Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

You need to update the version of osCommerce you are using, and fix this problem especially:

 

Order Status Filtering

http://www.oscommerce.com/community/bugs,1543

------------------------------------------------------------------------------

 

Problem:

 

After changing the order status filtering on the Administration Tool -> Customers -> Orders page, selecting "All Orders" would show an empty listing of orders.

 

Solution:

 

Line 357 in catalog/admin/orders.php must be changed from:

 

} elseif (isset($HTTP_GET_VARS['status'])) {

 

to:

 

} elseif (isset($HTTP_GET_VARS['status']) && is_numeric($HTTP_GET_VARS['status']) && ($HTTP_GET_VARS['status'] > 0)) {

 

Vger

Link to comment
Share on other sites

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

  • 2 weeks later...
Ok now I'm puzzled, made those changes and payment with a real card, but still not getting the order showing up in admin OR the database. Strange...

 

Thanks anyway

J

I'm still struggling along with this module. I have it taking orders and posting correctly to HSBC and returning to the successful order page. However no orders are being posted back into oscommerce admin or the database. Can anyone suggest anything I'm really desparate now.¿?

 

J

Link to comment
Share on other sites

I have been trying to install hsbc for a while with no luck from my host provider to add the hsbc files to the shared server, therefore can anyone recomend to me an hosting package or even a dedicated/virtual server that is good value and also works with php4.

 

thanks

carl

Link to comment
Share on other sites

I have been trying to install hsbc for a while with no luck from my host provider to add the hsbc files to the shared server, therefore can anyone recomend to me an hosting package or even a dedicated/virtual server that is good value and also works with php4.

 

thanks

carl

 

If you have a cgi-bin and your host runs linux this may work for you, it did for a 'me2uweb' hosted site.

 

Check you are running on a linux server, Admin -> Tools -> Server Info, system info should have a version like 2.6.xx

 

Copy the TestHash.cgi, libCcCpiTools.so into the cgi-bin, obtain a copy of libstdc++-libc6.2-2.so.3 and put that in, I had it on another server, can email it if you contact me direct.

 

Set the files to be executable, 755 should do it.

 

Make the hsbc.php look like this

 

  
	//Path where the TestHash.e executable is located
	$path='/home/this_will_be_your_path/cgi-bin';	

	putenv("LD_LIBRARY_PATH=$path");

	//Executes the TestHash to get the hash
	$cmd="$path/TestHash.cgi \"".MODULE_PAYMENT_HSBC_HASH."\" $cmd";

 

For dedicated servers memset are excellent, me2uweb are ok.

Link to comment
Share on other sites

If you have a cgi-bin and your host runs linux this may work for you, it did for a 'me2uweb' hosted site.

 

Check you are running on a linux server, Admin -> Tools -> Server Info, system info should have a version like 2.6.xx

 

Copy the TestHash.cgi, libCcCpiTools.so into the cgi-bin, obtain a copy of libstdc++-libc6.2-2.so.3 and put that in, I had it on another server, can email it if you contact me direct.

 

Set the files to be executable, 755 should do it.

 

Make the hsbc.php look like this

 

  
	//Path where the TestHash.e executable is located
	$path='/home/this_will_be_your_path/cgi-bin';	

	putenv("LD_LIBRARY_PATH=$path");

	//Executes the TestHash to get the hash
	$cmd="$path/TestHash.cgi \"".MODULE_PAYMENT_HSBC_HASH."\" $cmd";

 

For dedicated servers memset are excellent, me2uweb are ok.

 

Thanks Martin - I have placed in the above, i now dont get the hacking attempt. On confirming the order i go through to a page titled CPI Thankyou it then comes up with " security alert - redirection to a page that is not secure notice" with https://......./hsbc_return.php page opening - so maybe my configure file is not set up correct...

If i then click continue it takes me back to my site???

 

any ideas?

Edited by angelbud
Link to comment
Share on other sites

Thanks Martin - I have placed in the above, i now dont get the hacking attempt. On confirming the order i go through to a page titled CPI Thankyou it then comes up with " security alert - redirection to a page that is not secure notice" with https://......./hsbc_return.php page opening - so maybe my configure file is not set up correct...

If i then click continue it takes me back to my site???

 

any ideas?

