Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

I moved my working HSBC setup to a dedicated server, I'm using the IP address to test out the site before going live.

 

My config files use the IP but SSL of course uses the full site name, I am getting Hacking Attempt! (got all right files in CGI Bin + shared lib in /usr/lib).

 

Is this because of the SSL mismatch error that comes up when SSL kicks in? (IP and domain name)

Link to comment
Share on other sites

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Are you getting a padlock? If you're not getting a padlock then HSBC won't work.

 

However, I don't think the 'Hacking Attempt' error will be related to that.

 

When you get to Checkout Confirmation, do a View Source and scroll down to see what's being sent to HSBC, and it's my guess there's no Hash Key there at all.

 

Vger

Edited by Vger
Link to comment
Share on other sites

Ive been trying to get this Payment Gateway setup for a while, is there a definative guide to setting this HSBC Gateway up?

 

Otherwise can someone PM me regarding setting this system up for me, will pay. Please post your developer flat rate for this job.

 

Cheers.

Edited by drone
Link to comment
Share on other sites

We're not allowed to post such things on the forum. If we did, we'd get banned.

 

Vger

 

 

Ah OK, sorry I meant PM me. :)

 

 

How about a definative step by step guide to setup with the current version of the module? That would save me some bucks and make a few very confused users very happy.

Edited by drone
Link to comment
Share on other sites

Are you getting a padlock? If you're not getting a padlock then HSBC won't work.

 

However, I don't think the 'Hacking Attempt' error will be related to that.

 

When you get to Checkout Confirmation, do a View Source and scroll down to see what's being sent to HSBC, and it's my guess there's no Hash Key there at all.

 

Vger

 

Padlock does show but upon login there is a warning about domain mismatch.

 

On Checkout_confirmation.php I viewed source and saw this:

 

<input type="hidden" name="OrderHash">

 

It is missing the "value" there.

 

As I said is working on the other host but now we are moving the site to a new host. Any ideas how that issue could be resolved?

Link to comment
Share on other sites

I have noticed an increasing trend amongst hosts to not allow the HSBC files in the cgi-bin to operate - which are written in c++ and contain executable commands. Provided you have testHash.e in the cgi-bin and it has permissions of 755, and the pathway to the cgi-bin is correct (you did change it when you moved hosts?) then you should get a value for the hash.

 

Vger

Link to comment
Share on other sites

I can confirm that the path in hsbc.php is correct after changing host and that its 755. This is a dedicated server so I have full control over it. The host is 1&1, would they still have access to control testHash.e even though its a dedicated server?

 

The path in hsbc.php is:

 

/var/www/vhosts/domain.co.uk/httpdocs/cgi-bin

 

(domain censored)

 

There is also a cgi-bin outside httpdocs, I've tried this one too but no luck.

Edited by jhdesign
Link to comment
Share on other sites

Hi

 

I am installing HSBC and just have a question about ssl certificates - I am on shared server have own ip and just ordering ssl (which i have no knowledge about) my hoster is asking for host name on the application - does the ssl need to be for the whole site or just part and if so which part for this hsbc module - sorry if this sounds dumb but I aint got a clue with ssl.

Thanks in advance!

Carl

Link to comment
Share on other sites

I am trying to figure out a way for multi-currencies.

 

What I have done so far is to create copies of the hsbc modules as follow:

 

hsbc_return.php

includes/languages/english/modules/payment/hsbc.php

includes/modules/payment/hsbc.php

 

to

 

hsbc_eu_return.php

includes/languages/english/modules/payment/hsbc_eu.php

includes/modules/payment/hsbc_eu.php

hsbc_eu_return.php

includes/languages/english/modules/payment/hsbc_us.php

includes/modules/payment/hsbc_us.php

hsbc_eu_return.php

includes/languages/english/modules/payment/hsbc.php

includes/modules/payment/hsbc.php

 

I have done a manual editing of each files to replace 'hsbc' to respectively 'hsbc_eu' and 'hsbc_us'

and a fast find/replace for 'HSBC' to 'HSBC_EU' and 'HSBC_US' in each files as well.

 

Now I am trying to write a code that would hide the module if it isn't in it's currency with something like this for the file ''includes/modules/payment/hsbc.php'' line 36:

 

if ($currency_code = 'EUR') {

$this->enabled = false;

}

 

if ($currency_code = 'USD') {

$this->enabled = false;

}

 

and line 16:

 

var $code, $title, $description, $enabled, $currency;

 

 

offcourse it doesn't work but it would be great if someone could help me out here, my php skills fall too short <_< .

Link to comment
Share on other sites

Ay Caramba... Having read through all posts etc, I can't even get the HSBC Sample to work... I'm running on a Webfusion VPS & have access to everything, but...

 

My error log is telling me that TestHash can't find the .so library, but I've got it loaded in my Root /usr/lib/ & also in the Client /usr/lib/

 

Also, I've got an LD_LIBRARY_PATH entry in .bash_profile (it shows up after an 'env' check in the console) pointing to another copy in the Client lib folder but none of these work!!!

 

Any help or input Most Gratefully received...

