Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

HSBC secure-epayment module

Guest

By Guest
in General Add-Ons Support

 Share

Recommended Posts

volumax

volumax

Posted
Posted

Hi Neil, Vger

 

The way that the module is written (if i have read correctly) passes 3 ISO codes, 1. Currency ISO 826 UK, with 2 and 3 the Billing and Shipping ISO codes USA customer 840.

 

We cannot fix 2 and 3 to 826 as this would cause AVS failures on the rest of the address detail passed to HSBC.

 

I can find my way arround php ok but this part of the code is throwing me a little:-

 

	  //Currency code setup
  $currency_code = $currency;
  if (!in_array($currency_code, array('EUR', 'GBP', 'HKD', 'JPY', 'USD'))) {
	$currency_code = 'USD'; <<<<<<<
  }
  $curr=array('EUR'=>978,'HKD'=>344,'JPY'=>392,'GBP'=>826,'USD'=>840);

  $currency_code=$curr[$currency_code];

 

Does the line marked with

<<<<<<<
force USD being sent for the currency if the IF stament tests true or is not working properly?

 

If so this would explain a note I made while talking to hsbc that made no sense at the time, this was that even though the module was displaying GBP to me in the hidden fields as the currency thay said it was saying that it was trying to take payment USD, I thought they had assumed that one of the 840's was the currency code not shipping/billing ISO

 

We only have GBP defined in the shops admin and we only ever take payment in GBP.

 

All the best

Andy

Literally, Laterally Thinking! If you cannot get through it, go round it.

Link to comment
Share on other sites
  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Guest

Guest

Posted
Posted

I will be using HSBC as my internet merchant very soon and will be using this contribution.

 

What i would like to know is there anyway that customers will be able to pay money to us without purchasing a product. The reason i would like to do this is because we also sell things on ebay, so therefore rather than using paypal (who basically rip you off), once an auction has ended our ebay customers can pay through our website using the new HSBC module that we install.

Link to comment
Share on other sites
Vger

♥Vger

Posted
Posted

The e-Secure account comes with the ability to accept card payments over the phone or via post.

 

Vger

I will be using HSBC as my internet merchant very soon and will be using this contribution.

 

What i would like to know is there anyway that customers will be able to pay money to us without purchasing a product. The reason i would like to do this is because we also sell things on ebay, so therefore rather than using paypal (who basically rip you off), once an auction has ended our ebay customers can pay through our website using the new HSBC module that we install.

Link to comment
Share on other sites
Vger

♥Vger

Posted
Posted

That would not do you any good at all. If you cannot generate a correct hash key then either:

 

1. You have not entered the correct hash key into the HSBC module

 

2. HSBC have not sent you the correct hash key

 

3. There is something about the configuration of your website or server which is preventing the module from working.

 

Vger

Can someone with a working install of this module, PLEASE contact me, and arrange to send me a copy, as no matter what I do, this module simply does NOT work.

Somehow the module is creating a ttally different hash to the one I can create from the commandline

Link to comment
Share on other sites
miguel_andreas

miguel_andreas

Posted
Posted
That would not do you any good at all. If you cannot generate a correct hash key then either:

 

1. You have not entered the correct hash key into the HSBC module

It is entered correctly, HSBC have confirmed that the hash key is set fine.

 

2. HSBC have not sent you the correct hash key

HSBC claim there is nothing wrong with the hash key. They say the issue is with this payment module.

 

3. There is something about the configuration of your website or server which is preventing the module from working.

The server is running php in safe_mode but the testhash.e file is in the /nonexec folder, which is available to php, and this module is creating a hash, it just doesn't match what I can create with the same data using commandline access to the server.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
The e-Secure account comes with the ability to accept card payments over the phone or via post.

 

Vger

 

Thanks replying Vger.

 

There must be a way the customers could enter details themselves on the payment page.

 

See if we start contacting customers over the phone for card numbers they may seem a little suspicious, thats all!

Link to comment
Share on other sites
  • 2 weeks later...
doni

doni

Posted
Posted

Hi Vger and Freerangemum - Thanks for this contribution.

 

I have just received my pack from HSBC - and it's a pretty daunting read.

 

The questions I have is this :

 

Is there any other pre-installation requirements (other than downloading your contribution) that is required to get this HSBC ePayments module working, (apart from getting my hash key from HSBC)? You seem to have translated the Latin which is the HSBC documentation into the whole contribution!

 

Specifically, can I do away with the Section in their document relating to the "order hash libraries and samples", "deploying sample files" "generating the merchant post", and "cpi return post"?

 

Thanks in advance.

Link to comment
Share on other sites
Vger

♥Vger

Posted
Posted

HSBC e-Secure is not for the feint-hearted. These days I'd recommend Protx Direct in place of HSBC e-Secure. With Protx Direct the customer never leaves your website - which has to be a good thing.

