Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

Sorry typo :)

 

It seems that when returning from HSBC's site OsC cannot see the OscId therefore i would assume can link to complete sale properly and then empty basket.

 

andy


Literally, Laterally Thinking! If you cannot get through it, go round it.

Share this post


Link to post
Share on other sites

Typo Still LOL ;)

 

It seems that when returning from HSBC's site OsC cannot see the OscId therefore i would assume cannot link to complete the sale properly and then empty the basket.

 

Migrane's are a pain :(


Literally, Laterally Thinking! If you cannot get through it, go round it.

Share this post


Link to post
Share on other sites

Hi Andy,

 

Thanks very much for the help - I wish I could say I was cooking now but unfortunately it still does not work!

 

In the troubleshooting quest, I have added

echo $osCsid;

to the header of my site template so I can see that the session is generated and passed back and forth OK.

 

With the new code in, the session displayed on return is the same as the one displayed before the link to HSBC so at least I know that this is working.

 

Navigating away from the store and then returning (without closing the browser) returns the same session ID so this is being stored and maintained.

 

However, for some reason the shop does not seem to be recognising the session on return from the HSBC site and the customer is always returned as a guest.

 

If it helps, the development site is in action at www.fivefortykitesports.co.uk, with the payment module in test mode.

Share this post


Link to post
Share on other sites

Hi Darkside

 

Sorry for delay in replying, been busy at work.

 

I also made an alteration at the end of checkout_process.php :-

// unregister session variables used during checkout
 tep_session_unregister('sendto');
 tep_session_unregister('billto');
 tep_session_unregister('shipping');
 tep_session_unregister('payment');
 tep_session_unregister('comments');
if(tep_session_is_registered('credit_covers')) tep_session_unregister('credit_covers');
 $order_total_modules->clear_posts();//ICW ADDED FOR CREDIT CLASS SYSTEM

 tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'order_id='. $insert_id, 'SSL'));

 require(DIR_WS_INCLUDES . 'application_bottom.php');
?>

 

I added the

 

 'order_id='. $insert_id,

in the tep_redirect statement

 

check against your checkout_process.php

 

failing that PM me and i'll send direct my hsbc files and alterations for you to compare against yours, with something like CSDIFF program.

 

Andy


Literally, Laterally Thinking! If you cannot get through it, go round it.

Share this post


Link to post
Share on other sites

Many thanks to Jos? for the new module. I had been floundering for days with the original module, reading and re-reading this thread and other forums to try and get it to work - and was tearing my hair out by the roots!!! I downloaded the new module, followed the 'How To' file, uploaded, and BINGO! I was through to HSBC. I can't tell you how good it felt seeing that screen. The order processed with HSBC alright, but no e-mails were fired off in confirmation, the shopping basket still showed the item in it, and no order was showing in the customer account or in osCommerce Admin. Not quite there at that point in time.

 

For some time now I have been doing battle with the 'Force Cookie Use' feature in osCommerce, and because this site is IP based and has a full SSL it was turned on and working for this site. This of course means that sessions are handled by cookies and not sesssion id's. Good, from a security point of view. Bad for this module!

 

If my thinking is correct then unless osCommerce generates a session id of its own, then when the customer returns from HSBC the data that's sent back is sent with an HSBC id, which os Commerce does not recognise. So, basket doesn't update, e-mails don't get sent, etc. Provided that osCommerce generates its own session id, HSBC uses this id and returns the data with that id and the whole shebang works - shopping basket gets updated, e-mails get sent out, customer account area is updated, and the orders show in osCommerce Admin.

 

Anyway, turned 'Force Cookie Use' off, and now it works like a dream!

 

From a security point of view 'Prevent Spider Sessions' is turned on, and I will have to keep that updated (spiders.txt). However, once people have logged in and are within the Secure Socket Layer the session id's aren't appended anyway - at least not visibly. And spiders can't fill up the system with false sales anyway, because the HSBC site requires that cookies are set, and the spider wouldn't be able to follow the basket procedure through to completion.

