Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Ok there are a couple of the things to know, i've managed to get the OS Commerce Payment Module to work by this I mean the Module which you download from the website. Here's how I did it:

 

1) Up load the CGI Script from the HSBC CD remeber where you have uploaded them becuase you need to modify a file with the location, and by location I mean the full path of the CGI-BIN directory from root e.g.

"/var/www/html/cgi-bin" or what your will be also make sure they are permissions are set to execuable.

 

These are the files:

(TestHash.e libCcCpiTools.so CcResults.e CcOrderHash.e )

 

copy the libCcCpiTools.so file to the /usr/lib/ directory

 

2) Down load the Payment module from the OS website and install it, when you fill in the client details check, check again, check again and then when your happy check it again becuase its so easy to enter the wrong hash key, and as someone metioned earlier in the form the modules is not written with error checking as one of its prioritys. (ps if you untar the file from the catalog directory it should place all the files in the right location

 

3) Edit the hsbc_return.php

 

---- Remove the first <?php line (doh!)

---- Replace line 43 with:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

 

This line is the most frustrating one because as far as I can see there is no where in the form which meantions to put .'?osCsid='.$GLOBALS["MerchantData"]); on the end of this line when you edit it!!!!

 

4) Edit the checkout_process.php

 

----- add a double foward slash to rem out that line 50

 

// load the before_process function from the payment modules

// $payment_modules->before_process();

 

5) Depending upon which OS you use in the /usr/lib directory you may need to make a symbolic link to a lib file

 

----- libstdc++-libc6.2-2.so.3 you have to link to libstdc++.so.6.0.3

i think its this files but its a while since I did it so the best thing

to do is check the http_error logs it tells you which file it cannot

find

 

6) Edit the /includes/modules/payment/hsbc.php module

 

You need to specify where to find the CGI-BIN directory on line 88

 

$path='/var/www/html/cgi-bin';

 

Out of the box that worked for me if all of your hash key software is working you should have a clear http logs if not check there for missing files etc. with regard to billing addresses etc your billing and all other addresses have to match up with the card holders address and details otherwise you will get a fraudsheild error :thumbsup:

Link to comment
Share on other sites

Phil,

 

It's good to see that people take the time to share the finds with others but the information you have given is flawed in several ways:

 

1) Up load the CGI Script from the HSBC CD remeber where you have uploaded them becuase you need to modify a file with the location, and by location I mean the full path of the CGI-BIN directory from root e.g.

"/var/www/html/cgi-bin" or what your will be also make sure they are permissions are set to execuable.

 

These are the files:

(TestHash.e libCcCpiTools.so CcResults.e CcOrderHash.e )

 

The files are not cgi scripts, they are in fact Linux executables, just placing them in the CGI-BIN will not make them work automatically you need to use the PHP function exec() to actually execute them on the server. And you only need Testhash.e and libCcCpiTools.so. These can in fact be uploaded anywhere, I normally place them in the modules/payment folder to keep things simple.

 

copy the libCcCpiTools.so file to the /usr/lib/ directory

 

Everyone I have installed the module for have been on a shared server, this means that they are not permitted to place files within the /usr/lib directory.

 

// load the before_process function from the payment modules

// $payment_modules->before_process();

 

You should never comment out the before_process() call in checkout_process.php, if you do then your order will not be entered on your store until the customer returns to your site from HSBC, if they don't return after making payment then you have a payment but no order.

 

So to anyone reading Phils post, I wouldn't follow his instructions.

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

Phil,

 

It's good to see that people take the time to share the finds with others but the information you have given is flawed in several ways:

The files are not cgi scripts, they are in fact Linux executables, just placing them in the CGI-BIN will not make them work automatically you need to use the PHP function exec() to actually execute them on the server. And you only need Testhash.e and libCcCpiTools.so. These can in fact be uploaded anywhere, I normally place them in the modules/payment folder to keep things simple.

Everyone I have installed the module for have been on a shared server, this means that they are not permitted to place files within the /usr/lib directory.

