We're getting Invalid Referrer URL or Relay Response URL error over the past 4 days, I've set the correct URL in "Manage URLs" section, the php script is using the cURL program, the script should using that program to connect and so the referrer url is different? May someone help me with it?

You should try to contact authorize.net :)

Authorize.net has decided to change their security method to require a referrer both on their end and on yours that match. This means that you have to login to your authorize.net account and actually add a referrer to the list then change your billing script to be located at that actual url (or forge the referrer to look like it).

You may want to check out http://www.kevin-mcarthur.com (second click and select "My Freeware Programs") for a free php library to send authorize.net requests. From what I've been told it works with cURL and a few other advanced php protocols and supports mostly all of the authorize.net payment variables including sending the referrer you need.

First off im the guy who wrote the script in teds post.

The problem:

In an effort to improve security authorize.net in their infinate stupidity are now requiring referrers for ADC. Why is this stupid? He'res why. ADC methods through php ALWAYS use curl and curl passes the referrer according to a string you tell it. EG it is always a spoofed referrer. Putting in a referrer doesnt help one little bit because most of the time its a very guessable thing like the url of their cart for example. Now, yes it allows for you to put something totally unique and that will improve security but seeing as its server-to-server over ssl and md5 crosschecked theres no good reason for this.

The solution:

Download my class.st_authorize_net_transaction.php library and use this as your authorize.net contact routine.. In addition to always supporting the referrer method I've also included md5crosschecking which has been a major feature with auth.net for a long time that ensures the non-tampering of the transaction.

Please register and pay for your copy if you want this script to remain free.

Kevin McArthur
CEO StormTide Digital Studios