Weirfire Posted March 14, 2006 Share Posted March 14, 2006 Not in the URLs specifically - but definitely don't force cookie usage. Cheers mate. If anyone has managed to develope a robust system where the session isn't in the URL let me know. On this particular job the URL's have to be totally clean which is why I need to take them out of the URL's Quote Link to comment Share on other sites More sharing options...
doni Posted March 14, 2006 Share Posted March 14, 2006 First of all I'm getting a cpi results 10 What I've changed to the oscommerce system is; - forced sessions into cookies - set the configure file to; define('HTTP_SERVER', 'http://www.domain.co.uk'); define('HTTPS_SERVER', 'https://www.domain.co.uk'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.domain.co.uk'); define('HTTPS_COOKIE_DOMAIN', ''); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', ''); the previous configure file looked like this define('HTTP_SERVER', 'http://www.domain.co.uk'); define('HTTPS_SERVER', 'https://domain.co.uk'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'http://www.domain.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'https://www.domain.co.uk'); define('HTTP_COOKIE_PATH', '/execsc'); define('HTTPS_COOKIE_PATH', ''); I'm not really qualified to help you, since I still have a small bug using the hsbc_return.php file, but the process through to HSBC and back on my server seems OK. FWIW - You stated the changes you made to the configure file - mine looks like this : define('HTTP_SERVER', 'http://www.domain.co.uk'); define('HTTPS_SERVER', 'https://domain.co.uk'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.domain.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'domain.co.uk'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); In this case, the SSL certificate for this domain is made out to http://domain.co.uk. I have no idea if this helps - but hope it does. Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 14, 2006 Share Posted March 14, 2006 If the ssl cert is made out to domain.com then make the http and https server settings read http://domain.com and https://domain.com, and make the http_cookie_domain read just domain.com Vger Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 14, 2006 Share Posted March 14, 2006 For the other question, for HSBC e-Secure to work you must send HSBC a session id, else they will generate an id of their own and pass it back to your site - but your site won't recognise their id and the transaction will fail. If you want an alternative which does not rely on session ids being passed then look at Protx Direct. The customer stays on your site - it's only the card verification that goes off-site and that's done behind the scenes. Vger Quote Link to comment Share on other sites More sharing options...
Weirfire Posted March 14, 2006 Share Posted March 14, 2006 For the other question, for HSBC e-Secure to work you must send HSBC a session id, else they will generate an id of their own and pass it back to your site - but your site won't recognise their id and the transaction will fail. If you want an alternative which does not rely on session ids being passed then look at Protx Direct. The customer stays on your site - it's only the card verification that goes off-site and that's done behind the scenes. Vger Thanks for your thoughts on this problem. Would it not be at all possible to send HSBC the session which is stored in the cookies? This is where my understanding of the system reaches it's limits so feel free to have a chuckle if I've said something stupid. Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 14, 2006 Share Posted March 14, 2006 The session id is picked up from the code source of the page that contains the data being sent to HSBC. If you run through an order until you reach the checkout_confirmation.php page and then use View Source in your browser you will see (or not see) the session id that's being sent to HSBC. We had this problem with our first install of e-Secure, on a website with a full ssl cert and Force Cookie Use set to True. The only solution was to turn off Force Cookie Use. At least it's not as bad as Barclays ePDQ, because their system relies on http headers being sent, not https headers - so you have to make two pages http pages, which should be https pages, just to get it to work. This is bizarre to say the least - a banking company whose system requires that pages are NOT encrypted. It's even worse when you realise that they use exactly the same software that HSBC uses! Protx Direct is infinitely superior to either Barclays or HSBC - the customer stays on your website and doesn't leave it - and you don't have to pass a session id and you don't have to make https pages into http pages. Vger Quote Link to comment Share on other sites More sharing options...
Weirfire Posted March 14, 2006 Share Posted March 14, 2006 Combined with the fact its so easy to install and its ?20/month for 1000 transactions per quarter is very attractive to the small business who might not take a lot of orders. I'm definitely with you on that 1 but yet the clients still go ahead with the HSBC system even when we tell them otherwise.... Thanks for the info :) The session id is picked up from the code source of the page that contains the data being sent to HSBC. If you run through an order until you reach the checkout_confirmation.php page and then use View Source in your browser you will see (or not see) the session id that's being sent to HSBC. We had this problem with our first install of e-Secure, on a website with a full ssl cert and Force Cookie Use set to True. The only solution was to turn off Force Cookie Use. At least it's not as bad as Barclays ePDQ, because their system relies on http headers being sent, not https headers - so you have to make two pages http pages, which should be https pages, just to get it to work. This is bizarre to say the least - a banking company whose system requires that pages are NOT encrypted. It's even worse when you realise that they use exactly the same software that HSBC uses! Protx Direct is infinitely superior to either Barclays or HSBC - the customer stays on your website and doesn't leave it - and you don't have to pass a session id and you don't have to make https pages into http pages. Vger Quote Link to comment Share on other sites More sharing options...
