Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

You are not going to get this to work unless you have the right files in the right place. Some of this is down to you, some of it is down to your hosting company.

 

1. You need to place the following files in the cgi-bin and set to 755 permissions:

CcOrderHash.e

CcResults.e

TestHash.e

2. Your web hosting company must have these files in the Shared Library folder:

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

Link to comment
Share on other sites

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Hi,

 

If they don't match then that's the problem. The hacking attempt it only displayed if either the hash doesn't match or doesn't get generated (which is basically the same thing as it doesn't match).

 

It's not uncommon for HSBC to issue incorrect HASH keys, check to make sure the hash key you entered is exactly the same as the one provided by HSBC as even a one character difference will cause this problem.

 

Neil Westlake

Link to comment
Share on other sites

Hi,

 

I have got fraudshield problems. Everything appears to work fine up to the point where I am returned from HSBC to my site. Then all transactions are rejected with the message ?The transaction was rejected by Fraudshield.?

 

I have tried the 4111 test card number and various real card numbers and all the addresses have a number in the first line, but I always get the same result. Does anyone know what triggers fraudshield, I am struggling to know where to start!

 

Regards

Paul

Link to comment
Share on other sites

Hi,

 

If they don't match then that's the problem. The hacking attempt it only displayed if either the hash doesn't match or doesn't get generated (which is basically the same thing as it doesn't match).

 

It's not uncommon for HSBC to issue incorrect HASH keys, check to make sure the hash key you entered is exactly the same as the one provided by HSBC as even a one character difference will cause this problem.

 

Neil Westlake

 

Neil,

 

I've added the orderHash code and this does not match the Hash Key in my HSBC module setup, does this mean that my Hash Key is incorrect?

 

I get this: Hacking atempt! - orderHash=x/a8oTp8HwS6ERTTqX0Ps/6Qcts= hash=line 1

 

still trying to find out if host has all the shared libraries needed.

 

jacob

Link to comment
Share on other sites

Following our server being rebooted we're getting hacking attempt warnings coming up (except that I've edited the text so its less scary for customers). Since it was previously functioning I know that the hash key is ok, so what else could be causing the problem?

Link to comment
Share on other sites

Lynda,

 

We had a similar problem a while ago when one of servers rebooted the time was an hour out.

 

Check to make sure the time on the server is correct as HSBC only allow a 1 hour difference.

 

Saying that, this normally causes an invalid data error.

 

Neil Westlake

Link to comment
Share on other sites

Lynda - just Rebooted? or Restored? If Restored then the necessary shared library files may no longer be in place - if they were not a default part of the shared library files originally.

 

Rhea

Edited by Vger
Link to comment
Share on other sites

You are not going to get this to work unless you have the right files in the right place. Some of this is down to you, some of it is down to your hosting company.

 

1. You need to place the following files in the cgi-bin and set to 755 permissions:

CcOrderHash.e

CcResults.e

TestHash.e

2. Your web hosting company must have these files in the Shared Library folder:

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

 

Vger

 

My host installed:

/usr/lib/libstdc++-libc6.2-2.so.3

and libCcCpiTools.so in /public_html/cgi-bin <- is this the correct location.

 

I'm still getting hacking attempt.

 

Jacob

Link to comment
Share on other sites

You are not going to get this to work unless you have the right files in the right place. Some of this is down to you, some of it is down to your hosting company.

 

1. You need to place the following files in the cgi-bin and set to 755 permissions:

CcOrderHash.e

CcResults.e

TestHash.e

2. Your web hosting company must have these files in the Shared Library folder:

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

 

Vger, if you pick up on this, am I right to avoid HSBC's suggestions about putting a LD_LIBRARY_PATH in the init, and therefore, at least on a fedora/redhat system will simply placing the gcc files in /usr/lib suffice, or do we need to path that in the mod's php itself?

 

Then what do we do with the putenv for LD_LIRARY_PATH in the module itself? Just nuke it?

 

Gettin' kinda puzzled here.

 

Tks.

Link to comment
Share on other sites

Ted,

 

If you don't have control over the server and the PHP setup allows it then you must use the

putenv("LD_LIBRARY_PATH=$path");

statment.

 

Regards

 

Neil Westlake

 

By the way, you only need to use libCcCpiTools.so and testhash.e.

