Hi again everyone, I am now well under way with MIVA scripting and custom modules. Hopefully I can soon start getting useful enough to help out with answering other newbies questions, but for now I am still going to be a pest and ask if there is anybody out there who would be kind enough to look through what I am doing and point out where I am making my mistakes. :)

I believe that I am now calling out to my custom payments section correctly, but the calling back into MIVA must be missing something.

I have got my compiled .mv file with the following functions declared in it:
Module_Description
PaymentModule_Payment_URL (Goes off to my http://127.0.0.1/Paymentpage.aspx)
PaymentModule_Payment_Hide_Additional_Fields
PaymentModule_Payment_Methods
PaymentModule_Manipulate_Shipping
PaymentModule_Payment_Description
PaymentModule_Payment_Message
PaymentModule_Payment_Fields
PaymentModule_Authorize (At the moment this just returns 1)

I set up the OSEL page to have the PaymentMethod value set to "module:code" because there is only this one way to pay. Then on the OPAY screen I have the forms action set to &mvt:payment:url;
This all seems fine and I go out to my payments module where I collect the card's details and then try and set up a post back into merchant.mvc. When posting back I set up hidden inputs Screen=INVC and Action=AUTH and store code is what is expected.
Because I have set the function PaymentModule_Authorize to return "1" then I was kind of hoping that it would carry on to the invoice screen after I returned from the aspx part, but I am getting the error:

Runtime error in 5.00/merchant.mvc @ [0000000d:000003c2]: merchant.mv: Line 979: MvDO: Unable to open '/mm5/5.00/': The system cannot find the path specified.

Do you think there are parts missing from my compiled script that might be causing this, or can anybody see obvious errors with my methods that I should check into?

Cheers for any hints,

Lindsay.

Although it's hard to be specific without seeing the code, I can suggest a few things. When returning from your payments script to Miva, you need to pass along a few more parameters. You almost certainly need Session_ID and Store_Code, and probably PaymentMethod, and maybe some others. Saving and restoring these is sometimes tricky, but if you're writing the payments page, you should be able to pass them through easily enough.

Hope that helps. If not, send me the source code and a check for $2000 :^) .

Cheers for the hint, yeah passing those back in gets me right where I want to be, I can now complete my first transaction WEHEYYYY

thanks again for all your help. Sorry, I cant afford the 2000 and I want to learn this for myself :) .

If you have a min to cast a thought over this however I think my method may be easily hackable but I am not sure:

So now I get to the OPAY screen with no inputs, and I pass out to my SSL area of the server (via <form method="post" action="&mvt:payment:url;">)
It uses a hidden input to send out the Session_ID to my SSL area.
The payment module also just returns 1 for the following 2 functions:
<MvFUNCTION NAME="PaymentModule_Authorize" PARAMETERS="module var,module_data,total,data var,secure_data var"
STANDARDOUTPUTLEVEL="">
<MvFUNCTIONRETURN VALUE="1">
</MvFUNCTION>
<MvFUNCTION NAME="PaymentModule_Payment_Validate" PARAMETERS="module var,pay_data" STANDARDOUTPUTLEVEL="">
<MvFUNCTIONRETURN VALUE="1">
</MvFUNCTION>

I then gather the card details, and do my transaction.

The dotnet part then passes back into miva with the details you suggested and the session_ID set to what was passed out to it where it now completes the transaction and takes me to the INVC screen (I'm well happy with this).

But does that sound like a hacker could quite easily grab the session ID and post back into MIVA and complete the transaction bypassing my transaction method or does MIVA do some clever testing to make sure that it was posted back to from the &mvt:payment:url ?

Do I need to work on tidying up my code now that I have got the basic thing working?

Any thoughts on this would be greatly appreciated,

Lindsay.

It's true that there is something of a security risk in this setup. I did a custom project recently, where the payment server returned some encrypted data, and the Miva module had to use an MvCALL to verify this within the PaymentModule_Authorize function. Some other developers may have other ideas for you on ow to make this more secure.