Guest Posted March 14, 2006 Share Posted March 14, 2006 I'm definitely with you on that 1 but yet the clients still go ahead with the HSBC system even when we tell them otherwise.... The thing you have to bear in mind is that whilst protx is familiar to those of us who spend a lot of time online, and staying on your own site to take payment details appears more fluid & 'cleaner', for our customers HSBC is a name they know from the high street and feel comfortable & safe with. To them going to a different site to enter their payment details isn't a -ve, far from it. Personally I'm not interested in what makes for a better payment process code wise (or at least not as a priority), my no. 1 priority is making my customers feel safe & secure, so they'll hit the final confirm button. Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 14, 2006 Share Posted March 14, 2006 I agree that HSBC is a known name and well trusted. With online fraud rising by 22% in the UK last year people are wary of making payments online. However, they are just as reassured by a nice SSL Seal on the page and by the fact that they are not being redirected elsewhere to make their payment. I've lost count of the number of HSBC e-Secure installs I've done - but I'd still recommend Protx Direct - now that I have used that system as well. But, as Stephen said, at the end of the day it's down to the customer and what they want. Vger Quote Link to comment Share on other sites More sharing options...
Thieving_Gypsy Posted March 17, 2006 Share Posted March 17, 2006 Can anyone answer this please. Does HSBC accept a BillingAddress2 parameter? The Suburb (renamed Address Line 2) on my shop is not being passed through to HSBC, so the option is to tag it on to the BillingAddress1 field or pass it in another field. What do you reckon? Cheers, Andy Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 17, 2006 Share Posted March 17, 2006 Agh, I'm taking a guess that I know what is happening here. If someone enters their address as below then it will fail the comparison HSBC carries out between address and postcode: Address 1: Red Brick Cottage Address Line 2: 29 Brick Lane whereas, if they enter it as below then it matches and the transaction goes through: Address 1: 29 Brick Lane The way around this is to make code 9 a pass and not a fail. Then, instead of the transaction failing, it will appear in your HSBC interface as 'Fraud Pending' and it is then up to you whether or not to proceed and Approve. hsbc_return.php if ($CpiResultsCode=='0') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')); } if ($CpiResultsCode=='9') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',true)); } $error=MODULE_PAYMENT_HSBC_TEXT_ERROR1; switch($CpiResultsCode) { case 1: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR1; break; case 2: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR2; break; case 3: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR3; break; case 4: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR4; break; case 5: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR5; break; case 6: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR6; break; case 7: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR7; break; case 8: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR8; break; case 10: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR10; break; case 11: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR11; break; case 12: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR12; break; case 13: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR13; break; case 14: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR14; break; case 15: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR15; break; case 16: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR16; break; } Vger Quote Link to comment Share on other sites More sharing options...
Thieving_Gypsy Posted March 17, 2006 Share Posted March 17, 2006 Thanks Vger I suspect the client want's it go through without the pending!!! But may not have a choice... Andy. Agh, I'm taking a guess that I know what is happening here. If someone enters their address as below then it will fail the comparison HSBC carries out between address and postcode: Address 1: Red Brick Cottage Address Line 2: 29 Brick Lane whereas, if they enter it as below then it matches and the transaction goes through: Address 1: 29 Brick Lane The way around this is to make code 9 a pass and not a fail. Then, instead of the transaction failing, it will appear in your HSBC interface as 'Fraud Pending' and it is then up to you whether or not to proceed and Approve. hsbc_return.php if ($CpiResultsCode=='0') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')); } if ($CpiResultsCode=='9') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',true)); } $error=MODULE_PAYMENT_HSBC_TEXT_ERROR1; switch($CpiResultsCode) { case 1: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR1; break; case 2: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR2; break; case 3: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR3; break; case 4: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR4; break; case 5: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR5; break; case 6: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR6; break; case 7: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR7; break; case 8: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR8; break; case 10: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR10; break; case 11: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR11; break; case 12: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR12; break; case 13: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR13; break; case 14: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR14; break; case 15: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR15; break; case 16: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR16; break; } Vger Quote Link to comment Share on other sites More sharing options...
miguel_andreas Posted March 17, 2006 Share Posted March 17, 2006 Vger, I have now managed to obtain a new hash key from HSBC, however this module is STILL fialing, with CPIResultCode 10, which apparently means "invalid input data" This is a clean install of the hsbc module I am using. The path to the testhash.e file is fine, it appears to be creating a hash, but hsbc seem to be rejecting it. I don't know whether this is an issue with the module itself, or hsbc. Please let me know what is wrong! Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 17, 2006 Share Posted March 17, 2006 When you get to checkout_confirmation.php do a 'View Source' in your Browser and look at what you are sending to HSBC - and in particular make sure that a session id is present. Vger Quote Link to comment Share on other sites More sharing options...
miguel_andreas Posted March 17, 2006 Share Posted March 17, 2006 When you get to checkout_confirmation.php do a 'View Source' in your Browser and look at what you are sending to HSBC - and in particular make sure that a session id is present. Vger There is a session id being passed, and from what i can see, all the required data is being passed. I will double check on Monday all of the names of the fields being passed Quote Link to comment Share on other sites More sharing options...
