Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

Hi All,

 

Can anyone advise as to why I am getting a blank hsbc_return.php once customers are returned to the store?

 

I've checked the forums and there's no extra space, coding etc at the top of that file, and I previously removed the line "java/"from spiders.txt in order to solve the problem of orders not posting to admin (which worked)

 

Now everything works, orders get posted to admin, but just got this issue of a blank screen to solve!

 

Any ideas as to what to check would be greatly appreciated!

 

thanks,

 

Rob

Link to comment
Share on other sites

  • 1 month later...
  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Hey everyone - just to say I managed it, and here's a few things that might help:

 

 

I did it with the following:

  • Latest version of HSBC Module
  • Files from HSBC CD (they send you it)
  • on 1and1 hosting
  • with no previous knowledge regarding cpi

KEY NOTE: If you are hiding the shop while you work on it e.g. using .htaccess to password it - this will obviously stop HSBC doing the postback and mean that no data is written to the database or emails sent. Its a simple obvious thing but it had me caught for a while! - Make sure when testing that the whole shop is accessable to the public - because if its not then hsbc cant access it either.

 

Things to try if not working:

  • make sure you have LATEST version
  • make sure public can access shop
  • if getting hacking attempt error - mess about with currencies

The actual install works completly fine on 1and1, you can view my shop @ http://www.wheels-near-u.co.uk (shop not open till october)

 

 

Hope this helps a little!!!

 

.w.

Link to comment
Share on other sites

after reading all the doom and gloom about HSBC CPI integration I read your post with interest ...

 

Latest version of HSBC Module

Files from HSBC CD (they send you it)

on 1and1 hosting

with no previous knowledge regarding cpi

 

Excuse my ignorance but where do the files need to be installed?

 

Did you just use the HSBC supplied files or did you use another osCommerce contribution as well?

 

Any help would be much appreciated.

Link to comment
Share on other sites

after reading all the doom and gloom about HSBC CPI integration I read your post with interest ...

 

Latest version of HSBC Module

Files from HSBC CD (they send you it)

on 1and1 hosting

with no previous knowledge regarding cpi

 

Excuse my ignorance but where do the files need to be installed?

 

Did you just use the HSBC supplied files or did you use another osCommerce contribution as well?

 

Any help would be much appreciated.

 

I too seem to have it working. All of the hiccups I had were down to not reading documentation properly or, in some cases, documentation not being clear. The error messages returned by HSBC are insufficient for debugging. If the error is a mismatch of message hashes, this contribution warns that the connection may be hacked, which is true when you have things working but isn't helpful if you have problems during setup.

 

If I wasn't a PHP programmer comfortable with using the Unix command line then I would not have got this installed without help. That's down to HSBC's choices in building this interface and not a problem with this contribution. In my opinion, HSBC's design choices require you to have more skill to debug this installation than you might usually be expected to have for OSC contributions and also to have access to features that your usual choice of host might not allow.

 

FYI, I am running a CentOS server, which is based on Redhat. (I dont know if this is why the more complex HSBC test files, compiled for Redhat, fail with a segmentation fault when I try them.)

 

You need:

  1. The HSBC supplied files from the CD. I used the C files compiled for RedHat.
  2. This forum's contribution (version 3.1 at the time I write)
  3. The credentials for either a test account at HSBC or your live account.

    1. 13 character Store ID, also referred to as Client Alias. For your live account the Store ID is based on your merchant ID. For the UK it's UKxxxxxxxxGBP where xxxxxxxx is the merchant ID, which ends with a 1 in all cases as a sanity check.
    2. URL to POST data to: http://www.cpi.hsbc.com/servlet for the live system or the URL HSBC sent you with your test credentials (see below).
    3. The hash key, also known as the shared secret.

[*]Your site must also have a certificate installed for SSL/TLS. Mine is a RapidSSL certificate.

