Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

Hello all

I am brand new to os commerce, and bank with HSBC so decided to use their epayment ...

I have zero idea where to start, if there anyone willing to either pm me with some advice / willing to assist me setting it up on my site? ( will happily pay ( not much as I am broke :()) - thanks!

Mark

Link to comment
Share on other sites

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

hello, i've managed to get the ordernumber that hsbc uses back to oscommerce, i've still gota get it to update the database, but that shouldn't be a problem, anyway, in hsbc return, after this:

 

$CpiResultsCode=$_POST['CpiResultsCode'];

 

i added this:

 

global $kevorderid;

$kevorderid=$_POST['OrderId'];

 

and changed this:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));

 

to this:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '&orderid=' . urlencode($kevorderid), 'SSL'));

 

 

 

the above passes the orderID through the URL, so now, you can pick it up in checkout_success and save it in the db :D

Link to comment
Share on other sites

Been trying to get this working for a while now, and wondered if there is anyone who could implement this for me? I will pay of course.

 

Please PM or email me with your costs and timescales.

 

Thanks,

 

 

Dean

Edited by Dean
Link to comment
Share on other sites

  • 3 weeks later...
Been trying to get this working for a while now, and wondered if there is anyone who could implement this for me? I will pay of course.

 

Please PM or email me with your costs and timescales.

 

Thanks,

Dean

 

Try Vger, she is very good.

Link to comment
Share on other sites

the above passes the orderID through the URL, so now, you can pick it up in checkout_success and save it in the db :D

 

 

That's it! I was using the random orderid code but trying to work out a way to generate it so that it would be the same either side of the hsbc bit. Didn't realise that the orderid came back in the post variables from hsbc.

 

Thanks Kev, problem solved.

Link to comment
Share on other sites

That's it! I was using the random orderid code but trying to work out a way to generate it so that it would be the same either side of the hsbc bit. Didn't realise that the orderid came back in the post variables from hsbc.

 

Thanks Kev, problem solved.

 

 

This looks good, could it be posted back to the source as an enhancement?

Link to comment
Share on other sites

This looks good, could it be posted back to the source as an enhancement?

 

V3.2 :-))

 

could this be done in one step?

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '&orderid=' . urlencode($_POST['OrderId']), 'SSL'));

Link to comment
Share on other sites

  • 2 weeks later...

Mark,

 

Welcome to the long winding road that is HSBC secure e-payments.

 

The reason you are getting hacking attempt is either because you haven't successfully generated a valid hash key or the hash key hasn't been generated at all.

 

Regards

 

Neil Westlake

Edited by ribs
Link to comment
Share on other sites

V3.2 :-))

 

could this be done in one step?

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '&orderid=' . urlencode($_POST['OrderId']), 'SSL'));

 

hehe, oh yes, maybe add it and make a new version! i think i needed the other bits also on my shop as i've got it running without safe mode/register globals...

 

Hi,

 

Ive installed the hsbc module into my store and when i try to process a transaction i get back hacking attempt

 

any ideas?

 

i think it does that when the hash codes don't match up correctly.. so have alook and find the info here in this thread that lets you display the hash numbers on that error page.. then you'll see if they don't match.. mine did this and i had to get a new hash code from hsbc as mine was corrupt when they tested it, although it looked like a real one even to them when i read it out..

Link to comment
Share on other sites

Hi All

 

I have a customer who has been using the HSBC module for a couple of years ok.

They have now moved banks and want to set up the store with barclays payment gateway.

 

Anyone made the switch and got any suggestions or caveats ?

 

Any assistance appreciated, as it took long enough to get then HSBC one working!!

 

Cheers

 

 

Paul.

Link to comment
Share on other sites

Barclays ePDQ uses the same backend software as HSBC - but that's where the similarity ends. ePDQ is a totally crap system. Get your customer to get an Internet Merchant ID from Barclays and then use Protx Direct - better than HSBC or Barclays -and the customer stays on your website.

 

Vger

Link to comment
Share on other sites

Mark,

 

Welcome to the long winding road that is HSBC secure e-payments.

 

The reason you are getting hacking attempt is either because you haven't successfully generated a valid hash key or the hash key hasn't been generated at all.

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

Mark,

 

Welcome to the long winding road that is HSBC secure e-payments.

 

The reason you are getting hacking attempt is either because you haven't successfully generated a valid hash key or the hash key hasn't been generated at all.

 

Regards

 

Neil Westlake

 

 

Hi Neil

 

I have been struggling for days with this HSBC module but I have not even got past 'hacking attempt' yet. I have been through everything on this thread and also on the United Hosting one but don't seem to actually get anywhere. I know I could get someone to do this for me (for a fee) and I'm not being tight but I want to learn how to do it myself so that if I get asked again I know how to do it.

 

I have put in the code so that when you get hacking attempt it shows you the problem and what I am getting is - order Hash= hash=line 1

 

This seems to me as if it is not getting the order hash numbers at all - can you point me in the right direction please as you seem to be one of the knowledgable ones on this HSBC thing.

 

Many thanks

Janette

Link to comment
Share on other sites

Make sure that you have put the following files into the cgi bin (permissions=755):

 

CcOrderHash.e

CcResults.e

TestHash.e

 

and make sure that with United Hosting that they have the following files loaded into the shared library files for your website:

 

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

Link to comment
Share on other sites

If you have access to the server logs then look at the apache error log and see if it tells you anything usefull.

 

If you don't ask your host to monitor the log and see what error they get when you click the button.