Dear djlins,

I am totally new to Miva and I had to get involved to implement a custom payment module for a customer. Reading the documentation of Miva I thought it is best to use the existing PHP implementation we have (i.e. I use a CGI gateway which is what you did as well).

My first problem is very simple (I think). Which Miva variable can I use to pass the order amount to the CGI gateway?

Then, once the payment is processed through the CGI gateway, how do I send results back to Miva? Should I write another script?

Thanks for your assistance in advance.

Hi there,

in short I had to use miva hidden inputs in the page to pass variables out to my payments. I then had to write a miva script (.MV) file to add a payment module that called out to the URL (setting PaymentModule_Payment_URL) where my payments method sat.

Use the script compiler to make the compiled version of the payments module to use (it basically had all default functions that it needed, except for the calling URL to my ASP payments functions). Then from my ASP page I set up the hidden variables with sessionID and screen, action, store code etc, and then posted control back to merchant.mvc? and it completed the payment.

I hope this helps you out a bit.
Cheers,
Lins.

Thanks Lins,

More or less this is what I am doing.

However, I cannot figure out which Miva variable to use for the amount to be charged to the card.

Thanks,
Michael

okay - On my OPAY screen I have got the following:

<input type="hidden" name="TotalPrice" id="TotalPrice" value="&mvt:basket:total;">
<input type="hidden" name="PaymentMethod" id="PaymentMethod" value="Datacash:meth1">
<input type="hidden" name="SessionID" id="SessionID" value="&mvt:global:session_ID;">

(make sure they are inside the <form> )

and then from my payments screen I just use:
Request.Form("TotalPrice") etc...

:)

Thanks a million!!!

If I need you for how to return the result back to Miva I might come back to you (I hope I won't need to disturb you again).

Hello Lins,

As I expected, I am stuck again so your help will be greatly appreciated.

Basically, with your help, I now manage to go to the payment gateway and process payment. Then, in my PHP page I have hidden fields for Store_Code, Action and Session_ID. In addition, I have a field called Authorization_Failure and one called Authorization_Failure_Message. The form with the hidden fields submits to merchant.mvc?Session_ID=........

In my PaymentModule_Authorize method I (want to) check Authorization_Failure if it is 1 and then, if it is divert the user to a OPAY to show the Authorization_Failure_Message. If Authorization_Failure is 0 I want to simply complete order and take the user to the invoice screen. The code I use is
<MvFUNCTION NAME="PaymentModule_Authorize" PARAMETERS="module var,module_data,total,data var,secure_data var" STANDARDOUTPUTLEVEL="">
<MvIf expr="{ g.Authorization_Failure EQ 1 }">
<MvASSIGN NAME = "g.Authorization_Failure_Message" VALUE = "{ Authorization_Failure_Message }">
<MvASSIGN NAME = "g.Screen" VALUE = "OPAY">
<MvFUNCTIONRETURN VALUE = "0">
<MvElse>
<MvASSIGN NAME = "g.Screen" VALUE = "INVC">
<MvFUNCTIONRETURN VALUE = "1">
</MvIF>

</MvFUNCTION>


Please note that I am not sure whether in case of a successful transaction I really need to go to INVC and in case of a failure to OPAY as I got this from some examples I found on the net.

Can you please give me your lights?

Thanks in advance.

Hi again. I'm not sure I can help on this part, as I am pretty much a newbie to this myself, and to be honest the actual shop was written by somebody else, and I came in and did the transaction part.

Hopefully somebody else will read this and be able to give you the hints you need for this part.

Sorry matey,

Hope it goes allright,

Lins.

Miva Merchant will automatically set the page depending on the result of PaymentModule_Authorize. If it is successful, shopper will see the INVC and if it isn't, OPAY will be shown. You don't need to set the screen explicitly. In order to set the error message shown in OPAY, you can use Error_Message function as below:

<MvFUNCTION NAME="PaymentModule_Authorize" PARAMETERS="module var,module_data,total,data var,secure_data var" STANDARDOUTPUTLEVEL="">
<MvIF EXPR = "{ g.Authorization_Failure EQ 1 }">
<MvEVAL EXPR = "{ [ g.Module_Library_Utilities ].Message_Error(g.Authorization_Failure_Message) }">
<MvFUNCTIONRETURN VALUE = 0>
<MvELSE>
<MvFUNCTIONRETURN VALUE = 1>
</MvIF>
</MvFUNCTIONRETURN>

I hope this helps.

