JoeMcManus Posted September 6, 2005 Share Posted September 6, 2005 It works like this. POST url = cpi/complete.php which require autentication as per the htaccess file with matches user/pass as per the cpi admin. Redirect URL for after the fact is epdq_success.php (as per the standard contrib) but can be anything else if you modify code. POST url has to be cpi/complete.php. If you end up there after clicking the final button you've set the redirect url wrong in modules/payment/ePDQ.php. That ones needs to be epdq_success.php. Quote Johan a.k.a. T0PS3O elsewhere. Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though... Link to comment Share on other sites More sharing options...
excession Posted September 6, 2005 Share Posted September 6, 2005 right, ok - thats what I've got. On the cpi admin - I've set the POST URL to cpi/complete (with all correct passwords etc) and in osc admin, the return url is set to epdq_success. But when i run through a test transaction (using the visa test number 411111...) after getting to the final barclays page and clicking 'Complete Order' i get sent to /cpi/complete.php Quote Link to comment Share on other sites More sharing options...
ram_bhamidi Posted September 6, 2005 Share Posted September 6, 2005 Joe's right. I had a look at your website just now. Your return url is set to cpi/complete.php which is incorrect. It must be epdq_success.php Also, you have kept your logo in a non-secure area (http://www.raydirect.co.uk/images/raydirectlogo.jpg) and I got a message about the page containing both secure and non-secure items on the first ePDQ screen. If I were a customer, I would get a little suspicious about the non-secure items and may abort the transaction. - Ram POST url has to be cpi/complete.php. If you end up there after clicking the final button you've set the redirect url wrong in modules/payment/ePDQ.php. That ones needs to be epdq_success.php. <{POST_SNAPBACK}> Quote Link to comment Share on other sites More sharing options...
JoeMcManus Posted September 6, 2005 Share Posted September 6, 2005 Depending on which contrib snapshot you use, the return URL is or isn;t set in the back-end. MINE ISN'T! Even though there's an entry in the back-end for it, it's not used by the code. So if you have my latests snapshot, you;ll have to look IN ePDQ.php and find it hardcoded there. I remember commenting it like that, mentioning it was hardcoded. I had done so to make it httpS to avoid the browser notices. So double check your ePDQ.php file and make sure you see: process_button_string = tep_draw_hidden_field('epdqdata', $postresponse["EncryptedResult"]) . "\n" . tep_draw_hidden_field('returnurl', 'https://mydomain.co.uk/epdq_success.php') . "\n" .//tep_href_link(MODULE_PAYMENT_EPDQ_RETURNURL, $epdq_return) ) . "\n" . // I hard coded it in. [sEE HERE - ePDQ] tep_draw_hidden_field('mercha...etc. Quote Johan a.k.a. T0PS3O elsewhere. Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though... Link to comment Share on other sites More sharing options...
excession Posted September 6, 2005 Share Posted September 6, 2005 Ah thats fixed it! I didn't notice it was hard coded in the ePDQ file! :D Well I've just run through a transaction and it all seems to work fine now. Fingers crossed thats the last glitch. Thanks for all you help. Gary ps I know the image is still in an non secure area - our setup won't support https in the main diretcory - we have a seperate secure server where I'll put an image when we finally come up with one that looks good enough. Quote Link to comment Share on other sites More sharing options...
JoeMcManus Posted September 6, 2005 Share Posted September 6, 2005 (edited) Reading is dying form of art :D Glad you sussed it! Let me know the URL if poss, I'd be interested to see your shop. BTW, anyone contemplating going osC + MPI yet? Edited September 6, 2005 by JoeMcManus Quote Johan a.k.a. T0PS3O elsewhere. Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though... Link to comment Share on other sites More sharing options...
excession Posted September 6, 2005 Share Posted September 6, 2005 When I get this site up and running i will be looking into coding an MPI version. Only thing is I'm really a Java programmer and not a PHP one, so need to brush up on my PHP a bit more first. However, when i start I'll let you know. As soon as the store is up and running I'll let you know the url. Quote Link to comment Share on other sites More sharing options...