 

You need to copy the HSBC CD files TestHash.e & libCcCpiTools.so to somewhere on your server that is within PHP's allowed path for calling executables but is not within your http server's root. Depending on your hosting, you may need help from your provider for this. Similarly, I believe HSBC expect you to understand the first sentence of this paragraph to get this job done. Follow this contribution's instructions for checking on the command line that TestHash.e is working. Try to place an order in your store and when you reach checkout_confirmation.php, check the source html and see if there is a hash in the OrderHash hidden input field. If so, then it looks like the hard part is working.

 

If you don't have your merchant details then email [email protected] and ask for a test account. In about a day they will email back test login credentials and give you a number to call for a password. They did then try to take me through security with our merchant number, which hadn't been issued yet (duh) but after a short explanation that I was testing ahead of time and that our application was in progress they gave me my extremely trivial test password. You don't need this password to get the contribution working by the way; it's for logging into their test backend where you can see transactions posted and the like. While not necessary, this does give you a warm feeling that transactions are going through OK and may be helpful for debugging if you have a problem elsewhere. They will also email you a technical support number and you can get support through this email address.

 

Problems I had that I fixed:

  • I was unclear what the Store ID was and had the wrong number in the field.
  • My links back to hsbc_return.php and checkout_process.php on my server didn't have https in them due to a typo (my fault) in my store's config.php. (duh)
  • I spent time adjusting the timezone when I didnt need to, as HSBC said they required WET which I didn't know was the same as UTC (=GMT).
  • I wasted a lot of time trying to get HSBC's tests from the CD working. Don't bother. Just check manually on the command line that TestHash.e (if you are using the C version) works and you will be fine.

 

I think that you could probably work out any issues by looking at the html source of OSC's checkout_confirmation.php before you press the Confirm Order button. Cast your eye over the fields to be submitted and make sure they are all valid. Apart from the problems I had, others seem to have had issues with their currency code: Make sure it is one that your merchant contract with HSBC allows.

 

I confess, with an abashed look, that more time spent trying to make sense of the poor HSBC documentation might have helped me. HSBC calling my test Store ID a Client Alias and sending me another number called a Client ID didn't help.

 

I have to a bit blunt here and say, in a friendly way folks, that this forum would have been more helpful if people coming back and saying "hey, I got my last problem fixed" had also said how. I know it's more effort to type it up, and I've been as guilty as others myself before, but it makes so much difference to someone wondering where to turn next.

 

And if you are asking for help on a specific technical sticking point, please do give some useful data. A copy of the fields you are trying to POST to HSBC would be a good starter.

 

I'll turn on email notification on this thread and will help anyone I can. Don't ask me about Windows, Java or compiling your own binaries or I'll hide under the table until you've gone away.

 

Ax

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

Hi Andy,

 

Many thanks for taking the time to write such a detailed reply which is much appreciated.

I am a bit rusty on my php and this will save me a lot of time.

I have successfully integrated WorldPay and PayPal in the past but this is a first for me with HSBC which seems to be a bit more complex than the others?

 

Anyway thanks again and have a good day.

 

 

Andy

Link to comment
Share on other sites

Dear Sirs and Madams,

 

I'm having tons of problems with the HSBC - it's my nightmare and my headache.

 

I installed HSBC XML API contribution, but HSBC declines any order placed, even if the card data is correct and it doesn't work for dummy test data.

 

I've just installed HSBC e-Secure v3.1. Upon pressing the 'Confirm' button on checkout confirmation page, it takes me to the https://www.cpi.hsbc.com/servlet, but within a second redirects to the https://www.mysite.co.uk/hsbc_return.php and shows the following message: 'Hacking Attempt'.

 

It returns the following POST variables:

[storefrontId] =>XXXXX

[OrderId] => Order XXXXX-YYYYYY

[PurchaseAmount] => 596

[PurchaseCurrency] => 826

[PurchaseDate] => 1223304982707

[shopperEmail] => my@email

[MerchantData] => ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

[CpiResultsCode] => 12

 

What should I do in order to make e-Secure 3.1 work.

 

Thanks,

Serge

 

Hi Serge - don't know if you still need help on this one. Look at the html source of checkout_confirmation.php before you press the Confirm button and check that all of the data you are passing is valid.

