Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Urgent Help Needed with ePDQ Payments


rickhudson

Recommended Posts

Hi all,

 

I've been trying (without much success) to install the ePDQ module. I've placed all the file in the location specified and modified the file as described in the readme. With some of the commented sections [sEE HERE - ePDQ] I con't see what I'm supposed to change, I mean - the settings look as if they should work with any system - so any help on these would be greatly welcomed.

 

So far, if you follow the process of buying an item you can get as far as the order confirmation, but at the bottom of the page this nasty appears and everything breaks:

 

Fatal error: Non-static method EPDQ::PostData() cannot be called statically in C:\public\catalog\includes\modules\payment\ePDQ.php on line 433

 

It's not a nice thing and I have no idea whats broken/gone wrong or what i have done.

 

Any ideas/cures/suggestion would be welcome.

 

thanks

 

gary

Link to comment
Share on other sites

  • Replies 388
  • Created
  • Last Reply

Top Posters In This Topic

With some of the commented sections [sEE HERE - ePDQ] I con't see what I'm supposed to change, I mean - the settings look as if they should work with any system - so any help on these would be greatly welcomed.

 

Gary,

 

They definitely need changing. They've been set to match my environment which is likely to be far from yours.

 

Find the list of Order Status IDs and names as I commented in there and on which my ePDQ system is based. Then look in the orders_status table and match it with that list and alter all of them to match yours.

 

Find out what happens during each and every check-out procedure and do standard debugging things like echoing what's going on.

 

Understanding the code yourself is the only way to get this going.

 

I've never seen that static method error before. If you keep getting that after you cleaned up the code you might want to look up PHP documentation to understand what that means.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

Joe,

 

Thanks for getting back so quick. I've been looking through the code trying to follow the sequence of events but it's not that easy without some sort of idea where to start. I'll have another run through all the same though. Can you give a discription of what all the hard coded see here bit are for?

 

Am I right in saying that the flow control goes something like this:

 

checkout_payment -> checkout_confirmation -> checkout_process ->

checkout_success -> ePDQ -> complete

 

and it's the ePDQ that does the communicating with the barclays server?

 

Also, where would you suggest I look to familiarise myself with the way this works - the communication with the ePDQ server - the resonses etc? I'm a bit confused about all the return url's etc.

 

The static method error is a bit awkward, I know about object oriented languages and static non-staic methods. Where exactly is the ePDQ object created? I can trace the problem from there then. I suspect it's because I've got part of the script miscofigured somewhere and for some reason the object isn't being constructed correctly.

 

Thanks

 

Gary

Link to comment
Share on other sites

The CPI folder which holds the complete.php file must be protected by a User Name and Password, which you must supply in your ePDQ settings (path to file, user name and password). You don't have to use the POST function, so I'd try getting it to work without that, and once you've got everything else working then try to sort out the POST function.

 

Vger

Link to comment
Share on other sites

Am I right in saying that the flow control goes something like this:

 

checkout_payment -> checkout_confirmation -> checkout_process ->

checkout_success -> ePDQ -> complete

 

and it's the ePDQ that does the communicating with the barclays server?

 

Also, where would you suggest I look to familiarise myself with the way this works - the communication with the ePDQ server - the resonses etc? I'm a bit confused about all the return url's etc.

 

It's more like this:

 

checkout_payment.php is where the payment modules are loaded for the first time

 

checkout_confirmation.php is when the first interaction with Barclays is done (encryption).

 

Whilst on Barclays, during payment authorization Barclays interacts with cpi/complete.php (which updates my status from 'Awaiting Card Payment' to 'Payment Received' (or 'Payment Declined' if failed).

 

Barclays sends them on (if they click the button) to epdq_success which redirects to checkout_process which leads ot checkout_success.

 

Once back after Barclays on your site no interaction is done/possible with Braclays. That's why cpi/complete.php is so useful. cpi/complete.php is also very important as a means of reconsiliation because the punter might never click the last button that sends them back to your site. And normally e-mails are only sent when checkout_success is reached (which they might not!). Beware.