JoeMcManus Posted September 6, 2005 Share Posted September 6, 2005 The only thing holding me back is the verification by VISA. Apparently it costs 4-6 grand just to have them check your setup to see it's safe. That's the benefit of CPI I guess. But it's feeling more restrictive the more we grow. Just the fact it won't interact with osCommerce after the capture (to shop, void or even to have fraud feedback) is very restrictive. The XML schemas to implement the MPI don't look that complicated and PHP has good XML built in functionality and there's some quality libraries and classes to further aid in development. Maybe we can team up at some stage and get cracking on it. I'm subscribed to this thread so I'll know where to find you guys (girls?). Quote Johan a.k.a. T0PS3O elsewhere. Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though... Link to comment Share on other sites More sharing options...
excession Posted September 6, 2005 Share Posted September 6, 2005 That sounds like a good idea. At the mo the Boss wants me to get this site going as is with CPI, when I've done that I suspect there will be a list of mod's that are needed but as soon as possible I'd like to start on the MPI. I' subscribed to this thread as well so will keep an eye on things. Quote Link to comment Share on other sites More sharing options...
JoeMcManus Posted September 6, 2005 Share Posted September 6, 2005 Excellent. Maybe Vger, Ram Bhamidi and others were planning the same. No need to all waste time on doing the same. For me it will be months away prior to having time (after the X-Mas madness perhaps). Quote Johan a.k.a. T0PS3O elsewhere. Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though... Link to comment Share on other sites More sharing options...
Guest Posted September 13, 2005 Share Posted September 13, 2005 I have tried implementing this on my store and have a really annoying issue. When i run through the order process all seems to work ok until i hit the final button to go to Barclays site to complete payment and then i get a CPI Error page stating "It is not possible to order from the store at this time. Please contact the merchant for further information. Error: Mandatory information not present." ANy ideas ?? Quote Link to comment Share on other sites More sharing options...
Guest Posted September 13, 2005 Share Posted September 13, 2005 as an additional note, i uncommented the section in ePDQ.php to see whats being sent and this line seems out of place !! epdq_rtn= "" having looked in the ePDQ.php code this is derived from $epdq_return and this is commented out as per the code snippet below:- if (MODULE_PAYMENT_EPDQ_LIMIT == 100) { // $epdq_return = 'PHPSESSID=' . $PHPSESSID; // 'payment=' . $HTTP_POST_VARS['payment'] . '&sendto=' . $HTTP_POST_VARS['sendto'] . '&shipping_cost=' . $shipping_cost ; } else { // $epdq_return = 'PHPSESSID=' . $PHPSESSID; is this important ? I have epdq_success.php as the epdq ReturnURL in the Osc Admin section. Quote Link to comment Share on other sites More sharing options...
excession Posted September 13, 2005 Share Posted September 13, 2005 I'm not expert on the ePDQ module, but it sounds like the error is indicating that the data you are sending to barclays is not present/incorrect. Have you checked the encoded data is being sent? It may be worth reading through the notes on www.epqd.co.uk/nextsteps/cpi.htm username-nextstep pw-welcome Quote Link to comment Share on other sites More sharing options...
JoeMcManus Posted September 13, 2005 Share Posted September 13, 2005 All the stuff commented out is really really old. It's from the very first guys starting this contrib who never finished it since they didn't stick with Barclays (I believe). So I'd recommend against using any of their 'left-overs'. When you read the CPI guide have a look where it says about what data it's expecting between the last page at your site and their first. Double check all is there (for instance you could e-mail all the post data to yourself when checkout_confirmation loads). But I think excession has it correct, it sounds more like a configuration. In such cases, if you;re unsure, it's really best to ring the guys at Barclays merchant service support. They've always been very helpful and they can check for you in 2 minutes whether you're all set or not. Quote Johan a.k.a. T0PS3O elsewhere. Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though... Link to comment Share on other sites More sharing options...
cjohnson_uk Posted September 17, 2005 Share Posted September 17, 2005 Sounds like the session is destroyed when the user goes off to Barclay's pages. Then when they come back, OsC doesn't know who this person is in this session. Hence showing the undefined errors. I can't really help you with this because I really think it's something to do with the way your server is configured. Not so much OsC. And I'm not an expert on php.ini etc. settings. Search Google and php.net for the error for some clues. <{POST_SNAPBACK}> Well I'm back, after originally posting in January at the top of this thread the client has now passed me the epdq account details. I've added the extra sections of code to my files, set up the cpi folder etc, done all the password stuff at the PCI end. Now all I have to do it work out the sessions bit. I've tried it with force cookies but something in the code is stopping throwing me back to "you must have cookies enabled" page despite my attempts to enable cookies. So my questions are: Has anyone used the jump page as suggested? If the session ID was passed as a hidden field to the CPI would it get returned? If so could another jump page be set up as the return page to jump to with the session ID reinstated? Any ideas welcomed. ChrisJ Quote Link to comment Share on other sites More sharing options...
