You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Ryan Adams <ra...@vitessi.com> on 2000/10/01 22:47:29 UTC
CyberCash and mod_perl Experiences
Hello all,
I'm trying to integrate CyberCash with a shopping system that we've
developed in-house using mod_perl almost exclusively. I haven't been
particularly impressed with the way it installs. We're on a Linux machine
and it has a very NT-centric design, in my opinion.
I have been able to get test scripts to run from the command-line and
through
basic mod_cgi execution, but I can't get consistent results when executing
them via mod_perl ContentHandlers. In looking through their library files,
they are doing some IPC::Open2 calls to executables and some other pretty
ugly
stuff that may or may not be causing the problems.
Does anyone have experience doing this? What approach did you take? Any
good
documentation? I've read all the CyberCash stuff, but it hasn't given me
the
kind of answers I wanted.
Thanks in advance.
Ryan
RE: CyberCash and mod_perl Experiences
Posted by David Alan Pisoni <da...@cnation.com>.
At 11.28 -0400 10/2/2000, Ryan Adams wrote:
<SNIP>
>
>Thanks everyone for listening to me rant. I'll keep you posted on what I
>come up with. I'm toying
>with the idea of writing an CyberCash module for the Business::OnlinePayment
>interface. Anyone have
>any idea where to start?
>
>RYAN
Actually, we wrote a module (we called it Business::Payment) which supported different payment systems in a DBIish way. (We wrote a Business::Payment::CyberCash, and a Business::Payment::CyberSource.) Unfortunately, we never considered CPANing the code, because I think that because it uses knowledge (e.g., the published API) of these payment systems, public release would violate the license agreements of their payment libraries. Furthermore, the systems were just different enough that we had to strip down the use of functionality in order to write Business::Payment code that was cross-platform (between the payment systems.)
I haven't looked at the licenses for these systems for awhile -- does anyone know if they have changed significantly enough to allow for the release of a module such as this?
Enjoy,
--
David Pisoni -- <da...@cnation.com>
Cnation -- <http://www.cnation.com/>
310/228-6900 -- 310/228-6905 (fax)
"What is to give light must endure burning." - Viktor Frankl, author,
neurologist and psychiatrist, Holocaust survivor (1905-1997)
RE: CyberCash and mod_perl Experiences
Posted by Ryan Adams <ra...@vitessi.com>.
Thanks for the info and code. That is essentially what I was doing as well.
I was just
getting a lot of errors. Looking further into their code, they're
misspelling a lot of their
own variable names and have some incorrect regex syntax.
Lots of "Use of uninitialized value in concatenation...", "Use of
unitialized value in substitution..."
filling up my httpd error log.
It may be that I'm doing some thing wrong, so I'll start from scratch and
see where I can get. Some
of my frustration has to do with their goofy installation locations. They
want me to put the .pm's
under a cgi-bin directory, which I don't have since all my dynamic pages run
from ContentHandlers. I
guess what I really wanted was a library that installed like most other Perl
Modules, that didn't
require outside binaries and other such things. They're only making an http
request to their own
server with a message that has been encrypted using DES3. It just seems
like that could be done in
a much easier way than they seem to be doing it. For example, they use
Socket to do the connection,
when it seems like LWP would encapsulate it very well. Same thing with the
external encryption binaries and
the Crypt modules.
And yet, I paid their setup fee, so I feel like I've paid for their software
to work the way I wanted
and rewriting it is effort I shouldn't have to make. I feel like I'm
dealing with Microsoft.
Thanks everyone for listening to me rant. I'll keep you posted on what I
come up with. I'm toying
with the idea of writing an CyberCash module for the Business::OnlinePayment
interface. Anyone have
any idea where to start?
RYAN
Re: CyberCash and mod_perl Experiences
Posted by Vivek Khera <kh...@kciLink.com>.
>>>>> "RA" == Ryan Adams <ra...@vitessi.com> writes:
RA> I'm trying to integrate CyberCash with a shopping system that we've
RA> developed in-house using mod_perl almost exclusively. I haven't been
RA> particularly impressed with the way it installs. We're on a Linux machine
RA> and it has a very NT-centric design, in my opinion.
I never felt that way. It consists entirely of installing 3 *.pm
files and a config file if I recall correctly.
RA> I have been able to get test scripts to run from the command-line
RA> and through basic mod_cgi execution, but I can't get consistent
RA> results when executing them via mod_perl ContentHandlers. In
I used CyberCash from registry scripts without ever having any
problems. We used the "authcapture" method. It took a long time to
refine the error checking, but once done it was quite reliable. We
only ever had failures when the credit card was bad or typed
incorrectly by the user.
RA> looking through their library files, they are doing some
RA> IPC::Open2 calls to executables and some other pretty ugly stuff
RA> that may or may not be causing the problems.
I don't recall them calling external routines, but it has been a
little while since I last checked.
