volumax Posted October 23, 2005 Share Posted October 23, 2005 Hi Neil, Vger Heres an update, 1and1 have not made any changes to servers, I spent 20 minutes talking to them, and a collegue of the chap i was speaking to said they not had much luck with it. I did however find out that when osc switches to ssl the browser dont switch properly this was fixed with the 1and1 ssl fix update contibution, altering line 41 of application top, but this did not cure the HSBC problem. I also opened the 'whos on line' section and had it auto refresh every few seconds, and watched it while going thru check out my logged in ip remained there but as i progressed thru checkout my ip appeared at each stage not as my registered user but as a guest user on a seperate line with different osCsid's <_< any sugestion as to whats going on with that?, is sounds like as i'm going thru checkout the session is not following as it should. Thoughts anyone? Andy Quote Literally, Laterally Thinking! If you cannot get through it, go round it. Link to comment Share on other sites More sharing options...
♥Vger Posted October 23, 2005 Share Posted October 23, 2005 In your osC admin panel, under Configuration --> Sessions, make sure that Recreate Session is set to false. In fact all entries there except for 'Prevent Spider Sessions' should be set to false. Vger Quote Link to comment Share on other sites More sharing options...
MartinEvans Posted October 26, 2005 Share Posted October 26, 2005 Martin, The return links that always work for me are: On success: (0 or 9) tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL', false, false).'?osCsid='.$MerchantData; On fail (Anything else) tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($error), 'SSL', false, false).'&osCsid='.$MerchantData); Don't forget to add: $MerchantData = $_POST['MerchantData']; above the two. Hope it helps Neil Westlake Thanks Neil, I noticed some discussions about status 9, would you recomend treating that as success and putting the order in? I guess it's a manual task to go into HSBC each day to check for these and reconcile with the orders. Quote Link to comment Share on other sites More sharing options...
♥Vger Posted October 26, 2005 Share Posted October 26, 2005 (edited) I would recommend treating status 9 as a success and, yes, checking each transaction with HSBC. HSBC checks Street Address and Post Code against the Post Office list, and if they don't match then the transaction gets treated as fraudulent and it gets rejected. The thing is, you don't know it's been rejected, it's like it never happened - but the customer will get a fraud notice in their statement (not good). Most times it's just a genuine error. Someone puts in: Red Brick House No 1 The Street and it gets rejected because HSBC is looking for No 1 The Street on the first line. Vger Edited October 26, 2005 by Vger Quote Link to comment Share on other sites More sharing options...
ribs Posted October 26, 2005 Share Posted October 26, 2005 Martin, You should always accept return code 9's otherwise you will lose a lot of business. Quite frequently I have code 9's which are genuine and as Vger said it's normally because they've given a slightly wrong address. On HSBC installs that I have done for others I code it in such a way that it flags it in osCommerce admin so you know that the transaction is in review without having to login to HSBC. Regards Neil Quote Link to comment Share on other sites More sharing options...
volumax Posted October 26, 2005 Share Posted October 26, 2005 Hi Neil, Vger Update to our woes! There are no more woes!!! Our HSBC is now fixed and is running quite happily on our 1and1 server taking and processing orders, we decided to pass it to Jose the creator of the contrib to sort out, and he did :) Workes on shared SSL and now on full SSL too. B) Mostly it was down to the error codes and our random order number generator call in checkout_process.php and a modification to hsbc_return.php that was needed. anyways thanks for all your input and help, we now have to cure a glitch, that stops admin deleting orders and customers viewing their orders in their profile. Ho Hum it never seems to end :lol: regards andy Quote Literally, Laterally Thinking! If you cannot get through it, go round it. Link to comment Share on other sites More sharing options...