 

Does the order show in HSBC? if yes I reckon your TestHash.cgi is fine and you're probably right about the config. I'm sure Vger has posted example config setting on the forum, try searching for https on this forum.

 

A good way to see the hash and data going up to HSBC is to view source on the confirm order screen, there's a really long line with all the form data that goes off to HSBC. I think you'll see the return address in there.

 

Also if the TestHash.cgi is working it proves that dropping the shared lib in the cgi-bin does work ok :-))

 

Martin

Link to comment
Share on other sites

I'm still struggling along with this module. I have it taking orders and posting correctly to HSBC and returning to the successful order page. However no orders are being posted back into oscommerce admin or the database. Can anyone suggest anything I'm really desparate now.¿?

 

J

 

 

this happened to me until i removed "java" from my spiders.txt file :)

Link to comment
Share on other sites

this happened to me until i removed "java" from my spiders.txt file :)

 

I dont think there is any java in my includes/spiders.txt file all i see is the following;

$Id: spiders.txt 6137 2005-05-10 12:59:09Z jim $

almaden.ibm.com

appie 1.1

architext

ask jeeves

asterias2.0

augurfind

baiduspider

bannana_bot

bdcindexer

crawler

crawler@fast

docomo

fast-webcrawler

fluffy the spider

frooglebot

geobot

googlebot

gulliver

henrythemiragorobot

ia_archiver

infoseek

kit_fireball

lachesis

lycos_spider

mantraagent

mercator

moget/1.0

muscatferret

nationaldirectory-webspider

naverrobot

ncsa beta

netresearchserver

ng/1.0

osis-project

polybot

pompos

scooter

seventwentyfour

sidewinder

sleek spider

slurp/si

[email protected]

steeler/1.3

szukacz

t-h-u-n-d-e-r-s-t-o-n-e

teoma

turnitinbot

ultraseek

vagabondo

voilabot

w3c_validator

zao/0

zyborg/1.0

 

is there anything I should be removing here??

Link to comment
Share on other sites

Thanks Martin - I have placed in the above, i now dont get the hacking attempt. On confirming the order i go through to a page titled CPI Thankyou it then comes up with " security alert - redirection to a page that is not secure notice" with https://......./hsbc_return.php page opening - so maybe my configure file is not set up correct...

 

I noticed that when I am returned to my site from HSBC the following appears in the browsers adddress bar:

https://web24.secure-secure.co.uk/buzzstuff.co.uk/checkout_success.php?osCsid=38ed3d65c3c41fc0f6f771bb9a0538db

 

Should it be returning to hsbc_return.php instead. Could this explain why orders are not being posted in the database or admin area?? and if so where do I change this???

 

J

Link to comment
Share on other sites

I noticed that when I am returned to my site from HSBC the following appears in the browsers adddress bar:

https://web24.secure-secure.co.uk/buzzstuff.co.uk/checkout_success.php?osCsid=38ed3d65c3c41fc0f6f771bb9a0538db

 

Should it be returning to hsbc_return.php instead. Could this explain why orders are not being posted in the database or admin area?? and if so where do I change this???

 

J

 

There may be another reason why orders aren't showing up, the checkout_success.php is called by hsbc_return.php so that might be ok. Check the return url by looking at the page source on the confirm order page, if you have your configuration correct you will see the right return url. If your have the right return url then you may find there's a problem with the hsbc_return.php.

 

You should see something like this in the source along with all the other data that gets sent to hsbc, this is built from the contents of the config file.

 

name="CpiDirectResultUrl" value="https://web24.secure-secure.co.uk/buzzstuff.co.uk/checkout_process.php">

 

My hsbc_return.php looks like this, search through the forum for discussions on the orders not showing in the admin panel, you could also try this hsbc_return.php and see if it works for you.

