Update to VirtueMart 3.0.4 - 3.0.6.2 Breaks Authorize.net AIM Payment

[mronayne]

I just upgrade to VirtueMart 3.0.4 and now the following message appears at the top of the "Thank you for your Order" page:

Message
Card Number Invalid
Card CVV Number Invalid or Missing
Expiration Date Invalid

This happens even though the Order actually goes through and is accepted by Authorize.net. This was working properly before the update! Help Please!

I used the upgrade feature from within Joomla.
I am running an "out of the box" vanilla version of Joomla 3.3.6 with the prostar template.
Running on  PHP 5.6.3
MySQLi 5.5.40-cll

[mronayne]

I take this back...
I just eliminated the FlexibleWeb CleanMart template from my test site altogether and this issue still persists. It appears to be an issue with the latest Authorize.net AIM plugin not working properly in Sandbox/Test mode. I have no idea if this issue persists when interacting with the "live" Authorize.net server.

Ignore the below original comment - this issue is still Open!
"After further investigation and debugging I've isolated this issue to the FlexibleWeb CleanMart template and not VirtueMart.
Consider this issue closed in this forum."

[mronayne]

Just want to add another note that this issue is NOT Resolved at this time.

Has anyone else seen this after upgrading?

[mronayne]

Has anyone been able to confirm (or deny) that this is an issue with the Authorize.net AIM plugin distributed with VirtueMart?
I've attached a screen-capture of the error message. This error shows even though the transaction was successfully executed against the Authorize.net Sandbox server.

[alatak]

hello mronayne
I cannot reproduce your problem.
Everything works ok with a test account.
I am running 3.0.6 and i have tested on J3 and J25.
Can you give me the url?

[alatak]

Hello

Can you try to do a checkout with a admin login ? VM displays errors to admin. May be this will help us to understand what happened.

[mronayne]

I sent you a PM with instructions for accessing my site to see this error in action.

[mronayne]

Did you ever get my PM and have you had a chance to look into it?

[alatak]

Hello
no i am sorry. I did not receive any PM.

[mronayne]

Hmmm, Not sure why? No matter. I am in the process of waiting for the latest updates to 3.0.6 to be available. After I install that update I'll re-test the Authorize.Net AIM plugin again to see if I still receive these erroneous earning messages. I'll update this post once I am certain.

For now, in the version of the authorizenet.php that I have, I replaced the code near line 394:

Code Select Expand

if (!$this->_validate_creditcard_data(TRUE)) {
return FALSE; // returns string containing errors

With this:

Code Select Expand


if ($this->_currentMethod->sandbox) {    // MLR added sandbox check to disable this test when in sandbox mode
if (!$this->_validate_creditcard_data(FALSE)) { return FALSE; }
} else {
if (!$this->_validate_creditcard_data(TRUE)) { return FALSE; } // returns string containing errors
}



[T.A. Garrison, LLC]

I'm using Joomla 3.4.0 with Virtuemart 3.0.6 - and my client has this same problem.
The credit card is accepted, confirmed, and when you arrive at the "Thank You" page you get the error.

I'm going to see if making the change as suggested by mronayne will remedy the issue.

I have the site/Authorize.net in TESTMODE so that I can run as many tests as necessary - http://cameraclear.com/index.php/order

Valerie, if you can, please feel free to run a test on the site.

[T.A. Garrison, LLC]

I applied the suggested changes to authorizenet.php and that made no difference.

Valerie?


As you suggested I tried the same test using admin. Following is the result:


Message

Card Number Invalid
Card CVV Number Invalid or Missing
Expiration Date Invalid
×
Error

vmError: Warning extension of the image is a png, tpcdf has problems with that in the header, choose a jpg or gif (will change this, but not a problem)

Notice: Undefined offset: 0 in /home/???/public_html/plugins/vmshipment/istraxx_ups/istraxx_ups.php on line 537
Thank you for your order!
Payment Name    Authorize.netSecure payments through Authorize.net
Order number    6ca3025
Amount    69.81 USD
Transaction ID    0


It seems there is something with the UPS plugin that may be effecting the Authorize.net plugin.

Any thoughts?

[mronayne]

LTCreations,

I am not surprised that my fix does not work for you since my work-around only applies to when you are in "Sandbox" mode.
But, if you don't mind turning off the internal card validation rules you can do the following:

As before, locate this code near line 394

Code Select Expand


if (!$this->_validate_creditcard_data(TRUE)) {
return FALSE; // returns string containing errors


And simply change the paramater to the call to _validate_creditcard_data to FALSE as in

Code Select Expand


if (!$this->_validate_creditcard_data(FALSE)) {
return FALSE; // returns string containing errors


While this disables the internal card verification functions, if the card is bad, Authorize.net will still fail giving you their reasons for declining the card. At least this is how I understand that it works.

This might get you by while waiting for a permanent fix?

[T.A. Garrison, LLC]

Thanks, mronayne.

I'll test that theory to see if it works.
I don't mind turning off the rules as long as they still appear "if/when" there really is a validation problem.
Luckily, this client is not in a hurry to get the site ready for users. So I can take the time to get this issue resolved - workaround or updated file structure from Valerie.

I have others that won't put up with the error, so I'll keep them on the J2.5 and VM2.? until there is a resolve.


OOpppsss....that didn't work.
After turning TRUE to FALSE, I was able to go through the process with a legitimate card.
But, when I used a card (a tester I keep handy) that expired 5 years ago, the orders was "also" processed without any errors.

So, turning off the verification...turns off the verification - period. There is nothing to stop a user from purchasing with a clearly expired card.

[mronayne]

Are you still in TEST MODE because if test mode is turned on at Authorize.net any card will work...
I suspect you aren't but thought I would ask just the same?
It is also very possible that I don't fully understand the logic behind the local card verification routine but I truly thought is was just a local test to validate things like whether the card number really matches the card type and that the Security code is the correct number of digits depending on the card type. It looked to me like it was a very rudimentary test?