Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Urgent Help Needed with ePDQ Payments


rickhudson

Recommended Posts

It works like this.

 

POST url = cpi/complete.php which require autentication as per the htaccess file with matches user/pass as per the cpi admin.

 

Redirect URL for after the fact is epdq_success.php (as per the standard contrib) but can be anything else if you modify code.

 

POST url has to be cpi/complete.php. If you end up there after clicking the final button you've set the redirect url wrong in modules/payment/ePDQ.php. That ones needs to be epdq_success.php.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

  • Replies 388
  • Created
  • Last Reply

Top Posters In This Topic

right, ok - thats what I've got. On the cpi admin - I've set the POST URL to cpi/complete (with all correct passwords etc) and in osc admin, the return url is set to epdq_success. But when i run through a test transaction (using the visa test number 411111...) after getting to the final barclays page and clicking 'Complete Order' i get sent to /cpi/complete.php

Link to comment
Share on other sites

Joe's right.

I had a look at your website just now. Your return url is set to cpi/complete.php which is incorrect. It must be epdq_success.php

 

Also, you have kept your logo in a non-secure area (http://www.raydirect.co.uk/images/raydirectlogo.jpg) and I got a message about the page containing both secure and non-secure items on the first ePDQ screen. If I were a customer, I would get a little suspicious about the non-secure items and may abort the transaction.

 

- Ram

 

POST url has to be cpi/complete.php. If you end up there after clicking the final button you've set the redirect url wrong in modules/payment/ePDQ.php. That ones needs to be epdq_success.php.

Link to comment
Share on other sites

Depending on which contrib snapshot you use, the return URL is or isn;t set in the back-end. MINE ISN'T! Even though there's an entry in the back-end for it, it's not used by the code. So if you have my latests snapshot, you;ll have to look IN ePDQ.php and find it hardcoded there. I remember commenting it like that, mentioning it was hardcoded. I had done so to make it httpS to avoid the browser notices.

 

So double check your ePDQ.php file and make sure you see:

 

process_button_string = tep_draw_hidden_field('epdqdata', $postresponse["EncryptedResult"]) . "\n" .

tep_draw_hidden_field('returnurl', 'https://mydomain.co.uk/epdq_success.php') . "\n" .//tep_href_link(MODULE_PAYMENT_EPDQ_RETURNURL, $epdq_return) ) . "\n" . // I hard coded it in. [sEE HERE - ePDQ]

tep_draw_hidden_field('mercha...etc.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

Ah thats fixed it! I didn't notice it was hard coded in the ePDQ file! :D

 

Well I've just run through a transaction and it all seems to work fine now. Fingers crossed thats the last glitch. Thanks for all you help.

 

Gary

 

ps I know the image is still in an non secure area - our setup won't support https in the main diretcory - we have a seperate secure server where I'll put an image when we finally come up with one that looks good enough.

Link to comment
Share on other sites

Reading is dying form of art :D

 

Glad you sussed it!

 

Let me know the URL if poss, I'd be interested to see your shop.

 

BTW, anyone contemplating going osC + MPI yet?

Edited by JoeMcManus

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

When I get this site up and running i will be looking into coding an MPI version. Only thing is I'm really a Java programmer and not a PHP one, so need to brush up on my PHP a bit more first. However, when i start I'll let you know.

 

As soon as the store is up and running I'll let you know the url.

Link to comment
Share on other sites

The only thing holding me back is the verification by VISA. Apparently it costs 4-6 grand just to have them check your setup to see it's safe.

 

That's the benefit of CPI I guess. But it's feeling more restrictive the more we grow. Just the fact it won't interact with osCommerce after the capture (to shop, void or even to have fraud feedback) is very restrictive.

 

The XML schemas to implement the MPI don't look that complicated and PHP has good XML built in functionality and there's some quality libraries and classes to further aid in development.

 

Maybe we can team up at some stage and get cracking on it. I'm subscribed to this thread so I'll know where to find you guys (girls?).

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

That sounds like a good idea. At the mo the Boss wants me to get this site going as is with CPI, when I've done that I suspect there will be a list of mod's that are needed but as soon as possible I'd like to start on the MPI. I' subscribed to this thread as well so will keep an eye on things.

Link to comment
Share on other sites

Excellent. Maybe Vger, Ram Bhamidi and others were planning the same. No need to all waste time on doing the same.

 

For me it will be months away prior to having time (after the X-Mas madness perhaps).

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

I have tried implementing this on my store and have a really annoying issue.

 

When i run through the order process all seems to work ok until i hit the final button to go to Barclays site to complete payment and then i get a CPI Error page stating "It is not possible to order from the store at this time.

Please contact the merchant for further information.

Error:

Mandatory information not present."

 

ANy ideas ??

