+ MD5_HASH_SET_IN_AUTHORIZE_NET = '' # requires restart. This is the value set within authorize.net as your "md5 hash" and defaults to blank if you haven't set one yet.
+
+ def payment_received_notification_sub_step
+
+ passed = params['x_response_code'].to_i == 1
+
+ order = Order.find_by_order_number params['x_invoice_num'],
+ :include => :shipping_address
+ unless order
+ @message = 'Error--unable to find your transaction! Please contact us directly.'
+ # http://developer.authorize.net/guides/SIM/ describes what the AVS (address verification) codes returned mean (if people want to use them).
+ # could use x_avs_code, x_cavv_response to decide if we should accept the transaction or not.
+
+ # todo double check if they changed any address information (just in case the user didn't set it up for that to be unchangeable, which would, of course, be much better)
+ if order.total != params['x_amount'].to_f
+ logger.error "ack authorize net sim said they paid for #{params['x_amount']} and it should have been #{order.total}!"
+ logger.error "odd -- authorize.net SIM got a duplicate transaction ##{params['x_trans_id']} (which number is always zero for test transactions)" # still allow it to pass--why not?
+ if md5_hash_check.upcase != params['x_MD5_Hash']
+ passed = false
+ logger.error "ALERT POSSIBLE FRAUD ATTEMPT either that or you haven't setup your md5 hash setting in #{__FILE__} because a transaction came back from authorize.net with the wrong hash value--rejecting!"
- <span class="info">When in test mode, no real orders will be processed.</span>
+ <span class="info">When in test mode, no real orders will be processed. Authorize.net will pass the "testing" flag to all transactions and paypal will use the sandbox.</span>
+ <span class="info">When checked, authorize.net will use test account urls for its credit card transactions. This requires a test account login and password from them.</span>
+ 'x_fp_hash' => generate_authorize_net_sim_fp_hash(cart), # our secure hash of the transaction
+ 'x_login' => Preference.get_value('cc_login'),
+ 'x_show_form' => 'PAYMENT_FORM',
+ 'x_amount' => cart.total,
+ 'x_fp_timestamp' => cart.created_on.to_i,
+ 'x_fp_sequence' => cart.id,
+ 'x_relay_response' => 'TRUE',
+ 'x_duplicate_window' => '28800', # that many seconds of duplicate window
+ 'x_relay_url' => url_for(:only_path => false, :controller => :authorize_net_sim, :action => :payment_received_notification_sub_step), # this value [http://hostname/authorize_net_sim/payment_received_notification_sub_step] must be setup within authorize.net, too, to be accepted.
+ 'x_address' => address.address,
+ 'x_first_name' => address.first_name,
+ 'x_last_name' => address.last_name,
+ 'x_city' => address.city,
+ 'x_state' => address.state,
+ 'x_country' => address.country.name,
+ 'x_zip' => address.zip,
+ 'x_phone' => address.telephone,
+ 'x_ship_to_first_name' => shipping.first_name,
+ 'x_ship_to_last_name' => shipping.last_name,
+ 'x_ship_to_address' => shipping.address,
+ 'x_ship_to_city' => shipping.city,
+ 'x_ship_to_state' => shipping.state,
+ 'x_ship_to_zip' => shipping.zip,
+ 'x_ship_to_country' => shipping.country.name,
+ 'x_cust_id' => cart.order_user.id,
+ #x_currency_code
+ 'x_email' => cart.order_user.email_address,
+# 'x_email_customer' => '', # set to try to have authorize.net email them after transaction success.
+# 'x_email_merchant' => '', # add in your email if you want authorize to email you after transaction success.
+ 'x_invoice_num' => cart.order_number,
+ 'x_header_html_payment_form' => Preference.get_value('store_name'), # displayed at top.
+ 'x_version' => '3.1'
+
+ } do %>
+ <INPUT TYPE=HIDDEN name="<%= setting %>" VALUE="<%= value %>">
+<% end %>
+
+<%
+taxable = cart.tax > 0 ? 'Y' : 'N'
+
+cart.order_line_items[0..27].each_with_index do |oli, n|
+ sanitized_name = h(oli.name[0..31].gsub(/\s*-\s+/, '-').gsub(/\(|\)"/, ' ')) # have no idea why, but if you put a field value of T1000 - Lt. Blue Grey - Youth (17") it chokes. This to avoid that at all costs, despite not knowing why.
+ # note that the second parameter is not shown but must be given (odd)
+ <INPUT TYPE=HIDDEN name='x_freight' VALUE="<%= cart.shipping_cost %>"/> <!-- doesn't seem to work with single values, so we'll add a line item for it -->
+ <INPUT TYPE=HIDDEN name="x_line_item" value="<%="Shipping<|>Shipping Cost<|>Shipping and Handling Cost<|>1<|>#{cart.shipping_cost}<|>#{taxable}" %>">
+<% end %>
+
+
+<% tax_amount = cart.tax
+ if tax_amount > 0 %>
+ <INPUT TYPE=HIDDEN name='x_tax' VALUE="<%= tax_amount %>"/> <!-- add as line item, too- see why above -->
+<%# see http://www.authorize.net/support/SIM_guide.pdf for optional texts/logos you can display besides these if you add them here. Basically you can change the logo, font color and background color. %>
+<!-- the user never really sees this message it just flashes on their screen (relayed from us), and redirects them back to the site -->
+Thank you for your purchase to <%= Preference.find_by_name('store_name').value %>! <%= @message %>. Click <a href="<%= url_for(:only_path => false, :controller => :store, :action => :finish_order) %>">here</a> to continue and view your order status.