Edited by ribs
Link to comment
Share on other sites

Ted,

 

If you don't have control over the server and the PHP setup allows it then you must use the

putenv("LD_LIBRARY_PATH=$path");

statment.

 

Regards

 

Neil Westlake

 

By the way, you only need to use libCcCpiTools.so and testhash.e.

 

Thanks, Neil

 

I've settled for that. Now the sample.html file is producing an order hash, but i keep getting an error 12, (store details). So I assume there is a store ID/supplied hash problem?

 

 

Tks

Link to comment
Share on other sites

More on the above. According to HSBC the hash being received by them from the test page does not match the outgoing url. I assume they are using the url as part of the hashing process?

 

I am seriously puzzled by this statement by a person from the sub continent. Can you enlighten me at all?

Link to comment
Share on other sites

And finally a little light:

 

traps fr young players number 20067776: just because phpinfo reports every hashing engine known to man as being installed and active, doesn't meant the mcrypt library is in the server's lib directory. CHECK CHECK CHECK!!!

 

Further the subcontinental advice turned out to mean that we were not sending a hash at all, but instead sending the path to 'TestHash-e' where we should have been sending a hash.

 

This is still occuring. Any ideas???

Link to comment
Share on other sites

Ok, here 'tis. First it seems some of the dependency libraries that load with mcrypt and its kin were needed so even though mcrypt wasn't, by installing it and restarting Apache things got a little better, (the sample html page started outputting a hash). But I still couldn't get past the blasted "hacking attempt" response on the site and couldn't get a hash match. So I downloaded the hsbc contrib from downhome consulting, which does use mcrypt algos and it worked straight out of the box, just like it said on the tin.

 

It may be that the hashing routines in v3.0 and V3.1 don't work properly on servers running virtual sites (can't think why and have no time to mess around with the chicken's entrails that comprise our virtuals).

 

But if anyone can't get a result with the hsbc conrib, try this one.

Link to comment
Share on other sites

You are not going to get this to work unless you have the right files in the right place. Some of this is down to you, some of it is down to your hosting company.

 

1. You need to place the following files in the cgi-bin and set to 755 permissions:

CcOrderHash.e

CcResults.e

TestHash.e

2. Your web hosting company must have these files in the Shared Library folder:

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

 

Where exactly do I get the above files from? Do I need to request them from HSBC, or do I need to write them myself based on the examples in the CPI Integration Guide?

 

Thanks,

 

Pappa

Edited by Pappa
Link to comment
Share on other sites

I currently have the mhash, mcrypt version of the HSBC CPI payment method installed on one of my clietns sites. The client wishes to use the HSBC API - is there anyone out there that could point me in the right direction or assist in the work.

 

The site is on a dedicated server and it's fairly busy.

 

Thanks

 

ANdy

Link to comment
Share on other sites

Hi,

 

I'm sorry if you've answered these questions before, but I'm stuck and can't seem to work ou what I should be doing next.

 

I have installed the following files in /www/cgi-bin and chmoded them to 755

CcOrderHash.e

CcResults.e

TestHash.e

 

libstdc++-libc6.2-2.so.3 was preinstalled in /usr/lib

 

I have installed libCcCpiTools.so in /usr/local/lib (as I do not have the root access required to install it in /usr/lib). As far as I know, this location should be fine.

 

I have rebooted my vs since these file

 

if I execute ./TestHash.e in the shell, I get the error, ./TestHash.e: error while loading shared libraries: libCcCpiTools.so: cannot open shared object file: No such file or directory.

 

Also, trying to process an order online produces he error, Hacking atempt! - orderHash=kbMDLDMchWOeXnfkNvnZ6Z8uFbQ= hash=error while loading shared libraries

 

Any help would be greatly appreciated.

 

Pappa

Link to comment
Share on other sites

After re-reading through parts of this thread again, I copied libCcCpiTools.so to my cgi-bin (as I'll have to wait until Monday for my host to copy it to /usr/lib anyway).

 

Now, everything goes swimingly through the HSBC secure epayments site, but when the payement is finally about to be confirmed the user is returned to my site and is given the error message The transaction was rejected by FraudShield.

 

???

 

Thanks,

 

Pappa

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...