Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

Ah thanks very much Neil

 

I'll see what the guys I use for coding can do - it's going to be really handy for everyone I think to be able to use multi currency with the HSBC module the way business is now.

 

Unfortunately I wouldn't have the first idea of how to do it!

 

Thanks again

 

Tom

Link to comment
Share on other sites

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

hsbc_return.php

if ($CpiResultsCode=='0')
{
tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')); } if ($CpiResultsCode=='9') {
tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',true));
}


}

 

Vger

 

If you are using the latest version you should have this code in the bottom of hsbc_return.php, it saves you having to hard code values as above. Any new codes added via the control panel will also pass through as success automatically.

 

if (in_array($CpiResultsCode,$codes))

	{

		tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'error_message=' . urlencode($error), 'SSL', true, false));			

	}

Link to comment
Share on other sites

Ah thanks very much Neil

 

I'll see what the guys I use for coding can do - it's going to be really handy for everyone I think to be able to use multi currency with the HSBC module the way business is now.

 

Unfortunately I wouldn't have the first idea of how to do it!

 

Thanks again

 

Tom

 

Well we're 90% there for those that are interested in using multi-currency merchant ID's with HSBC :)

 

Tom

Link to comment
Share on other sites

When you're 100% there post it as a contribution to the HSBC module.

:D

 

Vger

 

 

I have just posted my changes to provide bounds checking on the post data sent to HSBC.

 

They're easy to find if you don't want to replace the whole module, look for MAX in both hsbc.php files

 

drop me a line on the forum or by direct if you need any help.

 

Martin.

Link to comment
Share on other sites

  • 2 weeks later...

Hi,

 

Juts a few quick questions;

 

1) Does the HSBC secure ePayments system work with 256bit SSL encryption?

2) I'm currently testing it on a server pre-DNS switch and I'm using a static IP to test. The SSL certificate is register for the domain - will using the static IP with this SSL certificate cause an error (invalid data input)?

 

Thanks

 

Josh

Link to comment
Share on other sites

It appears as though the answer is yes to 256-bit encryption and no to the certificate domain name causing an error. I had a problem generating the timestamp which was causing the error! :rolleyes:

 

Thanks,

 

Josh

Edited by magicman
Link to comment
Share on other sites

Good evening all.

 

I've had this module up and running for a few weeks.

 

The vast majoirty of transactions are conducted fine - there is a very small proportion of customers who have to telepohne to place their order because they say either that :

 

they get a message which says "failed because of invalid input data" on the checkout_payment.php screen

 

OR

 

they say they go "round in a loop" - this appears to mean they get shunted back after trying to checkout to the HSBC gateway.

 

Whilst this represents only a small proportion of transactions, does anyone know why this might be happening.

Link to comment
Share on other sites

they get a message which says "failed because of invalid input data" on the checkout_payment.php screen

OR

they say they go "round in a loop" - this appears to mean they get shunted back after trying to checkout to the HSBC gateway.

 

Several things could cause the problems you have described, you could read back through the forum :-( there are quite a few notes on these problems, browser issues etc.

 

HSBC will pass you back if they don't like something in the data you send them, check the data against the HSBC documentation, for instance they will reject double quotes in an address. Are you using the latest version with bounds checking?, osc allows fields larger than HSBC, this will also result in a round trip.

 

Martin

Link to comment
Share on other sites

I have the module running fine, ive have numerous successful orders, orders are being created fine however the last order that came in, the order id was 50 in the orders database, but 6601 in all the related databases order_staus_history, orders_products, this 6601 is the leading part of the order id that is posted to HSBC?

 

I have manually ammended the order ids and the order appears in admin fine.

 

What situations would make this occur.

 

The orders I took yesterday all created an order fine, today the order was created but the ids were wrong.

 

Any help appreciated.

 

Eric.

Link to comment
Share on other sites

You have an additional forward slash in your configure.php files (see below for correct):

define('HTTP_SERVER', 'http://www.whirling-world.com');
define('HTTPS_SERVER', 'https://whirling-world.com');
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'whirling-world.com');
define('HTTPS_COOKIE_DOMAIN', 'whirling-world.com');
define('HTTP_COOKIE_PATH', '/webstore/');
define('HTTPS_COOKIE_PATH', '/webstore/');
define('DIR_WS_HTTP_CATALOG', '/webstore/');
define('DIR_WS_HTTPS_CATALOG', '/webstore/');

 

I'd also leave the trailing slash off the cookie paths.

