cancel
Showing results for 
Search instead for 
Did you mean: 

$_REQUEST causing amount error in Response Code 99?

When I change the url in the php script below to a php script consisting of just <?php print_r($_POST); ?>, I see that authorize.net is receiving a different fingerprint than when I use the Response Code 99 tool.

I can only guess that the amount obtained via $_REQUEST is different than the amount being sent to authorize.net (which the test script verifies is correct and which matches the one displayed on screen at the top of the following script.) I know it's a numeric value because it's $1 higher when I add +1 to the variable name.

I'm not an expert at the $_REQUEST command and tried unsuccessfully to research its format to answer my question; could it be that here it's not properly formatted for my variable name? Should I reformat it to POST or GET?

Thanks. Sorry if I missed anything in my hours of searching authorize.net and this forum.

<!--
This sample code is designed to connect to Authorize.net using the SIM method.
For API documentation or additional sample code, please visit:
http://developer.authorize.net

Most of this page can be modified using any standard html. The parts of the
page that cannot be modified are noted in the comments.  This file can be
renamed as long as the file extension remains .php
-->

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
  "http://www.w3.org/TR/html4/loose.dtd">
<html lang='en'>
<head>
    <title> Sample SIM Implementation </title>
</head>
<body>

<!-- Print the Amount and Description to the screen. -->
Amount: <?php echo (trim($x_amount)); ?> <br />
Description: <?php echo $x_description; ?> <br />

<!-- This section generates the "Submit Payment" button using PHP           -->
<?php
// This sample code requires the mhash library for PHP versions older than
// 5.1.2 - http://hmhash.sourceforge.net/
    
// the parameters for the payment can be configured here
// the API Login ID and Transaction Key must be replaced with valid values
$loginID        = "verified_correct";
$transactionKey = "udon'twant2know";
//$amount         = 19.95;
//$description     = "Test";
$label             = "Submit Payment"; // The is the label on the 'submit' button
$testMode        = "true";
// By default, this sample code is designed to post to our test server for
// developer accounts: https://test.authorize.net/gateway/transact.dll
// for real accounts (even in test mode), please make sure that you are
// posting to: https://secure.authorize.net/gateway/transact.dll
$url            = "https://secure.authorize.net/gateway/transact.dll";
/////$url = "formprocessor2.php";

// If an amount or description were posted to this page, the defaults are overidden
if (array_key_exists("amount",$_REQUEST))
    { $amount = $_REQUEST["amount"]; }
if (array_key_exists("amount",$_REQUEST))
    { $description = $_REQUEST["description"]; }

// an invoice is generated using the date and time
$invoice    = date(YmdHis);
// a sequence number is randomly generated
$sequence    = rand(1, 1000);
// a timestamp is generated
$timeStamp    = time();

// The following lines generate the SIM fingerprint.  PHP versions 5.1.2 and
// newer have the necessary hmac function built in.  For older versions, it
// will try to use the mhash library.


if( phpversion() >= '5.1.2' )
    {$fingerprint = hash_hmac("md5", $loginID . "^" . $sequence . "^" . $timeStamp . "^" . $amount . "^", $transactionKey);
 }
else 
    { $fingerprint = bin2hex(mhash(MHASH_MD5, $loginID . "^" . $sequence . "^" . $timeStamp . "^" . $amount . "^", $transactionKey)); }
?>
<!-- Create the HTML form containing necessary SIM post values -->
<form method='post' action='<?php echo $url; ?>' >
<!--  Additional fields can be added here as outlined in the SIM integration
 guide at: http://developer.authorize.net -->
    <input type='hidden' name='x_login' value='<?php echo $loginID; ?>' />
    <input type='hidden' name='x_amount' value='<?php echo $x_amount; ?>' />
    <input type='hidden' name='x_description' value='<?php echo $x_description; ?>' />
    <input type='hidden' name='x_invoice_num' value='<?php echo $invoice; ?>' />
    <input type='hidden' name='x_fp_sequence' value='<?php echo $sequence; ?>' />
    <input type='hidden' name='x_fp_timestamp' value='<?php echo $timeStamp; ?>' />
    <input type='hidden' name='x_fp_hash' value='<?php echo $fingerprint; ?>' />
    <input type='hidden' name='x_test_request' value='<?php echo $testMode; ?>' />
    <input type='hidden' name='x_show_form' value='PAYMENT_FORM' />
    <input type='submit' value='<?php echo $label; ?>' />
</form>

</body>
</html>

 

4 REPLIES 4

$_REQUEST is essentially a combination of both the $_POST and $_GET arrays into a combined larger array.  Using $_REQUEST in the sample code allows you to change the amount for testing by simply putting in the url like: http://example.com/sample.php?amount=9.99

 

If you choose to modify the amount either in the URL or by posting a new amount to the script, that amount is placed into the script exactly as it was entered.  It is not trimmed or transformed in any way before being used to generate the fingerprint.  It may be that I'm not exactly understanding the problem you are describing, but if $_REQUEST["amount"] has a value, then there should be no way that that value would differ from what is used to generate the fingerprint.

Trevor
Administrator Administrator
Administrator
Thanks. I suspect that if (array_key_exists("amount",$_REQUEST)) { $amount = $_REQUEST["amount"]; } is not reading the variable (that it is not properly referenced) unlike input type='hidden' name='x_amount' value='' which testing reveals is correct.
Thanks. I suspect that if (array_key_exists("amount",$_REQUEST)) { $amount = $_REQUEST["amount"]; } is not reading the variable (that it is not properly referenced) unlike input type='hidden' name='x_amount' value=''lt?php echo $x_amount; ?gt which testing reveals is correct. Sorry for the formatting and incorrect reply a few minutes ago, but my browser doesn't show the HTML insert icon, and replying on a different computer would be very inconvenient, and I missed that it cut some of the text it didn't like in the last post.
<input type='hidden' name='x_amount' value='<?php echo $x_amount; ?>' />

Yep, you're right - the problem is that the code sample is mixing up amount and x_amount, rather than using one or the other all the way through. amount is being used in the hashing, but x_amount is what's being put into the form.

 

I should also mention that the example code quoted is rather messy. It should be printed as a single block with embedded values, rather than having a million echo statements. For instance, something like this:

 

/*  Create the HTML form containing necessary SIM post values
    Additional fields can be added here as outlined in the SIM
     integration guide at: http://developer.authorize.net */

print <<<BLOCK
    <form method='post' action='$url' >
    <input type='hidden' name='x_login' value='$loginID' />
    <input type='hidden' name='x_amount' value='$x_amount' />
    <input type='hidden' name='x_description' value='$x_description' />
    ...
BLOCK;

Putting a whole pile of variables into your global namespace is bad coding as well. I generally either process from $_POST (after the usual validation to prevent inserts or bugs), or transfer from post to a secondary array like $data. You can insert array variables into a print block by wrapping them in curly brackets, like so:

 

print <<<BLOCK
    <form method='post' action='{$data['url']}' >
BLOCK;

 Just thought I'd mention this because I started with echo and global variables and it just made for horribly sloppy code. I learned better back a few years ago.