 

All in all, a very miserable bunny is now a very happy bunny indeed!

 

Vger

Share this post


Link to post
Share on other sites

Refering to contribution for HSBC module:

http://www.oscommerce.com/community/contri...all/search,hsbc

 

The changes files says :

 

Two small changes:

 

1.Just before the include of the application_top, put this line:

 

  if (!empty($_POST['MerchantData']))  $_GET['osCsid']=$_POST['MerchantData'];

 

It must look this way

 

  if (!empty($_POST['MerchantData']))  $_GET['osCsid']=$_POST['MerchantData'];

  include('includes/application_top.php');

 

So the session is recovered when performing the hidden post

 

2. Just after the $ordernum generation, this line:

 

if (!empty($_POST['OrderId'])) $ordernum=$_POST['OrderId']; 

 

So it will look this way:

 

srand ((float) microtime() * 10000000);

$r1 = rand(100,999);

$t1 = date("yz-his");

 

$ordernum = $t1.$r1;

if (!empty($_POST['OrderId'])) $ordernum=$_POST['OrderId']; 

 

That way, the returned OrderId will be used to create the order.

 

I have implemented change one, but cannot fine $ordernum for the second change.

 

Does anybody know where the order number is generated?

 

Please adivse,

 

Thanks

Share this post


Link to post
Share on other sites

Hiya Guys,

 

Anyone having any problems with HSBC this morning.

 

I have changed nothing, had 6 orders go through ok yesterday but am now receiving Hacking Attempt!! whenever a acustomer tries to make a payment.

 

Just as things had been progressing nicely for a couple of months.

 

Rich


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

OK,

 

Things seem back to normal, panic over.

 

Speaking with HSBC, they tried to blame it on my site despite the fact that they were having server problems.

 

They asked for some order details to be e-mailed through, to which I got this reply,

 

 

Thankyou for your email.

 

We are experiencing problems with the CPI and POS systems at this time.  It

has been escalated and will be resolved as soon as possible.

 

Not sure what escalated means but it obviously works well as things are all back to normal - :-"

 

Cheers for now, Richard.


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

Ok folks, I am connecting to HSBC, coming back fine with results code 0, staying logged in, returning to checkout_success BUT no order processed and the item stays in the cart.

 

I now have no more hair left to pull out so I am asking you guys for help.

I am using the latest version of the contribution.

I have stuck if (!empty($_POST['MerchantData'])) $_GET['osCsid']=$_POST['MerchantData'];

in the relevant places.

 

The only difference I have is I am working on a windows box so my hash function is :

 

$comobj = new COM("CcCpiCOM.OrderHash") or die("Fatal Error, Couldn't contact HSBC. Contact store Owner");

 

$hash = $comobj->GenerateOrderHash($hashfields,MODULE_PAYMENT_HSBC_HASH) or die("Fatal Error, Couldn't contact HSBC. Contact store Owner");

 

$comobj=null;

 

instead of using the gethash function.

 

Sessions are stored in MySQL.

 

Any ideas???

Share this post


Link to post
Share on other sites

Go to the HSBC site to see if the order is recorded there. I had this problem, HSBC recorded the order, but it wasn't sent back to osCommerce to be entered into the database, and no e-mails to customer or copies to myself were fired off. The problem was that the site had a full ssl, was ip based, and so worked well with the 'force cookie use' feature turned on - getting rid of session ids. However, the way HSBC works is that if you don't send them a session id they generate their own, and this is what gets sent back. osCommerce doesn't recognise the HSBC session id so nothing gets recorded. The solution was to turn off 'Force Cookie Use' and allow session ids - once I did that everything worked fine. BTW I had no problem with this feature in Test Mode, it only became a problem when in Production Mode. Your problem may not be exactly the same, but it may still be linked to session id generation.

