ribs Posted May 3, 2006 Share Posted May 3, 2006 Martin, Another thing to check is in the oscommerce admin section, under configuration | sessions. Make sure you have the following: Force Cookie Use: False Check SSL Session ID: False Check User Agent: False Check IP Address: False Prevent Spider Sessions: True Recreate Session: True Let me know how you get on. Regards Neil Westlake Quote Link to comment Share on other sites More sharing options...
♥Vger Posted May 3, 2006 Share Posted May 3, 2006 Check in includes/configure.php that your http and https cookie domains are correct. Neither of them should contain http:// or https:// - the cookie_domain is a domain and not a url. Vger Quote Link to comment Share on other sites More sharing options...
Guest Posted May 4, 2006 Share Posted May 4, 2006 Martin, Another thing to check is in the oscommerce admin section, under configuration | sessions. Make sure you have the following: Force Cookie Use: False Check SSL Session ID: False Check User Agent: False Check IP Address: False Prevent Spider Sessions: True Recreate Session: True Let me know how you get on. Regards Neil Westlake Thanks for the responses. Force Cookie Use: False Check SSL Session ID: False Check User Agent: False Check IP Address: False Prevent Spider Sessions: True Recreate Session: True changed to this setting double checked the cookie paths all ok. Still the same result. Quote Link to comment Share on other sites More sharing options...
♥Vger Posted May 4, 2006 Share Posted May 4, 2006 I wouldn't set Recreate Session to true. Vger Quote Link to comment Share on other sites More sharing options...
kev@num Posted May 4, 2006 Share Posted May 4, 2006 hello, I've been using oscommerce on a secure (https) server for sometime now, installed many contributions etc, and previously been running with the securetrading payment method which has been working fine.. I'm trying to install this HSBC module (Version 3.1) but im' having a little trouble, so wondering if any of you guys might beable to help.. (or even point me towards a better/different version to try... anyway.. Here's what i've done so far: i've checked in my admin>configuration>sessions and i have the following settings: Force Cookie Use: False Check SSL Session ID: False Check User Agent: False Check IP Address: False Prevent Spider Sessions: True Recreate Session: True -------------------------------------------------------------------------------- I've uploaded to includes>modules>payment>hsbc.php and changed the following inside: -------------------------------------------------------------------------------- changed the path to my linux files which i uploaded from the HSBC CD: //Path where the TestHash.e executable is located$path='/home/****/cgi-bin'; I've changed //Returns the hash$hash=trim($ret[1]); return($hash); to include this between the last two lines: print ">>>>>>$hash<<<<<<"; #<put this line in> (in the checkout process it shows my sucessfully generated codes) I've changed the currency to $currency_code = 'GBP'; I've left the time settings on "0" as im' on GMT.. -------------------------------------------------------------------------------- in checkout_process.php i've added this before the include for application_top.php if (!empty($_POST['MerchantData'])) $_GET['osCsid']=$_POST['MerchantData']; ---------------------------------------------------------------------------------- I've also added this to hsbc_return.php if ($order_hash!=$hash) die ("Hacking atempt! - orderHash=".$order_hash." hash=".$hash);# which showed that my store is generating the codes: Hacking atempt! - orderHash=E6PpsswlAXRzvrmNysC9jurcWGg= hash=eALQYg4eprqDC+9EkNBjH9lNNKs= and this: tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL')); to this: tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', true)); -------------------------------------------------------------- i think that's all i've done.. i've entered my client ID which ends in GBP, and my hash key.. and each time i try and make an order, after the last page of the oscommerce checkout process it quickly says "CPI Thankyou" and then instantly takes me to hsbc_return.php and says "hacking attempt" and show my order hash and has (which are both generated) :( has anyone got any ideas about what i might be able to check? i can't even get to the hsbc page to enter any card details :( Thanks in advance, Kev :) Quote Link to comment Share on other sites More sharing options...
kev@num Posted May 4, 2006 Share Posted May 4, 2006 I wouldn't set Recreate Session to true. Vger oh, and i've now change this back to false aswell ;) Quote Link to comment Share on other sites More sharing options...
