Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

Hi guys i've just installed the HSBC payment module on my store and setup the relevent details eg. UID Hash Key etc.

 

When I try and pay for something using the payment module I just end up with a blank page created by the hsbc_return.php  :(

 

I just wondered if any one has had this problem, maybe im doing something stupid as per usual  :blush:

 

Many thanks in advance

 

Phil

 

 

Save yourself a lot of time and hassle, ask neil westlake to install it for you. He is very good value and once he does his thing it all works and you wonder why you didnt ask him a week ago.

Link to comment
Share on other sites

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

I've got over the blank page for some reason the hsbc.php file had the #?php line twice at the top, so I deleted the first line and now it works.. :thumbsup:

 

BUT.... lol I keep getting the red banner error which says:

 

The transaction failed because the Storefront was configured incorrectly.

 

I've checked my log files ssl_error,access etc. and I cannot see any errors :(

 

Im stuck like a peice of chewing gum on the bottom of an old shoe! :blink:

 

Regards

 

Phil

Link to comment
Share on other sites

Phil,

 

The problem you've got now is caused either because the order hash hasn't been generated correctly or the timestamp is incorrect.

 

Your going to need a lot of patience as your only just seeing some of the problems you are likely to encounter.

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

Ok so i've now got to the stage where by my Hash key is not hitting the HSBC's server? (at least thats what the HSBC rep told me on the phone)

 

1) I've copied the lib files over from the hsbc cd (although I must say im not %100 sure i've transfered all the files into the wright places there were about 5 files all in all ;) )

2) I've copied the libCs file into /usr/libs/

3) I've changed the time stamp to $time=$time."000";

4) I've installed php-mcrypt-4.3.11-2.5.1.i386.rpm

5) I've installed php-mhash-4.3.11-2.5.1.i386.rpm

 

 

Whats next? :D

 

Has anyone created a walkthrough for this module?

 

Many thanks

 

Phil

 

PS. Im getting there :thumbsup:

Link to comment
Share on other sites

Right, haven't posted for a while so heres a summary of what i have learnt installing this module.

 

*RANT

HSBC CPI is the biggest load of rubbish. There is little help from the integration guide and the 'technical support' is really just an outsourcing to an Indian call centre. Try calling them...the phrases 'I don't know' & 'we haven't seen anything like that before' seem to come up fairly frequently. *RANT OVER

 

This took me about a day to implement and test...I'm lucky enough to be able to know whats going on in OsCommerce...If you don't, don't waste weeks (and you will with this little s***) ask one of these guys i'm sure they will sort you out quickly and you'll be much happier :)

 

----------

What I did learn from my installation..

 

 

Note: Red Hat Enterprise Linux, Apache, dedicated SSL, PHP safe mode off, is my sys.

 

Note2: You really need to know what your doing with command lines, phpmyadmin, looking at db data, editing etc to deal with getting this module tested and working.

 

1. Use the module from Joses site, you xcan find the address somewhere in this thread (think around page 5). This is a good basis, DO NOT download and attempt to use the contribution found on the osc site or install MCRYPT etc! Follow the instructions (remember to change the $path in HSBC.PHP to the path to your cgi-bin). Your StoreID is the merchant account number (letters in uppercase UKxxxxxxxxGBP - keep the letters dont just use the numbers). Also change hsbc.php $time as described in this forum.

 

1(B). Make sure you have the integration kit from HSBC, you need the TestHash.e and LibCcTools.so!! Email [email protected] - technical support..you won't find this email address many places! :)

 

2. TestHash.e should go in the CGI-BIN, LibCcTools.so goes in /usr/lib. Make sure you CHMOD 755 both files to make them executable. Run TestHash.e with no arguments (./TestHash.e) if you get the usage output then TestHash.e is working and finding LibCcTools.so... So far so good.

 

2. You need to make sure a HASH is generated. Edit the HSBC.php file and echo $ret. If you are on the checkout confirmation page you should see a hash string next to the confirm button. If not go back and echo $cmd to see the command being sent to TestHash.e. Use the command line to see if TestHash.e returns a HASH. If it returns error generating HASH then check the shared secret key. You can also test the key is working by typing ./TestHash.e YOURKEY "Hello". You should get a hash returned if you have a valid key. Especially check the difference between 0 & O as in my case these were given to me wrong!! Apparently HSBC give O(letter) a dot in the middle when they give you the key to differentiate.