 

If the hash wasn't working you wouldn't be able to connect to HSBC at all.

 

Vger

Share this post


Link to post
Share on other sites

Hey gcluk,

 

Just to let you know that I feel your pain and am suffering similar problems - except that my user is being logged out.

 

I added the code

 

echo "Sessions: <pre>";
print_r($_SESSION);
echo "</pre>";

 

to the footer of my site (fivefortykitesports.co.uk) so that I could see what variables are passed and what are returned to the site.

 

From what I can see, before I send the orrder off, the following appear

 ? ?[customer_id] => 4
? ?[customer_default_address_id] => 4
? ?[customer_first_name] => Phil
? ?[customer_country_id] => 222
? ?[customer_zone_id] => 0
? ?[sendto] => 4
? ?[cartID] =>

 

and when the user is returned to the site after making payment, all the order info is in the session (order hash, payment, etc) but no user info.

 

This seems to be where the user is getting logged out and it all goes pear shaped. With no user to recognise, the line

// if the customer is not logged on, redirect them to the login page
?if (!tep_session_is_registered('customer_id')) {
? ?$navigation->set_snapshot(array('mode' => 'SSL', 'page' => FILENAME_CHECKOUT_PAYMENT));
? ?tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
?}

in checkout_process.php seems to kick the user in to log on. As the user is not logged on, the site can't add the goods and place the order with the merchant.

 

Questions (easy one first then the kicker!)

- does my understanding sound right? :blush:

 

- any clues as to why the session does not appear to contain the user data? :huh:

 

- (for the grand prize) Anyone know how I can fix this?! :thumbsup:

 

Luckily my hair is too short to tear or else I would be losing it too! :blink:

Edited by darkside

Share this post


Link to post
Share on other sites

Have you got 'Force Cookie Use' enabled. If so, disable it. Other than that, recheck your two config files for errors.

 

Vger

Share this post


Link to post
Share on other sites

Cheers - 'Force Cookie Use' is set to false in the sessions pane on the admin site.

 

Will check the config files - any clues? I guess the cookie domain is the one to be looking for?

Share this post


Link to post
Share on other sites

Turning force cookies on causes a 'red' error line to be shown and a cookie is set on the local machine, so those settings seem to be working....

 

define('HTTP_SERVER', 'http://www.fivefortykitesports.co.uk');  // eg, http://localhost
 define('HTTPS_SERVER', 'https://www.fivefortykitesports.co.uk'); // eg, https://localhost
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.fivefortykitesports.co.uk');
 define('HTTPS_COOKIE_DOMAIN', 'www.fivefortykitesports.co.uk');
 define('HTTP_COOKIE_PATH', '/shop/');
 define('HTTPS_COOKIE_PATH', '/shop/');

Share this post


Link to post
Share on other sites

The 'logging off' problem is not one I have seen, one point is on successful return from HSBC I go to checkout_success not checkout_process, have you changed this?

 

For my problem I have force cookies set to false, I will re-check my config files (again) tonight.

Share this post


Link to post
Share on other sites

If you post your config files, minus sql user and password, I will take a look at them for you.

 

Vger

Share this post


Link to post
Share on other sites
If you post your config files, minus sql user and password, I will take a look at them for you.

 

Vger

 

In the local config I have:

<?

define('HTTP_SERVER', 'http://xxxxx.com');

// smtp server for windows

define('SMTP_SERVER', 'mail.xxxxx.com');

 

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT . '../');

define('DIR_FS_LOGS', '../admin/logs');

define('HTTPS_SERVER', 'https://xxxxx.com');

define('ENABLE_SSL', 1);

 

// define our database connection

define('DB_SERVER', 'mysql.xxxxxxxxxxxx.net');

define('DB_SERVER_USERNAME', 'xxxxxxxxxxx');

define('DB_SERVER_PASSWORD', 'xxxxxxxxxx');

define('DB_DATABASE', 'xxxxxxxxxxxx');

define('CONFIGURE_STATUS_COMPLETED', 1);

