RE: CyberCash and mod_perl Experiences

[David Alan Pisoni]

At 11.28 -0400 10/2/2000, Ryan Adams wrote:


>
>Thanks everyone for listening to me rant.  I'll keep you posted on what I
>come up with.  I'm toying
>with the idea of writing an CyberCash module for the Business::OnlinePayment
>interface.  Anyone have
>any idea where to start?
>
>RYAN

Actually, we wrote a module (we called it Business::Payment) which supported different 
payment systems in a DBIish way.  (We wrote a Business::Payment::CyberCash, and a 
Business::Payment::CyberSource.)  Unfortunately, we never considered CPANing the code, 
because I think that because it uses knowledge (e.g., the published API) of these 
payment systems, public release would violate the license agreements of their payment 
libraries.  Furthermore, the systems were just different enough that we had to strip 
down the use of functionality in order to write Business::Payment code that was 
cross-platform (between the payment systems.)

I haven't looked at the licenses for these systems for awhile -- does anyone know if 
they have changed significantly enough to allow for the release of a module such as 
this?

Enjoy,
-- 
David Pisoni -- <[EMAIL PROTECTED]>
 Cnation -- 
310/228-6900 -- 310/228-6905 (fax)

"What is to give light must endure burning." - Viktor Frankl, author,
neurologist and psychiatrist, Holocaust survivor (1905-1997)

Re: CyberCash and mod_perl Experiences

[Dragomir Kamenov]

>I decided to jump in and start hacking the CyberCash perl libraries and
they
>are full of
>junk.  They don't use "use strict" and when I put it in all of them, it
blew
>up.

I believe there is a pretty stable loadable library written in C that can
talk to CyberCash - you might be better off wraping it in a Perl module
instead of hacking Cybercash's crappy perl code...
The library was originally developed by Online Creations
http://www.oncr.com - and it should be available either from them or maybe
through CyberCash.

RE: CyberCash and mod_perl Experiences

[Ryan Adams]

Thanks for the info and code.  That is essentially what I was doing as well.
I was just
getting a lot of errors.  Looking further into their code, they're
misspelling a lot of their
own variable names and have some incorrect regex syntax.

Lots of "Use of uninitialized value in concatenation...", "Use of
unitialized value in substitution..."
filling up my httpd error log.

It may be that I'm doing some thing wrong, so I'll start from scratch and
see where I can get.  Some
of my frustration has to do with their goofy installation locations.  They
want me to put the .pm's
under a cgi-bin directory, which I don't have since all my dynamic pages run
from ContentHandlers.  I
guess what I really wanted was a library that installed like most other Perl
Modules, that didn't
require outside binaries and other such things.  They're only making an http
request to their own
server with a message that has been encrypted using DES3.  It just seems
like that could be done in
a much easier way than they seem to be doing it.  For example, they use
Socket to do the connection,
when it seems like LWP would encapsulate it very well.  Same thing with the
external encryption binaries and
the Crypt modules.

And yet, I paid their setup fee, so I feel like I've paid for their software
to work the way I wanted
and rewriting it is effort I shouldn't have to make.  I feel like I'm
dealing with Microsoft.

Thanks everyone for listening to me rant.  I'll keep you posted on what I
come up with.  I'm toying
with the idea of writing an CyberCash module for the Business::OnlinePayment
interface.  Anyone have
any idea where to start?

RYAN

Re: CyberCash and mod_perl Experiences

[Jonathan Leto]

I have been using version 3.2.0.4, it definately leaves something to be 
desired. Insecure /tmp files, C-ish coding style, no good testing 
facilities, it goes on. One thing to note about the perfectly valid
cards failing randomly: one time for a few months one time of credit
card would fail no matter what ( forgot which ), because they had
a broken gateway. Also, they don't seem to notify of outages or anything
of that nature.  


 Vivek Khera ([EMAIL PROTECTED]) was saying:

> > "YR" == Yann Ramin <[EMAIL PROTECTED]> writes:
> 
> YR> CyberCash is not reliable.  Perfectly valid credit cards fail auth
> YR> at times, and the service has a tendancy to crap out.  What the
> YR> book suggested to do was to have a backend which goes and queries
> 
> This has never been my experience with cybercash. We were one of their
> first customers, and though things were hard to set up in those dark
> days, their latest incarnation of the software is quite trivial to
> install and use (once you figure out how to program it).  It involves
> three Perl modules (pure perl, even) to be installed.  Then you just
> "use" the appropriate one,  and call the right function.
> 
> -- 
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Vivek Khera, Ph.D.Khera Communications, Inc.
> Internet: [EMAIL PROTECTED]   Rockville, MD   +1-301-545-6996
> GPG & MIME spoken herehttp://www.khera.org/~vivek/

-- 
[EMAIL PROTECTED]
"With pain comes clarity."