 

Is the order currently being saved in orders with status 'pending' or whatever you called it? The way it's supposed to work is that the order gets saved before their prefered means of payment is chosen. Mine sets the staus to 'Awaiting Payment'. If they choose cheque it's then set to 'Awaiting Cheque'. If they want to pay bank transfer it's set to 'Awaiting Bank Transfer'. If they choose Barclays it's 'Awaiting Card Payment' (or similar). This is all before and on checkout_confirmation. You should be able to see the order in the back-end already here.

 

To understand the processes better, look up which files include DIR_WS_MODULES payment.php. I think that one loads all available modules inc ePDQ.

 

For me to get this working I literally had to sit down myself and write down what each file does and via which functions etc. I'm no OO coder so had a major headache understanding the classes etc. As it says in the readme (though I'm always happy to help at a shallow level of involvement (don't have time to go back into it and what not)) this module requires a competent PHP coder to make it work. Sounds like you have the skills to get it working. Just don't underestimate the time and effort involved.

 

I'd comment the hell out of every step if I were you.

 

Maybe one day I fancy cleaning this up. But with 3 shops taking orders daily and N more to launch, I have more pressing things to do (unfortunately for you guys).

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

The CPI folder which holds the complete.php file must be protected by a User Name and Password, which you must supply in your ePDQ settings (path to file, user name and password). You don't have to use the POST function, so I'd try getting it to work without that, and once you've got everything else working then try to sort out the POST function

 

Vger,

 

You've lost me a bit there. I have the htaccess and htpass files present but I'm running this on a local windows machine with apache 2 and no SSL so i can test everything and make sure it works. I must admit I don't know how to make the cpi folder password protected on this local set up - I can do it with the online version.

 

I don't understand your comments about not using the POST function.

 

Gary

Link to comment
Share on other sites

I didn't say 'never' use the POST function, I just said to sideline it for now. Whether you use it or not is 'optional'. Not using it does not stop the transaction being processed.

 

But you've answered your own question as to why you can't get it working. You can only fully test this out in an online (internet) environment, and running on a local web server (intranet) won't work unless your local machine has its own dedicated ip address and uses a dynamic dns linking service to connect it to the internet. Where are your http headers coming from? http://localhost/? Where is your allowed URL?

 

And if you think ePDQ is difficult to set up I advise you to try HSBC e-secure - ePDQ is a walk in the park compared to that! Even though they use the same US based backend software system.

 

Vger

Link to comment
Share on other sites

Hi all,

 

Ive had this epdq up and running for a while. Cheers joe! However i have noticed recently im getting the error:

 

Error:

Encrypted data not present.

 

If i go back and press confirm order again it works!!

 

Any suggestions where i should be looking? im guessing checkout_confirmation.php, but all seems hunky dorry.

 

Anyone has a similar problem like this before? Accourding to the cpi manual, im passing strings that are invalid?? But why would it work the second time and not the first! :blink:

 

Lee

Link to comment
Share on other sites

Lee,

 

That's strange, I've never had that and I'm taking orders daily on 3 shops (5 by the end of the month!).

 

Does it happen on each and every order?

 

I recently updated my ePDQ file to distinguish between the billing_address and shipping_address. It used to pass on to Barclays only the customer_address details.

 

Here's part of my ePDQ file, from the Post Data till after the form:

 

function PostData($requesthost, $requestdocument, $requestdata) {

Global $customer_id;
/* parsing $requestdata array */
/******************************/

  if(is_array($requestdata)):
   foreach($requestdata as $key => $value)
    $requestbodyarray[] = urlencode($key)."=".urlencode($value);
   $requestbody = implode("&", $requestbodyarray);
  endif;
//print "requestbody= $requestbody<br>";
/* setting up $requestheader data */
/**********************************/
  $requestheader = "POST $requestdocument HTTP/1.0\r\n";
  $requestheader.= "Host: $requesthost\r\n";
  $requestheader.= "Content-type: application/x-www-form-urlencoded\r\n";
  $requestheader.= "Content-length: ".strlen($requestbody)."\r\n";
  $requestheader.= "\r\n";

