cancel
Showing results for 
Search instead for 
Did you mean: 

test.authorize.net/gateway/transact.dll instead mysite.com/thankyou.php

I think I'm doing someting wrong but can't figure out what.

 

In Account > Settings > Receipt Page > Receipt Method > Default Receipt Link URL
I entered http://mysite.com/sim.php (sample code).
Receipt Metod is POST.
In Account > Settings > Relay Response > Default Relay Response URL > I entered http://mysite.com/relay_reponse.php with only this code:
<?php
print_r($_POST);
?>
In sim.php I added to sample coe the following form code
<input type="hidden" name="x_relay_response" value="true">
<input type="hidden" name="x_relay_url" value="https://mysite.com/ relay_reponse.php">

 

When I submit the credit card form I’ll get the POST array on screen, as I requested on relay_reponse.php file but the URL is still showing https://test.authorize.net/gateway/transact.dll ?!? Shouldn’t it be http://mysite.com/ relay_reponse.php? Why?

 

apasalic
Contributor
13 REPLIES 13

First paragraph from http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/Relay-Response-Basics-a...

 

Relay Response Basics

Relay Response is a feature available to merchants using Server Integration Method (SIM) or Simple Checkout. It instructs the payment gateway to return transaction results to the merchant using an HTML form POST to a specified URL on the merchant's Web server. A script or program at the URL can be used to create a custom receipt page using the transaction information. The custom receipt page is then relayed back to the customer's browser. Relay Response does not redirect the end user back to the merchant’s server, but relays the page content to the end user instead of displaying the Authorize.Net default receipt page.

RaynorC1emen7
Expert

Or, to put it graphically...

 

Order Form -> Authorize.net -> Receipt Page

                  | ^       -> Error Page

                  v |

           Relay Response Page

          (checks error status, returns receipt or error page URL)

TJPride
Expert

Thanks. I got it. :manhappy:

 

But, since I have to store submitted data in my database and do some $_SESSION changes, I was thinking to use the following code in reley_response.php

 

<script type="text/javascript">
function myfunc () {
var frm = document.getElementById("authdotnet");
frm.submit();
}
window.onload = myfunc;
</script>

<form method='post' action="https://mysite.com/relay_response2.php" id="authdotnet">
<?php foreach ($_POST as $key => $value) { ?>
<input type="hidden" name="<?=$key?>" value="<?=$value?>">
<?php } ?>
</form>

 

to switch from authorize.net to mysite.com and finish "my" work and then show thankyou.php (there are multiple method payments on my site that use the same thankyou page)

 

Is this logic "ok:" or there is better solution?

 

Thanks for help.

 

An internal POST from Authorize.net is not the same as a browser going to your page - the Javascript will be ignored and nothing will happen. You need your PHP code to call your database and/or session and update them before returning the receipt URL to Authorize.net, not do something weird like generate a form and call a second relay response page (what would that gain you, exactly?) Incidently, the session won't trigger automatically either, since it's Authorize.net calling the page and not your customer, so you have to pass the session ID as part of the order data if you want to load the session from the relay response page and modify it.

 

Generally better to avoid sessions entirely, and just use a database record with a passed idn, but I don't have time right now to rewrite your entire ordering process. I wish you good luck.

Why not try it anyway. It might work.

"... An internal POST from Authorize.net is not the same as a browser going to your page - the Javascript will be ignored and nothing will happen..."

- Sorry, but didn't understand this :-(

 

"... You need your PHP code to call your database and/or session and update them before returning the receipt URL to Authorize.net,..."

- I can't update my database before the cc form is submitted beacuse I need Billiing and Shipping data. But if you think to do it after the form is submitted but before relay_respond.php file is called - I have no idea how nor where to put the code?!!?

 

"... not do something weird like generate a form and call a second relay response page (what would that gain you, exactly?)..."

- The reason is once I'm back on mysite.com I can use my session ID (it's not lost) to update database. Within the relay_response.php I can't do anything? I can't connect to database.

 

 

"... Incidently, the session won't trigger automatically either, since it's Authorize.net calling the page and not your customer, so you have to pass the session ID as part of the order data if you want to load the session from the relay response page and modify it.

 

Generally better to avoid sessions entirely, and just use a database record with a passed idn, but I don't have time right now to rewrite your entire ordering process. I wish you good luck..."

@RaynorC1emen7

It works fine. But I wonder if it's correct way to do? Or maybe is bad security solution, or... I don't know. :-)

I think is fine as long as is https. There shouldn't be any confidential info in the post data anyway. The only thing I could think of is  you might not know if an error occur  between relay_response.php and relay_response2.php, but it should be well tested anyway, right?


I just don't understand what he could possibly gain by posting the data from the first relay response page to another relay response page. The first page already has all the data, just do whatever you're going to do there and move on. It's not a matter of security (though I would try to avoid passing around the last 4 of the credit card whenever possible just on general principle), but rather one of it being entirely pointless and increasing the chances of the data being lost before it gets to his database.