 

3. Once you have a hash try confirming the order, this should take you to the HSBC payment pages. Two things here 1. If you get kicked back to a blank page hsbc_return.php you are better off than i was. open this file and remove one of the duplicate <?php tags at the top. This will fix this. 2.If you just get a cpi.hsbc.com/servlet blank page then the POST data is wrong. Go to the checkout confirmation page and view the source to see the form and loads of hidden fields which make up the POST. I had a nonsense first field (still don't know why) but instead of using the tep_form function I hardcoded into this page instead of the line which crfeates the form

<form action="https://www.cpi.hsbc.com/servlet" method="post" name="xxx">

Check all the fields needed are there and also that the Orderhash field has a value (your generated Hash!)

 

NOTE: Unless the post data is correct and accepted by HSBCs server you will only see a blank page. NOT AN ERROR SAYING YOUR POST WAS INCORRECT..WOW THESE GUYS ARE HELPFUL. W*****s

 

4. If all is correct you will (at last) see the HSBC payment pages. Be able to enter card details and accept the order. If you have used the Jose mod to start with the hsbc_return page maybe wrong after the if(cpiresultcode=0) change SUCCESS to PROCESS and after 'SSL' add ,'true'.

 

5. I found although the cart was updated and the order recorded in the database (i can see in phpmyadmin). It would not show in the customers account or in the backend... REASON: simple.. order_status is set to 4. In my order_status table there are only three records. Check first an order is written into the orders table. If it is check the order_status and the order_status table. If the number corrseponds to a record id which does not exist then edit hsbc_return.php. Near the bottom is something like $orders->update_status and the no. 4, change this to the status required. Future orders should be shown on the customers account and backend.

 

6. Last thing is making the order number tie up on the email to the customer (i noticed earlier mine has the HSBC one even tho the db has the osc order number). This means the link to the order history is wrong. This should be a simple enough fix i'll add details later.

 

 

Hope this helps i know this gateway is rubbish.. use PROTX by far the best for UK sites and good Osc support now.

Link to comment
Share on other sites

The gateway is the same as used by Barclays' ePDQ, and before slagging off HSBC eSecure you should see what Barclays does with the software - eSecure is streets ahead. You can't even use ssl with Barclays because it relies on http headers being sent.

 

As for support from HSBC - yes, if you phone their general 'Support' phone number you'll get the call centre staf who know nothing. However, if you phone the 0845 number for the CPI Dept. during normal office hours you'll get very knowledgeable staff who are willing (and able) to help.

 

As for Protx - well their servers were down for the best part of a week not so long ago, because they had no defence system in place against a DDOS attack. If you have sites that can afford not to be able to accept payments for days at a time then go for them!

 

Vger

Link to comment
Share on other sites

Is that really true? I guess you were lucky/i was unlucky. Probably POETs day.

 

I can't believe the HSBC don't tell you their gateway address in the integration guide. You really shouldn't have to search forums etc...

 

In regard to protx we have ~20 sites usuing it, none have ever had a problem, it also looks far more professional to take payment on your site without redirecting, but i know no everybody has a dedicated server to make all this stuff easy! I admit the setup process now appears to be more prone to errors their end (ever been told you have a "lazy" account?!) and you have to wait up to a day for them to switch you on, at least the HSBC will do it over the phone there and then. :)

Link to comment
Share on other sites

  • 2 weeks later...

Addition to above:

 

Everybody SHOULD slag off barclays & HSBC gateways. Total rubbish. UK users USE PROTX they are a much better deal. This guy must be affliated (or blind..)

 

ps. You guys could have posted the info here i gave a long time ago..S**t did lose a couple of quid this week? :lol:

 

hehheh heh

 

 

Is that really true? I guess you were lucky/i was unlucky. Probably POETs day.

 

I can't believe the HSBC don't tell you their gateway address in the integration guide. You really shouldn't have to search forums etc...

 

In regard to protx we have ~20 sites usuing it, none have ever had a problem, it also looks far more professional to take payment on your site without redirecting, but i know no everybody has a dedicated server to make all this stuff easy! I admit the setup process now appears to be more prone to errors their end (ever been told you have a "lazy" account?!) and you have to wait up to a day for them to switch you on, at least the HSBC will do it over the phone there and then. :)

Link to comment
Share on other sites

Hi everyone

 

We've been using HSBC payment service for almost a year now.

Not with the now public hsbc module, ive rolled my own integration

back then.

Now we want to move our shop to another server.

It used to run on a dedicated one, put now its a shared hosting thingie.

So i'm not allowed to put libCcCpiTools.so into the servers lib folder.