/* communicating with host server */
/**********************************/
  $connection = fsockopen("$requesthost", 80); 
   fputs($connection, $requestheader.$requestbody); 
   $responsedata="";
   while (!feof($connection)) $responsedata.=fgets($connection, 1024); 
  fclose($connection); 

/* parsing server response */
/***************************/

//**si**
$EncryptedResult = trim($responsedata);
$EncryptedResult = strstr($responsedata, "value=");
$EncryptedResult = substr(strstr($EncryptedResult, "\""), 1, strlen(strstr($EncryptedResult, "\""))- strlen(strrchr($EncryptedResult, "\"")) - 1);
//echo ('<BR>EncryptedResult "'. $responsedata .'"<BR>');
//**si**

  $responsearray = explode("\n", str_replace("\r", "", $responsedata));

  if(preg_match("|^HTTP/\S+ (\d+) |i", trim($responsearray[0]), $matches)):

   $returnarray["EncryptedResult"] = $EncryptedResult;

   return $returnarray;
  else:
    return false;
  endif;
}



 $postparams["clientid"] = MODULE_PAYMENT_EPDQ_MERCHANT_ID;
 $postparams["password"] = MODULE_PAYMENT_EPDQ_PWD;
 //$postparams["oid"] = $temp_order_id;
 $postparams['oid'] = substr($cart_ePDQ_temp_id, strpos($cart_ePDQ_temp_id, '-')+1);
 $postparams["chargetype"] = MODULE_PAYMENT_EPDQ_CHARGE_TYPE;
 $postparams["currencycode"] = MODULE_PAYMENT_EPDQ_CURRENCY;
 // Graith mod - there's no point in working out foreign currency if it's not fully supported.
 // Also assumes you've used GBP not UKP as the code
 $postparams["total"] = $order->info['total'];// Graith mod * $currencies->currencies['GBP']['value'];

 $postresponse = PostData("secure2.epdq.co.uk", "/cgi-bin/CcxBarclaysEpdqEncTool.e", $postparams);

 if($postresponse["response"] == 200)
  if($postresponse["bodylines"] == 1)
   $epdqencodedstring = $postresponse["body"];



                 
    $process_button_string = tep_draw_hidden_field('epdqdata', $postresponse["EncryptedResult"]) . "\n" .
                             tep_draw_hidden_field('returnurl', 'https://[yourdomain]/epdq_success.php') . "\n" .//tep_href_link(MODULE_PAYMENT_EPDQ_RETURNURL, $epdq_return) ) . "\n" .  // I hard coded it in. [SEE HERE - ePDQ]
                             tep_draw_hidden_field('merchantdisplayname', MODULE_PAYMENT_EPDQ_DISPLAY_NAME). "\n"
                             .tep_draw_hidden_field('cpi_textcolor', '#191970'). "\n"  // [SEE HERE - ePDQ]
                             .tep_draw_hidden_field('cpi_bgcolor', '#ffffff'). "\n"    // [SEE HERE - ePDQ]
                             .tep_draw_hidden_field('cpi_logo', 'https://[yourdomain]/secure/cpi_logo.gif'). "\n"    //I hard coded the SECURE image in here [SEE HERE - ePDQ]
                             .tep_draw_hidden_field('supportedcardtypes', '125'). "\n";   //All but Amex   [SEE HERE - ePDQ]
        //.tep_draw_hidden_field('bname', $order->customer['postcode']). "\n" 
        //.tep_draw_hidden_field('baddr1', $order->customer['street_address']). "\n" 
        //.tep_draw_hidden_field('baddr2', $order->customer['suburb']). "\n" 
        //.tep_draw_hidden_field('bcity', $order->customer['city']). "\n" 
        //.tep_draw_hidden_field('bcountyprovince', $order->customer['state']). "\n" 
        //.tep_draw_hidden_field('btelephonenumber', $order->customer['telephone']). "\n" 
        //.tep_draw_hidden_field('email', $order->customer['email_address']). "\n" 
        //.tep_draw_hidden_field('bpostalcode', $order->customer['postcode']). "\n" 
        //;
        