Re: CyberCash and mod_perl Experiences

[Vivek Khera]

> "RA" == Ryan Adams <[EMAIL PROTECTED]> writes:

RA> I'm trying to integrate CyberCash with a shopping system that we've
RA> developed in-house using mod_perl almost exclusively.  I haven't been
RA> particularly impressed with the way it installs.  We're on a Linux machine
RA> and it has a very NT-centric design, in my opinion.

I never felt that way.  It consists entirely of installing 3 *.pm
files and a config file if I recall correctly.

RA> I have been able to get test scripts to run from the command-line
RA> and through basic mod_cgi execution, but I can't get consistent
RA> results when executing them via mod_perl ContentHandlers.  In

I used CyberCash from registry scripts without ever having any
problems.  We used the "authcapture" method.  It took a long time to
refine the error checking, but once done it was quite reliable.  We
only ever had failures when the credit card was bad or typed
incorrectly by the user.

RA> looking through their library files, they are doing some
RA> IPC::Open2 calls to executables and some other pretty ugly stuff
RA> that may or may not be causing the problems.

I don't recall them calling external routines, but it has been a
little while since I last checked.


RA> Does anyone have experience doing this?  What approach did you
RA> take?  Any good documentation?  I've read all the CyberCash stuff,
RA> but it hasn't given me the kind of answers I wanted.

No good documentation.  I can send you the snippet of my program that
did the CyberCash call(s) and checked return status.  Heck, I'll just
post it here.  Obviously, you'll have to fill in the details and
change the data structure that holds your order info to be what you
use, not what we use.



# CyberCash config file
my $cychConfigFile = '/path/to/merchant/mck-cgi/conf/merchant_conf';

use CCMckDirectLib3_2 qw(SendCC2_1Server);
use CCMckLib3_2 qw(InitConfig);


if (&InitConfig($cychConfigFile)) {
  return "Failed to initialize CyberCash config.  Contact administrator!";
}

# fix up some values for CyberCash program

$orderInfo->{card_exp} =~ s|(\d{1,2})/(\d\d)(\d\d)|$1/$3|; # remove century
$orderInfo->{card_number} =~ s/\D//g; # remove non-digits (blanks)

# now charge credit card
my %result = &SendCC2_1Server('mauthcapture', 
  'Order-ID', "${oidprefix}${orderid}",
  'Amount', "usd $orderInfo->{total}",
  'Card-Number', $orderInfo->{card_number},
  'Card-Name', $orderInfo->{bill_name},
  'Card-Address', $orderInfo->{bill_addr1},
  'Card-City', $orderInfo->{bill_city},
  'Card-State', $orderInfo->{bill_state},
  'Card-Zip', $orderInfo->{bill_zip},
  'Card-Country', $orderInfo->{bill_country},
  'Card-Exp', $orderInfo->{card_exp});

if ($result{"MStatus"} =~ m/^failure/i) {
  # mark order as "failed"  -- ignore error
  $statush->execute('failed',$orderInfo->{card_number},
"$result{MErrMsg} ($result{MErrLoc})",$orderid);
  
  if ($result{"MErrLoc"} =~ m/BANK|CCSP/i) {
return "OID $orderid: Card Declined.";
  } else { # if ($result{"MErrLoc"} =~ /CLIENT|MPMT|CCSRVR|SMPS/i)
return "OID $orderid ERROR: $result{MErrMsg} ($result{MErrLoc})";
  }
}

# catch non-successful, non failure-hard errors whatever they may be.
if ($result{'MStatus'} ne "success") {
  # do not mark as failed, since this is usually transient error
  return "OID $orderid TRY AGAIN: $result{MErrMsg} ($result{MErrLoc})";
}

# mangle CC number so we don't use it again
$orderInfo->{card_number} =~ s/^(\d{2})(\d+)(\d{4})$/$1\*$3/;

$ccstatus = "Auth Code: $result{'auth-code'}";

# if you get this far, you have the money.

Re: CyberCash and mod_perl Experiences

[Vivek Khera]

> "YR" == Yann Ramin <[EMAIL PROTECTED]> writes:

YR> CyberCash is not reliable.  Perfectly valid credit cards fail auth
YR> at times, and the service has a tendancy to crap out.  What the
YR> book suggested to do was to have a backend which goes and queries

This has never been my experience with cybercash. We were one of their
first customers, and though things were hard to set up in those dark
days, their latest incarnation of the software is quite trivial to
install and use (once you figure out how to program it).  It involves
three Perl modules (pure perl, even) to be installed.  Then you just
"use" the appropriate one,  and call the right function.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.Khera Communications, Inc.
Internet: [EMAIL PROTECTED]   Rockville, MD   +1-301-545-6996
GPG & MIME spoken herehttp://www.khera.org/~vivek/

RE: CyberCash and mod_perl Experiences

[Ryan Adams]

I was thinking about Phillip's approach, actually, but the technical details
in his
ACS system are all in Tcl for AOLServer.   Also, I'm not really excited
about the liability
involved in storing the credit card number in my database.