Thanks for the info cagdas.

What I wonder about is how to I pass info from PHP to Miva. My form which submits to Miva looks like :
<form action="merchant.mvc (https://www.beggin4it.com/mm5/merchant.mvc)" method="POST" name="authResult" >
<input type="hidden" name="Authorization_Failure" value="0">
<input type="hidden" name="Authorization_Failure_Message" value="">
<input type="hidden" name="Action" value="AUTH">
<input type="hidden" name="Screen" value="INVC">
<input type="hidden" name="Store_Code" value="B">
<input type="hidden" name="Session_ID" value="0c276b86ac7eb7619ee524d2de7deeac">
</form>

Does the above look ok to you?

Yes, it looks fine. If you have some custom/system modules installed in your store, you may need to add more actions or other fields but for the standard implementation it looks ok.

For some reason it does not work for me. In theory, if my code was simply
<MvFUNCTION NAME="PaymentModule_Authorize" PARAMETERS="module var,module_data,total,data var,secure_data var" STANDARDOUTPUTLEVEL="">
<MvFUNCTIONRETURN VALUE = 1>
</MvFUNCTION>

my transaction should always complete successfully but it does not.

You can have a look for yourself: simply go to http://www.beggin4it.com/mm5/merchant.mvc and do a purchase (use cagdas/cagdas to login and use cc# 4123412312341234 and any exp. date/cvv). The transaction fails but I do not see the next screen, instead I get an error.

Thanks for all your help.

It looks like there are two errors happening. The first is related to the module paths. The second might be related to tax configuration. (in the latest version line 979 is for giving unconfigured tax error but I don't know which version you have).

For the first one I would recommend trying to replicate the post operation using browser and sending the variables in the query string. Miva Engine will treat POST and GET methods the same. You can better debug what the problem is through a browser. When I tried sending the data you set in the mail through the query string, it seemed fine.

For the second one, you configure the tax settings in the admin and the problem should be fixed. The error is given when there is no tax configuration at all.

I hope this helps.

cadgas, thanks for all info.

I think I start to understand what happens. Inside the mm5 directory we have the various .mvc files, including merchant.mvc. Within mm5 there is also a directory with name 5.00. For some reason it seems that when I submit to mm5/merchant.mvc it tries to go to mm5/5.00/merchant.mvc. Because of the . in 5.00 it parses it as a file and of course, it does not find it, i.e. seems the . is causing the problem. However, why this happens just in this case and not in "internal" Miva screen changes (i.e. only when request comes from PHP)?

Further to the above, I'd like to tell you that I installed my payment module in /mm5/5.00/modules/payment (this is where it was placed by uploading through Miva admin interface). Is this correct?

That is the correct place to place the payment modules. Once you register the module through the admin interface, you can simply copy the newer versions over the old file and they will be in effect.

For the other 5.00 problem, I'm not sure that 5.00 is perceived as a file name. I would say continue investigating. To me it looks more probable that it is something else.

cagdas and lins,

I'd like to really thank you for all your assistance. I finally managed to make it work. The problem was that I was missing the PaymentMethod in the form submitting back to Miva. Also, it seems that PaymentModule_Authorize does not automatically choose between OPAY and INVC screens, this needs to be done explicitly.

Once again thanks for everything.

I need to do basically the same thing I guess... I need to do a call to a remote https server of a merchant account. I read the miva manual and it says the mvcall function doesnt do https etc. So i plan on using a php script the merchant provided to connect to the acccount.. I started mivascripting this week and I havent got to modules yet..

Mao
I know this is forward of me but could i get the source of the .mv you were working on??

Does any1 have any script examples of how I could make a payment module that submits to my php form processing gateway and completes the transaction upon return.. Also to make a module I need to use the 5 api on a linux box? Or can i just use mivascript somehow if I dont need the makefile?
I studied the mivascript manual and made some test scripts but I need to make a module now.