 

Vger

I certainly do, I changed the variables in the config file (see this post: http://www.oscommerce.com/forums/index.php?s=&...dpost&p=836309)

 

and it doesn't seem to want to work.

Link to comment
Share on other sites

  • 2 weeks later...

howdy,

 

Just installed the v3.0 payment ok orders ok, but if I cancel the order on the 1st HSBC screen instead of the "you cancelled your order" an order is created and you are redirected to the shopping_cart.php (now empty)???

 

If you go right through the process the order is created great no worries.

 

Any Ideas, started on this at 8:30 its now 15:18 (D'oh!!)

 

Thanks

Link to comment
Share on other sites

Eric,

 

When the script is returning it's losing the session_id. Check in hsbc_return.php near the bottom, the redirect is there, try changing it to something like:

 

$MerchantData = $_POST['MerchantData'];
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($error), 'SSL', false, false).'&osCsid='.$MerchantData);

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

im just getting the hack attempt, ive got to say the instructions are very poor and missing a lot of things mentioned within this thread such as changing the currency code to GBP, it just seems to me utterly pointless to post a contribution without full documentation and a thorough guide. Otherwise it ends up in forum threads like this one where people have to search through for hours and hours trying to find a solution to there problem.

 

4. Problems

 

-You can't access the payment gateway:

 

hmm let me see there are about several hundred posts in this thread, but yet only one possible problem in the readme.

 

of course you can't take into consideration everyone's setup and the person who made it probably spent a lot of time on it, but if they had just invested a few more hours in the documentation it would have been a whole lot better.

Link to comment
Share on other sites

Joel,

 

The hacking attempt can be caused by any number of things. Without experience with either HSBC secure ePayment or PHP you will no doubt spend many hours hacking to try and get it working.

 

Even if you do get it to work it may still not work correctly.

 

With regards to documentation, welcome to the world of open source. The nature of open source is you have to get your hands dirty, if that's not you then you should pay someone to help you out.

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

Eric,

 

When the script is returning it's losing the session_id. Check in hsbc_return.php near the bottom, the redirect is there, try changing it to something like:

 

$MerchantData = $_POST['MerchantData'];
tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($error), 'SSL', false, false).'&osCsid='.$MerchantData);

 

Regards

 

Neil Westlake

 

Thanks Neil,

 

I have this code in the new module should I ammend both redirects, also my old code redirected to FILENAME_CHECKOUT_PROCESS? is this ok, seems to work with code 0 orders....

 

 

$codes=split(",",MODULE_PAYMENT_HSBC_PENDING_CODES);

 

 

if (in_array($CpiResultsCode,$codes))

{

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'error_message=' . urlencode($error), 'SSL', true, false));

}

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($error), 'SSL', true, false));

Link to comment
Share on other sites

Eric,

 

I would only change the last redirect as it would seem the first works fine (Ie. you see Order Success on return from HSBC).

 

The call to checkout_process.php (FILENAME_CHECKOUT_PROCESS) should only be in the class file hsbc.php not in hsbc_return.php.

 

Regards

 

Neil Westlake

Edited by ribs
Link to comment
Share on other sites

Eric,

 

I would only change the last redirect as it would seem the first works fine (Ie. you see Order Success on return from HSBC).

 

The call to checkout_process.php (FILENAME_CHECKOUT_PROCESS) should only be in the class file hsbc.php not in hsbc_return.php.

 

Regards

 

Neil Westlake

 

Hi Neil, done that.

 

Wierd now the proceeding through with a normal transaction, goes back to the empty shopping cart screen. The session id is displayed in the url. The orders are added but the return screen is not checkout_success?

 

And same result when I cancel the transaction on the hsbc screen.

Link to comment
Share on other sites

Eric,

 

You sure the session_id in the URL is the same, check to make sure it's same session_id that shows before you checkout to HSBC. Sounds like it's still losing it on the return and maybe regenerating a different one.

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

Eric,

 

You sure the session_id in the URL is the same, check to make sure it's same session_id that shows before you checkout to HSBC. Sounds like it's still losing it on the return and maybe regenerating a different one.

 

Regards

 

Neil Westlake

 

Yes the session ids are the same:

 

id out = 38f2e89e805b9a2d57e5b96989dabd5e

 

id in=38f2e89e805b9a2d57e5b96989dabd5e

 

Just tested it.

 

Regards Martin

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...