OK, I'm one of those "confused" folks mentioned in another thread.
1. My client sends me a panic email - OMG our payment portal is going down, and a copy of the "MD5 Hash End of Life & Signature Key Replacement Update" email.
2. I start to research this. And I research some more. Then even more.
3. OK, I'm confused. There seems to be conflicting stuff in different docs, and different docs telling me I need to be doing different things. What I need is for somebody to point me to "THE COMPLETE IDIOTS GUILD TO GETTING THIS RIGHT WITH NO CONFLICTING INFORMATION".
4. I'm using a relay response method. Current code is below. From what I can tell, in addition to the HD5 end of life, this method has been depreciated and is near end of life too (don't remember ever getting a notice about that), so at some point it will go away. While I'm trying to figure out the HD5 issue, I might as well rewrite the whole thing to whatever the current acceptable method is.
- One place tells me (I think) I should be using Webhooks
- Somewhere else says Authorize.Net API
OK questions ...
1. Exactly what method should I start using?
This is an insurance application, so all I need to send to autho, other then the credit card info, is a transaction number and the amount (see code below). Nothing complicated at all. One time payment per application and done.
2.What will actually happen on March 14, no, 28.
If I want to be lazy (I don't), I can just comment the MD5 lines out a skip any type of hash verification completely at the moment. I'm not saying that's a smart thing to do, but it can be done. There's other security already built into the app. If I did than, would payments would keep processing without me changing anything other than killing the MD5 lines, or will it go down completely until I've rewritten things?
Question one above is the important thing. Considering what I'm doing now, point me to the correct replacement for that. Sheesh, I may be an idiot. Thanks in advance.
Current Stuff: PAYMENT PAGE
require_once 'anet_php_sdk/AuthorizeNet.php';
$relay_response_url = "https://www.MYWEBSITE.com/processing.php?id=".$enrollmentID;
$api_login_id = 'My APD ID';
$transaction_key = 'xxxxxxxxxxxxxxxx';
$amount = "$totaltoCARD;";
$fp_sequence = $enrollmentID
echo AuthorizeNetDPM::getCreditCardForm($amount, $fp_sequence, $relay_response_url, $api_login_id, $transaction_key );
Current Stuff: RESPONSE PAGE
require_once 'anet_php_sdk/AuthorizeNet.php'; // The SDK
$api_login_id = 'My API LOGIN';
$md5_setting = "xxxxxx"; // MD5 Setting
$response = new AuthorizeNetSIM($api_login_id, $md5_setting);
$enrID = $_GET['enrid'];
$transID = $response->transaction_id;
//$transID = htmlentities($_GET['transaction_id']);
$responseC = $_GET['response_code'];
$payDATE = date('Y-m-d');
if ($response->isAuthorizeNet())
{
// ALL MY PROCESSING GOES HERE ....