MartinEvans Posted October 26, 2005 Share Posted October 26, 2005 Martin, You should always accept return code 9's otherwise you will lose a lot of business. Quite frequently I have code 9's which are genuine and as Vger said it's normally because they've given a slightly wrong address. On HSBC installs that I have done for others I code it in such a way that it flags it in osCommerce admin so you know that the transaction is in review without having to login to HSBC. Regards Neil Thanks for the advice vger & ribs, I'll get reading on some of the past posts. Quote Link to comment Share on other sites More sharing options...
volumax Posted October 27, 2005 Share Posted October 27, 2005 HI all, Delete/view order problem cured, multiple instances of (int) cast in php files relating to orders_id in /catalog/ and /catalog/admin directories. Andy Quote Literally, Laterally Thinking! If you cannot get through it, go round it. Link to comment Share on other sites More sharing options...
MartinEvans Posted November 3, 2005 Share Posted November 3, 2005 Martin, You should always accept return code 9's otherwise you will lose a lot of business. Quite frequently I have code 9's which are genuine and as Vger said it's normally because they've given a slightly wrong address. On HSBC installs that I have done for others I code it in such a way that it flags it in osCommerce admin so you know that the transaction is in review without having to login to HSBC. Regards Neil I've been looking through the code to see how I can handle code 9's and come across something interesting. In Jose's website version of the code there is an extra insert into the db to handle erros that you will treat as pending, this is not in the code that is posted in the contributions section. I hadn't noticed it in my admin panel as I used the contrib version initially and didn't remove/add in the admin panel, thus I didn't get the extra option. When I looked through the code I found this, $codes=split(",",MODULE_PAYMENT_HSBC_PENDING_CODES); if (in_array($CpiResultsCode,$codes)) { $order->info['order_status']=3; return; So using the newer version of code from Jose's website will handle code 9's as pending if I change this to 1, $codes=split(",",MODULE_PAYMENT_HSBC_PENDING_CODES); if (in_array($CpiResultsCode,$codes)) { $order->info['order_status']=1; return; in my db 1=pending, 2=processing, 3=dispatched So payments made will processing and code 9's (address mismatch) will go pending. has anybody else found this to be the case? Provided I put 9 in the pending error codes section in my admin panel. I am going to mail Jose to see if he has any objection to me uploading the new improved version from his website to the contributions website. I will also add the fixes to the hsbc_return.php if he does not object. Quote Link to comment Share on other sites More sharing options...
chasyp Posted November 11, 2005 Share Posted November 11, 2005 Help, Help Help I am trying to get this HSBC payment module working without success. I think it must be down to the creation of the Hash, i inserted a print in hsbc.php //Executes the TestHash to get the hash $cmd="$path/TestHash.e \"".MODULE_PAYMENT_HSBC_HASH."\" $cmd"; print "testH=". $cmd; $ret=exec($cmd); print "<br>ret=".$ret; but the ret always = blank :angry: Can somebody provide me with a list of things i can try, here is what i have done so far. Given my hosting provider a copy of libCcCpiTools.so.... and told them to install it into the '/lib' directory.. I don't have access to this, is this the right place ? how do i check it's working / installed ? moved a copy of CcOrderHash.e, CcResults.e, TestHash.e into module/payment/ is this the correct place ? Starting to get a little frustrated Any help would be greatly appreciated Regards Charlie Quote Link to comment Share on other sites More sharing options...
chasyp Posted November 13, 2005 Share Posted November 13, 2005 Does anybody know if HSBC works on a standard HTML page or requires SSL ? The documentation says it will work on both, but see a lot of people saying it only works on SSL. has it changed ... i got the document last week from HSBC. Cheers Quote Link to comment Share on other sites More sharing options...
MartinEvans Posted November 15, 2005 Share Posted November 15, 2005 Does anybody know if HSBC works on a standard HTML page or requires SSL ? The documentation says it will work on both, but see a lot of people saying it only works on SSL. has it changed ... i got the document last week from HSBC. Cheers The last time I looked it was a requirement that the return posts went to an SSL site, I would call HSBC and ask them. Please post their answere back here :-) Quote Link to comment Share on other sites More sharing options...
