+ MD5_HASH_SET_IN_AUTHORIZE_NET = '' # requires restart. This is the value set within authorize.net as your "md5 hash" and defaults to blank if you haven't set one yet.
+
+ def payment_received_notification_sub_step
+
+ passed = params['x_response_code'].to_i == 1
+
+ order = Order.find_by_order_number params['x_invoice_num'],
+ :include => :shipping_address
+ unless order
+ @message = 'Error--unable to find your transaction! Please contact us directly.'
+ # todo double check if they changed any address information (just in case the user didn't set it up for that to be unchangeable, which would, of course, be much better)
+ if order.total != params['x_amount'].to_f
+ logger.error "ack authorize net sim said they paid for #{params['x_amount']} and it should have been #{order.total}!"
+ if md5_hash_check.upcase != params['x_MD5_Hash']
+ passed = false
+ logger.error "ALERT POSSIBLE FRAUD ATTEMPT either that or you haven't setup your md5 hash setting in #{__FILE__} because a transaction came back from authorize.net with the wrong hash value--rejecting!"
- <span class="info">When in test mode, no real orders will be processed.</span>
+ <span class="info">When in test mode, no real orders will be processed. Authorize.net will pass the "testing" flag and paypal will require sandbox (developer) accounts.</span>
+ 'x_fp_hash' => generate_authorize_net_sim_fp_hash(cart), # our 'secure' hash of the transaction
+ 'x_login' => Preference.get_value('cc_login'),
+ 'x_show_form' => 'PAYMENT_FORM',
+ 'x_amount' => cart.total,
+ 'x_fp_timestamp' => cart.created_on.to_i,
+ 'x_fp_sequence' => cart.id,
+ 'x_relay_response' => 'TRUE',
+ 'x_duplicate_window' => '28800', # that many seconds of duplicate window
+ 'x_relay_url' => url_for(:only_path => false, :controller => :authorize_net_sim, :action => :payment_received_notification_sub_step), # this value [http://hostname/authorize_net_sim/payment_received_notification_sub_step] must be setup within authorize.net, too, to be accepted.
+ 'x_address' => address.address,
+ 'x_first_name' => address.first_name,
+ 'x_last_name' => address.last_name,
+ 'x_city' => address.city,
+ 'x_state' => address.state,
+ 'x_country' => address.country.name,
+ 'x_zip' => address.zip,
+ 'x_phone' => address.telephone,
+ 'x_ship_to_first_name' => shipping.first_name,
+ 'x_ship_to_last_name' => shipping.last_name,
+ 'x_ship_to_address' => shipping.address,
+ 'x_ship_to_city' => shipping.city,
+ 'x_ship_to_state' => shipping.state,
+ 'x_ship_to_zip' => shipping.zip,
+ 'x_ship_to_country' => shipping.country.name,
+ 'x_cust_id' => cart.order_user.id,
+ #x_currency_code
+ 'x_email' => cart.order_user.email_address,
+# 'x_email_customer' => '', # email after transaction success
+# 'x_email_merchant' => '', # add in your email if you want authorize to email you. For now we email them if set in prefs.
+ <INPUT TYPE=HIDDEN name='x_freight' VALUE="<%= cart.shipping_cost %>"/> <!-- doesn't seem to work with single values, so we'll add a line item for it -->
+<!-- the user never really sees this message it just flashes on their screen (relayed from us), and redirects them back to the site -->
+Thank you for your purchase to <%= Preference.find_by_name('store_name').value %>! <%= @message %>. Click <a href="<%= url_for(:only_path => false, :controller => :store, :action => :finish_order) %>">here</a> to continue and view your order status.