RA> Does anyone have experience doing this? What approach did you
RA> take? Any good documentation? I've read all the CyberCash stuff,
RA> but it hasn't given me the kind of answers I wanted.
No good documentation. I can send you the snippet of my program that
did the CyberCash call(s) and checked return status. Heck, I'll just
post it here. Obviously, you'll have to fill in the details and
change the data structure that holds your order info to be what you
use, not what we use.
# CyberCash config file
my $cychConfigFile = '/path/to/merchant/mck-cgi/conf/merchant_conf';
use CCMckDirectLib3_2 qw(SendCC2_1Server);
use CCMckLib3_2 qw(InitConfig);
if (&InitConfig($cychConfigFile)) {
return "Failed to initialize CyberCash config. Contact administrator!";
}
# fix up some values for CyberCash program
$orderInfo->{card_exp} =~ s|(\d{1,2})/(\d\d)(\d\d)|$1/$3|; # remove century
$orderInfo->{card_number} =~ s/\D//g; # remove non-digits (blanks)
# now charge credit card
my %result = &SendCC2_1Server('mauthcapture',
'Order-ID', "${oidprefix}${orderid}",
'Amount', "usd $orderInfo->{total}",
'Card-Number', $orderInfo->{card_number},
'Card-Name', $orderInfo->{bill_name},
'Card-Address', $orderInfo->{bill_addr1},
'Card-City', $orderInfo->{bill_city},
'Card-State', $orderInfo->{bill_state},
'Card-Zip', $orderInfo->{bill_zip},
'Card-Country', $orderInfo->{bill_country},
'Card-Exp', $orderInfo->{card_exp});
if ($result{"MStatus"} =~ m/^failure/i) {
# mark order as "failed" -- ignore error
$statush->execute('failed',$orderInfo->{card_number},
"$result{MErrMsg} ($result{MErrLoc})",$orderid);
if ($result{"MErrLoc"} =~ m/BANK|CCSP/i) {
return "OID $orderid: Card Declined.";
} else { # if ($result{"MErrLoc"} =~ /CLIENT|MPMT|CCSRVR|SMPS/i)
return "OID $orderid ERROR: $result{MErrMsg} ($result{MErrLoc})";
}
}
# catch non-successful, non failure-hard errors whatever they may be.
if ($result{'MStatus'} ne "success") {
# do not mark as failed, since this is usually transient error
return "OID $orderid TRY AGAIN: $result{MErrMsg} ($result{MErrLoc})";
}
# mangle CC number so we don't use it again
$orderInfo->{card_number} =~ s/^(\d{2})(\d+)(\d{4})$/$1\*$3/;
$ccstatus = "Auth Code: $result{'auth-code'}";
# if you get this far, you have the money.
Re: CyberCash and mod_perl Experiences
Posted by Jonathan Leto <jo...@leto.net>.
I have been using version 3.2.0.4, it definately leaves something to be
desired. Insecure /tmp files, C-ish coding style, no good testing
facilities, it goes on. One thing to note about the perfectly valid
cards failing randomly: one time for a few months one time of credit
card would fail no matter what ( forgot which ), because they had
a broken gateway. Also, they don't seem to notify of outages or anything
of that nature.
Vivek Khera (khera@kciLink.com) was saying:
> >>>>> "YR" == Yann Ramin <at...@atrustrivalie.eu.org> writes:
>
> YR> CyberCash is not reliable. Perfectly valid credit cards fail auth
> YR> at times, and the service has a tendancy to crap out. What the
> YR> book suggested to do was to have a backend which goes and queries
>
> This has never been my experience with cybercash. We were one of their
> first customers, and though things were hard to set up in those dark
> days, their latest incarnation of the software is quite trivial to
> install and use (once you figure out how to program it). It involves
> three Perl modules (pure perl, even) to be installed. Then you just
> "use" the appropriate one, and call the right function.
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Vivek Khera, Ph.D. Khera Communications, Inc.
> Internet: khera@kciLink.com Rockville, MD +1-301-545-6996
> GPG & MIME spoken here http://www.khera.org/~vivek/
--
jonathan@leto.net
"With pain comes clarity."
Re: CyberCash and mod_perl Experiences
Posted by Vivek Khera <kh...@kciLink.com>.
>>>>> "YR" == Yann Ramin <at...@atrustrivalie.eu.org> writes:
YR> CyberCash is not reliable. Perfectly valid credit cards fail auth
YR> at times, and the service has a tendancy to crap out. What the
YR> book suggested to do was to have a backend which goes and queries
This has never been my experience with cybercash. We were one of their
first customers, and though things were hard to set up in those dark
days, their latest incarnation of the software is quite trivial to
install and use (once you figure out how to program it). It involves
three Perl modules (pure perl, even) to be installed. Then you just
"use" the appropriate one, and call the right function.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: khera@kciLink.com Rockville, MD +1-301-545-6996
GPG & MIME spoken here http://www.khera.org/~vivek/
RE: CyberCash and mod_perl Experiences
Posted by Ryan Adams <ra...@vitessi.com>.