MartinEvans Posted November 15, 2005 Share Posted November 15, 2005 Help, Help Help I am trying to get this HSBC payment module working without success. I think it must be down to the creation of the Hash, i inserted a print in hsbc.php //Executes the TestHash to get the hash $cmd="$path/TestHash.e \"".MODULE_PAYMENT_HSBC_HASH."\" $cmd"; print "testH=". $cmd; $ret=exec($cmd); print "<br>ret=".$ret; but the ret always = blank :angry: Can somebody provide me with a list of things i can try, here is what i have done so far. Given my hosting provider a copy of libCcCpiTools.so.... and told them to install it into the '/lib' directory.. I don't have access to this, is this the right place ? how do i check it's working / installed ? moved a copy of CcOrderHash.e, CcResults.e, TestHash.e into module/payment/ is this the correct place ? Starting to get a little frustrated Any help would be greatly appreciated Regards Charlie Put both the lib and testhash exe in your cgi bin, make sure they are executable by the webserver user, chmod 750 or 755 will probably do it. Change the hsbc.php file to reflect the path to the files, not the webserver path but the real file path i.e. /var/www/shop/cgi-bin <- ask your isp what this is if you're not sure. That's all I did, good luck. Also make sure you don't use the current version on the contribution page, use the one on Jose's site(see earlier posts) Quote Link to comment Share on other sites More sharing options...
Guest Posted November 16, 2005 Share Posted November 16, 2005 Hi, Trying to get this work and spent most of the day on the phone to HSBC. The code generates the post data fine, when i click to Confirm Order, the post is sent to HSBC CPI page and its totally blank, nothing comes up at all. All my post data is reaching the servers as they could see it at the tech center. They are telling me there is an 'invalid Character' in there somewhere but cant say which field. the hash is correct so im stummpped. They are trying to look into it for me but so far no joy.. Anyway, heres my post data, <form name="checkout_confirmation" action="https://www.cpi.hsbc.com/servlet" method="post"> <input type="hidden" name="CpiDirectResultUrl" value="https://myurl/checkout_process.php"> <input type="hidden" name="CpiReturnUrl" value="https://myurl/hsbc_return.php"> <input type="hidden" name="OrderDesc" value="Mozilla Store International order"> <input type="hidden" name="OrderId" value="05319-043251983"> <input type="hidden" name="PurchaseAmount" value="19366"> <input type="hidden" name="PurchaseCurrency" value="826"> <input type="hidden" name="StorefrontId" value="UK02828141GBP"> <input type="hidden" name="TimeStamp" value="1132158771000"> <input type="hidden" name="TransactionType" value="Auth"> <input type="hidden" name="MerchantData" value="f4b64cf6a4e08a688b0b90445a7eaaf7"> <input type="hidden" name="BillingAddress1" value="sdafhslkdhkjg"> <input type="hidden" name="BillingCity" value="jhgjhgj"> <input type="hidden" name="BillingCountry" value="826"> <input type="hidden" name="BillingCounty" value="A"> <input type="hidden" name="BillingFirstName" value="Andrew"> <input type="hidden" name="BillingLastName" value="Lindsay"> <input type="hidden" name="BillingPostal" value="hgjhgjhgh"> <input type="hidden" name="ShopperEmail" value="[email protected]"> <input type="hidden" name="ShippingAddress1" value="sdafhslkdhkjg"> <input type="hidden" name="ShippingCity" value="jhgjhgj"> <input type="hidden" name="ShippingCountry" value="826"> <input type="hidden" name="ShippingCounty" value="A"> <input type="hidden" name="ShippingFirstName" value="Andrew"> <input type="hidden" name="ShippingLastName" value="Lindsay"> <input type="hidden" name="ShippingPostal" value="hgjhgjhgh"> <input type="hidden" name="Mode" value="T"> <input type="hidden" name="OrderHash" value="ZFmWE3h554jNcioNnKLyS+oiOnM="> <input type="submit" class="testsubmit" name="Confirm Order" value=" Confirm Order "> </form> Anyone spot anything obvious cuz I cant. I compared it to the working post from freerangekids and it all matches. :angry: Anyway anyone had a blank gateway and got it fixed? Cheers Stot Quote Link to comment Share on other sites More sharing options...
