bsmither Posted December 6, 2015 Share Posted December 6, 2015 This is very important. Look at the following carefully:raw_fingerprint: - LOGIN CODE ^151205-183841-14691449362323^1449362323^21.41^Did the raw_fingerprint value actually contain a space after the (real) LOGIN CODE? Or is the space after LOGIN CODE a typo made by you when you were editing out the real Login Key when composing the above post?If there really is a space after the (real) Login Key between the Key and the first caret ('^'), then you may have a rogue hidden character, a trailing space, in CubeCart's Authorize control panel setting for the Account ID (really the Login Key). That happens mostly when one copies from a web page and pastes in a text field, as opposed to entering a value manually. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 6, 2015 Author Share Posted December 6, 2015 There is a space there.I removed the space.Tested and still got the 99 error. I'm thinking of going back to the Authnet website and generating a new transaction key and loading it in place of the current one.After the test here is the error info.Today, 08:07 [Unknown ()] raw_fingerprint: - ***********^151206-080701-69941449410823^1449410823^351.70^ Today, 08:07 [Unknown ()] txn_key (ignore the carets): - ^****************^ Today, 08:07 [Unknown ()] encode method: - hash_hmac Today, 08:07 [Unknown ()] x_login: - *********** Today, 08:07 [Unknown ()] x_fp_sequence: - 151206-080701-69941449410823 Today, 08:07 [Unknown ()] x_fp_timestamp: - 1449410823 Today, 08:07 [Unknown ()] x_amount: - 351.70 Today, 08:07 [Unknown ()] x_tran_key: - **************** Today, 08:07 [Unknown ()] x_fp_hash: - e7907fae6857e38df4b92ebff4ec4e1cI did notice in the raw_fingerprint, while it does have:x_loginx_fp_sequencefp_timestampx_amountit does not appear to have the txn_key (x_tran_key) info.Unless the error code is cutting off at a certain number of spaces. So before generating a new transaction code, is there a way to double check that the x_tran_key is being picked up in the fingerprint? I am using the Authorize.net Payment Gateway version 1.1.1CubeCart 6.0.8 Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 6, 2015 Share Posted December 6, 2015 The transaction key (txn_key) is used to encode the fingerprint. It is not included in the fingerprint nor sent separately.In constructing the fingerprint, the four data items are put in a specific sequence and separated by carets (with a trailing caret and with an optional currency code).Authorize.net uses the same four data items sent along with the fingerprint, constructs the sequence the same way, and uses your txn_key that it has on file that matches your Login Key to create its own fingerprint. If the fingerprints match, that is, if the data is exactly the same, constructed the same way, and encoded the same way with the same txn_key, then all is good.Only CubeCart and Authorize.net knows the txn_key. The web page sent to the customer, and the form submission on that page, will never include it. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 6, 2015 Author Share Posted December 6, 2015 Do you think it would be worth it to try a new transaction key then?It's just a matter of going to Authnet and creating one while killing off the current one. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 6, 2015 Share Posted December 6, 2015 It won't hurt. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 6, 2015 Author Share Posted December 6, 2015 Just tried that and it still is giving me the 99 error code. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 6, 2015 Share Posted December 6, 2015 Well, I'm out of ideas that I can suggest over the forums.(I thought I had a Developer's account, but) Yesterday, I signed up for a Sandbox account. I'll make some tests -- but, I say again, a store I manage uses Authorize SIM and it has no trouble. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 6, 2015 Author Share Posted December 6, 2015 I did another test.I created a cubecart cart on a different host, using a different domain.I installed the USPS module and Authorize.net module.did a test order with the test product, and got the 99 error.I then tried using the Authorize.net module 1.1.0 rather than 1.1.1Got the 99 error again.The URL to the old cart ishttps://emperorsherbologidst.com/cartIs your store using the current version of CC?Is it using the current version of Authnet 1.1.1 Out of total frustration, I switched to AIM and it worked perfectly. The order was processed, charge showed in Authnet.I don't understand why it works with AIM and not with SIM. