jonwall Posted February 15, 2005 Share Posted February 15, 2005 using my own account now, i'm the guy uploading the site for surface2air, and i've exhausted all the ideas i've had for solving the problem with the hacking attempt, i can't see what's wrong with it after looking through all of the other related posts. I've tried using the absolute path, i have a shared ssl certificate and a dedicated one on the way, files are uploaded to the cgi bin with chmod 755 but it still comes up with hacking attempt-any ideas anyone? Quote Link to comment Share on other sites More sharing options...
jonwall Posted February 15, 2005 Share Posted February 15, 2005 using my own account now, i'm the guy uploading the site for surface2air, and i've exhausted all the ideas i've had for solving the problem with the hacking attempt, i can't see what's wrong with it after looking through all of the other related posts. I've tried using the absolute path, i have a shared ssl certificate and a dedicated one on the way, files are uploaded to the cgi bin with chmod 755 but it still comes up with hacking attempt-any ideas anyone? <{POST_SNAPBACK}> problem now sorted... Quote Link to comment Share on other sites More sharing options...
jonwall Posted February 15, 2005 Share Posted February 15, 2005 Paul, Unfortuantely the Invalid Data Error is not because you are in test mode it's because something is wrong.  Check to make sure your hash is generating, to do this open the source for the confirm order page and search for OrderHash, if there is no value then the hash is not generating. Regards Neil Westlake DJBox.co.uk <{POST_SNAPBACK}> I've had this error message come up too, while in test mode though. I searched for OrderHash in checkout_confirmation.php and there is a value, but it's still not working. Any ideas? Cheers, Jon Quote Link to comment Share on other sites More sharing options...
ppollock Posted February 16, 2005 Share Posted February 16, 2005 Does anyone know if this contrib works with FreeBSd?  Thanks  Peter Quote Link to comment Share on other sites More sharing options...
♥Vger Posted February 16, 2005 Share Posted February 16, 2005 Free BSD - excuse me while I roll over on my back, kick my legs up in the air, and die laughing!  Sorry - just my jaundiced view of Free BSD (used by the likes of PowWeb).  Really though - you're going to have more than enough trouble trying to get this to operate on a decent server setup, let alone trying to run it on FreeBSD.  Vger Quote Link to comment Share on other sites More sharing options...
ppollock Posted February 17, 2005 Share Posted February 17, 2005 problem now sorted... <{POST_SNAPBACK}>  JonWall, What did you do to sort the problem? I'm having the same issue.   Regards  Peter Quote Link to comment Share on other sites More sharing options...
K-P Posted February 17, 2005 Share Posted February 17, 2005 Hello,  I've got the module working but i receive no order updated in oscommerce admin, and no order emails come through, the order goes through on hsbc site tho   any ideas? Quote Link to comment Share on other sites More sharing options...
ribs Posted February 17, 2005 Share Posted February 17, 2005 Kev,  You most likely have an error in your checkout_process.php file, this file is responsible for entering the data into the database and sending the email.  Trying accessing the file using a browser to see if it outputs an error, if it directs you to the login page the error could still be there but it's not a parsing error.  Regards  Neil Westlake DJBox.co.uk Quote Link to comment Share on other sites More sharing options...
K-P Posted February 17, 2005 Share Posted February 17, 2005 (edited) hmm all seems ok,  site works fine with paypal aswel  when going to test mode should orders show up in the osc admin also? Edited February 17, 2005 by K-P Quote Link to comment Share on other sites More sharing options...
K-P Posted February 17, 2005 Share Posted February 17, 2005 (edited) think i've fixed it  mainly because the site is heavily modded adding:  tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, 'order_id='.$insert_id, 'SSL'));  to hsbc_return file and having  tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'order_id='.$insert_id, 'SSL'));  at the end of checkout_process file seems to have cured it Edited February 17, 2005 by K-P Quote Link to comment Share on other sites More sharing options...
ribs Posted February 17, 2005 Share Posted February 17, 2005 Kev,  In test mode the orders will show just the same as in production mode. Believe me the problem your looking for is very difficult to find.  Check the order_id, the database is set to only hold 11 digits, if this goes over or theres any letters in there it won't update.  Regards  Neil Westlake DJBox.co.uk Quote Link to comment Share on other sites More sharing options...
K-P Posted February 18, 2005 Share Posted February 18, 2005 Thanks for the reply neil,  I'm pretty sure i've fixed it now, and the order id number is only 9 chars so far, so hopefully it wont go over 11 :)  Thanks  Kev Quote Link to comment Share on other sites More sharing options...
♥Vger Posted February 18, 2005 Share Posted February 18, 2005 You can always intervene in the mysql database to get the order_id to accept a larger number of digits.  Vger Quote Link to comment Share on other sites More sharing options...
petemartin Posted February 18, 2005 Share Posted February 18, 2005 Hi, Â I use Web Fusion SOHO and i am trying to use the HSBC payment module. Can anyone give detailed instructions on how this is done - seeing as some people have completed this seemingly complex task? Thanks! Quote Link to comment Share on other sites More sharing options...
petemartin Posted February 18, 2005 Share Posted February 18, 2005 Hi Neil, Why don't you give webfusion.co.uk a go?  I've not even got a top account and I can host anything! It's got a great control panel, very good customer service and my programmer seemed to set everything up fine!  You get SSH which is what you need to run the executables (??) which I know you need...  Give it ago, I'm using SoHo - ?150/year.  Alex  P.S. I don't work for them, believe it or not! <{POST_SNAPBACK}> Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 10, 2005 Share Posted March 10, 2005 Okay - after having the HSBC e-Secure module up and running for over six months without a hitch it's now well and truly broken.  Last night the new version of the website was uploaded, and HSBC stopped working. No HSBC files were overwritten. At first I thought it was to do with a new javascript drop down header, but that was replaced with a simple header on all the SSL pages - but it's still returning an 'invalid data input' error.  Any idea as to what could be causing the problem?  Vger Quote Link to comment Share on other sites More sharing options...