You should never comment out the before_process() call in checkout_process.php, if you do then your order will not be entered on your store until the customer returns to your site from HSBC, if they don't return after making payment then you have a payment but no order.

 

So to anyone reading Phils post, I wouldn't follow his instructions.

 

Regards

 

Neil Westlake

 

 

Hi,

 

I've read most of the forum for the HSBC module and now I'm a little confused.

 

1st I looked up the prob where the checkout_process.changes refered to the wrong lines and changed this.

 

2nd my orders do not appear,

 

I made the change to hsbc_return.php FILENAME_CHECKOUT_PROCESS and added true at the end of ssl.

 

 

still no orders, should I start again using the download at the non osc site or am I missing something trivial?

 

 

I will be happy to share my experiences when I get things working with any other newcomers.

 

Also thanks to for the contribution, although I am not quite there yet it looks very good so far.

 

Thanks in advance,

 

Martin.

Link to comment
Share on other sites

ok, as I have had no reply to my last post can anyone verify this,

 

1. I'm going to download Jose's module(latest version available) from

 

http://oscommerce.qadram.com/modules.php?n...wdownload&cid=4

 

2. I already have the TestHash.e and lib working in my cgi bin and a valid hash so that can stay as is.

 

3, apply change

 

if (!empty($_POST['MerchantData'])) $_GET['osCsid']=$_POST['MerchantData'];

include('includes/application_top.php');

 

to checkout_process.php in main catalog area, as per Jose instuctions

 

4. apply change to hsbc_return.php

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'))

 

modify to

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',true))

 

what does this do?

 

5. modify hsbc.php to use my cgi bin for TestHash.e

 

6. add $order->info['order_status']=3; to my hsbc.php

 

as I don't have a status of 4

 

7. my time is GMT so no changes to time needed.

 

8. anything I've missed?

Link to comment
Share on other sites

ok, as I have had no reply to my last post can anyone verify this,

 

1. I'm going to download Jose's module(latest version available) from

 

http://oscommerce.qadram.com/modules.php?n...wdownload&cid=4

 

2. I already have the TestHash.e and lib working in my cgi bin and a valid hash so that can stay as is.

 

3, apply change

 

if (!empty($_POST['MerchantData']))  $_GET['osCsid']=$_POST['MerchantData'];

include('includes/application_top.php');

 

to checkout_process.php in main catalog area, as per Jose instuctions

 

4. apply change to hsbc_return.php

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'))

 

modify to

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',true))

 

what does this do?

 

5. modify hsbc.php to use my cgi bin for TestHash.e

 

6. add $order->info['order_status']=3; to my hsbc.php

 

as I don't have a status of 4

 

7. my time is GMT so no changes to time needed.

 

8. anything I've missed?

 

 

 

It worked !!!!!!

 

 

Big smiles :-)))))

 

 

Thanks to Jose and others who put notes up.

 

 

btw

 

FILENAME_CHECKOUT_SUCCESS

FILENAME_CHECKOUT_PROCESS seem to have the same effect, I've stuck with SUCCESS

Link to comment
Share on other sites

Hi Guys,

 

I have just installed Jose's contrib and all the changes have been done (I think).

 

Now when connecting to the cpi all I get is 'Hacking Attempt'.

 

Would one of the masters please shed some light on why this is happening.

 

Thanks

 

Mark

Lifes a bitch, then you marry one, then you die!

Link to comment
Share on other sites

Hi Guys,

 

I have just installed Jose's contrib and all the changes have been done (I think).

 

Now when connecting to the cpi all I get is 'Hacking Attempt'.

 

Would one of the masters please shed some light on why this is happening.

 

Thanks

 

Mark

 

 

Mark,

 

I had this prob when the hash wasn't generated.

 

in /includes/modules/payment/hsbc.php you could echo/print the generated hash, you should see it on the confirm page if it has been generated ok.