♥Vger Posted September 17, 2005 Share Posted September 17, 2005 You can't use Force Cookie Use, because if it worked it would remove session ids from the page and place them in a cookie on the users computer. You must pass a session id to ePDQ, and get the same one back from them, for the system to work. Otherwise ePDQ will generate an id of their own and pass this back to your site, your site won't recognise the id and the whole thing will fall down. Vger Quote Link to comment Share on other sites More sharing options...
ram_bhamidi Posted September 17, 2005 Share Posted September 17, 2005 Looks like there's s slight confusion here between session id's and order id's. Barclays ePDQ doesn't care about your sessions id's however it does care about the order id. If you send an order id, it takes it otherwise it creates one. The Order id is posted back along with other details after the transaction. If the session ID was passed as a hidden field to the CPI would it get returned? - NO. the session id will never get returned by ePDQ. The things that do get posted back by ePDQ are transaction status, total amount, client id, order id ( either the one you sent or the one ePDQ generated), charge type, eci status and cardprefix (if you have registered for internet authentication). My customers are always logged in when they return from ePDQ but I do not remember if I had to make any specific code changes to accomplish that. If you do not force cookie use but use sessions instead, where do the customers land up when they are back from ePDQ ? - Ram Quote Link to comment Share on other sites More sharing options...
♥Vger Posted September 17, 2005 Share Posted September 17, 2005 If you do not force cookie use but use sessions instead, where do the customers land up when they are back from ePDQ ? The same place they would have if they had Force Cookie Use enabled. The use of session ids or sessions wrapped in a cookie has nothing to do with where they return to - or even if the transaction gets processed by ePDQ. I'll take anothe r ook at whether session ids have to be passed toe PDQ. They use the same software (Clear Systems) as HSBC and HSBC definitely requires you pass a session id. ePDQ definitely checks to see if the session is registered. Vger Vger Quote Link to comment Share on other sites More sharing options...
cjohnson_uk Posted September 17, 2005 Share Posted September 17, 2005 I was thinking of adding the session ID to the epdq table with the order ID etc as the order ID definately gets returned. After returning from the epdq pages the return page is a "jump" page that reads the session ID back from the table (based on the returned order ID) and jumps to the order confimation page with the session ID restored to the url. All I need is the code for the jump pages. Not quite sure how these work or what to google for. ram_bhamidi: My customers don't land anywhere yet as they don't get to epdq as the session ID on the calling page invalidates it as a valid calling page! I don't yet have my jump page! ChrisJ Quote Link to comment Share on other sites More sharing options...
♥Vger Posted September 17, 2005 Share Posted September 17, 2005 I have installed ePDQ before. The only time you need a jump page is if you send someone to ePDQ from an https page - because ePDQ only accepts http headers. This is a major flaw in their system, and quite frankly I can't believe it that a bank uses a system that relies on a page not being encrypted. I got around the http headers problem by simply making the checkout_confirmation page an http page, by changing the call to 'SSL' to 'NONSSL' on that page and the payment page which comes before it. If you think about it - it doesn't really make any difference, because if you make the confirmation page http it sends data unencrypted but if you make a jump page which is http then this sends the data unencrypted. Vger Quote Link to comment Share on other sites More sharing options...
cjohnson_uk Posted September 18, 2005 Share Posted September 18, 2005 If you think about it - it doesn't really make any difference, because if you make the confirmation page http it sends data unencrypted but if you make a jump page which is http then this sends the data unencrypted. Vger <{POST_SNAPBACK}> I think from a customer confidence point of view a secure page throughout checkout might be better, although the jump page will, presumably throw up a "you a leaving a secure connection" message and then the barclay page will throw up a "secure page message" again meaning more clicks! I think a jump page may be better than a non https page at the moment as the majority of customers still pay on account. Any chance you coul dpost your uymp page code so I have something to start with please? I wish I had more time to do OSCommerce, it might make it a little easier! ChrisJ Quote Link to comment Share on other sites More sharing options...