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', 'mysql');

?>

 

In the normal config php (which shouldn't be needed but "just in case"):

 

<?php

/*

$Id: configure.php,v 1.4.2.5 2003/12/17 12:22:51 serg Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://xxxxx.com'); // eg, http://localhost - should not be empty for productive servers

define('SMTP_SERVER', 'mail.xxxxx.com'); // mod for my windows php used in ini_set()

define('HTTPS_SERVER', 'https://xxxxx.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', 1); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', '');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', '/catalog/images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));

 

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

// define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

// define('DB_SERVER_USERNAME', '');

// define('DB_SERVER_PASSWORD', '');

// define('DB_DATABASE', 'osCommerce');

// define('USE_PCONNECT', 'false'); // use persistent connections?

// define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

?>

 

TIA

Share this post


Link to post
Share on other sites
If you post your config files, minus sql user and password, I will take a look at them for you.

 

Cheers! By plural of files, I presume you mean store and admin?

 

Store:

  define('HTTP_SERVER', 'http://www.fivefortykitesports.co.uk');  // eg, http://localhost
 define('HTTPS_SERVER', 'https://www.fivefortykitesports.co.uk'); // eg, https://localhost
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.fivefortykitesports.co.uk');
 define('HTTPS_COOKIE_DOMAIN', 'www.fivefortykitesports.co.uk');
 define('HTTP_COOKIE_PATH', '/shop/');
 define('HTTPS_COOKIE_PATH', '/shop/');
 define('DIR_WS_HTTP_CATALOG', '/shop/');
 define('DIR_WS_HTTPS_CATALOG', '/shop/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/fivefort/shop/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
 define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', '****');
 define('DB_SERVER_PASSWORD', '****');
 define('DB_DATABASE', '****);
 define('USE_PCONNECT', 'false'); // use persistent connections?
 define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

And the admin one for good measure

  define('HTTP_SERVER', 'http://www.fivefortykitesports.co.uk'); // eg, http://localhost
 define('HTTP_CATALOG_SERVER', 'http://www.fivefortykitesports.co.uk');
 define('HTTPS_CATALOG_SERVER', 'https://www.fivefortykitesports.co.uk');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home/fivefort/public_html/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/shop/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home/fivefort/public_html/shop/admin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/shop/'); // absolute path required
 define('DIR_FS_CATALOG', '/home/fivefort/public_html/shop/'); // absolute path required
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
 define('DB_SERVER', 'localhost'); // eg, localhost
 define('DB_SERVER_USERNAME', '****');
 define('DB_SERVER_PASSWORD', '****');
 define('DB_DATABASE', '****');
 define('USE_PCONNECT', 'false'); // use persisstent connections?
 define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

I think I found one error and am now getting returned to the store with the message

The transaction was rejected by FraudShield

 

At least I am logged in and that part seems to be working now!!!

Share this post


Link to post
Share on other sites

I can't comment on your 'local' file, but for the other, set this

 

define('ENABLE_SSL', 1); // secure webserver for checkout procedure?

 

 

to this

 

define('ENABLE_SSL', TRUE); // secure webserver for checkout procedure?

 

Don't know why you have a define for the smtp server in there, never needed to use it myself.

 

You are giving the file pathway (SSL) for a full ssl cert. Have you got one or are you on a shared server? If the latter you need to change this to what your host recommends.

 

If you are using MySQL to store data, rather than file storage, you should change this

 

// define('STORE_SESSIONS', ''); // leave empty '' for default

 

to this

 

// define('STORE_SESSIONS', 'mysql'); // leave empty '' for default

 

and this should be

 

define('HTTP_COOKIE_DOMAIN', 'www.yourdomain.com');

 

Try those for now and see if that helps, but there may be more wrong with your config files than I have had the time to check out.

