Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

How do I create the hash with the new mode?

 

If you are using the oscommerce MOD and you've changed the mode to P in the Admin section you won't need to check this. A lot of people not using the oscommerce MOD also use this thread as there isn't anywhere else that supports the HSBC ePayments system.

Link to comment
Share on other sites

You say you have changed it from Test to Production mode - but it's not enough to do this with the contribution you also have to Telephone/Fax HSBC e-Secure and get them to change it over at their end of things. It then takes up to 24 hrs for this to be done. Did you contact them?

 

Vger

Link to comment
Share on other sites

You say you have changed it from Test to Production mode - but it's not enough to do this with the contribution you also have to Telephone/Fax HSBC e-Secure and get them to change it over at their end of things.  It then takes up to 24 hrs for this to be done.  Did you contact them?

 

Vger

 

Hi vger

Yes, the client contacted them on Monday so i'm guessing (without checking of course) that it has been done. Im hoping it hasn't yet, and that there really is no problem. ! I'll speak to the client again tommorow.

 

Cheers

F5

Link to comment
Share on other sites

Hi Guys,

 

I'm having the old "Storefront configured incorrectly" problem. Cant seem to find a solution...

 

Any ideas?! I also dont have any of the files that need to go into the cgi-bin.

 

Thanks in advance.

 

Andy

Link to comment
Share on other sites

The files that need to go into the cgi-bin are contained on the HSBC CD Rom. Open it in Windows Explorer and you'll be able to navigate to them. If you just launch it as an interactive CD Rom you'll never find them.

 

Vger

Link to comment
Share on other sites

The files that need to go into the cgi-bin are contained on the HSBC CD Rom.  Open it in Windows Explorer and you'll be able to navigate to them.  If you just launch it as an interactive CD Rom you'll never find them.

 

Vger

 

 

Thats brilliant. I will have a look at that.

 

Thanks!

Link to comment
Share on other sites

Hi

 

Trying to install the module by Kostuk Nikolas do you need to change anything?

 

EG

 

Line 824:

 

function SecCrypto()

{

$s = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXX";

$s1 = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

$s2 = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

$this->a =chr(98).chr(84).chr(120).chr(114).chr(66).chr(87) .chr(80).chr(112);

$this->_fldif = $this->initKey($s, $s1, $s2);

$this->_fldif=substr($this->_fldif,0,44);

}

 

Do I need to change the XXXXXXX from the included ones or anything else as it doesn't appear to work code 10 returned?

Link to comment
Share on other sites

Barry,

 

I'm not sure why you've X'd out all the values, but what was there was correct eg:

 

    function SecCrypto()
   {
       $s = "KmJTwzVPwjoxQdWJb1BxbuhBSa2RuM05+/aUdgYoGdFWWf04CKIQTxtxLeKCp+5J";
       $s1 = "y8YhmjsAoMUW9RxfXBSos0A6LwGd+5pXv/MRAKCYFLG";
       $s2 = "BqRkPAG8DFFAdeN5SMAArktCYuUGXi2q88EDoOs3Ykw0k";
 $this->a =chr(98).chr(84).chr(120).chr(114).chr(66).chr(87).chr(80).chr(112);
       $this->_fldif = $this->initKey($s, $s1, $s2);
 $this->_fldif=substr($this->_fldif,0,44);
   }

 

If your getting a error 10 from HSBC then there is something wrong with the data you are sending. You should check the form fields on the checkout_confirmation.php page to see if the orderhash value is set.

 

Neil Westlake

DJBox.co.uk

Link to comment
Share on other sites

Hi thanks for that.

 

I was wondering if you had to replace them with your hash code or not.

 

This is the form on the checkout_confirmation.php page...

 

<form name="checkout_confirmation" action="https://www.cpi.hsbc.com/servlet" method="post">

<input type="hidden" name="CpiDirectResultUrl" value="https://www.themusicroom-online.co.uk/checkout_payment.php">

<input type="hidden" name="CpiReturnUrl" value="https://www.themusicroom-online.co.uk/checkout_process.php">

<input type="hidden" name="Mode" value="T">

<input type="hidden" name="OrderDesc" value="Item Description">

<input type="hidden" name="OrderId" value="2-20050523051208">

<input type="hidden" name="PurchaseAmount" value="3999">

<input type="hidden" name="PurchaseCurrency" value="826">

<input type="hidden" name="StorefrontId" value="UKXXXXXXGBP">

<input type="hidden" name="TimeStamp" value="1116861128000">

<input type="hidden" name="TransactionType" value="Auth">

<input type="hidden" name="UserId" value="2">

<input type="hidden" name="BillingAddress1" value="BillingAddress1">

<input type="hidden" name="BillingCity" value="Bradford">

<input type="hidden" name="BillingCountry" value="826">

<input type="hidden" name="BillingCounty" value="West">

<input type="hidden" name="BillingFirstName" value="Barry">

<input type="hidden" name="BillingLastName" value="Gambles">

<input type="hidden" name="BillingPostal" value="BD13 1js">

<input type="hidden" name="ShopperEmail" value="bgambles@XXXXXXXX">

<input type="hidden" name="ShippingAddress1" value="ShippingAddress1">

<input type="hidden" name="ShippingCity" value="Bradford">

<input type="hidden" name="ShippingCountry" value="826">

<input type="hidden" name="ShippingFirstName" value="Barry">

<input type="hidden" name="ShippingLastName" value="Gambles">

<input type="hidden" name="ShippingPostal" value="BD13 1js">

<input type="hidden" name="OrderHash" value="t8i5IdRsR9pIDcwkpIKX18xNEuA=">

<input type="image" src="includes/languages/english/images/buttons/button_confirm_order.gif" border="0" alt="Confirm Order" title=" Confirm Order "></form>

Link to comment
Share on other sites

My goodness, going through 22 pages in this thread was fun!!

