My credit card information form (authorize_net_form(), I think) isn't being generated - instead I get an 'Access denied' error.

The user's workflow is successful up until the user clicks "Place your order" on the "Review and submit" page (/cart/review). At this point, the user is directed to /store/payment/authorize_net/* and the page switches to https. Here, the cart appears empty and the user gets an access denied error.

Strangely, the "Access denied" page prints out twice (doctype thru </html> + doctype thru </html>). The contents of the first page are only the 'access denied' title and 'you are not authorized' text, and the contents of the second page contains the following html:

<div id="squeeze">
  <h1 class="title">Access denied</h1>
  <form action="/ecom-testing/drupal/store/payment/authorize_net/17"  method="post" id="authorize-net-form">
    <div>
      <input type="hidden" name="form_token" id="edit-authorize-net-form-form-token" value="ad2f0aaf79bacf0e86d945d81cd3df4b"  />
      <input type="hidden" name="form_id" id="edit-authorize-net-form" value="authorize_net_form"  />
    </div>
  </form>
</div> <!-- /squeeze -->

I get the access denied error in every situation I can think of to test: authorized user, anonymous user, uid=1...

I have also tried forcing each page to load as https by forcing on the 's' in the browser in case the jump to secure is what's messing it up. This also doesn't work, but maybe the "Place your order" button forces it to http and then redirects it to https? I just can't figure this out on my own. Hopefully these details will help someone help me!

Other than what I've already mentioned, here's the details of my setup:

  • GoDaddy hosting
    • they say I have access to CURL
  • i have SSL on my domain
  • drupal 5.2
  • ecommerce 5.x-3.3
    • Flexible anonymous purchasing policy
  • authorize.net module + payment gateway
    • my authorize.net merchant toolbox says that my account is in test mode
    • authorize.net module 'test mode' radio button is currently set to disabled, but I have tested it in the 'enabled' position as well
    • authorize.net module settings:
  • no subscription or electronic products - just real products for sale
  • token 5.x-1.8

Thoughts, anyone?

Comments

gordon’s picture

Make sure that you are logged in as the user that created the transaction.

nineja’s picture

I have tested this numerous times — as an anonymous user, as uid = 1, and as a "customer" that has registered with my store. Every time I get the same problem.

Maybe I wasn't clear above - I never get to the page where I fill in my credit card information.

When I go to Administer>E-Commerce, I have 18 payments pending. These are all of the transactions that I have attempted. All of them failed because the credit card information page didn't load. (Instead, I got the access denied error and my cart emptied itself.)

When I click "Payments pending" all of the transactions (1-18) have payment status=pending and workflow status=received (although no emails ever get sent to the store owner or to the customer).

nineja’s picture

If it might help, I could send the URL of the test site via email.

gordon’s picture

Status: Active » Fixed

Please re-open if you are still having this issue

Anonymous’s picture

Status: Fixed » Closed (fixed)
Dabitch’s picture

I'm interested in what turned out to be the fix for this as I am experiencing a similar problem.

When I test (user 1) it all works fine. Even my test users (of various cration dates and roles) can go through the payment pages just fine. On several browsers it works.

However, when a co-worker tested this logged in as him (non-admin user) he got the 404 instead of the credit card information form: strangely he also had to log in one more time before being allowed to 'checkout'. I've emailed a few other people who also get the 404 exactly like he does, and exactly like the nineja describes above. All of their transactions end up in payments pending.

What is the cause f the 404 and how can I fix it like you seem to have done above? I'm using 5.x-3.3 so if it was fixed in this release, it wasn't fixed enough. ;)

nineja’s picture

Status: Closed (fixed) » Active

Interesting. I still have not fixed the problem. I actually had to launch the site with PayPal only because I couldn't resolve this issue.

I'm hoping that eC4 will fix the problem, but I'm waiting for a non alpha/dev release. *crossing fingers*

Also, re-post here if you have found the solution!

hesolares’s picture

There are several things that are required to make this shopping cart work with both Authorize.net and a Godaddy account. I kept on getting errors and or a blank page after attempting submission of payment to Authorize.net. This is what I did after a great deal of trial and error, plus a lot of wasted time.

1. SSL certificate
2. PHP CURL (automatically available in shared Linux Godaddy hosting accounts)
3. Modification of the authorize_net.module to include proxy settings required by the Godaddy PHP CURL installation.

This is the original code plus my added modification in the authorize_net.module:

// Start CURL session
$ch = curl_init();

//added by me
curl_setopt ($ch, CURLOPT_HTTPPROXYTUNNEL, TRUE);
curl_setopt ($ch, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
curl_setopt ($ch, CURLOPT_PROXY,"http://proxy.shr.secureserver.net:3128");
//end of add

//continue of original code
curl_setopt($ch, CURLOPT_URL, variable_get('authorize_net_url', 'https://secure.authorize.net/gateway/transact.dll'));
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_NOPROGRESS, 1);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $uri);
curl_setopt($ch, CURLOPT_TIMEOUT, 120);
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt($ch, CURLOPT_REFERER, $payment_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$buffer = curl_exec($ch);
curl_close($ch);

//end original code

It's working great now..finally!

brembold’s picture

Version: 5.x-3.3 » 5.x-3.4

I am also getting this problem...

Tho I am hosting my own website... I am running OpenSuse 10.3, Drupal 5.7, php has curl enabled. I believe I have everything working the way it should. I have a GoDaddy SSL cert but am hosting the website myself, so that is the only difference.

I get to the same page and click place your order and get my custom access denied page. Was there any resolution to this?

Thanks in advance!
Bryan

davea’s picture

several things to check:
- is SSL properly configured for the secure domain? you can test this by setting secure pages to make ALL pages SSL. This will verify that Secure Pages and SSL are getting along properly.
- user permissions are set for the module?
- ensure that the Authorize.net module is configured with proper credentials
- ensure that ecommerce has only this single method available for payment. That is, Authorize.net

Please post any results.

Thanks!
DaveA

Thomas Sewell’s picture

Secure Pages config that works with authorize.net:

Pages which will be secure:
user/*
admin*
cart/*
cart
store/payment/*
store/payment

Ignore Pages:
*/autocomplete/*
cart/add/*

I ran into a similar problem until I added the payment pages to my secure pages config.

billywig’s picture

Thank you Thomas. This was very helpful!

davea’s picture

Status: Active » Closed (fixed)

I have added additional error messages to the authorize.net module to help future users of ecommerce. This is available in the latest dev version of ec3 as of this date.

Thanks,
DaveA