MartinEvans Posted March 21, 2006 Share Posted March 21, 2006 Bounds checking I Have just had a problem with customer not being able to get to the HSBC payment page. The problem was that the city length was greater than 25 characters. osc allows 32 HSBC only allows 25, osc also by default allows 64 chars for address line 1, HSBC only allows 60 now(see new documentation CD). This fix works for the city and a similar fix will work on address, it doesn't require any changes to the database or truncating of customer data. It will probably result in an error code 9 but you should be handling those already. old code 'BillingCity'=>$order->billing['city'], 'ShippingCity'=>$order->delivery['city'], new code 'BillingCity'=>substr($order->billing['city'],0,25), 'ShippingCity'=>substr($order->delivery['city'],0,25), Has this been mentioned before in the forum? Do we think it should be added to the code along with bounds checking for the other fields? I will be happy to make the changes. Quote Link to comment Share on other sites More sharing options...
MartinEvans Posted March 21, 2006 Share Posted March 21, 2006 HSBC only allows 60 now(see new documentation CD). Address line 1 used to be 30 in old documentation. file to modify is includes/modules/payment/hsbc.php Back up and test before making changes... Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 21, 2006 Share Posted March 21, 2006 Has this been mentioned before in the forum? Do we think it should be added to the code along with bounds checking for the other fields? I will be happy to make the changes. Not to my knowledge. Make the changes by all means. Vger Quote Link to comment Share on other sites More sharing options...
Guest Posted March 27, 2006 Share Posted March 27, 2006 Hi I have added Euros to my GBP merchant account I've had for the last couple of years - the mod that Jose helped my developer install way back then has been working fine. The Euro's have been added to the same merchant number. I just wanted to know if I need to do anything other than ensure the correct currency code is sent to the CPI (going from the OSC country ISO codes)? HSBC have sent me a hash key but I'm not sure whether it's not a duplicate of the existing one. Apologies in advance for the lack of technical knowledge but I like to know what's what before I ask someone to help me with it! Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 27, 2006 Share Posted March 27, 2006 Euros is one of the standard languages defined in the Secure ePayments module. Vger Quote Link to comment Share on other sites More sharing options...
doni Posted March 29, 2006 Share Posted March 29, 2006 Hi Vger. Just started with the live HSBC module, and started to take a few valid transactions. I've had a couple with a Fraudshield AVS Address Errors (Error 9). Can I confirm that in : "Pending Error Codes", from the module, I need to just set enter a 9 here so the customer is not aware of the problem (i.e. and not 0, 9). Thanks Doni Quote Link to comment Share on other sites More sharing options...
♥Vger Posted March 29, 2006 Share Posted March 29, 2006 hsbc_return.php if ($CpiResultsCode=='0') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')); } if ($CpiResultsCode=='9') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',true)); } $error=MODULE_PAYMENT_HSBC_TEXT_ERROR1; switch($CpiResultsCode) { case 1: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR1; break; case 2: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR2; break; case 3: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR3; break; case 4: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR4; break; case 5: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR5; break; case 6: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR6; break; case 7: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR7; break; case 8: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR8; break; case 10: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR10; break; case 11: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR11; break; case 12: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR12; break; case 13: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR13; break; case 14: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR14; break; case 15: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR15; break; case 16: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR16; break; } Vger Quote Link to comment Share on other sites More sharing options...
doni Posted March 29, 2006 Share Posted March 29, 2006 Great - thanks. Quote Link to comment Share on other sites More sharing options...
Guest Posted March 29, 2006 Share Posted March 29, 2006 Euros is one of the standard languages defined in the Secure ePayments module. Vger Thank you Vger :) The problem I have is that my merchant account ID is the same number but ends in EUR instead of GBP. The hash key is also different. I know these can be edited in the admin section but then to be able to accept both GBP and Euros I'd need 2 x payment modules - one for GBP and one for EUR - nightmare! Is there a way round this please anyone? Many Thanks Tom Quote Link to comment Share on other sites More sharing options...
ribs Posted March 29, 2006 Share Posted March 29, 2006 Tom, The only way for you to acheive merchant account switching is by creating specific code to do this. The current HSBC module only allows for one merchant account. It would be unpractical to have two modules. The code would need to be placed in /modules/payment/hsbc.php, and would pick up the currency code and switch to the desired account. This wouldn't be difficult for someone with a good knowledge of PHP/osCommerce/HSBC. Regards Neil Westlake Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.