Guest Posted February 2, 2004 Share Posted February 2, 2004 To keep everything neat & easy to find, please post anything related to the HSBC secure-epayments module here. :D Quote Link to comment Share on other sites More sharing options...
tlelliott77 Posted February 3, 2004 Share Posted February 3, 2004 First of all, thanks again for sorting this module out and posting it as a contribution. It is very much appreciated. I have a question about the installation. The file checkout_process.changes has 2 instructions. I take it the first one is a change to be made to the checkout_process.php file. The second change seems not to relate to this file since the lines it mentions are present only in includes/modules/payments/hsbc.php. Is this the file that needs changing? If so, why does it refer to $ordernum in the instruction, but $sequence is in the hsbc.php file. I'm a little confused. Hope you can help. Best Regards Tim Quote Link to comment Share on other sites More sharing options...
Thieving_Gypsy Posted February 3, 2004 Share Posted February 3, 2004 Firstly - thanks to FreeRangeMum for posting this HSBC contribution. Tim - how's it gone? Anything to report back in the last 12 hours? Quote Link to comment Share on other sites More sharing options...
Thieving_Gypsy Posted February 3, 2004 Share Posted February 3, 2004 FreeRangeMum - sorry but I have a question. In the function getHash there is a call to the TestHash.e module using a path that is hard coded - is this the path from the root? I'm running with a vitual server so I'm not sure if this root information is available to me. Can you explain please..... Andy Quote Link to comment Share on other sites More sharing options...
tlelliott77 Posted February 3, 2004 Share Posted February 3, 2004 Andy Nothing to report back. I was waiting for the mod to come out before I registered to use the HSBC CPI so won't be able to properly test it for a few days. Can you make out what's going on with the questions I asked before? Cheers Tim Quote Link to comment Share on other sites More sharing options...
Thieving_Gypsy Posted February 3, 2004 Share Posted February 3, 2004 I'm out at another clients til later this afternoon so I haven't had chance to get to grips with it yet. My client has elected to use the CPI so I will be installing it and testing it very shortly - if not later today then tomorrow. One questions I do have left relates to the the server path adn some commetns made in previous posts about HSBC making it hard for people to install the code on shared servers and also why the code contribution calls TestHash.e not the 'production' code. Quote Link to comment Share on other sites More sharing options...
Radioactive Frog Posted February 4, 2004 Share Posted February 4, 2004 we have set up the site and are also trying to link in with HSBC e-payments! but i am stuggling to see where to get started.... we have decided it is probably best to use the jave code given to us but how to link that into the oscommerce site is errrrrm....confusing me !! can anyone give any guidance with where to start and/or what this hsbc module is about !! thanks in advanced G Quote Link to comment Share on other sites More sharing options...
Thieving_Gypsy Posted February 5, 2004 Share Posted February 5, 2004 I installed the php provided in the Contribution, made the changes to the checkout_process and with a little bit of a struggle with the configuration I got the payment process to fire into the CPI URL. I've not had the transaction processed yet but I'll keep posting with updates. Quote Link to comment Share on other sites More sharing options...
lixa Posted February 5, 2004 Share Posted February 5, 2004 I've installed it but couldn't make the 2nd change to the checkout_process.php. Any ideas? Also, do I need to upload the hash generator or something? And what part is on a secure server?? Thanks, Alex Quote Link to comment Share on other sites More sharing options...
lixa Posted February 5, 2004 Share Posted February 5, 2004 I found the 2nd ammendment also in hsbc.php but rather than the quoted: $ordernum = $t1.$r1; I found: $sequence = $t1.$r1; Instead. I still has the srand ((float) microtime() * 10000000); $r1 = rand(100,999); $t1 = date("yz-his"); above it! Should I change the $sequence to $ordernum Alex Quote Link to comment Share on other sites More sharing options...