 

The only problem I have is that every time someone got near giving an answer to my problem, the subject seemed to change.

 

I am having the old "Hacking attempt" issue. I seem to have an Order Hash but no Hash. I have installed the latest HSBC Payment module (2.0) and I have an SSL cert. The files in HSBC's CD-ROM have been installed in the cgi-bin directory and the path points to them. I am not running PHP in safe mode.

 

I have seen people write that "Everything works like a dream". HOW???

 

Any thoughts would be greatly appreciated

 

Nick

Link to comment
Share on other sites

Do you have 'Force Cookie Use' set to true in Configuration --> Sessions in your osCommerce admin panel? If so, set it to false. For HSBC e-Secure to work you must pass them a session id generated by your site. If you do not then they (HSBC) will generate a session id which gets passed back to your site, is not recognised by your site (because it did not generate it), and that results in errors.

 

Vger

My goodness, going through 22 pages in this thread was fun!!

 

The only problem I have is that every time someone got near giving an answer to my problem, the subject seemed to change.

 

I am having the old "Hacking attempt" issue. I seem to have an Order Hash but no Hash. I have installed the latest HSBC Payment module (2.0) and I have an SSL cert. The files in HSBC's CD-ROM have been installed in the cgi-bin directory and the path points to them. I am not running PHP in safe mode.

 

I have seen people write that "Everything works like a dream". HOW???

 

Any thoughts would be greatly appreciated

 

Nick

Link to comment
Share on other sites

Once you've arrived on the checkout_confirmation page use View Source and look at the code in that page. You should see what is being passed to HSBC, along with a session id.

 

Recently we installed a javascript drop down menu on one site and that broke the insertion of the session id into the code being sent to HSBC.

 

Vger

Edited by Vger
Link to comment
Share on other sites

Thanks again Vger,

 

The form contains

 

<form name="checkout_confirmation" action="https://www.cpi.hsbc.com/servlet" method="post" onsubmit="return check_agree(this);">

<input type="hidden" name="osCsid" value="2ec9a29422cfa5e59c695ce47fa61bd2" />

<input type="hidden" name="CpiDirectResultUrl" value="https://alle.co.uk/checkout_process.php">

<input type="hidden" name="CpiReturnUrl" value="https://alle.co.uk/hsbc_return.php">

<input type="hidden" name="OrderDesc" value="alle order">

<input type="hidden" name="OrderId" value="Order 05143-014640">

<input type="hidden" name="PurchaseAmount" value="13523">

<input type="hidden" name="PurchaseCurrency" value="826">

<input type="hidden" name="StorefrontId" value="UKxxxxxxGBP">

<input type="hidden" name="TimeStamp" value="1116938800000">

<input type="hidden" name="TransactionType" value="Auth">

<input type="hidden" name="MerchantData" value="2ec9a29422cfa5e59c695ce47fa61bd2">

<input type="hidden" name="BillingAddress1" value="8 Evelyn Drive">

<input type="hidden" name="BillingCity" value="Pinner">

<input type="hidden" name="BillingCountry" value="826">

<input type="hidden" name="BillingCounty">

<input type="hidden" name="BillingFirstName" value="Nick">

<input type="hidden" name="BillingLastName" value="Paradiso">

<input type="hidden" name="BillingPostal" value="HA5 4RX">

<input type="hidden" name="ShopperEmail" value="[email protected]">

<input type="hidden" name="ShippingAddress1" value="8 Evelyn Drive">

<input type="hidden" name="ShippingCity" value="Pinner">

<input type="hidden" name="ShippingCountry" value="826">

<input type="hidden" name="ShippingCounty">

<input type="hidden" name="ShippingFirstName" value="Nick">

<input type="hidden" name="ShippingLastName" value="Paradiso">

<input type="hidden" name="ShippingPostal" value="HA5 4RX">

<input type="hidden" name="Mode" value="T">

<input type="hidden" name="OrderHash">

 

Nick

Link to comment
Share on other sites

OK, I give up!!

 

Can anyone suggest a developer who could install the HSBC module for me?

 

Nick

 

Yes, ribs is an excellent guy. His real name is Neil Westlake.

 

Drop me a line if you want his email address. He installed it for me in seconds!

 

Regards,

 

Peter

Link to comment
Share on other sites

  • 2 weeks later...

Hi guys,

 

having looked over my checkout_confirmation.php page, I notice I haven't generated a HASH either.

 

I don't have an SSL certificate, and looking over the previous posts, I presume I need one?

 

Any other help would be brilliant, as I cant HASH and I know I need that!

 

Thanks

Link to comment
Share on other sites

Andrew,

 

As Vger said you do need a SSL server to use HSBC, but you sould still be able to generate a HASH key without one.

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...