Ok, so im trying to do this:

 

$new = "/usr/home/(accountname)/lib/libCcCpiTools.so"; // extra path

if ($old) { $new .= ";$old"; } // append old path if it existed

putenv("LD_LIBRARY_PATH=$new"); // set new

 

and then

dl (php_hsbccpi.so);

 

i have php_hsbccpi.so in the same (ssl) folder as the rest of the stuff.

now the problem is , dl doesnt work cause php_hsbccpi.so cant find libCcCpiTools.so:

 

Unable to load dynamic library './php_hsbccpi.so' - Shared object

"libCcCpiTools.so" not found in ...

 

(the libCcCpiTools.so file *is* in that via putenv specified folder).

if i do a

print getenv ("LD_LIBRARY_PATH");

(after setting my new path) i get the expected result, ie the dir i

specified, so putenv seems to 'work' ...

but, it is empty before i set it to anything..(?)

 

I'm getting desperate :o :o

Can someone think of what im doing wrong ? any ideas what i could try?

Thanks so much for any help / pointers..

Cheers

-Andreas

Link to comment
Share on other sites

HSBC e-Secure needs the use of SSL to operate. I've seen some people post that it works with shared SSL, but I've only ever used it with a full SSL cert so can't verify that it works with shared SSL.

 

The libCcCpiTools.so file can be put in the cgi-bin and called from there.

 

Vger

Link to comment
Share on other sites

HSBC e-Secure needs the use of SSL to operate.  I've seen some people post that it works with shared SSL, but I've only ever used it with a full SSL cert so can't verify that it works with shared SSL.

 

The libCcCpiTools.so file can be put in the cgi-bin and called from there.

 

Vger

 

 

Hi Vger

 

I'm running it on Discom.co.uk with a shared certificate on united hosting. Haven't had any issues (yet!?)

F5

Link to comment
Share on other sites

Hello all,

 

I am thinking of setting up my shop to use the HSBC ePayments module in addition to my current payment gateway. I've a couple of questions I'm hoping somene may be able to help me with.

 

I sell emailable products. Currently if a customer completes their order in the payment window a confirmation notification is received by my site from the payment gateway. If its a successful confirmation the order status is updated automatically to show a successful order has been made and the product is sent out via email. Does the HSBC module operate in the same way?

 

I have received the Secure ePayments literature and understand that I can either use the HSBC CPI or the Protex software. Do they both do the same job and can I use either of them within my scenario?

 

Which is the better piece of software?

 

Please advise,

 

Cheers,

 

Nagsy

Link to comment
Share on other sites

Nagsy,

 

The HSBC payment is perfect for your type of business, after the customer checks out and enters there details on the HSBC site they are returned to your site with a confirmation.

 

Only successful orders are let through and you could set this to automate your email delivery.

 

Neil Westlake

Link to comment
Share on other sites

Nagsy,

 

The HSBC payment is perfect for your type of business, after the customer checks out and enters there details on the HSBC site they are returned to your site with a confirmation.

 

Only successful orders are let through and you could set this to automate your email delivery.

 

Neil Westlake

 

Great, Thanks Neil.

 

So I guess its the same regardless of whether I use the CPI or Protex software - both will return to my site with the confirmation.

 

I'm not sure why somebody would want to get a merchant account with HSBC and then use the Protx software because this would be more costly - you'd be paying HSBC for the merchant account and Protx for their services.

 

Why not just use HSBC for the merchant account and use their CPI all for one princely sum?

 

Can someone please advise of the pros and cons for each method of using HSBC - CPI or Protx?

 

Cheers,

 

Nagsy

Link to comment
Share on other sites

I'm not sure why somebody would want to get a merchant account with HSBC and then use the Protx software because this would be more costly - you'd be paying HSBC for the merchant account and Protx for their services.

 

Why not just use HSBC for the merchant account and use their CPI all for one princely sum?

 

Can someone please advise of the pros and cons for each method of using HSBC - CPI or Protx?

 

I think the main reason why people use protx is because of the one off ?20 per month that they charge you instead of charging per transaction. HSBC will charge you a percentage of the sale which is agreed between you and them when you sign the contract.

 

Mark

Lifes a bitch, then you marry one, then you die!

Link to comment
Share on other sites

Great, Thanks Neil.

 

So I guess its the same regardless of whether I use the CPI or Protex software - both will return to my site with the confirmation.

 

I'm not sure why somebody would want to get a merchant account with HSBC and then use the Protx software because this would be more costly - you'd be paying HSBC for the merchant account and Protx for their services.

 

Why not just use HSBC for the merchant account and use their CPI all for one princely sum?

