we could try to verify that the encryption process is the same for my version of PHPWould it make sense to do that?This issue is a hard nut to crack But the satisfaction of beating it will be great Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 5, 2015 Share Posted December 5, 2015 Let's make another 'reveal'. In the file gateway.class.php, at the bottom, find: private static function _getFingerprint($api_login_id, $transaction_key, $amount, $fp_sequence, $fp_timestamp) { if (function_exists('hash_hmac')) { return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key); } return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key)); } Change that to: private static function _getFingerprint($api_login_id, $transaction_key, $amount, $fp_sequence, $fp_timestamp) { $GLOBALS['debug']->errorLogger(null,$api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^",'raw_fingerprint',''); $GLOBALS['debug']->errorLogger(null,"^".$transaction_key."^",'txn_key (ignore the carets)',''); if (function_exists('hash_hmac')) { $GLOBALS['debug']->errorLogger(null,'hash_hmac','encode method',''); return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key); } $GLOBALS['debug']->errorLogger(null,'bin2hex_mhash','encode method',''); return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key)); } Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 6, 2015 Author Share Posted December 6, 2015 Today, 18:38 [Unknown ()] raw_fingerprint: - LOGIN CODE ^151205-183841-14691449362323^1449362323^21.41^ Today, 18:38 [Unknown ()] txn_key (ignore the carets): - ^TRANS KEY CODE^ Today, 18:38 [Unknown ()] encode method: - hash_hmac Today, 18:38 [Unknown ()] x_login: - LOGIN CODE Today, 18:38 [Unknown ()] x_fp_sequence: - 151205-183841-14691449362323 Today, 18:38 [Unknown ()] x_fp_timestamp: - 1449362323 Today, 18:38 [Unknown ()] x_amount: - 21.41 Today, 18:38 [Unknown ()] x_tran_key: - TRANS KEY CODE Today, 18:38 [Unknown ()] x_fp_hash: - 878e9ae5dbee8f24acf5bbb1143626bf*********************************************************************************************************************** Note: for security, I replaced the LOGIN CODE and TRANS KEY CODE with those words. ** The Login code and Trans Key were correct before I changed them *********************************************************************************************************************** Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.