cancel
Showing results for 
Search instead for 
Did you mean: 

SIM: Receipt page - Going from https:// to http://

I'm using Authorize.net's SIM for integrating into my site, because the client doesn't have SSL. So the integration works GREAT, except for one small detail. On the receipt page (that is hosted by Authorize.net), I have the x_receipt_link_method set to POST, as I need the approval sent back to my site so I can do my calculations. So the receipt page has  a button to go back to my site. However, when you click the button, I get a popup error that says:

 

"Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"

 

All of the encryption stuff is done. The sensitive information is no longer being used, so there is no harm in going to this unencrypted connection. However, I can't tell the customers that. They see this popup warning, and they will click cancel, and authorize.net will not communicate with my site and I won't see the response. 

 

I understand that this is NOT an Authorize.net generated error. The error comes because the receipt page is on a secure connection and the link is going to an unsecure connection. What I need help with is figuring out a way to suppress that warning, or some way to go from https to http, with the post information and not have that warning pop up. I know that if the x_receipt_link_url was a secure link, there wouldn't be a problem. But since the client site doesn't have an SSL certificate, I can't have a secure link there, which is the WHOLE REASON I'M USING SIM.

 

I'm using Firefox, if that matters. Is anyone else having this problem and is there a workaround? Thanks for any help you can provide!

1callservice
Member
1 ACCEPTED SOLUTION

Accepted Solutions

Set up a callback page and complete the transactions using that. Change the method to LINK.

View solution in original post

TJPride
Expert
7 REPLIES 7

Set up a callback page and complete the transactions using that. Change the method to LINK.

TJPride
Expert

Thanks! That's exactly what I needed!

Ok, I must be an idiot, but what exactly do you mean by "set up a callback page"? 

Go into your account, go to Settings -> Silent Post URL. Put in the URL (preferably with https) of a page on your site that you set up for this. Every time a transaction goes through now, this page will be sent a POST by Authorize.net, which can be accessed as follows (if you're using PHP):

 

<?php
require_once($_SERVER['DOCUMENT_ROOT'] . '/library/mysql.php');

// Want to log everything so we have an activity report
// in case something goes wrong with the code
$logfile = "{$_SERVER['DOCUMENT_ROOT']}/logs/callback.txt";
$handle = fopen($logfile, 'a');

// Eliminate fields we don't care about or don't want to
// include in the log
foreach (array('x_method', 'x_account_number', 'x_phone', 'x_fax', 'x_email', 'x_invoice_num', 'x_type', 'x_ship_to_first_name', 'x_ship_to_last_name', 'x_ship_to_company', 'x_ship_to_address', 'x_ship_to_city', 'x_ship_to_state', 'x_ship_to_zip', 'x_ship_to_country', 'x_tax', 'x_duty', 'x_freight', 'x_tax_exempt', 'x_po_num', 'x_cvv2_resp_code', 'x_cavv_response', 'x_test_request') as $key)
    unset($_POST[$key]);

// Log remainder
fwrite($handle, print_r($_POST, true));

// 'payment_type' is a custom field I added to every AIM
// transaction so it's easy to identify which transactions 
// are ARB. Probably be simpler for you to just mark the ARB
// subscriptions and test for that.
if ($_POST['payment_type'] != 'SINGLE') {
    if (!$link = db_connect())
        fwrite($handle, "Unable to connect to database.\n");

    // x_cust_id is the customer record number in my db
    elseif ($_POST['x_response_code'] == 1 && $_POST['x_cust_id']) {
        $query = queryMysql("
        INSERT INTO payments SET company = {company}, payment = {payment}, type = 'MONTHLY', paid = NOW()",
        array(
            company => $_POST['x_cust_id'],
            payment => $_POST['x_amount']
        ));

        if (!$result = mysql_query($query, $link))
            fwrite($handle, "ERROR: Unable to add payment record to database.\n");
        else
            fwrite($handle, "Payment record added to database.\n");

        // Just a quick representation of what you might do
        // to update a subscription when payment comes through
        $query = queryMysql("
        UPDATE companies SET payment_due = payment_due + INTERVAL 1 MONTH WHERE idn = {company}",
        array(
            company => $_POST['x_cust_id']
        ));

        if (!$result = mysql_query($query, $link))
            fwrite($handle, "ERROR: Unable to update company expiration date.\n");
        else
            fwrite($handle, "Company expiration date updated.\n");
    }

    else fwrite($handle, "ERROR: No response code and/or customer ID.\n");
}
else fwrite($handle, "SKIPPED: Single payment, already added to database by submitting page.\n");

print 'complete';
?>

 

If you just want to see everything sent to the callback (relay response) page, use this instead and send through one transaction.

 

<?php
$logfile = "{$_SERVER['DOCUMENT_ROOT']}/logs/callback.txt";
$handle = fopen($logfile, 'a');
fwrite($handle, print_r($_POST, true));
?>

 

Thanks for the quick response.

 

Just so I/we are clear.  I am using the SIM method and like the thread starter don't have an SSL on our site and therefore cannot put in a URL (with HTTPS) anywhere.  Also, Authorize.net's SIM Guide states that they "Removed reference to Silent Post, since it does not apply to merchants using the hosted payment form." - April 2011.

 

I am happy to give this a try and if it works report back, but you are using this method with AIM correct?

 

Again, thanks for the help.

I am happy to report that this does in fact work with the SIM method.  However, I have to wonder for how long ...

Not documenting it doesn't mean they will remove it. Silent Post is supposed to be triggered by any charge, once you turn it on.