 

around line 100

 

$hash=trim($ret[1]);

print ">>>>>>$hash<<<<<<"; #<put this line in>

return($hash);

 

Martin

Link to comment
Share on other sites

Hi Martin,

 

Okay done that and found that the hash is not getting generated.

 

Is this a problem with the code or the hash that hsbc gave me??

 

Thanks

 

Mark

 

 

Could be either, do you have access to linux comand line?

 

you could also add

 

print "Command:$cmd:";

 

just before the last line that you added, this will show you what is being called/passed to TestHash.e

 

It will be something like

 

/mydir/cgi-bin/TestHash.e dhdhdhdhd/dhdhdhdh "data" "data"

^this is the key you enter in control panel(keep it private!)

Link to comment
Share on other sites

Hi Martin,

 

This is what is being passed using the print "Command:$cmd:";

 

Command:home/mobiacc/public_html/cgi-bin/TestHash.e "*************************" "https://www.24-7mobileaccessories.co.uk/checkout_process.php" "https://www.24-7mobileaccessories.co.uk/hsbc_return.php" "24-7 Mobile Accessories order" "Order 05257-113551" "789" "826" "*************" "1126780551000" "Auth" "0af5241113b359a5d5c137d3fe7b1a9f" "39 Eden Crest" "Gainford, Darlington" "826" "" "Mark" "Clayton" "DL2 3DE" "[email protected]" "39 Eden Crest" "Gainford, Darlington" "826"

 

I have omitted the hash key and the merchant id.

 

Still none the wiser!

 

Mark

Lifes a bitch, then you marry one, then you die!

Link to comment
Share on other sites

Hi Martin,

 

This is what is being passed using the print "Command:$cmd:";

I have omitted the hash key and the merchant id.

 

Still none the wiser!

 

Mark

 

I take it the hash key was exactly as the one given to you by HSBC, have you made Testhash.e executable and put the .so file in as well?.

 

I ran the TestHash.e from a command line to verify the output.

 

exporting the lib var "export LD_LIBRARY_PATH=/where_my_so_lib_is" run TestHash.e as it appears in the $cmd browser output i.e with key and params.

 

alternatively I think you could change $ret=exec($cmd); to $ret=system($cmd);

 

and that will print the output from the command in the browser window.

print "

 

If the hash generate doesn't work TestHash.e says something like "invalid hash"

 

I'm pretty sure from what you are describing there is a problem with TestHash.e or your key. Also did you transfer TestHash.e and the .so files in binary mode.

Link to comment
Share on other sites

I take it the hash key was exactly as the one given to you by HSBC, have you made Testhash.e executable and put the .so file in as well?.

 

I ran the TestHash.e from a command line to verify the output.

 

exporting the lib var "export LD_LIBRARY_PATH=/where_my_so_lib_is" run TestHash.e as it appears in the $cmd browser output i.e with key and params.

 

alternatively I think you could change $ret=exec($cmd); to $ret=system($cmd);

 

and that will print the output from the command in the browser window.

print "

 

If the hash generate doesn't work TestHash.e says something like "invalid hash"

 

I'm pretty sure from what you are describing there is a problem with TestHash.e or your key. Also did you transfer TestHash.e and the .so files in binary mode.

 

 

you might also want to try printing $ret,

 

print "Return:$ret:"; # after the system command

Link to comment
Share on other sites

Okay, this is one for those people like myself who have installed HSBC on many occasions. Now I have a problem with an HSBC install (had to happen!).

 

The order is getting passed to HSBC with the session id, is getting processed fine by HSBC and returning with the same session id to the site - but the order is not getting added to the database, no e-mails are getting fired off, and there is (of course) no record of the order in the admin panel.

 

This is a problem normally associated with an http and https_cookie_domain problem but they are both fine, full ssl cert, and 'Force Cookie Use' not being used.

 

Site is running in Production Mode, also at the HSBC end of things (double checked that one), and been through orders with HSBC on the line and they can't see any problem on their end of things.

 

Any thoughts as to what the problem might be?