jonwall Posted November 23, 2005 Share Posted November 23, 2005 Hi, my hosting company has changed servers over the weekend, they made the new server identical to the old one except for the IP address and I am currently getting "hacking attempt" when trying to connect to the HSBC CPI-can anyone tell me if the server change would be the reason for this, and if so are there just some config values to change or is it something a bit bigger? It's been running fine for about a week and is the third time I've installed the module so the contribution itself has been put in soundly I think. Any help would be much appreciated. Cheers, Jon Quote Link to comment Share on other sites More sharing options...
ribs Posted November 23, 2005 Share Posted November 23, 2005 (edited) Jon, I had a client recently who had exactly the same problem. He hosted with Altaire and found that one day his HSBC install had just stop working. At first he contacted me as I installed it for him initially, after I had a quick look I found that the Hash wasn't being generated. I asked him to contact his host and they told him that they had moved him to a new server which was supposedly setup exactly the same way as the previous one. Anyway the long and short of it was he moved hosts. I hope it don't come to this for you, but it didn't matter what I did with his install I was still unable to get the Hash to generate. Regards Neil Westlake Edited November 23, 2005 by ribs Quote Link to comment Share on other sites More sharing options...
jonwall Posted November 24, 2005 Share Posted November 24, 2005 Thanks for the quick response Neil, I am going to try a full reinstall of the module before i change hosts as I'm a bit worried about losing the site again (last time i moved, it took ages to sort), it's also run by a friend so I can get the full details of what's going on, sounds like it could be my only solution though. Would reuploading the original hash key change anything? Regards, Jon Quote Link to comment Share on other sites More sharing options...
♥Vger Posted November 24, 2005 Share Posted November 24, 2005 As it's a new server you may want to check the shared ssl address - if you are using a shared ssl instead of a full ssl. Vger Quote Link to comment Share on other sites More sharing options...
jonwall Posted November 25, 2005 Share Posted November 25, 2005 Thanks for the advice, I've got a dedicated SSL so that shouldn't be too much of an issue, what's confusing me now is that my image resizer has gone pop in the last 12 hours, as has the access to my admin page, its giving me a fatal error. Somehow I can see a full reinstall coming on, yet again... Quote Link to comment Share on other sites More sharing options...
jonwall Posted November 25, 2005 Share Posted November 25, 2005 Also, could the fact that the hosts have put a newer version of php on this server cause any problems with it? Quote Link to comment Share on other sites More sharing options...
♥Vger Posted November 25, 2005 Share Posted November 25, 2005 osCommerce and php5 don't go well together so that could cause a problem. It could also cause a problem if the server time is not correct as it will then be seen as a hacking attempt. Vger Quote Link to comment Share on other sites More sharing options...
jonwall Posted November 25, 2005 Share Posted November 25, 2005 Ok thanks, I will be updating my osCommerce install with the download from the main site, and will enquire about server times etc. This is without doubt the most helpful forum I've ever used, the quick responses are much appreciated! Quote Link to comment Share on other sites More sharing options...
jonwall Posted November 26, 2005 Share Posted November 26, 2005 also, just to update, server time is set to GMT, so shouldn't be a problem. Quote Link to comment Share on other sites More sharing options...
jonwall Posted November 28, 2005 Share Posted November 28, 2005 OK, hacking attempt problem now sorted (apparently some Linux kernel modules weren't installed on the new server), but now whenever it tries to connect to the CPI, it comes back to hsbc_return.php with an "invalid input data" message-after reading back through this thread it seems the problem was often related to HSBC knowing that the site is running in production mode, but it has been for over 12 months now so that shouldn't be a problem. Any ideas/thoughts would be much appreciated. Cheers, Jon Quote Link to comment Share on other sites More sharing options...
ribs Posted November 28, 2005 Share Posted November 28, 2005 Jon, Try manually setting the timestamp, your server could be more than an hour out and cause the problem your describing. Regards Neil Westlake Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.