HSBC secure-epayment module

[♥Vger]

Take a look at your cookie path for http, and try /catalog/. Don't put anything for https.

 

Was there a particular reason for installing oscommerce in a folder one level above your htdocs (or html) folder? If there is no other site at the root level (htdocs or html folder) I would have installed it in the root directory.

 

The rest of your config file looks okay.

 

Vger

Thanks for the input, I changed those but it made no difference. I also found I had a problem with losing session information, however I have fixed that and it's STILL not working!

 

FYI the smtp bit is a variable I use later in ini_set to set the mail server rather than have a whole php.ini just to set the e-mail details.

 

The SSL is a domain cert not a shared cert.

<{POST_SNAPBACK}>

[Guest]

Sorry, I was sure I had posted the solution in here last night!!

This was really crazy, I had changed getHash and it appeared to work fine for before_process but not for hsbc_return, so I changed hsbc_return. It didn't die or cause any apparent problems, it just wasn't working properly so I changed before_process in hsbc.php to call the module direct and it all worked like a dream.

 

 

//$hash=$this->getHash($post_2);

$comobj = new COM("CcCpiCOM.OrderHash") or die("Fatal Error, Couldn't contact HSBC. Contact store Owner");

$hash = $comobj->GenerateOrderHash($post_2,MODULE_PAYMENT_HSBC_HASH) or die("Fatal Error, Couldn't contact HSBC. Contact store Owner");

$comobj=null;

if ($order_hash!=$hash) die ("Fatal Error, cannot confirm payment, contact store owner.");

 

 

hsbc_return.php was already modified to:

 

//$hash=$hsbc->getHash($post_2);

$comobj = new COM("CcCpiCOM.OrderHash") or die("Fatal Error, could not Check Credit Card Payment. Contact Store Owner.");

$hash = $comobj->GenerateOrderHash($post_2,MODULE_PAYMENT_HSBC_HASH) or die("Fatal Error, could not Verify Credit Card Payment. Contact Store Owner.");

if ($order_hash!=$hash) die("<br>Hacking attempt! hash=" .$hash. "orderhash=" . $order_hash);

$comobj = null;

 

 

 

This is for a site using windoze/IIS with the .dll's installed.

 

HTH someone else with this problem.

[magicman]

Hi,

 

I've been using HSBC for a few months now and after an initial struggle it was working fine. We've had orders come through correctly both on HSBC's side and our (oscommerce) side. HOWEVER, for some reason it's suddenly stopped working. It processes the order on HSBC's side but not on the OScommerce side. I have changed NOTHING and it's stopped working. It completes the order as normal and takes the user to the order success page but doesn't add the order to the oscommerce db and keeps the item(s) in the cart. Any ideas? Have HSBC changed anything?

 

Thanks

 

Josh

[♥Vger]

I seem to remember someone posting (not sure if its this forum or another one) that HSBC had changed something, denied changing anything, and then finally fessed up to it.

 

However, it's far more likely that your hosting company has changed something.

 

FYI osCommerce works much better on Linux or Unix servers than Windoze servers. Windoze are a real pain when it comes to handling databases, and Linux is far more stable and reliable. I would never use Windoze servers again.

 

Vger

Edited October 4, 2004 by Vger

[magicman]

Hi,

 

A bit more reading and I found that Neil's order ID fix solved the problem (or is that the order ID fix fix? :))

 

Thanks Neil!

[richandzhaoyan]

Hi Guys,

 

Disaster has struck again!!

 

All fine all week, now Saturday afternoon and it appears that HSBC have sunk again.....

 

After not getting any orders since last night, bery unusual for a Saturday I tried to run an order myself. The site connects through to HSBC fine and the welcome page appears, but when you click on continue you just get

 

Communication Failure

 

We have been unable to proceed with your transaction due to a communication failure.

 

Please Close your browser window and confirm the status of your order with the merchant.

 

This is still part of HSBC's site, but aparaently down!!

 

Tried phoning the helpline number just to get a recorded message about how they only man the office Monday to Friday.

 

Any ideas on how I can fix this or who I can call? I am losing big orders if it stays down over the weekend.

 

 

Anyone else in the same boat?

[richandzhaoyan]

Just taken the liberty to try somebody elses Store (Hope he doesn't mind!) and guess what - same thing.

 

Suggest everyone tries there site ASAP and if anyone can think of letting HSBC know the problem they shout now!!

 

Looks like at least some of us are going to be badly out of pocket by Monday :angry:

[♥Vger]

Their website integration people have this number (0845 6022880), but I have phoned this 'out of hours' and have ended up at their normal call centre switchboard. Sorry, don't have time at the mo' to run a test order, but will definitely do so Sunday.

 

Vger

[♥Vger]

OK did have time, only took two minutes. Went through to the hsbc landing page, then clicked 'continue' and ended up on the credit card details page - as I should have.

 

I think anyone using HSBC with osCommerce should upgrade to the latest module (the third) from the writers' own website. The first two appear to be nothing but trouble.

 

Vger

[richandzhaoyan]

Thanks for checking Rhea.