ttm Posted February 5, 2004 Share Posted February 5, 2004 Hello, all: I'm Jos? Le?n, the developer of this contribution, here are some clarifications regarding the module: -- Regarding the 2 step on checkout_process.php, this is only valid for Lynda's shop, it has some modifications that vary from the standard code, in any case, that line is to make match the order_id sent to the HSBC CPI with the order is being created when the order is processed, in the standard MS2 code, search for this line in checkout_process.php: $insert_id = tep_db_insert_id(); And add this line just below: if (!empty($_POST['OrderId'])) $insert_id=$_POST['OrderId']; So it will look this way: $insert_id = tep_db_insert_id(); if (!empty($_POST['OrderId'])) $insert_id=$_POST['OrderId']; I don't have tested it throughtly but must work ;-) -- Regarding the path where the TestHash.e is located, is hardcoded into the hsbc.php module, right here: //Path where the TestHash.e executable is located $path='/home/virtual/site131/fst/var/www/cgi-bin'; Yes, this is the path from the root, exactly as PHP sees the file system, so it can find it. If you have a virtual server you can place the executables and .so on any dir, and that dir must have execution permissions for everyone, or at least, for the apache user. The problem with the HSBC Payment module is that you need to use an .so file to generate the HASH based on the user's private key, I have used the TestHash.e ready compiled executable to allow anyone which gets the module to use it, instead to write an entire new C program to generate that HASH. For those of you who doesn't know, there is a C version and a Java version, I supose you will prefer to use the C version in most cases. So TestHash.e is the "production" code, because it just generates the hash, the only thing I need to call the CPI properly. Regarding the Java code..., well, is an option, but is faster to use the C version. -- Regarding what you will need also to make it work, is the CPI kit you get when you contract the HSBC CPI, in this kit you will get the TestHash.e and the .so, needed to generate the hash which authenticates you against the CPI -- I hope it helps! Regards -- Quote Link to comment Share on other sites More sharing options...
christh Posted February 7, 2004 Share Posted February 7, 2004 (edited) First of all, fantastic news on the new HSBC mod! I too greatly appreciate this mod being released to the public. I've just been playing about with the mod for a few hours and as you might have guessed, I'm having a few problems. I'm getting back the dreaded CpiResultsCode = 10 -- "The transaction failed because of invalid input data." -- when I attempt to submit my order to HSBC's CPI. I know my server is properly configured to talk to the CPI, as I have the TestHash working using the HSBC supplied CcResults.cgi and sample html files. To aid me (and anyone else reading!) with my debugging, I plugged the CcResults.e into the mod to see what data I'm getting back from the CPI. A sample result: StorefrontId = <mystorefrontID> (fine) OrderId = 0437-070041326 PurchaseAmount = 45496 PurchaseCurrency = 826 PurchaseDate = 1076180453955 ShopperEmail = chris@***.co.uk MerchantData = 066f856a69f55d7f2c568fac166d7127 (appears to be my session ID) CpiResultsCode = 10 :( OrderHash = viVT6vpOLVxbmhM9fJ34slFMjIM= Hash Fields: <mystorefrontID>,0437-070041326,45496,826,1076180453955,chris@***.co.uk,066f856a69f55d7f2c568fac166d71 27,10 Received OrderHash = viVT6vpOLVxbmhM9fJ34slFMjIM= Generated OrderHash = viVT6vpOLVxbmhM9fJ34slFMjIM= Hash validates = true Everything looks fine to me, but HSBC just doesn't like it! Any ideas on what might be causing the CpiResultsCode = 10 ? I also tried stripping down the information sent to the CPI to be the bare minimum required by the CPI, but still no dice. I noticed from sniffing the parameters sent to the CPI that there were some extra fields being sent to the CPI. Parameters named 'x' and 'y'. I've heard that the CPI is EXTREMELY fussy about the fields it receives in a POST. I am also using the STS simple template contrib, which doesn't seem to like the HSBC mod too :huh: -- and hsbc_return.php doesn't seem to work with safe mode enabled ($hash=$hsbc->getHash($post_2) == "") the but I can live with that for now, just want to get this mod working! Could this be the problem, that I need to disable safe mode? I can't easily test this, as I won't be able to disable it on my shared SSL server (I don't think). Help! Edited August 30, 2007 by Harald Ponce de Leon Removed e-mail address Quote Link to comment Share on other sites More sharing options...