kev@num Posted May 4, 2006 Share Posted May 4, 2006 i've not tried changing in hsbc.php the time bit to this: //Change the 0 if your server is located at a different GMT time // $time=($time+(0*3600)); // $time=$time*1000; $time = $time."000"; and i'm still getting straight back to the hacking attempt page :( Quote Link to comment Share on other sites More sharing options...
kev@num Posted May 4, 2006 Share Posted May 4, 2006 ^^oops.. in the previous post i meant that i HAVE changed the above code to what i've pasted.. i've also done this and still get bounced straight to the hacking attempt page: 'CpiDirectResultUrl'=>tep_href_link('checkout_process.php', '', 'SSL', true), 'CpiReturnUrl'=>tep_href_link('hsbc_return.php', '', 'SSL', true), Quote Link to comment Share on other sites More sharing options...
Guest Posted May 4, 2006 Share Posted May 4, 2006 i've not tried changing in hsbc.php the time bit to this: //Change the 0 if your server is located at a different GMT time // $time=($time+(0*3600)); // $time=$time*1000; $time = $time."000"; and i'm still getting straight back to the hacking attempt page :( You are getting a hash generation which is promising, but your hash values should match and they dont as you can see ! That is why you get your hacking attempt. I would check your hash key is correctly typed. Cheers Eric. Quote Link to comment Share on other sites More sharing options...
♥Vger Posted May 4, 2006 Share Posted May 4, 2006 Make sure that the path to the Library Tools is correct and that you have the correct version of the needed library file at that location. Vger Quote Link to comment Share on other sites More sharing options...
kev@num Posted May 4, 2006 Share Posted May 4, 2006 You are getting a hash generation which is promising, but your hash values should match and they dont as you can see ! That is why you get your hacking attempt. I would check your hash key is correctly typed. Cheers Eric. hello Eric, thanks for your speedy reply!! do you mean that these two bits don't match up? orderHash=E6PpsswlAXRzvrmNysC9jurcWGg= hash=eALQYg4eprqDC+9EkNBjH9lNNKs= if so, i can keep checking myself until they do!! Thanks again :) ---------------------------------------------------------- and hello Vger!! thanks too for replying so quick, i'm already starting to pull out what's left of my hair!!! ;) sorry to be dumb, but is is the the $path='/home/****/cgi-bin'; bit which you think i should look at, or something different? Thanks again, your help is soooooo much appreciated!!! Kev :) Quote Link to comment Share on other sites More sharing options...
Guest Posted May 4, 2006 Share Posted May 4, 2006 hello Eric, thanks for your speedy reply!! do you mean that these two bits don't match up? if so, i can keep checking myself until they do!! Thanks again :) ---------------------------------------------------------- Yes the long scrambled texts should match , else the script "dies". I bow to Vger's better knowledge on this subject, however I had trouble generating the hash key on my server, it turned out to be the required library (well the version of it) was not installed on the server. So I would say that the fact that you are getting a hash key would suggest your path to your library is correct. Cheers Eric. Quote Link to comment Share on other sites More sharing options...
Guest Posted May 4, 2006 Share Posted May 4, 2006 Check in includes/configure.php that your http and https cookie domains are correct. Neither of them should contain http:// or https:// - the cookie_domain is a domain and not a url. Vger Would it require the "www." to be removed also? Thanks Eric. Quote Link to comment Share on other sites More sharing options...
♥Vger Posted May 4, 2006 Share Posted May 4, 2006 (edited) Full ssl certs are made out either to www.yourdomain.com or just yourdomain.com - depending on your server setup. For https_cookie_domain on a full ssl you should use the domain your full ssl cert is made out to, but if it's a shared ssl then it should not contain www. at all This is the Library path I'm referring to: //Path where the TestHash.e executable is located $path='/var/www/cgi-bin/'; putenv("LD_LIBRARY_PATH=$path"); If you look through this thread you'll find the name of the library file that must be installed at that location (sorry, can't remember it offhand). Vger Edited May 4, 2006 by Vger Quote Link to comment Share on other sites More sharing options...