 

Specifically, can I do away with the Section in their document relating to the "order hash libraries and samples", "deploying sample files" "generating the merchant post", and "cpi return post"?

 

Short answer is 'No'. You have to load up certain files into the CGI-Bin, other files must exist in your Shared Library folder, and your site must be able to generate the Merchant Post and process the CPI Return Post.

 

Also, you must pass HSBC a session id from your website, so you can't use 'Force Cookie Use' - otherwise HSBC will generate an id of its own, pass it back to your site, your site won't recognise it and the transaction will fail.

 

Vger

Link to comment
Share on other sites
doni

doni

Posted
Posted

Thanks Vger - I'll take a closer look at the documentation.

 

I do like HSBC because of their rates and the fact that they combine the merchant account with their e-payment solution.

 

I'm now trying to find out the rates they'd given me for just a merchant account to see whether using this Protx Direct is a viable alternative.

 

Thanks

Link to comment
Share on other sites
Vger

♥Vger

Posted
Posted

Either way you have to have a Merchant ID. Then you pay for e-Secure setup, then a monthly fee, and then a percentage fee per transaction.

 

With Protx you pay a monthly fee.

 

Vger

Link to comment
Share on other sites
doni

doni

Posted
Posted (edited)

Good afternoon.

 

I have received a test store from HSBC, so I can try this out before buying.

 

1. I have carefully followed Vger's (very comprehensive) instructions.

 

2. Everything seems to work very well.

2.1 I can place an order

2.2 I go to the HSBC website

2.3 I enter dummy data

2.4 I return to the OS success page.

 

3. However, the order does not show in the admin, orders list. It is not in the orders table either.

 

4. In fact the order remains in the "cart" of the dummy customer (which is actually what "sometimes" happens in reality with NOCHEX - on a few occasions (e.g. 1% of occasions)).

 

5. I have tried to search this thread for why this might happen, and have found some possible causes. I have conducted some checks to eliminate potential past issues people have had. So I can confirm the following.

 

5.1 The order status of 4 exists in my order status table

5.2 The order status of 4 in the hsbc.php payment module (latest download) remains hard coded at 4

5.3 I set the same (corresponding text) order status in the admin panel / module / payment/ hsbc option

5.4 The order status is an integer int(11) in the order status table, and I have not changed this to varchar.

 

6.0 I have tested this about 6 times, and each time I go through the whole process, but the order remains in the cart.

 

If anyone can assist me in trying some other tests on this, or pointing me in the right direction, I would appreciate it.

 

Thanks in advance.

Edited by doni
Link to comment
Share on other sites
Vger

♥Vger

Posted
Posted

Make sure that your https_cookie_domain in includes/configure.php is correct. Depending upon how your full ssl cert was issued it should read either www.yourdomain.com or just yourdomain.com.

 

It's only if you have a shared ssl that the https_cookie_domain becomes a but more problematic. It may be something like:

 

someisp.com/yourdomain.com

or

someisp.com/~yoursitename

 

In includes/modules/payment/hsbc.php make sure that these lines read as below:

 

'CpiDirectResultUrl'=>tep_href_link('checkout_process.php', '', 'SSL', true),

'CpiReturnUrl'=>tep_href_link('hsbc_return.php', '', 'SSL', true),

 

and make sure that this line reads:

 

$currency_code = 'GBP'; (not 'USD')

 

Vger

Link to comment
Share on other sites
doni

doni

Posted
Posted

Thanks for that Vger.

 

1. I've been using SSL on this site for a while and the configure files for catalog and admin are working fine, and set up correctly to align with the certificate.

 

2. The site is hosted on a dedicated server with fixed IP address.

 

3. I had already changed the currency code to GBP (from USD) in the hsbc.php file.

 

4. However the hsbc.php file has the settings of "false", which I have now changed to "true", but once again everything seems to work fine, but the cart is not emptied and the order is not created.

 

Obviously I think I'm pretty close here - but can't work this out.

 

Is there any other checks I can do to find out why this is happening ....

 

Thanks again.

Link to comment
Share on other sites
doni

doni

Posted
Posted

It might also help to note that :

 

1. This is being installed on an active shop, which currently (and successfully) goes through the payment process taking Nochex payments. Payments made via Nochex successfully return to OSc and add the order to the list of orders, so the process is currently working with Nochex.

 

Thanks

 

doni

Link to comment
Share on other sites
doni

doni

Posted
Posted

Just a little more progress here.

 

1. I checked back through this thread to see if there are any other things that could be making this happen, and there was a mention of checking the spiders.txt file because it may have "java" in the list. I regularly update the spiders.txt file, and so I checked this, removed "java/" from the list and uploaded it.

 

This was the only change I made, and the effect of this was as follows.