Radioactive Frog Posted February 12, 2004 Share Posted February 12, 2004 sorry to be dum but where can i find this mod? Thanks RF Quote Link to comment Share on other sites More sharing options...
ribs Posted February 14, 2004 Share Posted February 14, 2004 Firstly I'd like to say a big thank you to Lynda for this contribution. I've been waiting so long for this contribution, and now after 3 days solid of trying to get it to work, I feel my head cannot take anymore hair pulling. Can anybody apart from Lynda say if they've had this contribution working? The situation I have at the moment is, I'm testing it on my Windows XP box (Apache Server), using the TestHash.exe program to generate my Hash Key, when I submit the order it fires the CPI URL, but then returns back to hsbc_return.php with an error code 10 (Invalid Data). I don't see any of the fields for inputting card details. I've checked the Global fields and the OrderHash and the Hash values are different, is this where the problem is? In the HSBC CPI manual it states you must have a secure connection between the store and the CPI, is this true? In the the payment module hsbc.php, there is a line: putenv("LD_LIBRARY_PATH=$path"); On my ISP's server it complains that it can't set this enviornment variable while in safe mode, how am I gonna get around this? Why oh why can't anything be straight forward. If anyone can answer any of my questions, I will be very grateful. Thanks Neil Westlake thedjbox.com Quote Link to comment Share on other sites More sharing options...
christh Posted February 14, 2004 Share Posted February 14, 2004 Neil: I can't really help, but regarding the: putenv("LD_LIBRARY_PATH=$path"); my host is on safe mode too, so I asked my host to install the HSBC .so library for me (at quite a cost) and removed the putenv line. As far as I know, you NEED a secure (https) connection between yourself and the CPI. The two things above (library installation and secure server requirement) have forced me to pay top dollar for my hosting, and I'm not particularly happy about it seeing as E-Payments won't even work anyway! If anyone's reading this considering E-Payments as a card processor, all I can say is, 'FORGET IT! GO FOR WORLDPAY! If I could go back in time 3 months that's exactly what I would have done.' Quote Link to comment Share on other sites More sharing options...
lixa Posted February 14, 2004 Share Posted February 14, 2004 Hi Guys, I got the guy that made the module to install it and set it up for me. I'm using host europe hosting which I think is top class. Its Webfusion.co.uk in the UK (and Germany I think) and I pay ?150 a year and I've not needed to pay anything extra to enable features! Jos? (HSBC e-payments module creater) installed it within a few days - I'm dead impressed. For secure parts, I managed to find a shared one which will do, as it's not seen, and I got that for ?75/year - but Jos? manged to find one already on my account?! Strange! If you need any company details, please ask me, but I won't take up space here. I agree, it's an arse, but when it works, its fab! All the best, Alex Quote Link to comment Share on other sites More sharing options...
ribs Posted February 16, 2004 Share Posted February 16, 2004 Ok, I've been working flat out trying to get to the bottom of the problems I was having with the HSBC module. I now have the module working on my XP test server, and while doing so I found out quite a few things that will upset the HSBC CPI. The first problem I had was the HASH key being returned was not the same, this was because I put in an Uppercase L instead of a Lowercase one in the CPI Hash key field. (easily done) Then the CPI kept returning invalid data (Error 10), this was because I hadn't set my a server as a secure server. The send and return paths must start with HTTPS. The final problem I was having, was when I finally got to the HSBC site, all the images were missing, and eveything I clicked returned a communication error. This was because I set the URL with a trailing slash in the admin CPI URL field, the URL should be: https://www.cpi.hsbc.com/servlet, without a trailing slash. If anybody is looking to set up a similar test site on there own PC, then I used OpenSA server, which includes the Apache server and the OpenSSL module pre-configured. If you do run this on a Windows server, then I found that you must change the path in hsbc.php module to: $path = "start /D \"C:\\Server\htdocs\catalog\hsbc\" /B"; and the $cmd line to: $cmd="$path TestHash.exe \"".MODULE_PAYMENT_HSBC_HASH."\" $cmd"; Using the above set-up you would have to put the testhash.exe program in a folder called hsbc under the catalog directory. Well, it's very late, I can now go to bed feeling a bit happier that I've acheived something. Next problem is going to be installing it on my ISP's Linux server. Neil Westlake Quote Link to comment Share on other sites More sharing options...