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 HSBC Payment Module Copyright (c) 2003,2004 qadram software
 http://www.qadram.com

 Module developed for FreeRangeKids
 http://www.freerangekids.co.uk  

 Released under the GNU General Public License
*/

 include('includes/application_top.php');

 // load selected payment module
 require(DIR_WS_CLASSES . 'payment.php');
 $payment_modules = new payment($payment);


	reset($_POST);
	$post_2=array();

	while(list($k,$v)=each($_POST))
	{
		if ($k!='OrderHash')
		{
			$post_2[$k]=$v;
		}
	}

	$order_hash=$_POST['OrderHash'];
	$hsbc=$GLOBALS['hsbc'];
	$hash=$hsbc->getHash($post_2);


	if ($order_hash!=$hash) die ("Hacking attempt!");

	$CpiResultsCode=$_POST['CpiResultsCode'];

	if ($CpiResultsCode=='0') 
	{
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',false).'?osCsid='.$GLOBALS["MerchantData"]);
	}


	$error=MODULE_PAYMENT_HSBC_TEXT_ERROR1;

	switch($CpiResultsCode)
	{
		case 1: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR1; break;
		case 2: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR2; break;
		case 3: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR3; break;
		case 4: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR4; break;
		case 5: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR5; break;
		case 6: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR6; break;
		case 7: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR7; break;
		case 8: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR8; break;
		case 9: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR9; break;
		case 10: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR10; break;
		case 11: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR11; break;
		case 12: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR12; break;
		case 13: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR13; break;
		case 14: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR14; break;
		case 15: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR15; break;
		case 16: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR16; break;									

	}

	$codes=split(",",MODULE_PAYMENT_HSBC_PENDING_CODES);


	if (in_array($CpiResultsCode,$codes))
	{
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',false).'?osCsid='.$GLOBALS["MerchantData"]);
	}		

	tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($error), 'SSL', true, false));

?>

Link to comment
Share on other sites

There may be another reason why orders aren't showing up, the checkout_success.php is called by hsbc_return.php so that might be ok. Check the return url by looking at the page source on the confirm order page, if you have your configuration correct you will see the right return url. If your have the right return url then you may find there's a problem with the hsbc_return.php.

 

You should see something like this in the source along with all the other data that gets sent to hsbc, this is built from the contents of the config file.

 

name="CpiDirectResultUrl" value="https://web24.secure-secure.co.uk/buzzstuff.co.uk/checkout_process.php">

 

Thanks Martin, my "CpiDirectResultUrl" looks eactly like the one above, so I guess its not the confirm order page thats the problem. I tried your hsbc_return code but got the following after I had gone through the hsbc process and upon returning to my site;

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/buzzstuff.co.uk/public_html/hsbc_return.php:2) in /home/sites/buzzstuff.co.uk/public_html/includes/functions/sessions.php on line 97

Warning: Cannot modify header information - headers already sent by (output started at /home/sites/buzzstuff.co.uk/public_html/hsbc_return.php:2) in /home/sites/buzzstuff.co.uk/public_html/includes/functions/general.php on line 34

 

did this happen to you. Any suggestions would be very much appreciated....

 

J

Link to comment
Share on other sites

Thanks Martin, my "CpiDirectResultUrl" looks eactly like the one above, so I guess its not the confirm order page thats the problem. I tried your hsbc_return code but got the following after I had gone through the hsbc process and upon returning to my site;

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/buzzstuff.co.uk/public_html/hsbc_return.php:2) in /home/sites/buzzstuff.co.uk/public_html/includes/functions/sessions.php on line 97

Warning: Cannot modify header information - headers already sent by (output started at /home/sites/buzzstuff.co.uk/public_html/hsbc_return.php:2) in /home/sites/buzzstuff.co.uk/public_html/includes/functions/general.php on line 34

 

did this happen to you. Any suggestions would be very much appreciated....

 

J

 

I've seen this when the file hasn't copied over correctly, try different ftp modes binary/asci

Link to comment
Share on other sites

Top of this page --> Network --> Knowledge Base --> Common Problems --> Headers already sent

 

Vger

 

Vger to the rescue again, thanks I remembered that one as I started to read the solution

 

A common cause to the problem is spaces ("whitespace") existing before the first <?php tag and/or after the last ?> tag with the files involved. By removing all spaces so that <?php is at the very start of the file and that ?> is at the very end of the file, no content would have been sent to the client and headers can be set safely.

 

Open the file in a text editor -> place your mouse cursor after the very last ?> tag at the very end of the file and press the 'delete' key on your computer keyboard. Make sure that whitespace does not exist before the opening <?php tag at the very beginning of the file - delete whitespace if present. Save and upload the file to your installation.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...