 

Vger

In the local config I have:

<?

  define('HTTP_SERVER', 'http://xxxxx.com');

// smtp server for windows

  define('SMTP_SERVER', 'mail.xxxxx.com');

 

  define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT . '../');

  define('DIR_FS_LOGS', '../admin/logs');

  define('HTTPS_SERVER', 'https://xxxxx.com');

  define('ENABLE_SSL', 1);

 

// define our database connection

  define('DB_SERVER', 'mysql.xxxxxxxxxxxx.net');

  define('DB_SERVER_USERNAME', 'xxxxxxxxxxx');

  define('DB_SERVER_PASSWORD', 'xxxxxxxxxx');

  define('DB_DATABASE', 'xxxxxxxxxxxx');

  define('CONFIGURE_STATUS_COMPLETED', 1);

  define('USE_PCONNECT', 'false');

  define('STORE_SESSIONS', 'mysql');

?>

 

In the normal config php (which shouldn't be needed but "just in case"):

 

<?php

/*

  $Id: configure.php,v 1.4.2.5 2003/12/17 12:22:51 serg Exp $

 

  osCommerce, Open Source E-Commerce Solutions

  http://www.oscommerce.com

 

  Copyright ? 2003 osCommerce

 

  Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

  define('HTTP_SERVER', 'http://xxxxx.com'); // eg, http://localhost - should not be empty for productive servers

  define('SMTP_SERVER', 'mail.xxxxx.com'); // mod for my windows php used in ini_set()

  define('HTTPS_SERVER', 'https://xxxxx.com'); // eg, https://localhost - should not be empty for productive servers

  define('ENABLE_SSL', 1); // secure webserver for checkout procedure?

  define('HTTP_COOKIE_DOMAIN', '');

  define('HTTPS_COOKIE_DOMAIN', '');

  define('HTTP_COOKIE_PATH', '');

  define('HTTPS_COOKIE_PATH', '');

  define('DIR_WS_HTTP_CATALOG', '/catalog/');

  define('DIR_WS_HTTPS_CATALOG', '/catalog/');

  define('DIR_WS_IMAGES', '/catalog/images/');

  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

  define('DIR_WS_INCLUDES', 'includes/');

  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

  define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

  define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']));

 

  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

//  define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

//  define('DB_SERVER_USERNAME', '');

//  define('DB_SERVER_PASSWORD', '');

//  define('DB_DATABASE', 'osCommerce');

//  define('USE_PCONNECT', 'false'); // use persistent connections?

//  define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

?>

 

TIA

Share this post


Link to post
Share on other sites

If you are getting through and your transaction is being rejected by Fraud Shield then

 

(1). They rejected the card used.

(2). You are using either Test or Production mode in the module, when HSBC has you set for the other.

(3). They've given you a bad hash code. They do this, and deny it and deny it, until they finally admit they made a mistake.

 

Make sure that in osCommerce -> Modules -> HSBC you have set "Pending Error Codes" to 0 (zero), and that your client ID/Alias is set to the code which begins with UK and ends in GBP.

 

The only change I would make to your config files, assuming you are using database not file storage, is this

 

define('STORE_SESSIONS', 'mysql');

 

Hope this helps - Vger

 

Cheers! By plural of files, I presume you mean store and admin?

 

Store:

 ?define('HTTP_SERVER', 'http://www.fivefortykitesports.co.uk'); ?// eg, http://localhost
?define('HTTPS_SERVER', 'https://www.fivefortykitesports.co.uk'); // eg, https://localhost
?define('ENABLE_SSL', true); // secure webserver for checkout procedure?
?define('HTTP_COOKIE_DOMAIN', 'www.fivefortykitesports.co.uk');
?define('HTTPS_COOKIE_DOMAIN', 'www.fivefortykitesports.co.uk');
?define('HTTP_COOKIE_PATH', '/shop/');
?define('HTTPS_COOKIE_PATH', '/shop/');
?define('DIR_WS_HTTP_CATALOG', '/shop/');
?define('DIR_WS_HTTPS_CATALOG', '/shop/');
?define('DIR_WS_IMAGES', 'images/');
?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
?define('DIR_WS_INCLUDES', 'includes/');
?define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
?define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
?define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
?define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
?define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