 

1.1 I place the dummy order as before, but this time when I return from the HSBC payment page, I do not get the checkout_success.php page, but stop at the hsbc_return page with this error :

 

1.2 Fatal error: Call to a member function on a non-object in /usr/.../hsbc_return.php on line 40

 

and line 40 is this :

 

{

if ($k!='OrderHash')

{

$post_2[$k]=$v;

}

}

 

$order_hash=$_POST['OrderHash'];

$hsbc=$GLOBALS['hsbc'];

$hash=$hsbc->getHash($post_2); <<<<<<<< LINE 40 <<<<<<<<

 

 

if ($order_hash!=$hash) die ("Hacking attempt!");

 

 

1.3 BUT the good news is that the order does move from the cart to the order table and appears in the admin/orders panel.

 

1.4 All I have to do now (ha ha ha) is get rid of this error to give the customer a success screen and I'll be laughing ....

 

1.5 Any advice from here would be great.

 

Thanks in advance, and goodnight .. see you tomorrow.

Link to comment
Share on other sites
doni

doni

Posted
Posted

I haven't had much success in trying to fix the error stated in the last post.

 

The (inappropriate) fix I have done for now (to make it work) is to replace :

 

'CpiDirectResultUrl'=>tep_href_link('checkout_process.php', '', 'SSL', true),

'CpiReturnUrl'=>tep_href_link('hsbc_return.php', '', 'SSL', true),

 

with :

 

'CpiDirectResultUrl'=>tep_href_link('checkout_payment.php', '', 'SSL', true),

'CpiReturnUrl'=>tep_href_link('checkout_process.php', '', 'SSL', true),

 

This now works, and gives the customer the success page, BUT.

 

It does not take account of any error codes returned by HSBC. It's very Heath Robinson, but I have no clue how to properly fix the hsbc_return.php file. This is likely to mean that orders returned back from HSBC which have not been authorised, will appear as a valid order !! (a real mess). All orders in OSC will need to be checked by logging into HSBC and validating the order (which should be done anyway).

 

1.0 Does anyone know whether this is likely to cause me a problem? (Apart from having to do a sanity check by logging in to HSBC and checking each order).

 

2.0 If anyone has installed this contribution does anyone have a feel for the percentage of transactions which are invalid (i.e. not equal to 0 (or 9 I think))?

 

3.0 Does anyone have a clue as to how I might fix the hsbc_return.php file to fix the problem identified in the last post, as I'd really like to do this?

Link to comment
Share on other sites
Weirfire

Weirfire

Posted
Posted

Believe it or not I'm back for more punishment. If it wasn't bad enough installing the HSBC module the first time, I've taken on a job where the HSBC module is installed on another server and I'm trying to make some positive changes to their site. Guess who complained about the changes? Yep... HSBC payments!!

 

First of all I'm getting a cpi results 10

 

What I've changed to the oscommerce system is;

 

 

- forced sessions into cookies

- set the configure file to;

define('HTTP_SERVER', 'http://www.domain.co.uk');

define('HTTPS_SERVER', 'https://www.domain.co.uk');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.domain.co.uk');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '');

 

the previous configure file looked like this

 

define('HTTP_SERVER', 'http://www.domain.co.uk');

define('HTTPS_SERVER', 'https://domain.co.uk');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'http://www.domain.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'https://www.domain.co.uk');

define('HTTP_COOKIE_PATH', '/execsc');

define('HTTPS_COOKIE_PATH', '');

 

Within the hsbc.php page I mail myself all the fields and they are all being sent fine but since sticking the session ids in the cookies it has started giving me the results code 10.

 

Any help would be hugely appreciated!!

 

 

Thanks again,

Stephen Weir

Link to comment
Share on other sites
Thieving_Gypsy

Thieving_Gypsy

Posted
Posted

You can't force cookies to be used for sessions.

 

 

 

Believe it or not I'm back for more punishment. If it wasn't bad enough installing the HSBC module the first time, I've taken on a job where the HSBC module is installed on another server and I'm trying to make some positive changes to their site. Guess who complained about the changes? Yep... HSBC payments!!

 

First of all I'm getting a cpi results 10

 

What I've changed to the oscommerce system is;

- forced sessions into cookies

- set the configure file to;

define('HTTP_SERVER', 'http://www.domain.co.uk');

define('HTTPS_SERVER', 'https://www.domain.co.uk');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.domain.co.uk');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '');

 

the previous configure file looked like this

 

define('HTTP_SERVER', 'http://www.domain.co.uk');

define('HTTPS_SERVER', 'https://domain.co.uk');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'http://www.domain.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'https://www.domain.co.uk');

define('HTTP_COOKIE_PATH', '/execsc');

define('HTTPS_COOKIE_PATH', '');

 

Within the hsbc.php page I mail myself all the fields and they are all being sent fine but since sticking the session ids in the cookies it has started giving me the results code 10.

 

Any help would be hugely appreciated!!

Thanks again,

Stephen Weir

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...