Guest Posted May 5, 2006 Share Posted May 5, 2006 Full ssl certs are made out either to www.yourdomain.com or just yourdomain.com - depending on your server setup. For https_cookie_domain on a full ssl you should use the domain your full ssl cert is made out to, but if it's a shared ssl then it should not contain www. at all Vger Hi thanks for the suggestions, Ive tried both ways, any further ideas? I am getting an order entered wether the customer completes the hsbc cpi or cancels it both return to the "your shopping cart is empty" screen. It has been working previously i have no idea whats changed. The only thing I can think of is I installed Purchase without account contribution, which i removed and rolled back to my previous install, as it was returning customer cancelled at the end of the cpi process.(so money was taken but no order - not the best) Ive done a compare to a clean version on OSc nothing looks out of place, all ammends have been done as per instructions. What do the true false values represent in the redirects??, people seem to have them all ways round.!! :huh: I have my sessions stored set to mysql. Is that right? Could someone post or pm working hsbc_return.php,hsbc.php files perhaps I could do a compare. Stuck completely.. cheers Eric. Quote Link to comment Share on other sites More sharing options...
joeldavuk1 Posted May 5, 2006 Share Posted May 5, 2006 (edited) would anyone be willing to help me install this contribution i just need some guidance as to what i am doing wrong i can give my site ftp details etc. Edited May 5, 2006 by 241 Quote Link to comment Share on other sites More sharing options...
NubKnacker Posted May 7, 2006 Share Posted May 7, 2006 The information that is used to calculate the orderhash, does it need to be in a particular order? Quote Link to comment Share on other sites More sharing options...
hboyce Posted May 8, 2006 Share Posted May 8, 2006 Hi Like many before me, judging by the pages I have read on this thread I am struggling with implementing the hsbc interface. With the forums help I have cracked some of the problems eg. I have sorted out the hashes and got to the hsbc pages. What I find often happens on return is that the session information seems to be lost and I end up on the shopping page telling me that the cart is empty - although the items I ordered are in fact in it still. The url for this page has the value $sequence from hsbc.php as the osCsid value (which is passed to hsbc as OrderID). Alternatively I end up on the order success page but there is no order in the database. I have set the sessions configurations as per the suggestion in recent postings. I have set the redirect at the bottom of hsbc_return.php to $MerchantData = $_POST['MerchantData']; tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($error), 'SSL', false, false).'&osCsid='.$MerchantData); I have also altered the return urls to include the session id as previously suggested eg. 'CpiDirectResultUrl'=>tep_href_link('checkout_process.php', '', 'SSL', true), 'CpiReturnUrl'=>tep_href_link('hsbc_return.php', '', 'SSL', true), I'm definitely at the tearing hair out stage and any suggestions would be welcome. Quote Link to comment Share on other sites More sharing options...
MartinEvans Posted May 8, 2006 Share Posted May 8, 2006 Hi Like many before me, judging by the pages I have read on this thread I am struggling with implementing the hsbc interface. With the forums help I have cracked some of the problems eg. I have sorted out the hashes and got to the hsbc pages. What I find often happens on return is that the session information seems to be lost and I end up on the shopping page telling me that the cart is empty - although the items I ordered are in fact in it still. The url for this page has the value $sequence from hsbc.php as the osCsid value (which is passed to hsbc as OrderID). Alternatively I end up on the order success page but there is no order in the database. I have set the sessions configurations as per the suggestion in recent postings. I have set the redirect at the bottom of hsbc_return.php to $MerchantData = $_POST['MerchantData']; tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($error), 'SSL', false, false).'&osCsid='.$MerchantData); I have also altered the return urls to include the session id as previously suggested eg. 'CpiDirectResultUrl'=>tep_href_link('checkout_process.php', '', 'SSL', true), 'CpiReturnUrl'=>tep_href_link('hsbc_return.php', '', 'SSL', true), I'm definitely at the tearing hair out stage and any suggestions would be welcome. Here's what I have in mine if ($CpiResultsCode=='0') { tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',false).'?osCsid='.$GLOBALS["MerchantData"]); } and then the same for the redirect later on based on allowed errors, if (in_array($CpiResultsCode,$codes)) { tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',false).'?osCsid='.$GLOBALS["MerchantData"]); } Email me if you want the complete file, martin(at sign :-) )aeonit.co.uk Martin Quote Link to comment Share on other sites More sharing options...