I decided to jump in and start hacking the CyberCash perl libraries and they
are full of
junk.  They don't use "use strict" and when I put it in all of them, it blew
up.  They don't
use scoping in any kind of consistent way and seem to have fundamental
issues
with perl syntax (They used $#Foo to find the size of %Foo - can you do
that?  I didn't think
so, and the interpreter didn't seem to either - wanted me to declare
@Foo...)

On a completely unrelated note, my picture is actually in "P&A's Guide to
Web Publishing".
I'm in the section about the dating game.  I'm the model they used (not the
girl... ;) the guy
in the suit.

Thanks for the input,

RYAN


-Original Message-
From: Yann Ramin [mailto:[EMAIL PROTECTED]]
Sent: Sunday, October 01, 2000 6:06 PM
To: Ryan Adams
Cc: [EMAIL PROTECTED]
Subject: Re: CyberCash and mod_perl Experiences


I haven't dealt with CyerCash before, but have some ideas which I read from
a
somewhat useful book I got for free (Phillip and Alex's Guide to Web
Publishing).

CyberCash is not reliable.  Perfectly valid credit cards fail auth at times,
and the service has a tendancy to crap out.
What the book suggested to do was to have a backend which goes and queries
new orders every x minutes and tries to auth them.  They are attempted three
times, and after that rejected (and credit card numbers yanked from your DB,
replaced with a CyberCash reference).  That way what the user sees is a
perfectly working system, not knowing that things are dead behind that.

My $0.01

Yann


On Sun, 01 Oct 2000, you (Ryan Adams) might of written:
> Hello all,
>
> I'm trying to integrate CyberCash with a shopping system that we've
> developed in-house using mod_perl almost exclusively.  I haven't been
> particularly impressed with the way it installs.  We're on a Linux machine
> and it has a very NT-centric design, in my opinion.
>
> I have been able to get test scripts to run from the command-line and
> through
> basic mod_cgi execution, but I can't get consistent results when executing
> them via mod_perl ContentHandlers.  In looking through their library
files,
> they are doing some IPC::Open2 calls to executables and some other pretty
> ugly
> stuff that may or may not be causing the problems.
>
> Does anyone have experience doing this?  What approach did you take?  Any
> good
> documentation?  I've read all the CyberCash stuff, but it hasn't given me
> the
> kind of answers I wanted.
>
> Thanks in advance.
>
> Ryan

--


Yann Ramin  [EMAIL PROTECTED]
Atrus Trivalie Productions  www.redshift.com/~yramin
Monterey High ITwww.montereyhigh.com
AIM oddatrus
Marina, CA

IRM Developer   Network Toaster Developer
SNTS Developer  KLevel Developer

Re: CyberCash and mod_perl Experiences

[Yann Ramin]

I haven't dealt with CyerCash before, but have some ideas which I read from a 
somewhat useful book I got for free (Phillip and Alex's Guide to Web 
Publishing).

CyberCash is not reliable.  Perfectly valid credit cards fail auth at times, 
and the service has a tendancy to crap out.
What the book suggested to do was to have a backend which goes and queries 
new orders every x minutes and tries to auth them.  They are attempted three 
times, and after that rejected (and credit card numbers yanked from your DB, 
replaced with a CyberCash reference).  That way what the user sees is a 
perfectly working system, not knowing that things are dead behind that.

My $0.01

Yann


On Sun, 01 Oct 2000, you (Ryan Adams) might of written:
> Hello all,
>
> I'm trying to integrate CyberCash with a shopping system that we've
> developed in-house using mod_perl almost exclusively.  I haven't been
> particularly impressed with the way it installs.  We're on a Linux machine
> and it has a very NT-centric design, in my opinion.
>
> I have been able to get test scripts to run from the command-line and
> through
> basic mod_cgi execution, but I can't get consistent results when executing
> them via mod_perl ContentHandlers.  In looking through their library files,
> they are doing some IPC::Open2 calls to executables and some other pretty
> ugly
> stuff that may or may not be causing the problems.
>
> Does anyone have experience doing this?  What approach did you take?  Any
> good
> documentation?  I've read all the CyberCash stuff, but it hasn't given me
> the
> kind of answers I wanted.
>
> Thanks in advance.
>
> Ryan

-- 


Yann Ramin  [EMAIL PROTECTED]
Atrus Trivalie Productions  www.redshift.com/~yramin
Monterey High ITwww.montereyhigh.com
AIM oddatrus
Marina, CA

IRM Developer   Network Toaster Developer
SNTS Developer  KLevel Developer