 

If there is no hidden field value like name="OrderHash" value="o+cmhhryriSHHR1ZVIiVeLrafkk=" then the hash generation files that you install from the HSBC CD are not working correctly. If you do have a hash value here, then one of your other inputs may be incorrect.

 

Make sure that if your server's time is not in the GMT/UTC/WET time zone that you apply the correction in the contribution's documentation. If you are, for example, 3 hours east of UTC then you will be subtracting 3*3600.

 

Make sure that you are using a currency supported by your merchant account.

 

Make sure your storefront ID, which you have blanked out here, is correct. For a live account it should be 13 characters long of the form XX87654321YYY where YYY represents your currency, 87654321 is your merchant ID and XX represents your country (I assume, as mine is UK). For a test account use the Client Alias sent to you by HSBC tech support.

 

A.

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

Hi Andy,

 

Many thanks for taking the time to write such a detailed reply which is much appreciated.

I am a bit rusty on my php and this will save me a lot of time.

I have successfully integrated WorldPay and PayPal in the past but this is a first for me with HSBC which seems to be a bit more complex than the others?

 

Anyway thanks again and have a good day.

 

 

Andy

 

No problem. I got a successful test transaction at 10pm last night and thought I'd write while I remembered what I'd done.

 

I've done WorldPay and PayPal too, both using OSC contributions and also my own PHP code. With both systems I've used the CPI equivalent: handing off to the bank's secure server using POSTs rather than fronting their API. I would use an API as a last resort really, as it means you are carrying the extra risk of people's card details passing through your server. With CPI style hand-off you can honestly tell people that there is no way you could know their card details.

 

Yes HSBC is more complex and this was my first stab at it. It would be easier if there was better documentation. I can understand HSBC not wanting to give too much away in error messages, but they don't make up for this deficiency with clear docs. The result is that the most minor issue can seem unfixable and there is no clear debugging path.

 

Good luck with it!

 

Andy.

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

I would be interested to hear from anyone who's used the hsbc module 1.1 dated 2005 in my link above; I briefly tested it but found that the HSBC site hung and the order was not entered into osc; maybe there was an issue on the HSBC server or maybe there are some compatibility issues, I don't know.

 

Hi Nick - don't know if it helps, but as I understand it your account with HSBC is set to either use CPI or API, not both. So if you are set up for CPI and try to use an API contribution then it will fail. Check with HSBC tech support on this.

 

A.

Edited by andymacaulay

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

PLEASE HELP HSBC PAYMENT MODULE problem

 

This is my first time using OSCommerce for a client www.portclothing.com - the site works fine up until the payemnt part. The client isusing HSBC secure e-payments and it fails because the order hash is not being sent.

 

The site is sitting on a Rackspace windows server and I cannot get past this stage.

 

I have gone to and fro between Rackspace and HSBC and cant get it resolved. Does anyine have any advice as I am stumped on how to resolve this.

 

Any assistance is appreciated.

 

Chris

Link to comment
Share on other sites

Hi

 

Is their anyone that is willing to take on a paid installation to get HSBC setup on my site?

 

It was working ok until HSBC changed or upgraded something to their systems. Since then duplicate payments were being taken, cards declined etc. So basically not working as it should be.

 

I am happy to pay someone to get this working ok on my store.

 

Anyone?

 

Thanks in advance.

Link to comment
Share on other sites

PLEASE HELP HSBC PAYMENT MODULE problem

 

This is my first time using OSCommerce for a client www.portclothing.com - the site works fine up until the payemnt part. The client isusing HSBC secure e-payments and it fails because the order hash is not being sent.

 

The site is sitting on a Rackspace windows server and I cannot get past this stage.

 

I have gone to and fro between Rackspace and HSBC and cant get it resolved. Does anyine have any advice as I am stumped on how to resolve this.

 

Any assistance is appreciated.

 

Chris

 

 

Hi Chris - hope you don't mind but I have just gone through the process of adding an item to my basket and going through checkout so I can see the fields you are submitting to HSBC.

 

First point: your server certificate is giving an error of a self-signed root so you may want to check the installation of that.