ribs Posted March 10, 2005 Share Posted March 10, 2005 Vger,  Without seeing the problem it's difficult to diagnose what could be wrong. I've checked your site and you've disabled the HSBC payment method. If you can take a copy of the source from the checkout_confimation page after selecting HSBC, email it across to me and I'll take a look.  Regards  Neil Westlake DJBox.co.uk Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 10, 2005 Share Posted March 10, 2005 Hi Neil, Thanks for that offer. We've already checked the source against a former checkout_confirmation.php page that we had kept for reference and they are identical. The problem is not there. However, I shall e-mail it to you, in case you can see something that we can't! HSBC isn't even giving a 'Hacking attempt!' error, just bouncing us straight back to the site with the 'Invalid input data' error.  We have removed the javascript drop down that we thought was the cause of the problem - because in ssl mode it used a blank.html page as a buffer, and this was causing a 'mixed content' error. We resolved that easily enough, but decided to remove the drop down anyway.  I have done file comparisons all day between the old site files and the new site files (all of the relevant ones anyway) and it keeps coming back 'files identical'. I'm now beginning to wonder if it is to do with the CCGV Contribution. It was installed on the old site but not activated until now.  It's either that or something really silly and otherwise minor that is throwing HSBC off. As you know - it doesn't take much to do that!  Many Thanks - Vger Quote Link to comment Share on other sites More sharing options...
greg_t Posted March 10, 2005 Share Posted March 10, 2005 Hi  I am down to my last few strands of hair now!! All working apart from the order numbers being different. i.e. HSBC number is different from the one sent via e-mail - or is this normal? So many changes - I am getting confused as to which ones may be relevant for what seems like the final piece. Can anyone help please - my eyes are burning from reading through this thread so many times. Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 11, 2005 Share Posted March 11, 2005 Depends what you mean by 'numbers' sent by HSBC. If this is an order number they generate then 'yes' it will probably be different to your own, because your orders will include any test orders you've run through, including Payment By Cheque orders.  Consider yourself lucky if that is your only problem with HSBC tonight!  Vger Quote Link to comment Share on other sites More sharing options...
greg_t Posted March 11, 2005 Share Posted March 11, 2005 Thank you for the reply & apologies for any confusion. Point taken - believe me this is not the only problem I have had with this module, as lots of others including yourself can verify. Not being that clued up with programming / scripting - I am probably expecting miracles here but is there any way that the HSBC Order ID can be used as the shop 'order_id' - or does that have to be a manual tie-up process? Â eg HSBC Order ID - 86468114121 (Generated in hsbc.php?) My order_id=681948577 (The one sent in e-mail to the customer & shop)(Generated on return to CHECKOUT_PROCESS?) Â Not being a programmer - please excuse my lack of knowledge and feel free to correct my misunderstandings of how the process works. Quote Link to comment Share on other sites More sharing options...
richandzhaoyan Posted March 11, 2005 Share Posted March 11, 2005 Greg, Â Cant think of the answer right now as its late and its been a long time since I installed this but YES, your order numbers should tie up. Â Something is not quite right. If you havent sussed it by tomorrow and nobody else comes up with the answer I will delve back through my workings. Â If your going to be handling alot of orders this is something that needs to be right, trust me! Â G'night, Rich Quote Only Dead Fish Go With The Flow...... Link to comment Share on other sites More sharing options...
greg_t Posted March 11, 2005 Share Posted March 11, 2005 Thanks. As long as it's not just me then. Â To re-iterate the thoughts of others - huge thanks to ALL who have contributed to this thread. Quote Link to comment Share on other sites More sharing options...
greg_t Posted March 11, 2005 Share Posted March 11, 2005 Hi Richard  Apologies - hovered over the add reply button for too long & sent the reply before I had completed it. Another excuse for tearing more hair out! Thanks for the reply - your help is really appreciated. I am getting really frustrated now as I feel I am so close but not quite there just yet.  Happy days!  Greg Quote Link to comment Share on other sites More sharing options...
ribs Posted March 11, 2005 Share Posted March 11, 2005 (edited) Greg,  To solve your order number problem you can do the following:  in hsbc.php:  find:     //Generation of the order_id     srand ((float) microtime() * 10000000);    $r1 = rand(100,999);    $t1 = date("yz-his");    $sequence = $t1.$r1;  and replace it with:     //Generation of the order_id   while (get_order_id() > 0);  $sequence = $GLOBALS['rndnum'];  in checkout_process.php replace the original order generation code with:  // Generate Random Order ID if not already set  if(!$_POST['OrderId'])  {  while (get_order_id() > 0);  $insert_id = $rndnum; }  else { $insert_id = $_POST['OrderId']; }  and in functions/general.php add this to the bottom:  // Get a unique random number for the order id function get_order_id()  {  global $rndnum;  $rndnum = rand(0,10000);  $query = "SELECT * FROM `orders` WHERE orders_id = ".$rndnum;  $results = tep_db_query($query);  return tep_db_num_rows($results);  }  finally run the following with phpMyadmin or similar:  ALTER TABLE `orders` CHANGE `orders_id` `orders_id` INT(10)  UNSIGNED NOT NULL  Let me know how you get on or if you have any problems.  Regards  Neil Westlake DJBox.co.uk Edited March 11, 2005 by ribs Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.