cancel
Showing results for 
Search instead for 
Did you mean: 

Trying to get PHP code to charge a credit card

Please can somebody help me? We are a small non-profit. Our HTML donation page needs the PHP code to charge credit cards. The code in the PHP developer's area here requires vendor/autoload.php and constants/SampleCodeConstants.php. I cannot find those files anywhere. I don't have the time (or intelligence) to figure out how Composer works.

If I can just get the complete PHP code for charging a credit card, with the dependent files, I can move forward and debug it, etc. If someone could help me get that I would be soooo grateful! (Our old interface code was written in CGI and Perl and recentlly stopped working, so we can't get donations.)

BCamenker
Member
10 REPLIES 10
@BCamenker

You have PCI considerations and the charge a credit card script might not be right for you. The list of requirements to be compliant with that integration method is 67 pages long. I would get either simple checkout or accept Hosted. Simple checkout is much easier. I’m not sure right off hand what the specific dependencies are for accept hosted (or to charge a cc with the API). I would recommend you hire a developer to help you.
Renaissance
All Star

Interesting. If this is impossible for a regular programmer to do (have to hire a "developer") then why make such a big deal about all the sample code and the sandbox? It gives the impression that a small organization can charge credit cards on a web page without having to shell out thousands of dollars to a custom programming house.

The simple checkout is too constrained for what we need to do. But I guess we'll have to use it anyway.

 

Doing the coding can be pretty easy.  It just depends on what functions you need.  The PCI requirements is what can take the time.

Since you are small, I would recommend hosted Accept.js and is the lowest SAQ A PCI requirement.

https://developer.authorize.net/api/reference/features/acceptjs.html

 

See the section: 

USING THE JAVASCRIPT LIBRARY (WITH THE HOSTED FORM)

for the HTML code.  Then you just create a PHP page like.

https://github.com/AuthorizeNet/sample-code-php/blob/master/AcceptSuite/create-an-accept-payment-tra...

 

SampleCodeConstants.php is in the sample root on Github and the autoload.php is in the PHP SDK.

 

If you are using something like Wordpress, there are usually addons you can buy that don't need coding.

kabutotx
Regular Contributor
@BCamenker

You may have a different definition of what a developer vs programmer is than I do. I use both loosely. I was not suggesting you Shell out thousands. There are a few separate things. One is you need to install composer but are not comfortable that you could do it alone. For that I recommend hiring a developer and IMO charging more than $50 to do that is excessive. If you have a Windows OS I can tell you how to do it for free.

The second consideration you have is PCI requirements. the charge a credit card script on the sample code here is SAQ D scope. It has too many requirements for many small businesses. As the user above posted, Accept Hosted or Accept.js are very good alternatives that have very few PCI requirements.

You have to put things in perspective. You can probably meet your PCI requirements for SAQ D for $10k to $16k a year. Maybe less. It is hard to say in general terms. With Accept Hosted you have no real expense to be compliant. It is very simple, and you have every feature you could want minus some customization options for the form. $10k to $16k a year is doable for many small businesses, but they may not consider it worth it to have such extra overhead for the sake of a UI concern.

In regards to the sample code, I find it all very useful.

I really hope you can help me. I've spent an entire day getting nowhere. I'm not a novice; I was a C++ programmer on complicated DOD projects for about 20 years. I'd like to use the PHP interface, but Composer is meant for PC use and I do my programming on the the web, not on the PC. Why can't they just give us a library to load? That's how they did it before with CGI/PERL, which they've now discontinued.

I would like to use Accept.js instead. But the problem I see with Accept.js is that it does not accept the firstname, lastname, and address fields -- which my bank requires. It only accepts the combination firstname-lastname and zip code! Or is there a way to include the fields I want, plus email address?

All I want to do is solve this thing and get back to my normal work which is piling up. You can't even talk to anyone at Auth.net, so I hope you can help me. We're also losing a ton of money in lost donations while our site is down. Thanks in advance.

Well, I seem to have made some excellent progress, working last night and this morning. I've got the PHP API sample code working on our website!! Now all I have to do is make it work with our data entry form, and have that PCI compliant for the size of organization we are. But the hard stuff is definitely behind me!

A major part of the problem was figuring out what might seem to most of you to be obvious. If the documentation had described how to run Composer in the DOS box, while in the directory that the API files are in, and then copy the Vendor directory to the root of my website, then run the sample code from the root directory, that would have saved me a ton of time. But I had to figure all that out thru trial and error. It also would have been nice to describe what the whole Composer concept is, for those who are used to other languages -- tho admittedly that may be beyond the scope of what Auth.net needs to do. Now that I understand all that, I can pretty much run with it.

 

@BCamenker

Sorry I missed you and glad you made it. I’ve been glued to a project. The easiest way to be PCI Compliant is to use Accept Hosted. It is a tad different from Accept.js and very easy to implement. IMO Accept is perfect for most small businesses.

You wanted to avoid shelling out thousands, and Accept is the way to do it. The sample code you want to use for that is the getAnAcceptPayment page, if you go this route.

To see the difference in compliance, go to the PCI document library and look at the SAQs. The charge a credit card script in the reference puts you at SAQ D scope. Accept Hosted puts you at SAQ A. The PDFs for those will have your requirements.

Accept Hosteed does look like a good approach, and more secure, etc. But at this point I have the PHP API code working and tested. Maybe in a few months when I have some time I'll revisit this and give it a try. I appreciate your suggestion on this. I have a feeling, as you mentioned, that had I started out using Accept Hosted I could have done this project quicker, though there would probably still be some things I'd need to figure out on my own.


@kabutotx wrote:

Doing the coding can be pretty easy.  It just depends on what functions you need.  The PCI requirements is what can take the time.

Since you are small, I would recommend hosted Accept.js and is the lowest SAQ A PCI requirement.

https://developer.authorize.net/api/reference/features/acceptjs MyPrepaidCenter.com

 

See the section: 

USING THE JAVASCRIPT LIBRARY (WITH THE HOSTED FORM)

for the HTML code.  Then you just create a PHP page like.

https://github.com/AuthorizeNet/sample-code-php/blob/master/AcceptSuite/create-an-accept-payment-tra...

 

SampleCodeConstants.php is in the sample root on Github and the autoload.php is in the PHP SDK.

 

If you are using something like Wordpress, there are usually addons you can buy that don't need coding.


There are a few separate things. One is you need to install composer but are not comfortable that you could do it alone. For that I recommend hiring a developer and IMO charging more than $50 to do that is excessive. If you have a Windows OS I can tell you how to do it for free.

The second consideration you have is PCI requirements. the charge a credit card script on the sample code here is SAQ D scope. It has too many requirements for many small businesses. As the user above posted, Accept Hosted or Accept.js are very good alternatives that have very few PCI requirements.