 

Second: check that your config.php is correct and that your filepaths in filenames.php are OK. Some of your secure URLs have no / between the hostname and filepath. Consequently the return URL you are sending to HSBC for CpiDirectResultUrl is not valid.

 

Third: test TestHash.e (if you are using C) on the command line to see if it is installed correctly.

 

All the best, Andy.

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

Hi

 

Is their anyone that is willing to take on a paid installation to get HSBC setup on my site?

 

It was working ok until HSBC changed or upgraded something to their systems. Since then duplicate payments were being taken, cards declined etc. So basically not working as it should be.

 

I am happy to pay someone to get this working ok on my store.

 

Anyone?

 

Thanks in advance.

 

Hi Costa - If it's due to changes at HSBC and things were working before, then you might try resolving things with HSBC technical support if you have the technical knowledge that got this working the first time.

 

Andy.

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

Well - one hiccup!

 

I changed my setup from the test server credentials to my live credentials, but with the test flag set.

 

And I started getting errors warning me of fraud!

 

It turns out (and this may be mentioned in the forum somewhere) that with the test flag set, transactions through the live server must be less than a pound and must use a real debit/credit card. You cannot use a test card number such as 411111111111111.

 

Otherwise, touch wood, it works.

 

In summary, this OSC contribution is good and does the job. HSBC's design of the interface and extremely poor documentation are where the problems lie, in my opinion, and I will recommend to any clients without an existing HSBC relationship that they use Worldpay instead.

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

Just wanted to say thanks to the posts saying to change the code in hsbc.php if your timestamp is going wonky and being 1.xxxxxxxE+xx thus giving you invalid data messages. I have just moved all my clients from one server to another and all of a sudden the code that worked on my old server no longer worked. Must be something to do with FreeBSD as my old one (6.2) worked fine with the old code. The new server is FreeBSD 7.

Link to comment
Share on other sites

I have the following set up in my module.

 

Transaction Mode - P Production

Transaction Type - Auth

Enable Billing information - True

Enable Delivery information - True

 

 

My problem is that it goes to HSBC's site and transaction is taken then diverted back to the website. Even though it does all that, the sale is not recorded in Admin or under customers account.

 

Anyone experience something similler or can suggest what the problem might be.

 

Thanks in advance.

Link to comment
Share on other sites

Can anyone help me out here....I have used OSCommerce (php on a windows platform) and it is failing at the last stage to pass the orderhash to the HSBC site.

 

Please let me know if there is anyone who has used oscommerce successfully on a windows box who is a HSBC customer.

 

Regards

 

Chris

Link to comment
Share on other sites

Hi Chris - hope you don't mind but I have just gone through the process of adding an item to my basket and going through checkout so I can see the fields you are submitting to HSBC.

 

First point: your server certificate is giving an error of a self-signed root so you may want to check the installation of that.

 

Second: check that your config.php is correct and that your filepaths in filenames.php are OK. Some of your secure URLs have no / between the hostname and filepath. Consequently the return URL you are sending to HSBC for CpiDirectResultUrl is not valid.

 

Third: test TestHash.e (if you are using C) on the command line to see if it is installed correctly.

 

All the best, Andy.

 

Thanks Andy

I shall get the security certificate re-installed and check on the forward slash issue.....would you try out placing an order agian and if I have missed any / issue will you let me know

 

Many Thanks

 

Chris

Link to comment
Share on other sites

Thanks Andy

I shall get the security certificate re-installed and check on the forward slash issue.....would you try out placing an order agian and if I have missed any / issue will you let me know

 

Many Thanks

 

Chris

 

 

Hi Andy

 

The security certificate has been re-installed.

 

Here are my comments on the points you mentioned:

 

1. I don't think we're using the Windows version of this site, mainly because I've never seen a more difficult to configure web site shopping cart than this one.

 

2. We will check the configure.php and filenames.php files

 

3. Test TestHash.e (if you are using C)

I don't know what you are referring to here. Getting a clarification on it would be best as this may be the key to sending the orderhash, or it may be the indicator that this is not the Windows version of this site.

 

I really appreciate your help and if you could let me know as soon as you can that would be a real help.