Link to comment
Share on other sites

Hmmm... I must admit that their Support has been a bit poor... They told me I could only access restricted Client folders through an SSH console, but it works fine if you drill down through the Root GUI... I guess I'll have to wait until Monday to hassle them on the phone... :-(

 

If I get any joy, I'll certainly post it in here... :-)

Link to comment
Share on other sites

Ok, i'm at the point where i'm recieving the "The transaction failed because of invalid input data." error.

 

I know that this could be entirely down to the fact that I don't have SSL first. Infact, I know this would cause this error as I have read all 46 pages.

 

But before I spend money on an SSL I would like to see if the below seems correct:

 

I have put the below two lines around this middle line which was already in Jose's hsbc.php file:

 

---------------------------------------------

print "testH=". $cmd;

$ret=exec($cmd, $output);

print "<br>ret=".$ret;

---------------------------------------------

 

And this puts the below next to the Confirm Order button on the final page before HSBC:

 

--------------------------------------------------------------------

testH=/user/homepages/xx/x00000000/htdocs/cgi-bin/TestHash.e "xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxx" "http://www.domain.co.uk/catalog/checkout_process.php" "http://www.domain.co.uk/catalog/hsbc_return.php" "Website Online Store order" "Order 00000-000000" "500" "826" "UK00000000GBP" "1162308247000" "Auth" "cfea243966be934d4a47d7b860dc6d7f" "99 Something Road" "Somewhere" "826" "Somewhereshire" "Firstname" "Surname" "POST CODE" "[email protected]" "Something Road" "Somewhere" "826" "Somewhereshire" "Firstname" "Surname" "POST CODE" "T" 2>&1

ret=Hash value: yyyyyyyyyyyyyyyyyyyyyyyyyyy=

---------------------------------------------------------------------

 

Note that I have quite clearly changed several values above to hide data that may be sensitive.

 

The main thing to note is that they part with a lot of X's matches the Hash key specified in the osCommerce HSBC module admin configuration.

 

The part with a lot of Y's matches no key I have been given.

 

So, does anything look correct? Anything look incorrect? Am I insane to be asking this before I have even installed SSL?

 

Fire away!

Link to comment
Share on other sites

Vger,

 

Can you confirm again:

 

1) That testing from IP (with SSL for a www.domain.com) does not cause any issues?

 

2) That HSBC works with php5?

 

After the server move we are still having issues. Mainly testHash.e not being executed (no hash code in checkout_conformation.php) even though hsbc.php points to the right path.

 

Thanks.

Jacob

Link to comment
Share on other sites

1. Your checkout pages need to be https (send https headers) to HSBC.

 

2. I don't know if the HSBC module code is PHP 5 compatible. I was not happy with PHP 5 and never implemented it on our servers. It seems this was the right move as PHP is now dropping 5, moving on to 6 and 6 will drop some of the features introduced with 5.

 

Vger

Link to comment
Share on other sites

Vger,

 

Check the file spiders.txt in the includes directory, look for a line that contains java/, if this exists delete it as this will cause the problem.

 

Regards

 

Neil Westlake

 

 

woohoo :)

 

just fixed an install for me that was working fine apart from the order not being recorded in the DB

 

:D

Link to comment
Share on other sites

Hi,

 

I'm sorry if you've answered these questions before, but I'm stuck and can't seem to work ou what I should be doing next.

 

I have installed the following files in /www/cgi-bin and chmoded them to 755

CcOrderHash.e

CcResults.e

TestHash.e

 

libstdc++-libc6.2-2.so.3 was preinstalled in /usr/lib

 

I have installed libCcCpiTools.so in /usr/local/lib (as I do not have the root access required to install it in /usr/lib). As far as I know, this location should be fine.

 

I have rebooted my vs since these file

 

if I execute ./TestHash.e in the shell, I get the error, ./TestHash.e: error while loading shared libraries: libCcCpiTools.so: cannot open shared object file: No such file or directory.

 

Also, trying to process an order online produces he error, Hacking atempt! - orderHash=kbMDLDMchWOeXnfkNvnZ6Z8uFbQ= hash=error while loading shared libraries

 

Any help would be greatly appreciated.

 

Pappa

 

I'm getting the same hash=error while loading shared libraries error since three days ago but my site has been working over the last few weeks and taking orders. The hosting company assure me that nothing has changed on the server and they have also tried reinstalling the .so file to no avail. I've checked that the permissions on the cgi-bin is correct, have https, timeStamp fix has been implemented.

 

Has anyone else had this problem recently? Can anyone suggest anything else I can do?

 

 

Many thanks

Link to comment
Share on other sites

If HSBC was working and is not working now, and oyu haven't changed anything, then there are only two possibilities.

 

1. There's a problem at the hSBC end of things.

 

2. Your hosting company has changed something but the person you spoke to doesn't know it. This is the most likely possibility. Very often when you are talking to 'Customer Support' or even 'Technical Support' you are talking to some lowly paid person who are reading their answers from a crib sheet on the screen. If it's not in the crib sheet then they don't know anything.

 

Vger

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...