joeldavuk1 Posted May 9, 2006 Share Posted May 9, 2006 i put some code in the hsbc return to see why i was getting the hack attempt and i got this: Hacking atempt!! - orderHash=LpmOlP/t0KTXGjQd3PAsq/FHIYg= hash=/kunden/homepages/16/d30073812/htdocs/temp/waterworks/hsbc/TestHash.e any ideas? Quote Link to comment Share on other sites More sharing options...
♥Vger Posted May 9, 2006 Share Posted May 9, 2006 That hash key is only 27 characters in length. HSBC don't have hash keys in odd numbers. Vger Quote Link to comment Share on other sites More sharing options...
joeldavuk1 Posted May 9, 2006 Share Posted May 9, 2006 (edited) this is the hash key i put in f9+hMG9vYvZoAgj6jU6ABLwgW74De0Tw the 3rd character from the right is a zero , i also read that they don't use zeros, is this the problem? Edited May 9, 2006 by joeldavuk1 Quote Link to comment Share on other sites More sharing options...
♥Vger Posted May 9, 2006 Share Posted May 9, 2006 HSBC do not use zeros at all. Vger Quote Link to comment Share on other sites More sharing options...
joeldavuk1 Posted May 10, 2006 Share Posted May 10, 2006 i have spoke to them and they say it's not a problem also in there sample alphabet with the hash key on, it has A-Z and 0-9 the zero has a dot inside it to differentiate between O and 0. Quote Link to comment Share on other sites More sharing options...
kev@num Posted May 10, 2006 Share Posted May 10, 2006 (edited) This is the Library path I'm referring to:If you look through this thread you'll find the name of the library file that must be installed at that location (sorry, can't remember it offhand). Vger hello, Thanks again for your help.. I've found a version of the libCcCpiTools.so file that was already on our server.. here's the info from it: ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: DYN (Shared object file) Machine: Intel 80386 Version: 0x1 Entry point address: 0x5090 Start of program headers: 52 (bytes into file) Start of section headers: 65208 (bytes into file) Flags: 0x0 Size of this header: 52 (bytes) Size of program headers: 32 (bytes) Number of program headers: 3 Size of section headers: 40 (bytes) Number of section headers: 26 Section header string table index: 23 Dynamic section at offset 0xf1b8 contains 21 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] .......etc... etc... do you know if this might be an older version like you said, here's the same info from the CD i received recently from HSBC: ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: DYN (Shared object file) Machine: Intel 80386 Version: 0x1 Entry point address: 0x5090 Start of program headers: 52 (bytes into file) Start of section headers: 65208 (bytes into file) Flags: 0x0 Size of this header: 52 (bytes) Size of program headers: 32 (bytes) Number of program headers: 3 Size of section headers: 40 (bytes) Number of section headers: 26 Section header string table index: 23 Dynamic section at offset 0xf1b8 contains 21 entries: Tag Type Name/Value 0x00000001 (NEEDED) Shared library: [libc.so.6] and here's the problem i was getting: Hacking atempt! - orderHash=E6PpsswlAXRzvrmNysC9jurcWGg= hash=eALQYg4eprqDC+9EkNBjH9lNNKs= so i'm not getting to the hsbc pages so far, and the Hash's dont' match for some reason :( Thanks again:) any suggestions much appreciated!!!!!! kev. (it looks like both of the versions are version to me, but i'm only guessing :( ) Edited May 10, 2006 by kev@num Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.