Link to comment
Share on other sites

Just wanted to say thanks to the posts saying to change the code in hsbc.php if your timestamp is going wonky and being 1.xxxxxxxE+xx thus giving you invalid data messages.

 

 

Hi Colin, what did you do to solve this problem? I'm having the same difficulty. :rolleyes:

Link to comment
Share on other sites

I've removed the line

$time=$time*1000;

so now the timestamp is coming out as

<input type="hidden" name="TimeStamp" value="1231846071">

.

Now the error message is "The processor did not return a response." I've no idea where to look this time. :huh:

Link to comment
Share on other sites

Hi Chris - only just seen your recent posts, sorry. I'll review our past posts and take a look a your site again. A.

 

Hi Andy

 

The security certificate has been re-installed.

 

Here are my comments on the points you mentioned:

 

1. I don't think we're using the Windows version of this site, mainly because I've never seen a more difficult to configure web site shopping cart than this one.

 

2. We will check the configure.php and filenames.php files

 

3. Test TestHash.e (if you are using C)

I don't know what you are referring to here. Getting a clarification on it would be best as this may be the key to sending the orderhash, or it may be the indicator that this is not the Windows version of this site.

 

I really appreciate your help and if you could let me know as soon as you can that would be a real help.

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

Well - a quicker response than I thought I would manage, but not too helpful for you I'm afraid.

 

Looking at your server headers, you are clearly on a Windows machine and my expertise is Linux/Unix. We'll have to agree to differ over ease of use :)

 

Ignore the TestHash.e thing - you'll need to use the Windows files HSBC supply and find someone who knows what they are doing on your platform. Sorry about that. :( There does appear to be a Windows executable TestHash.exe that will allow you to test hash generation (possibly on the WinNT command line). HSBC supply 2 Windows options: NT DLLs & executables and COM DLLs for which there are example ASP & ColdFusion files but which you choose and how you implement them is beyond my knowledge.

 

A general question: Does anyone know whether this contribution will work on a Windows installation of OSC? Is the way it calls the underlying executables cross-platform?

 

A.

 

Hi Andy

 

The security certificate has been re-installed.

 

Here are my comments on the points you mentioned:

 

1. I don't think we're using the Windows version of this site, mainly because I've never seen a more difficult to configure web site shopping cart than this one.

 

2. We will check the configure.php and filenames.php files

 

3. Test TestHash.e (if you are using C)

I don't know what you are referring to here. Getting a clarification on it would be best as this may be the key to sending the orderhash, or it may be the indicator that this is not the Windows version of this site.

 

I really appreciate your help and if you could let me know as soon as you can that would be a real help.

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

Erm - the timestamp needs to be 13 characters long and in milliseconds, so the code you have removed is essential. A.

 

I've removed the line
$time=$time*1000;

so now the timestamp is coming out as

<input type="hidden" name="TimeStamp" value="1231846071">

.

Now the error message is "The processor did not return a response." I've no idea where to look this time. :huh:

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

Hi Chris - on more thing - the slash issue is still there.

 

In your configure.php include file, make sure that you have the following with the slashes on the end of the URLs:

 

define('HTTP_SERVER', 'http://www.portclothing.com/'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.portclothing.com/'); // eg, https://localhost - should not be empty for productive servers

 

 

Otherwise the only thing wrong with the data embedded in your confirmation page is that the hash is missing. My prediction is that if you can find out how to fix that then you will have a working interface.

 

A.

 

Hi Andy

 

The security certificate has been re-installed.

 

Here are my comments on the points you mentioned:

 

1. I don't think we're using the Windows version of this site, mainly because I've never seen a more difficult to configure web site shopping cart than this one.

 

2. We will check the configure.php and filenames.php files

 

3. Test TestHash.e (if you are using C)

I don't know what you are referring to here. Getting a clarification on it would be best as this may be the key to sending the orderhash, or it may be the indicator that this is not the Windows version of this site.

 

I really appreciate your help and if you could let me know as soon as you can that would be a real help.

Andrew Macaulay-Brook, BEng MBCS CITP

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...