Link to comment
Share on other sites

as an additional note, i uncommented the section in ePDQ.php to see whats being sent and this line seems out of place !!

epdq_rtn= ""

 

having looked in the ePDQ.php code this is derived from $epdq_return and this is commented out as per the code snippet below:-

 

if (MODULE_PAYMENT_EPDQ_LIMIT == 100) {

// $epdq_return = 'PHPSESSID=' . $PHPSESSID;

 

// 'payment=' . $HTTP_POST_VARS['payment'] . '&sendto=' . $HTTP_POST_VARS['sendto'] . '&shipping_cost=' . $shipping_cost ;

} else {

 

// $epdq_return = 'PHPSESSID=' . $PHPSESSID;

 

is this important ?

 

I have epdq_success.php as the epdq ReturnURL in the Osc Admin section.

Link to comment
Share on other sites

I'm not expert on the ePDQ module, but it sounds like the error is indicating that the data you are sending to barclays is not present/incorrect. Have you checked the encoded data is being sent? It may be worth reading through the notes on www.epqd.co.uk/nextsteps/cpi.htm username-nextstep pw-welcome

Link to comment
Share on other sites

All the stuff commented out is really really old. It's from the very first guys starting this contrib who never finished it since they didn't stick with Barclays (I believe). So I'd recommend against using any of their 'left-overs'.

 

When you read the CPI guide have a look where it says about what data it's expecting between the last page at your site and their first. Double check all is there (for instance you could e-mail all the post data to yourself when checkout_confirmation loads).

 

But I think excession has it correct, it sounds more like a configuration. In such cases, if you;re unsure, it's really best to ring the guys at Barclays merchant service support. They've always been very helpful and they can check for you in 2 minutes whether you're all set or not.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

Sounds like the session is destroyed when the user goes off to Barclay's pages. Then when they come back, OsC doesn't know who this person is in this session. Hence showing the undefined errors.

 

I can't really help you with this because I really think it's something to do with the way your server is configured. Not so much OsC. And I'm not an expert on php.ini etc. settings.

 

Search Google and php.net for the error for some clues.

 

 

Well I'm back, after originally posting in January at the top of this thread the client has now passed me the epdq account details.

 

I've added the extra sections of code to my files, set up the cpi folder etc, done all the password stuff at the PCI end. Now all I have to do it work out the sessions bit. I've tried it with force cookies but something in the code is stopping throwing me back to "you must have cookies enabled" page despite my attempts to enable cookies.

 

So my questions are:

Has anyone used the jump page as suggested?

If the session ID was passed as a hidden field to the CPI would it get returned?

If so could another jump page be set up as the return page to jump to with the session ID reinstated?

 

Any ideas welcomed.

 

ChrisJ

Link to comment
Share on other sites

You can't use Force Cookie Use, because if it worked it would remove session ids from the page and place them in a cookie on the users computer. You must pass a session id to ePDQ, and get the same one back from them, for the system to work. Otherwise ePDQ will generate an id of their own and pass this back to your site, your site won't recognise the id and the whole thing will fall down.

 

Vger

Link to comment
Share on other sites

Looks like there's s slight confusion here between session id's and order id's. Barclays ePDQ doesn't care about your sessions id's however it does care about the order id. If you send an order id, it takes it otherwise it creates one. The Order id is posted back along with other details after the transaction.

 

If the session ID was passed as a hidden field to the CPI would it get returned?

- NO. the session id will never get returned by ePDQ. The things that do get posted back by ePDQ are transaction status, total amount, client id, order id ( either the one you sent or the one ePDQ generated), charge type, eci status and cardprefix (if you have registered for internet authentication).

 

My customers are always logged in when they return from ePDQ but I do not remember if I had to make any specific code changes to accomplish that. If you do not force cookie use but use sessions instead, where do the customers land up when they are back from ePDQ ?

 

- Ram

Link to comment
Share on other sites

If you do not force cookie use but use sessions instead, where do the customers land up when they are back from ePDQ ?

 

The same place they would have if they had Force Cookie Use enabled. The use of session ids or sessions wrapped in a cookie has nothing to do with where they return to - or even if the transaction gets processed by ePDQ.

 

I'll take anothe r ook at whether session ids have to be passed toe PDQ. They use the same software (Clear Systems) as HSBC and HSBC definitely requires you pass a session id. ePDQ definitely checks to see if the session is registered.

 

Vger

 

Vger

Link to comment
Share on other sites

I was thinking of adding the session ID to the epdq table with the order ID etc as the order ID definately gets returned. After returning from the epdq pages the return page is a "jump" page that reads the session ID back from the table (based on the returned order ID) and jumps to the order confimation page with the session ID restored to the url.

 

All I need is the code for the jump pages. Not quite sure how these work or what to google for.

 

ram_bhamidi: My customers don't land anywhere yet as they don't get to epdq as the session ID on the calling page invalidates it as a valid calling page! I don't yet have my jump page!

 

ChrisJ

Link to comment
Share on other sites

I have installed ePDQ before. The only time you need a jump page is if you send someone to ePDQ from an https page - because ePDQ only accepts http headers. This is a major flaw in their system, and quite frankly I can't believe it that a bank uses a system that relies on a page not being encrypted.