if(strlen($order->billing['company']) > 0)
{
 $process_button_string .= tep_draw_hidden_field('baddr1', $order->billing['company']). "\n"
           .tep_draw_hidden_field('baddr2', $order->billing['street_address']). "\n"	
           .tep_draw_hidden_field('baddr3', $order->billing['suburb']). "\n";
}
else
{
 $process_button_string .= tep_draw_hidden_field('baddr1', $order->billing['street_address']). "\n"
        .tep_draw_hidden_field('baddr2', $order->billing['suburb']). "\n";
}
 $process_button_string .= tep_draw_hidden_field('bcity', $order->billing['city']). "\n" 
        .tep_draw_hidden_field('bcountyprovince', $order->billing['state']). "\n" 
        .tep_draw_hidden_field('btelephonenumber', $order->customer['telephone']). "\n" 
        .tep_draw_hidden_field('email', $order->customer['email_address']). "\n" 
        .tep_draw_hidden_field('bpostalcode', $order->billing['postcode']). "\n";

if(strlen($order->delivery['company']) > 0)
{
 $process_button_string .= tep_draw_hidden_field('saddr1', $order->delivery['company']). "\n"
           .tep_draw_hidden_field('saddr2', $order->delivery['street_address']). "\n"	
           .tep_draw_hidden_field('saddr3', $order->delivery['suburb']). "\n";
}
else
{
 $process_button_string .= tep_draw_hidden_field('saddr1', $order->delivery['street_address']). "\n"
        .tep_draw_hidden_field('saddr2', $order->delivery['suburb']). "\n";
}
 $process_button_string .= tep_draw_hidden_field('scity', $order->delivery['city']). "\n"  
        .tep_draw_hidden_field('scountyprovince', $order->delivery['state']). "\n"
        .tep_draw_hidden_field('spostalcode', $order->delivery['postcode']). "\n";
        
                               
     return $process_button_string; 
   }

 

For the purpose of posting here i deleted some commented bits. Make sure you copy-paste the correct parts if you do. The commented out tep_draw_hidden_field lines are the ones originally in this contrib, probably as you have it.

 

I'd try emailing myself the details unencrypted as well as encrypted to see which variables don't get passe don to Barclays properly.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

I have seen this error before. Check the url to see if the osc session id still exists when you are on checkout_payment.php and checkout_confirmation.php pages. I have seen a few instances of this error especially when the user had an AOL browser.

 

Ram Bhamidi

Edited by The_Bear
Link to comment
Share on other sites

AOL is a problen whatever you do. Unlike other ISP's AOL caches each element of a page on a different server with a different ip address. So one page with 15 images will be listed in your web stats as 16 sessions (just for the one page). Nothing can be done about it.

 

Vger

Link to comment
Share on other sites

I'm hiding session id's and forcing cookies. Have been taking AOL orders just fine. Only see the 'cookie_?.php' file accessed rarely.

 

But I think someone should do the world a favour and do a hostile take-over of AOL (they're also the people who 'run' DMOZ) and then ritually burn all of its assets to the ground and wipe it out of the web's history. Their e-mail handling is the crappest of all, cutting off conversations by default.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

What I never understood about them was that if you used AOL in the USA you had the option of using Netscape as your mail client instead of (as you rightly pointed out) their own crappy e-mail client. Outside of the USA you had to use their crappy e-mail client. I guess 'pester power' in the USA was the reason for that.

 

Vger

Link to comment
Share on other sites

  • 2 weeks later...

Hi Guys

 

I am trying to get my store set up I kind of had it working (apache prob with access rights to complete.php was the only prob) but whilst trying to sort this yesterday, I suddenly started getting a "Not a valid allowed URL" Message from BMS whenever I went in there. I spoke to BMS this morning and they said that the referring URL had suddenly got the .../catalog/checkout_confirmation.php?osCsid=... appended to the URL, where as it hadn't before, instead of the clean .../catalog/checkout_confirmation.php. Any ideas on how to get rid of it or make it work otherways.