?define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
?define('DIR_FS_CATALOG', '/home/fivefort/shop/');
?define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
?define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection
?define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers
?define('DB_SERVER_USERNAME', '****');
?define('DB_SERVER_PASSWORD', '****');
?define('DB_DATABASE', '****);
?define('USE_PCONNECT', 'false'); // use persistent connections?
?define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

And the admin one for good measure

 ?define('HTTP_SERVER', 'http://www.fivefortykitesports.co.uk'); // eg, http://localhost
?define('HTTP_CATALOG_SERVER', 'http://www.fivefortykitesports.co.uk');
?define('HTTPS_CATALOG_SERVER', 'https://www.fivefortykitesports.co.uk');
?define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
?define('DIR_FS_DOCUMENT_ROOT', '/home/fivefort/public_html/'); // where the pages are located on the server
?define('DIR_WS_ADMIN', '/shop/admin/'); // absolute path required
?define('DIR_FS_ADMIN', '/home/fivefort/public_html/shop/admin/'); // absolute pate required
?define('DIR_WS_CATALOG', '/shop/'); // absolute path required
?define('DIR_FS_CATALOG', '/home/fivefort/public_html/shop/'); // absolute path required
?define('DIR_WS_IMAGES', 'images/');
?define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
?define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
?define('DIR_WS_INCLUDES', 'includes/');
?define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
?define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
?define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
?define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
?define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
?define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
?define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
?define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
?define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
?define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
?define('DB_SERVER', 'localhost'); // eg, localhost
?define('DB_SERVER_USERNAME', '****');
?define('DB_SERVER_PASSWORD', '****');
?define('DB_DATABASE', '****');
?define('USE_PCONNECT', 'false'); // use persisstent connections?
?define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

I think I found one error and am now getting returned to the store with the message

The transaction was rejected by FraudShield

 

At least I am logged in and that part seems to be working now!!!

Edited by Vger

Share this post


Link to post
Share on other sites

UPDATE!

 

I have finally got orders appearing in the admin panel of the site!!! Wooohooo!! B)

 

It's been a while and I have had to battle with server moves, file installation and undocumented problems along the way in order to get everything working!

 

Thanks to everyone who helped. Even though your help may not have been the directly attributable to my exact problem, the overall troubleshooting, questioning and suuport has got me there in the end - as well as raising my coding ability and e-commerce understanding several notches!!!

 

So, to sum up, things are looking good and I hope this is now running smoothly.

 

Does anyone fancy helping in the compilation of a FAQ for this module? I have not found any detailled low-level documentation and feel something along these lines would be invaluable.

 

If this sounds like a good idea, PM me and I'll start the structure - if only to 'give a bit back' to the forum!

Share this post


Link to post
Share on other sites

One thing you can rely on with HSBC eSecure, trying to install it will raise the level of your coding abailities - or drive you totally insane - whichever comes first!

 

Vger

Share this post


Link to post
Share on other sites
trying to install it will raise the level of your coding abailities - or drive you totally insane - whichever comes first!

 

I think it was a dead heat :blink:

 

Certainlly know how Neo felt in the Matrix - I can look at pages of code and exploded session arrays and understand them implicitly now!

Share this post


Link to post
Share on other sites

Thanks for the input, I changed those but it made no difference. I also found I had a problem with losing session information, however I have fixed that and it's STILL not working!

 

FYI the smtp bit is a variable I use later in ini_set to set the mail server rather than have a whole php.ini just to set the e-mail details.

 

The SSL is a domain cert not a shared cert.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×