 

I suspect (as Vger pointed out) that there will be a .... file not found libstdc++-libc6.2-2.so.3 (or something like that). I have had a case where an earlier version of this library was installed and I had to symlink it to the above file.

 

If this means nothing to you, then you definately need to speak to your hosting provider!!!

Link to comment
Share on other sites

Make sure that you have put the following files into the cgi bin (permissions=755):

 

CcOrderHash.e

CcResults.e

TestHash.e

 

and make sure that with United Hosting that they have the following files loaded into the shared library files for your website:

 

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

 

I originally put the three .e files into /var/www/cgi-bin and in includes/modules/payments/hsbc put this as the path to it. When things wouldn't work, I wondered if this was in fact secure so decided to create a cgi-bin in the catalog folder, and put the path as https://www.*****.co.uk/catalog/cgi-bin

 

Was either of these right?

 

Contacted United Hosting Support and they put the lib files in the appropriate place (whereever that may be)

 

Am I supposed to change a path somewhere to point to these lib files?

 

Thanks

Janette

Link to comment
Share on other sites

The path for the cgi-bin should be /var/www/cgi-bin or /var/www/cgi-bin/ - in my experience both seem to work fine. But you do have to make sure that permissions on them are set to 755.

 

Make sure that you do not have 'Force Cookie Use' set to true in osC admin --> Configuration --> Sessions - because you must pass a session id to HSBC.

 

Vger

Link to comment
Share on other sites

The only one set to true in the sessions is 'prevent spider sessions'

 

I have been back and put the three .e files into the /var/www/cgi-bin again and changes the permissions (I think I was getting the write and the execute the wrong way round - the person who told me what 755 was must have got it wrong!) anyway now I get

 

OrderHash= hash=P6KwweH1OZYI6sngNLeBuEusflM=

 

which I guess must be progress 'cos it is different. This is not the hash key that the bank gave us

 

I also checked the error logs - nothing there about the lib files not being found

 

J

Link to comment
Share on other sites

Hi,

We are tying to go over to HSBC payments but when installing the mod i get his error

 

Cannot redeclare class hsbc in /public_html/includes/modules/payment/hsbc.php on line 15

 

 

Any ideas anyone.

many thanks in advanced!

 

Peter

Link to comment
Share on other sites

If you are using the 3.1 version of the contribution then try using version 3.0. Don't forget that you will have to uninstall the old one from your osC admin panale and then install 3.0 after you have loaded up the files.

 

If that doesn't work then get HSBC to issue a new hash key - they have been known to issue incorrect or corrupted hash keys.

 

Vger

The only one set to true in the sessions is 'prevent spider sessions'

 

I have been back and put the three .e files into the /var/www/cgi-bin again and changes the permissions (I think I was getting the write and the execute the wrong way round - the person who told me what 755 was must have got it wrong!) anyway now I get

 

OrderHash= hash=P6KwweH1OZYI6sngNLeBuEusflM=

 

which I guess must be progress 'cos it is different. This is not the hash key that the bank gave us

 

I also checked the error logs - nothing there about the lib files not being found

 

J

Link to comment
Share on other sites

Hi again

 

I have uninstalled the hsbc in admin and installed version 3.0

 

I am now getting

>>>>>>z417SQ7SNoAaD0sGsR5WbSO+qVs=<<<<<<Hacking attempt! - orderHash= hash=z417SQ7SNoAaD0sGsR5WbSO+qVs=

 

the two numbers are identical so does this mean that my hash key is ok?

 

Also, the client id number the bank gave us is just numerical, reading through the forums am I supposed to put UK at the beginning and GBP at the end of the number? Not that it makes a difference I have tried it all ways!

 

My error log is showing

 

[Fri Aug 04 09:21:34 2006] [error] [client 85.184.11.36] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)

[Fri Aug 04 15:46:57 2006] [error] [client 66.249.66.110] File does not exist: /home/virtual/site2/fst/var/www/html/robots.txt

 

Janette

 

 

If you are using the 3.1 version of the contribution then try using version 3.0. Don't forget that you will have to uninstall the old one from your osC admin panale and then install 3.0 after you have loaded up the files.

 

If that doesn't work then get HSBC to issue a new hash key - they have been known to issue incorrect or corrupted hash keys.

 

Vger

Link to comment
Share on other sites

The Client ID was definitly only numbers, I checked with HSBC and they said it was right but that maybe oscommerce needed the letters in and I needed to contact them 'cos they could not help me.

 

Any idea why I am still getting the hacking attempt even though the order hash numbers match?

 

Thanks for your help

 

J

Link to comment
Share on other sites

I knew I shouldn't have taken the job on to integrate HSBC e-payment into a clients oscommerce store, but stupidly I did, what a nightmare! :(

 

Anyway, I'm getting this back after firing through a payment

 

Hacking atempt! orderHash=F4FjM5CdsajwUPa9FxJ1YK2lMeQ= hash=QQQLvyJdIIJ/bt/2fTkgldmUH5o= cpi results code=10

 

Looks like the hash's aren't matching up, or something else is wrong? Can anybody suggest the next best stage of troubleshooting? If you wan't to have a look the site is https://www.chillows.co.uk - its a naked install at the moment, didn't want to install contribs and then maybe have to start again after messing with the HSBC module.

 

I'm also wondering if there is something wrong with the certificate I have set up on the site, its running on a Virual Private Server using Plesk control panel, from there I've been able to create a self cert certificate.

 

Hope somebody can help before I develop a hardcore gin drinking habit!!!!!! :blink:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...