ribs Posted February 16, 2004 Share Posted February 16, 2004 Ok, a little update to my last post. I contacted my ISP today about getting this module working on there Linux server and all I got was no, no and no. No, we can't switch the PHP server off of safe mode. No, you can't run an executable on our servers. And no theres not really much we can do to help you get this working. Needless to say I was not a happy person, so I called up HSBC and they told me that there is no other way to get this working if your ISP won't allow you execute a program on there server. Change your ISP to one that will they said. In the end I gave up, and I've now decided to host my own website on my own server running Windows XP. One last thing I found out that might be causing you problems getting this module working is the time. I found that on my Windows box the time in the hidden field that is sent to the CPI is something like: 1.076975461E+012 when it should be a 13 digit number. So to get over this I did a quick hack to the hsbc.php module and replaced these lines: $time=($time+(0*3600)); $time=$time*1000; with: $time = $time."000"; Very crude I know, but as a quick fix it works. Neil Westlake Quote Link to comment Share on other sites More sharing options...
lixa Posted February 17, 2004 Share Posted February 17, 2004 Hi Neil, Why don't you give webfusion.co.uk a go? I've not even got a top account and I can host anything! It's got a great control panel, very good customer service and my programmer seemed to set everything up fine! You get SSH which is what you need to run the executables (??) which I know you need... Give it ago, I'm using SoHo - ?150/year. Alex P.S. I don't work for them, believe it or not! Quote Link to comment Share on other sites More sharing options...
meds Posted February 19, 2004 Share Posted February 19, 2004 for further info: the hsbc suppplied libs (.so and the TestHash.e) are for Redhat and wont run on FreeBSD systems! Currently waiting to hear from hsbc developers on this looking also to use the java version - can this contribution be used with the java cpi testhash?? Quote Link to comment Share on other sites More sharing options...
ttm Posted February 19, 2004 Share Posted February 19, 2004 Hello, I think with few modifications could run, but the time it takes to execute the java version it's infinite higher than the C one, also, most servers (afaik) doesn't run java, so... The portion of code to change is when setting the LD_LIBRARY_PATH (not needed) and executing the testhash.e, I think results dumped out are in the same format. Regards. Quote Link to comment Share on other sites More sharing options...
meds Posted February 19, 2004 Share Posted February 19, 2004 Hello, I think with few modifications could run, but the time it takes to execute the java version it's infinite higher than the C one, also, most servers (afaik) doesn't run java, so... The portion of code to change is when setting the LD_LIBRARY_PATH (not needed) and executing the testhash.e, I think results dumped out are in the same format. Regards. could you advise me on how you would do this please as i'm not a programmer? i.e could you rewrite that function so it would call the java testhash. i'm running out of options on the C ones as the wont work on FreeBSD (my isp) but I can run java so I'm prepaired to accept the higher wait time.... this is the only thing stopping me from getting cc payments working... Regards Simon. Quote Link to comment Share on other sites More sharing options...
Guest Posted February 19, 2004 Share Posted February 19, 2004 Wouldn't the Java version of the HSBC library work on FreeBSD? The getHash function in the HSBC contribution would have to be re-written to make the call, but it should work (providing there's no native code in the Java library). I'm considering using this approach with a client who server runs FreeBSD. -mike Quote Link to comment Share on other sites More sharing options...
meds Posted February 20, 2004 Share Posted February 20, 2004 Wouldn't the Java version of the HSBC library work on FreeBSD? The getHash function in the HSBC contribution would have to be re-written to make the call, but it should work (providing there's no native code in the Java library). I'm considering using this approach with a client who server runs FreeBSD. -mike I've been told that this is o.k, however I need the getHash function re-written ASAP - can anyone help me out here and paste the code. this is waiting to go on a live shop TA in advance :D Quote Link to comment Share on other sites More sharing options...
Guest Posted February 20, 2004 Share Posted February 20, 2004 I'm planning on rewriting the getHash function for use with the Java class - but not for a couple of weeks - I'm waiting for the Java class from my client. I'll post it when I get it done. -mike Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.