 

Cheers

 

 

Dave

Link to comment
Share on other sites

Sorry Joe, but Dave MUST NOT, under any circumstances, install the SID Killer contribution. In the words of the person who wrote it "It doesn't work, and never has, and that's why I have up on it. I wish they'd remove it from Contributions".

 

If Dave is using no SSL or a full SSL certificate then he can remove the session id by turning on 'Force Cookie Use' under Configuration --> Sessions in the osC admin panel. This feature cannot be used however with a shared ssl - as the http and https cookie domains must match up.

 

Vger

Link to comment
Share on other sites

Yeah sorry, I didn't actually mean installing those, just looking them up to see how the sid is generated, why and how to disable it. For educational purposes.

 

I only have Ultimate SEO URLs and never had this issue. Indeed, I'm forcing cookies like you suggested Vger.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

Hi Guys,

 

I'm at the stage now where my site is online and I've got all my merchant numbers/passwords etc ready.

 

I've just been re-reading all the posts here and the install instructions and have a few questions:

 

1) The htaccess/passwd files in the CPI dir; what username and password should they have? The one which you enter via the admin/edit for the ePDQ module? (so does that mean barclays server replys using your username/password? I must admit, I'm a bit confused about this bit.

 

2) The url which is set in the ePDQ.php file; it's currently set to https://secure2.epdq.co.uk/cgi-bin/CcxBarclaysEpdq.e Is this the same for all online stores?

 

3) I've obviously got something wrong as when I try and make a transaction i just get an error from barclays saying " Error: Unable to read configuration file. " Any ideas what this means?

 

Thanks in advance,

 

Gary

Link to comment
Share on other sites

1. Spot on. That makes sure Barclays is the only system in the world able to access those files.

 

2. Please elaborate, which URL, which variable was it?

 

3. Never seen that, but clear up 2. first and 3 might be solved right away as well. For 3. you can ring the guys on 0870 60 80 355 as well.

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

Joe,

 

Thanks for replying so fast. The URL/variable is in the ePDQ.php file at line 43 (code snippet below)

 

 ? function EPDQ() {
// ? ? ? ?print "ePDQ initialised<br>MODULE_PAYMENT_EPDQ_STATUS = ".MODULE_PAYMENT_EPDQ_STATUS."<br>";
? ? ?$this->code = 'ePDQ';
? ? ?$this->title = MODULE_PAYMENT_EPDQ_TEXT_TITLE;
? ? ?$this->description = MODULE_PAYMENT_EPDQ_TEXT_DESCRIPTION . ' ' .EPDQ_VERSION;
? ? ?$this->enabled = MODULE_PAYMENT_EPDQ_STATUS;
? ? ? ? ?// Graith mod - added a sort order
? ? ?$this->sort_order = MODULE_PAYMENT_EPDQ_SORT_ORDER;
? ? ? ? ?// Graith mod - OSC 2.2 uses this property to set the form action on the confirmation page
? ? ?$this->form_action_url = 'https://secure2.epdq.co.uk/cgi-bin/CcxBarclaysEpdq.e';

 

With the htaccess, you mean the username is your merchant ID?

 

Gary

Edited by excession
Link to comment
Share on other sites

The htaccess password and username can be anything you want as long as you tell Barclays what it is in the CPI admin feature here: https://cpiadmin.epdq.co.uk/cgi-bin/CcxBarc...EpdqAdminTool.e

 

The ePDQ line 43 is fine. I have that link too so that should work.

 

The configuration error now makes sense since I suspect you haven't been to the CPI configuration link I posted above yet. Log in there and configure it according to your manuals, or ring them for assistance. Your code seems good to go (after you set the CPI username and password).

Johan a.k.a. T0PS3O elsewhere.

 

Contributed Barclay's ePDQ Payment Module though not originally mine. Made it work though...

Link to comment
Share on other sites

You're making this harder than it need be. Just use the Password Protect feature in your web hosting control panel to set up the protection for the CPI folder, and this writes the access files for you and puts them in the correct place in the file structure. It's this User Name and Password which you then supply to HSBC for accessing the CPI folder.

 

Vger

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...