Authorize.net POST vs GET methods.

-- HikaShop version -- : 2.6.3
-- Joomla version -- : Joomla! 3.5.1 Stable
-- PHP version -- : 5.4.45
-- Browser(s) name and version -- : Chrome Version 50.0.2661.94 m
-- Error-message(debug-mod must be tuned on) -- : No error msg

I apologize if this is a redundant question.
I have searched Hikashop docs and forums to find
Authorize.net POST vs GET methods.

Please point me in the right direction?
I know that you must have fixed/changed this already.
I searched the update version changes lists too, but see no mention of this.

We have this email from Authorize.net
---
Dear Authorize.Net Merchant:
During a system scan, we noticed that your website or payment solution is using the HTTP GET method when submitting your transaction requests to secure.authorize.net/gateway/transact.dll .

Because HTTP GET methods do not adhere to current TLS protection requirements, Authorize.Net will not allow HTTP GET methods for transaction requests as of June 30, 2016. We recommend that you immediately update your code to use the HTTP POST method instead.

Any transaction request submitted using HTTP GET after June 30th will be rejected.

Please contact your Web developer or solution provider for assistance, or check out our Certified Developer Directory at www.authorize.net/cdd to find a developer to help you.

If you have already made these changes, please disregard this message. If you have any questions about this email, please contact Customer Support.

Thank you for your attention to this matter and for being an Authorize.Net merchant.
---

DO I need to make a change in the Authorize.net payment method settings ?

Thank You !
Kent Morrison
This email address is being protected from spambots. You need JavaScript enabled to view it.

Nicolas,
Thanks very much for this response.
I do not mind adding code to the extensions, but please tel me:

Would I be better off using the SIM mode method anyway ?
Is it more secure?
And wouldn't future Hikashop updates overwrite my changes to the AIM method code ?
I'm looking for the most stable and foolproof method to resolve this.

Also, If I do add this code, please tell me exactly what file to modify ?

Please let me know.
Thank you !

Regards,
Kent

I'll make the code change and test it, then confirm for you that it works OK.
Then if you want to include it in a future release, you'll have some confirmation that it works.

I'm going to try to do it with an override file, so that it won't get blown away in the next update.
Do you think that an override file will work for plugins/hikashoppayment/authorize/authorize.php ?

thnx
Kent

Nicolas,
per your guidance:

in file /public_html/plugins/hikashoppayment/authorize/authorize.php
PREVIOUS CODE from line 97-103

		$post_string = rtrim( $post_string, '& ');
		$request = curl_init($this->payment_params->url);
		curl_setopt($request, CURLOPT_HEADER, 0);
		curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($request, CURLOPT_POSTFIELDS, $post_string);
		curl_setopt($request, CURLOPT_SSL_VERIFYPEER, FALSE);
		$post_response = curl_exec($request);

		$post_string = rtrim( $post_string, '& ');
		$request = curl_init($this->payment_params->url);
		curl_setopt($request, CURLOPT_HEADER, 0);
		curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($request, CURLOPT_POST, true);
		curl_setopt($request, CURLOPT_POSTFIELDS, $post_string);
		curl_setopt($request, CURLOPT_SSL_VERIFYPEER, FALSE);
		$post_response = curl_exec($request);

After using the method outlined above we have used the plugin successfully for several transactions and all appears to work, and the Authorize.net folks have said that it appears to work from their perspective.

Thanks very much for your help !

Kent