 

I hear what you are saying about the module but I don't think this has anything to do with OScommerce or the HSBC modules.

 

This is definately a HSBC problem - Nothng has changed at my end at all.

 

This is the second time in a couple of weeks that they have had problems. Really hacks me off, especially considering how much we gotta pay in commision and they can't even man a telephone!

 

I have tried the number you list and just get the recorded message, no transfer to anyone to talk to!

 

I have tried calling a number for their general switchboard but it just rings and rings and rings.....

 

Have e-mailed them but no reply!

 

Maybe they are just very busy trying to fix the problem....Lets hope so anyways.

 

Well, I've done all I can think of for now so I'll just get on with some waiting!

[richandzhaoyan]

Well Guys,

 

All back to normal....!?!? I haven't done a thing so I guess it was just a blip by HSBC.

 

Can't think of any other explanation. So, I am happy again, well happier at least. Its a bit of a b****r to find out that you cannot contact anyone at HSBC on a weekend, when the internet use is at its highest and everyone is e-shopping!

 

'Till the next time...

 

Cheers

Rich

[luqi]

I have my module installed by Mr Leon who has actually created this module from scratch and he has now very professionaly installed it in my site and it is working great.My special thanks to Mr Leon who is fully recommended and after that lynda gets the credit for all this who very generously contributed it to oscom ,the only problem i am facing is too many pop ups asking "you are entering from non secure area to secure area to do want to proceed" or some thing like this which seems annoying for customers and if it comes once only then it is fine but 6 to 7 times is little too much.

Can any one help and let me know how you got rid of this problem as Mr Leon told me that it is hard coded and because your theme designer

didn't realize that the shop could be under SSL and there are hardcoded

links to images using http:// instead be relative. To solve this

problem,contact your theme designer.

In the light of above please reply as i do not have any web designer and have been using free lancers in the past.

Help will be appreciated please.

[meds]

I can heartly recommend Jose Leon after the fantastic job he did installing into our very customised OSC. I feel much safer too after he finished testing our site.

 

With regards to the hard coded images, try looking in your /includes/configure.php script...

 

Regards

Simon.

Edited October 28, 2004 by meds

[deanash]

I noticed that a lot of the posts are very old here but is there anyone that can help me integrate the HSBC payment module into our shop?

It is running on Win2k3 IIS and i would be quite happy to pay someone for their time.

 

If you can help please email me [email protected].

The site is pretty much complete and i have taken the HSBC module as far as i can ... just needs to be taken that next step!!

[Guest]

I am also having great difficulty in getting any response from this module.

 

I started by having to install mhash ans mcrypt which I did succesfully only to discover that the TestHash.e script returns nothing. Not a sausage!!

Am I missing something?

 

I have all the CPI files in the cgi-bin and the path I think

 

/home/sites/site48/web/cgi-bin/TeshHash.e

 

looks correct.

 

How can I test the hash maker? How do I know if it is even being executed?

 

If anybody can help me out here I will gladly pay them.

 

Thanks in advance

 

PS. The server is a raq4

[♥Vger]

You should never use this sort of file pathway for such a crucial application. If your hosting company upgrades anything, installs new servers etc. then your site number could change (and most often they won't tell you what they've done)

 

/home/sites/site48/web/cgi-bin/TeshHash.e

 

You should instead use a pathway similar to this (which should not vary)

 

/home/virtual/yourdomain.com/var/www/html/

 

We do install HSBC E-secure modules, but only for our customers, and on our servers (and even then it is a real pain!).

 

Vger

[Guest]

Well the hosting company is me, its my server so I'm pretty sure that its the right path.

[Guest]

I am also having problems with the HSBC module. I have installed the files and changed them according to J?se's instructions. I just need someone to help with the final steps. Any help atall will be appreciated. Our site is Our Site. Thanks in advance

[♥Vger]

I think you'll find that your first problem is that you don't have an ssl cert of any sort (shared or full). Look through the cd rom that HSBC sends out, because I have a feeling that one of their conditions is that they only connect to an ssl address. In any event, I wouldn't give my details (name, address, email address, phone number etc.) to a company that doesn't secure them behind an ssl.

 

Vger

[Guest]

I have created a .CRT file on my servers control panel, how do i get this to secure the site then??

[Guest]

Have you bought and SSL cert?

[♥Vger]

It's not a CRT it's a CSR (Certificate Signing Request). You use this when you purchase your SSL certificate, and then you will receive the text file that contains your SSL details. You then Import these details into your Control Panel (probably right below where your CSR details have appeared).

 

Vger

I have created a .CRT file on my servers control panel, how do i get this to secure the site then??

<{POST_SNAPBACK}>

[Guest]

When i purchased my webspace, we went for the higher pack that included a secure server.

[Guest]

I have created a CSR aswell as a CRT and a KEY. I still don't know how to make it a secure server.

[♥Vger]

You may have a 'secure server, and generated a CSR and set up a CRT and key in your httpd directory, but have you purchased an ssl cert and done an 'import' of it? After you do that the httpd will need to be rebooted, which, unless you have your own dedicated server, your web hosting company will have to do for you.

 

Vger