 

I got around the http headers problem by simply making the checkout_confirmation page an http page, by changing the call to 'SSL' to 'NONSSL' on that page and the payment page which comes before it.

 

If you think about it - it doesn't really make any difference, because if you make the confirmation page http it sends data unencrypted but if you make a jump page which is http then this sends the data unencrypted.

 

Vger

Link to comment
Share on other sites

If you think about it - it doesn't really make any difference, because if you make the confirmation page http it sends data unencrypted but if you make a jump page which is http then this sends the data unencrypted.

 

Vger

 

I think from a customer confidence point of view a secure page throughout checkout might be better, although the jump page will, presumably throw up a "you a leaving a secure connection" message and then the barclay page will throw up a "secure page message" again meaning more clicks!

 

I think a jump page may be better than a non https page at the moment as the majority of customers still pay on account. Any chance you coul dpost your uymp page code so I have something to start with please?

 

I wish I had more time to do OSCommerce, it might make it a little easier!

 

ChrisJ

Link to comment
Share on other sites

It's better from a customer viewpoint to go from a page which is http with no error messages, than it is to go from a page which is https and throws up error messages in the face of the customer.

 

As I said I don't use a jump page, so can't send you the code.

 

Vger

Link to comment
Share on other sites

ChirsJ,

Could you PM me your store url so that I could have a look. 

 

- Ram

 

Not sure how that would help.

 

Here's my jump file code. AFAICT this should work....

 

<?php
/*
 $Id: ePDQJmp.php,v 0.1 2005/09/18 15:34:25 ChrisJ Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/
require('includes/application_top.php');
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<?php require(DIR_WS_INCLUDES . 'meta_tags.php'); ?>
<?php
// BOF: WebMakers.com Changed: Header Tag Controller v1.0
// Replaced by header_tags.php
if ( file_exists(DIR_WS_INCLUDES . 'header_tags.php') ) {
 require(DIR_WS_INCLUDES . 'header_tags.php');
} else {
?> 
 <title><?php echo TITLE ?></title>
<?php
}
// EOF: WebMakers.com Changed: Header Tag Controller v1.0
?>

<link rel="stylesheet" type="text/css" href="<? echo TEMPLATE_STYLE;?>">
<?php if ($javascript) { require(DIR_WS_JAVASCRIPT . $javascript); } ?>


</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" onLoad="document.forms[0].submit()">
<form name="checkout_confirmation" action="https://secure2.epdq.co.uk/cgi-bin/CcxBarclaysEpdq.e" method="post">
<input type="hidden" name="osCsid" value="<?php echo $_POST['osCsid'];?>" />
<input type="hidden" name="epdqdata" value="<?php echo $_POST['epdqdata'];?>" />
<input type="hidden" name="returnurl" value="<?php echo $_POST['returnurl'];?>" />
<input type="hidden" name="merchantdisplayname" value="<?php echo $_POST['merchantdisplayname'];?>" />
<input type="hidden" name="cpi_textcolor" value="<?php echo $_POST['cpi_textcolor'];?>"/>
<input type="hidden" name="cpi_bgcolor" value="<?php echo $_POST['cpi_bgcolor'];?>" />
<input type="hidden" name="cpi_logo" value="<?php echo $_POST['cpi_logo'];?>" />
<input type="hidden" name="supportedcardtypes" value="<?php echo $_POST['supportedcardtypes'];?>" />
<input type="hidden" name="bname" value="<?php echo $_POST['bname'];?>" />
<input type="hidden" name="baddr1" value="<?php echo $_POST['baddr1'];?>" />
<input type="hidden" name="baddr2" value="<?php echo $_POST['baddr2'];?>" />
<input type="hidden" name="bcity" value="<?php echo $_POST['bcity'];?>" />
<input type="hidden" name="bcountyprovince" value="<?php echo $_POST['bcountyprovince'];?>" />
<input type="hidden" name="btelephonenumber" value="<?php echo $_POST['btelephonenumber'];?>" />
<input type="hidden" name="email" value="<?php echo $_POST['email'];?>" />
<input type="hidden" name="bpostalcode" value="<?php echo $_POST['bpostalcode'];?>" />
<table><tr><td class="main"><b>Processing order data.</td></tr><tr><td>Passing order details for payment</td></tr><tr>
<td class="main" align="right"><input type="submit" value="Click here to proceed if your browser doesn't support Javascript"/></td></tr></table></form>



<?php
require(DIR_WS_INCLUDES . 'application_bottom.php');
?>

 

Any comments on this? I've taken an existing file as a template and just put the new autosubmitting form code in it.

 

ChrisJ

Link to comment
Share on other sites

  • 2 weeks later...

Hi Guys. Me again. I have an issue where I am getting a duplicate order created about 4 minutes after the original order. This order has the next order ref. both orders are set to Pending (which is what I want coming back from BMS).

 

Any clues peeps?

 

Cheers

 

Dave

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...