 

Vger

Link to comment
Share on other sites

Vger,

 

Check the file spiders.txt in the includes directory, look for a line that contains java/, if this exists delete it as this will cause the problem.

 

Also check in admin under sessions, make sure that check IP Address is set to false, this again will cause a problem.

 

If you still have no luck let me know.

 

Regards

 

Neil Westlake

 

PS. Forgot to say, if the install is on a 1one1 server then the same thing will happen but theres nothing I found you can do.

Edited by ribs
Link to comment
Share on other sites

No, the install isn't on 1and1. I found and removed the java/ from the spiders.txt file, and check IP address is set to false.

 

I just don't get it, the orders are being processed fine by HSBC, and the return to the website is going fine - but that's when it goes pear-shaped. The item is still in the basket. The order just isn't being sent to the database.

 

Any more thoughts would be most welcome, as it's starting to get to me now. But then again, HSBC always does get to me.

 

Vger

Link to comment
Share on other sites

There could be a problem with checkout_process.php - because when I ran the latest order and arrived at the checkout_success.php page I typed in checkout_process and got the error message "You have cancelled the transaction" and got bumped back to the checkout_payment.php page.

 

Vger

Link to comment
Share on other sites

There could be a problem with checkout_process.php - because when I ran the latest order and arrived at the checkout_success.php page I typed in checkout_process and got the error message "You have cancelled the transaction" and got bumped back to the checkout_payment.php page.

 

Vger

 

 

I recently changed my order id generation from random to sequential. I made the mistake of inserting an alpha character at the beginning of the number to denote the year, HSBC processed the order correctly but when the user was returned to checkout_process.php no email or order was generated, the cart was empty but the system asked the user to be notified of product updates for the products they had just purchased as per usual.

 

Is it possible that the data you are generating is causing the problem as with mine?

 

 

Also, as these orders have not been generated in OSC. Is there a contrib that anyone knows of to manually input an order for a customer via the admin section.

 

It's quite painful otherwise.

 

Thanks

 

Sean

Link to comment
Share on other sites

Sean,

 

Rhea no longer has has an issue as I helped her out the other evening.

 

With regards to adding orders manually, there are contributions available that do this, the one I use was vey messy and needed a lot of modifcation to work well but it may have been improved. Try either of these:

 

Manual Order Entry

Order Editor

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

Yes, I'm afraid I had been too smart for my own good. I was doing an install of a site using the Register Globals patch on a server where Register Globals are enabled. This was intentional - a way of fireproofing the site against the day when Register Globals are disabled on that server. Part of the upload should have been a .htaccess file in the root of the web setting Register Globals off for that site.

 

I had been banging my head against the wall trying to figure out why this install of e-Secure would not work when I have installed so many others. Finally I realised the .htaccess file hadn't been uploaded, corrected that and it still wouldn't work. That's when I called for a second opinion.

 

It turned out that I had already made the change Neil made on my local install, but just hadn't uploaded it.

 

Sometimes you just can't see the wood for the trees.

 

:D

 

Rhea

Link to comment
Share on other sites

Hello to all

 

I have posted this here because this seems to be the only forum dealing with HSBC e-payments. My apologies if this is incorrect. I have been reading all the above with interest as I have (rather foolishly it now seems) just signed up with HSBC to use their CPI to accept online payments from my store. It all seemed fairly simple when I read their blurb - I wish I had read the above first!

 

I used MySQL/PHP for the store and I was hoping HSBC had a PHP payments module but they say not, and yet I think I saw mention of one in the above postings. So what advice can you give me (apart from use WorldPay!)? Does anyone have any ready made solutions for sale?

 

Thanks

 

Howard

Link to comment
Share on other sites

Using MySQL and pHP for your store is different from saying that you use osCommerce for your store. The modules available are for osCommerce websites.

 

However, on the CD Rom (CPI Integration Guide) that HSBC sends you there are various files that will allow you to connect to HSBC e-Secure, but you will have to build your site's front end yourself if you are not using osCommerce.

 

Vger

Edited by Vger
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...