♥Vger Posted September 18, 2005 Share Posted September 18, 2005 It's better from a customer viewpoint to go from a page which is http with no error messages, than it is to go from a page which is https and throws up error messages in the face of the customer. As I said I don't use a jump page, so can't send you the code. Vger Quote Link to comment Share on other sites More sharing options...
ram_bhamidi Posted September 18, 2005 Share Posted September 18, 2005 ChirsJ, Could you PM me your store url so that I could have a look. - Ram Quote Link to comment Share on other sites More sharing options...
cjohnson_uk Posted September 18, 2005 Share Posted September 18, 2005 ChirsJ,Could you PM me your store url so that I could have a look. - Ram <{POST_SNAPBACK}> Not sure how that would help. Here's my jump file code. AFAICT this should work.... <?php /* $Id: ePDQJmp.php,v 0.1 2005/09/18 15:34:25 ChrisJ Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <?php require(DIR_WS_INCLUDES . 'meta_tags.php'); ?> <?php // BOF: WebMakers.com Changed: Header Tag Controller v1.0 // Replaced by header_tags.php if ( file_exists(DIR_WS_INCLUDES . 'header_tags.php') ) { require(DIR_WS_INCLUDES . 'header_tags.php'); } else { ?> <title><?php echo TITLE ?></title> <?php } // EOF: WebMakers.com Changed: Header Tag Controller v1.0 ?> <link rel="stylesheet" type="text/css" href="<? echo TEMPLATE_STYLE;?>"> <?php if ($javascript) { require(DIR_WS_JAVASCRIPT . $javascript); } ?> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" onLoad="document.forms[0].submit()"> <form name="checkout_confirmation" action="https://secure2.epdq.co.uk/cgi-bin/CcxBarclaysEpdq.e" method="post"> <input type="hidden" name="osCsid" value="<?php echo $_POST['osCsid'];?>" /> <input type="hidden" name="epdqdata" value="<?php echo $_POST['epdqdata'];?>" /> <input type="hidden" name="returnurl" value="<?php echo $_POST['returnurl'];?>" /> <input type="hidden" name="merchantdisplayname" value="<?php echo $_POST['merchantdisplayname'];?>" /> <input type="hidden" name="cpi_textcolor" value="<?php echo $_POST['cpi_textcolor'];?>"/> <input type="hidden" name="cpi_bgcolor" value="<?php echo $_POST['cpi_bgcolor'];?>" /> <input type="hidden" name="cpi_logo" value="<?php echo $_POST['cpi_logo'];?>" /> <input type="hidden" name="supportedcardtypes" value="<?php echo $_POST['supportedcardtypes'];?>" /> <input type="hidden" name="bname" value="<?php echo $_POST['bname'];?>" /> <input type="hidden" name="baddr1" value="<?php echo $_POST['baddr1'];?>" /> <input type="hidden" name="baddr2" value="<?php echo $_POST['baddr2'];?>" /> <input type="hidden" name="bcity" value="<?php echo $_POST['bcity'];?>" /> <input type="hidden" name="bcountyprovince" value="<?php echo $_POST['bcountyprovince'];?>" /> <input type="hidden" name="btelephonenumber" value="<?php echo $_POST['btelephonenumber'];?>" /> <input type="hidden" name="email" value="<?php echo $_POST['email'];?>" /> <input type="hidden" name="bpostalcode" value="<?php echo $_POST['bpostalcode'];?>" /> <table><tr><td class="main"><b>Processing order data.</td></tr><tr><td>Passing order details for payment</td></tr><tr> <td class="main" align="right"><input type="submit" value="Click here to proceed if your browser doesn't support Javascript"/></td></tr></table></form> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Any comments on this? I've taken an existing file as a template and just put the new autosubmitting form code in it. ChrisJ Quote Link to comment Share on other sites More sharing options...
djevanscom Posted September 27, 2005 Share Posted September 27, 2005 Hi Guys. Me again. I have an issue where I am getting a duplicate order created about 4 minutes after the original order. This order has the next order ref. both orders are set to Pending (which is what I want coming back from BMS). Any clues peeps? Cheers Dave Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.