 

Can someone please advise of the pros and cons for each method of using HSBC - CPI or Protx?

 

Cheers,

 

Nagsy

 

 

Hi,

 

I use HSBC payment gateway and I like it because:

 

It's cheap. I pay 2.9% per transaction but that will reduce the more I sell.

You don't have the security risk of storing your customers c/c details.

It's run by HSBC and they are BIG, thus more resources to resolve hack attempts etc.

You get your money in 3 days.

They are your merchant and card processor so no middle man.

 

 

I have a friend that used protx as their gateway, he was always telling me that he couldnt take orders because the gateway was down. In the end he stopped using them.

 

I have had no such reports from the HSBC side.

 

All in all I like it.

 

Hope this helps.

 

Sean

Link to comment
Share on other sites

he was always telling me that he couldnt take orders because the gateway was down

 

Yes, Protx have been a favourite target for DDOS attacks against their servers. On one occasion they were down for around 3 days. There's little you can do about a DDOS attack, as the IP addresses the packets are coming from are constantly switching. All you can do is to have a hardware firewall card installed on each server and on the gateway to the servers and then have sufficient redundancy to be able to handle the heavy load. The only other alternative is to shut the servers down until the attack moves on.

 

I guess this is where HSBC has reserves in strength.

 

Vger

Link to comment
Share on other sites

I think the main reason why people use protx is because of the one off ?20 per month that they charge you instead of charging per transaction. HSBC will charge you a percentage of the sale which is agreed between you and them when you sign the contract.

 

Mark

Hi Mark,

 

If you are using Protx, then theres the ?20 charge. But don't you also have to pay the acquiring bank for the merchant account - doesn't this just mean your paying twice.

 

Or is it cheaper to get the merchant account elsewhere?

If I use Protx, HSBC have quoted me ?150 setup, 2.5% for CC, and 28p for UK Visa debits just for the merchant account (+ ?20 per month submission fee)

- and then on top of that I'd have to pay Protx ?20 per month as well.

 

It appears that the HSBC CPI option (merchant + processing software) is best.

 

What about Chargebacks with HSBC. I just spoke to one of their guys and I was quite surprised when he said they will guarantee chargebacks if the transcation was fraudulent and HSBC sent a success confirmation to go ahead with the sale. Can this be true? No one else appears to guarantee emailable/downloadable transactions where there is no physical product and no postal delivery address.

 

Nagsy

Link to comment
Share on other sites

Hi after about 3 Weeks i've got the module to take payment and return me back to the site but im still having problems because its not updating any records e.g. shoping cart content etc.

 

I notice the change to the return_hsbc file and have changed it as follows:

 

if ($CpiResultsCode=='0')

{

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL',true));

 

}

 

Does this look correct?

 

Many thanks in advance

 

Phil :thumbsup:

Link to comment
Share on other sites

Hi after about 3 Weeks i've got the module to take payment and return me back to the site but im still having problems because its not updating any records e.g. shoping cart content etc.

 

I notice the change to the return_hsbc file and have changed it as follows:

 

    if ($CpiResultsCode=='0')

      {

   

      tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL',true));

 

      }

 

Does this look correct?

 

Many thanks in advance

 

Phil  :thumbsup:

 

 

Three weeks!!!!!

 

Get one of the guys here to do it for you, you'll be glad you didn't waste any more time.

 

Ribs did mine on a loaded version of OSC and it worked immediately, its been hunky dory ever since.

Link to comment
Share on other sites

Im nearly there just this last hurdle to jump so if any one out there could tell me if this code is correct i'd really appreciate it. If its not could some one post up the correct code for this part.

 

hsbc_return.php

 

if ($CpiResultsCode=='0')

{

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, 'SSL',true));

 

}

 

 

Many Thanks Phil

Link to comment
Share on other sites

Im nearly there just this last hurdle to jump so if any one out there could tell me if this code is correct i'd really appreciate it.  If its not could some one post up the correct code for this part.

 

hsbc_return.php

 

    if ($CpiResultsCode=='0')

      {

   

      tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, 'SSL',true));

 

      }

Many Thanks Phil

 

 

this is what i have....

 

if ($CpiResultsCode=='0')

{

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));

}

 

looks the same to me!

Link to comment
Share on other sites

Lol i've read through these threads about 50 times now there are a lot of references to making changes to files with lines that do not seem to match up.

 

Would it be possible for some to post a step by step walk through using the original module which OS Commerce lets you download from the OS Commerce website.

 

If some one could guide me through it I would be willing to pay.

 

Many Thanks

 

Phil

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...