andymacaulay

Anyone?

First thing always is to check what you are sending to HSBC. Get as far as the checkout confirmation in your web browser, view the source, and see what fields you are passing. In particular, check that there is a hash value. If you are testing through the live HSBC server with the test flag set, remember that transactions must be less than a pound in value and that your card details must be real ones. What is different on your new server? OS? PHP/MySQL versions? OSC release? File permissions or ability to run executable code? A.

Ah - I understand what you were after now. This is a fix for those people whose timestamp is coming out in E notation instead of a string, yes?

Hi Chris - on more thing - the slash issue is still there. In your configure.php include file, make sure that you have the following with the slashes on the end of the URLs: define('HTTP_SERVER', 'http://www.portclothing.com/'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.portclothing.com/'); // eg, https://localhost - should not be empty for productive servers Otherwise the only thing wrong with the data embedded in your confirmation page is that the hash is missing. My prediction is that if you can find out how to fix that then you will have a working interface. A.

Erm - the timestamp needs to be 13 characters long and in milliseconds, so the code you have removed is essential. A.

Well - a quicker response than I thought I would manage, but not too helpful for you I'm afraid. Looking at your server headers, you are clearly on a Windows machine and my expertise is Linux/Unix. We'll have to agree to differ over ease of use :) Ignore the TestHash.e thing - you'll need to use the Windows files HSBC supply and find someone who knows what they are doing on your platform. Sorry about that. :( There does appear to be a Windows executable TestHash.exe that will allow you to test hash generation (possibly on the WinNT command line). HSBC supply 2 Windows options: NT DLLs & executables and COM DLLs for which there are example ASP & ColdFusion files but which you choose and how you implement them is beyond my knowledge. A general question: Does anyone know whether this contribution will work on a Windows installation of OSC? Is the way it calls the underlying executables cross-platform? A.

Hi Chris - only just seen your recent posts, sorry. I'll review our past posts and take a look a your site again. A.

Well - one hiccup! I changed my setup from the test server credentials to my live credentials, but with the test flag set. And I started getting errors warning me of fraud! It turns out (and this may be mentioned in the forum somewhere) that with the test flag set, transactions through the live server must be less than a pound and must use a real debit/credit card. You cannot use a test card number such as 411111111111111. Otherwise, touch wood, it works. In summary, this OSC contribution is good and does the job. HSBC's design of the interface and extremely poor documentation are where the problems lie, in my opinion, and I will recommend to any clients without an existing HSBC relationship that they use Worldpay instead.

Hi Costa - If it's due to changes at HSBC and things were working before, then you might try resolving things with HSBC technical support if you have the technical knowledge that got this working the first time. Andy.

Hi Chris - hope you don't mind but I have just gone through the process of adding an item to my basket and going through checkout so I can see the fields you are submitting to HSBC. First point: your server certificate is giving an error of a self-signed root so you may want to check the installation of that. Second: check that your config.php is correct and that your filepaths in filenames.php are OK. Some of your secure URLs have no / between the hostname and filepath. Consequently the return URL you are sending to HSBC for CpiDirectResultUrl is not valid. Third: test TestHash.e (if you are using C) on the command line to see if it is installed correctly. All the best, Andy.

Hi Nick - don't know if it helps, but as I understand it your account with HSBC is set to either use CPI or API, not both. So if you are set up for CPI and try to use an API contribution then it will fail. Check with HSBC tech support on this. A.

No problem. I got a successful test transaction at 10pm last night and thought I'd write while I remembered what I'd done. I've done WorldPay and PayPal too, both using OSC contributions and also my own PHP code. With both systems I've used the CPI equivalent: handing off to the bank's secure server using POSTs rather than fronting their API. I would use an API as a last resort really, as it means you are carrying the extra risk of people's card details passing through your server. With CPI style hand-off you can honestly tell people that there is no way you could know their card details. Yes HSBC is more complex and this was my first stab at it. It would be easier if there was better documentation. I can understand HSBC not wanting to give too much away in error messages, but they don't make up for this deficiency with clear docs. The result is that the most minor issue can seem unfixable and there is no clear debugging path. Good luck with it! Andy.

Hi Serge - don't know if you still need help on this one. Look at the html source of checkout_confirmation.php before you press the Confirm button and check that all of the data you are passing is valid. If there is no hidden field value like name="OrderHash" value="o+cmhhryriSHHR1ZVIiVeLrafkk=" then the hash generation files that you install from the HSBC CD are not working correctly. If you do have a hash value here, then one of your other inputs may be incorrect. Make sure that if your server's time is not in the GMT/UTC/WET time zone that you apply the correction in the contribution's documentation. If you are, for example, 3 hours east of UTC then you will be subtracting 3*3600. Make sure that you are using a currency supported by your merchant account. Make sure your storefront ID, which you have blanked out here, is correct. For a live account it should be 13 characters long of the form XX87654321YYY where YYY represents your currency, 87654321 is your merchant ID and XX represents your country (I assume, as mine is UK). For a test account use the Client Alias sent to you by HSBC tech support. A.