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 6, 2015 Share Posted December 6, 2015 Here's a weird one--I created a test file:<?php $module = array('acNo' => "123",'txnkey' => "456"); $basket = array('total' => "123.45"); $fp_sequence = '2'; // '123456-123456-1234'.'1449433599'; $fp_timestamp = '1449433599'; $fingerprint = _getFingerprint($module['acNo'],$module['txnkey'],$basket['total'], $fp_sequence, $fp_timestamp); echo '<br />module: '; print_r($module); echo '<br />basket:'; print_r($basket); echo '<br />x_fp_sequence: '; print_r($fp_sequence); echo '<br />x_fp_timestamp: '; print_r($fp_timestamp); echo '<br />x_fp_hash: '; print_r($fingerprint); function _getFingerprint($api_login_id, $transaction_key, $amount, $fp_sequence, $fp_timestamp) { echo '<br />raw_fingerprint: '; print_r($api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^"); echo '<br />txn_key (ignore the carets): '; print_r("^".$transaction_key."^"); if (function_exists('hash_hmac')) { echo '<br />encode method: '; print_r('hash_hmac'); return hash_hmac("md5", $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key); } echo '<br />encode method: '; print_r('bin2hex_mhash'); return bin2hex(mhash(MHASH_MD5, $api_login_id . "^" . $fp_sequence . "^" . $fp_timestamp . "^" . $amount . "^", $transaction_key)); } ?>This uses incredibly simple values for the test.Raw Fingerprint: 123^2^1449433599^123.45^Key: 456The hash returned is: 6de7b34a688454ea16625224e8bb936eI then used an online hash generator at http://www.freeformatter.com/hmac-generator.htmlIt returned the same hash.I then used the Authorize Error Checker at https://developer.authorize.net/api/reference/responseCode99.htmlIt returned a different hash.So, I'm thinking there is something wrong with Authorize.net. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 6, 2015 Author Share Posted December 6, 2015 Interesting. Have you double checked your cart and tried to process an order from Authnet?Should we both contact Authnet with what happened with your test and tell them they are screwed up?The processing for me is working when I use AIM, it is giving me the 99 code when I use SIM.I would much prefer to use SIM as I think it is safer for me security wise, and the ability to check decline codes etc. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 7, 2015 Author Share Posted December 7, 2015 New InfoI just had another long conversation with Authnet suportOne of the possible reasons for the error is I had not set a hash code on the authnet site.I did that while on the line with authnet support.The question now is, where do I put the code for the MD5 Hash setting in the authnet module?Also, the support person told me the SIM should be sending the info tohttps://secure2.authorize.netas opposed tohttps://secure.authorize.net Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 7, 2015 Share Posted December 7, 2015 There is no such instruction in the Developer's docs that says a hash code must be set in the merchant account's settings panel. And I do not recall doing that for the times I created an Authorize.net account.I can log into my Authorize.net account and look around -- what did Authnet support say to do?The documentation says secure is "legacy" but still operational. And so it is with the store I manage. Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 8, 2015 Author Share Posted December 8, 2015 The tech I spoke with suggested that may be the reason. And when we looked at the fingerprint we saw there was no Hash being sent over in it.She said she personally prefers to use AIM as there is more flexibility, though with SIM it is easier for Authnet support to find info as it stays on their site rather than being processed on an AIM site.On my site, AIM is working but SIM is not. Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 8, 2015 Share Posted December 8, 2015 "when we looked at the fingerprint we saw there was no Hash being sent over in it"The fingerprint is a hash. Actually, among the form data sent to Authnet, there is a hidden input, "x_fp_hash" and it's value is a 32-character string of letters.Was the tech able to see that the 32-character string of letters was not there? Quote Link to comment Share on other sites More sharing options...
LaughingHorse Posted December 8, 2015 Author Share Posted December 8, 2015 I just read her the fingerprint as it appeared in the error and then gave her what the text between the carats represented e.g. x_login, etc. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.