I was thinking about Phillip's approach, actually, but the technical details
in his
ACS system are all in Tcl for AOLServer. Also, I'm not really excited
about the liability
involved in storing the credit card number in my database.
I decided to jump in and start hacking the CyberCash perl libraries and they
are full of
junk. They don't use "use strict" and when I put it in all of them, it blew
up. They don't
use scoping in any kind of consistent way and seem to have fundamental
issues
with perl syntax (They used $#Foo to find the size of %Foo - can you do
that? I didn't think
so, and the interpreter didn't seem to either - wanted me to declare
@Foo...)
On a completely unrelated note, my picture is actually in "P&A's Guide to
Web Publishing".
I'm in the section about the dating game. I'm the model they used (not the
girl... ;) the guy
in the suit.
Thanks for the input,
RYAN
-----Original Message-----
From: Yann Ramin [mailto:atrus@atrustrivalie.eu.org]
Sent: Sunday, October 01, 2000 6:06 PM
To: Ryan Adams
Cc: modperl@apache.org
Subject: Re: CyberCash and mod_perl Experiences
I haven't dealt with CyerCash before, but have some ideas which I read from
a
somewhat useful book I got for free (Phillip and Alex's Guide to Web
Publishing).
CyberCash is not reliable. Perfectly valid credit cards fail auth at times,
and the service has a tendancy to crap out.
What the book suggested to do was to have a backend which goes and queries
new orders every x minutes and tries to auth them. They are attempted three
times, and after that rejected (and credit card numbers yanked from your DB,
replaced with a CyberCash reference). That way what the user sees is a
perfectly working system, not knowing that things are dead behind that.
My $0.01
Yann
On Sun, 01 Oct 2000, you (Ryan Adams) might of written:
> Hello all,
>
> I'm trying to integrate CyberCash with a shopping system that we've
> developed in-house using mod_perl almost exclusively. I haven't been
> particularly impressed with the way it installs. We're on a Linux machine
> and it has a very NT-centric design, in my opinion.
>
> I have been able to get test scripts to run from the command-line and
> through
> basic mod_cgi execution, but I can't get consistent results when executing
> them via mod_perl ContentHandlers. In looking through their library
files,
> they are doing some IPC::Open2 calls to executables and some other pretty
> ugly
> stuff that may or may not be causing the problems.
>
> Does anyone have experience doing this? What approach did you take? Any
> good
> documentation? I've read all the CyberCash stuff, but it hasn't given me
> the
> kind of answers I wanted.
>
> Thanks in advance.
>
> Ryan
--
--------------------------------------------------------------------
Yann Ramin atrus@atrustrivalie.eu.org
Atrus Trivalie Productions www.redshift.com/~yramin
Monterey High IT www.montereyhigh.com
AIM oddatrus
Marina, CA
IRM Developer Network Toaster Developer
SNTS Developer KLevel Developer
--------------------------------------------------------------------
Re: CyberCash and mod_perl Experiences
Posted by Yann Ramin <at...@atrustrivalie.eu.org>.
I haven't dealt with CyerCash before, but have some ideas which I read from a
somewhat useful book I got for free (Phillip and Alex's Guide to Web
Publishing).
CyberCash is not reliable. Perfectly valid credit cards fail auth at times,
and the service has a tendancy to crap out.
What the book suggested to do was to have a backend which goes and queries
new orders every x minutes and tries to auth them. They are attempted three
times, and after that rejected (and credit card numbers yanked from your DB,
replaced with a CyberCash reference). That way what the user sees is a
perfectly working system, not knowing that things are dead behind that.
My $0.01
Yann
On Sun, 01 Oct 2000, you (Ryan Adams) might of written:
> Hello all,
>
> I'm trying to integrate CyberCash with a shopping system that we've
> developed in-house using mod_perl almost exclusively. I haven't been
> particularly impressed with the way it installs. We're on a Linux machine
> and it has a very NT-centric design, in my opinion.
>
> I have been able to get test scripts to run from the command-line and
> through
> basic mod_cgi execution, but I can't get consistent results when executing
> them via mod_perl ContentHandlers. In looking through their library files,
> they are doing some IPC::Open2 calls to executables and some other pretty
> ugly
> stuff that may or may not be causing the problems.
>
> Does anyone have experience doing this? What approach did you take? Any
> good
> documentation? I've read all the CyberCash stuff, but it hasn't given me
> the
> kind of answers I wanted.
>
> Thanks in advance.
>
> Ryan
--
--------------------------------------------------------------------
Yann Ramin atrus@atrustrivalie.eu.org
Atrus Trivalie Productions www.redshift.com/~yramin
Monterey High IT www.montereyhigh.com
AIM oddatrus
Marina, CA
IRM Developer Network Toaster Developer
SNTS Developer KLevel Developer
--------------------------------------------------------------------