I too seem to have it working. All of the hiccups I had were down to not reading documentation properly or, in some cases, documentation not being clear. The error messages returned by HSBC are insufficient for debugging. If the error is a mismatch of message hashes, this contribution warns that the connection may be hacked, which is true when you have things working but isn't helpful if you have problems during setup. If I wasn't a PHP programmer comfortable with using the Unix command line then I would not have got this installed without help. That's down to HSBC's choices in building this interface and not a problem with this contribution. In my opinion, HSBC's design choices require you to have more skill to debug this installation than you might usually be expected to have for OSC contributions and also to have access to features that your usual choice of host might not allow. FYI, I am running a CentOS server, which is based on Redhat. (I dont know if this is why the more complex HSBC test files, compiled for Redhat, fail with a segmentation fault when I try them.) You need: The HSBC supplied files from the CD. I used the C files compiled for RedHat. This forum's contribution (version 3.1 at the time I write) The credentials for either a test account at HSBC or your live account. 13 character Store ID, also referred to as Client Alias. For your live account the Store ID is based on your merchant ID. For the UK it's UKxxxxxxxxGBP where xxxxxxxx is the merchant ID, which ends with a 1 in all cases as a sanity check. URL to POST data to: http://www.cpi.hsbc.com/servlet for the live system or the URL HSBC sent you with your test credentials (see below). The hash key, also known as the shared secret. [*]Your site must also have a certificate installed for SSL/TLS. Mine is a RapidSSL certificate. You need to copy the HSBC CD files TestHash.e & libCcCpiTools.so to somewhere on your server that is within PHP's allowed path for calling executables but is not within your http server's root. Depending on your hosting, you may need help from your provider for this. Similarly, I believe HSBC expect you to understand the first sentence of this paragraph to get this job done. Follow this contribution's instructions for checking on the command line that TestHash.e is working. Try to place an order in your store and when you reach checkout_confirmation.php, check the source html and see if there is a hash in the OrderHash hidden input field. If so, then it looks like the hard part is working. If you don't have your merchant details then email [email protected] and ask for a test account. In about a day they will email back test login credentials and give you a number to call for a password. They did then try to take me through security with our merchant number, which hadn't been issued yet (duh) but after a short explanation that I was testing ahead of time and that our application was in progress they gave me my extremely trivial test password. You don't need this password to get the contribution working by the way; it's for logging into their test backend where you can see transactions posted and the like. While not necessary, this does give you a warm feeling that transactions are going through OK and may be helpful for debugging if you have a problem elsewhere. They will also email you a technical support number and you can get support through this email address. Problems I had that I fixed: I was unclear what the Store ID was and had the wrong number in the field. My links back to hsbc_return.php and checkout_process.php on my server didn't have https in them due to a typo (my fault) in my store's config.php. (duh) I spent time adjusting the timezone when I didnt need to, as HSBC said they required WET which I didn't know was the same as UTC (=GMT). I wasted a lot of time trying to get HSBC's tests from the CD working. Don't bother. Just check manually on the command line that TestHash.e (if you are using the C version) works and you will be fine. I think that you could probably work out any issues by looking at the html source of OSC's checkout_confirmation.php before you press the Confirm Order button. Cast your eye over the fields to be submitted and make sure they are all valid. Apart from the problems I had, others seem to have had issues with their currency code: Make sure it is one that your merchant contract with HSBC allows. I confess, with an abashed look, that more time spent trying to make sense of the poor HSBC documentation might have helped me. HSBC calling my test Store ID a Client Alias and sending me another number called a Client ID didn't help. I have to a bit blunt here and say, in a friendly way folks, that this forum would have been more helpful if people coming back and saying "hey, I got my last problem fixed" had also said how. I know it's more effort to type it up, and I've been as guilty as others myself before, but it makes so much difference to someone wondering where to turn next. And if you are asking for help on a specific technical sticking point, please do give some useful data. A copy of the fields you are trying to POST to HSBC would be a good starter. I'll turn on email notification on this thread and will help anyone I can. Don't ask me about Windows, Java or compiling your own binaries or I'll hide under the table until you've gone away. Ax

Hi - I have a client Frederica Cards who makes cards, wrapping paper and gift tags. The OSC side of the site is a basic store for her wholesale customers. The link I've given is to a small custom application for retail customers to buy a box of 10 greeting cards. There is a fixed price for the box and the client can choose 10 cards from the range of 120. I would really like to fit this into OSCommerce rather than maintaining 2 systems. I have searched several times through the contributions, the forum and the web. Does anyone know of an existing contribution that will do this? The bundle contributions I've looked at don't fit the model of exactly 10 items for a fixed price. Am I going to end up writing this myself? Any thoughts on how it should be structured if I do? My initial thought is that the box of cards would need to exist as a product, but before checking out the customer would need to configure it, choosing the cards that go in. There are many (?some) stores selling Christmas hampers that operate slightly like this, allowing you to fill them with goods within some bounding parameters. Thanks.