Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

Richard,

 

I've been using my order number mod and you're quite right about the orders being in a random order.

 

My solution was to sort the orders by date instead of order number and this solves the problem.

 

To do this change the following lines in orders.php (about 361)

 

 

from:

 

 if (isset($HTTP_GET_VARS['cID'])) {
? ? ?$cID = tep_db_prepare_input($HTTP_GET_VARS['cID']);
? ? ?$orders_query_raw = "select o.orders_id, o.customers_name, o.customers_id, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int)$cID . "' and o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and ot.class = 'ot_total' order by orders_id DESC";
? ?} elseif (isset($HTTP_GET_VARS['status'])) {
? ? ?$status = tep_db_prepare_input($HTTP_GET_VARS['status']);
? ? ?$orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and s.orders_status_id = '" . (int)$status . "' and ot.class = 'ot_total' order by o.orders_id DESC";
? ?} else {
? ? ?$orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and ot.class = 'ot_total' order by o.orders_id DESC";
? ?}

to:

 

 if (isset($HTTP_GET_VARS['cID'])) {
? ? ?$cID = tep_db_prepare_input($HTTP_GET_VARS['cID']);
? ? ?$orders_query_raw = "select o.orders_id, o.customers_name, o.customers_id, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int)$cID . "' and o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and ot.class = 'ot_total' order by orders_id DESC";
? ?} elseif (isset($HTTP_GET_VARS['status']) and $status > 0) {
? ? ?$status = tep_db_prepare_input($HTTP_GET_VARS['status']);
? ? ?$orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and s.orders_status_id = '" . (int)$status . "' and ot.class = 'ot_total' order by o.orders_id DESC";
? ?} else {
? ? ?$orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and ot.class = 'ot_total' order by o.date_purchased DESC";
? ?}

 

and that should do it.

 

Regards

 

Neil Westlake

DJBox.co.uk

Edited by ribs

Share this post


Link to post
Share on other sites

Wow Neil,

 

That was some quick response with just the answer I was after. Many thanks, I will get the above fix installed straight away to get my orders showing in the correct way. I knew there must be a way of doing this but after having stared at orders.php for a good while I was not too confident about changing things.

 

I think I may well change over to your order numbering system as well.

 

Cheers again Neil,

 

Richard.


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

hi having a few probs instaling this module

 

anyone can help would be appreciated

 

hostmaster has been trying for 3 days to get this running and he is now scratching his head

 

all help appreciated

 

dont mind paying someone to do thie either ,so as long as they have installed before

 

the problem seem to be when you check out it goes to hsbc then returns you to

 

hsbc_return and says Hacking Atempt with out been able to imput card info

 

regards andy

Share this post


Link to post
Share on other sites

This usually happens with people who don't realise that they have to put certain files in the cgi-bin, and set the right permissions on those files. The files are included in the HSBC CD Rom Integration Guide.

 

Vger

Share this post


Link to post
Share on other sites

Hello,

 

I'm currently writing a version 2 of the HSBC module based around the original created by Jose Leon last year.

 

Hopefully my module will solve a lot of the installation and running issues that users have.

 

New features I plan to implement are as follows:

 

1. Two different methods for generating Hash key.

2. Module will not install if php functions that generate hash or secure server are not available. (A warning will be displayed telling the user what is missing)

3. HashGen.e (formally teshHash.e) now self discovers if in catalog directory and checks for the presence of libCcCpiTools.so

4. If the hash cannot be generated at the checkout a warning will be dispayed if the module is in test mode, otherwise the HSBC payment method will not be shown at all.

5. HSBC responses will now update admin orders, eg. If approved order is marked as Payment received, if payment is set to review it is marked as Payment Query, and if payment is declined it is marked as declined.

 

I'm looking for any suggestions for features that I may have missed or not even thought of and I'm also looking for a couple of beta testers that can try the module and give feedback.

 

Please PM me if you want to test or post a reply here for features.

 

Regards

 

Neil Westlake

DJBox.co.uk

Share this post


Link to post
Share on other sites

There is no problem with the 3rd version of the HSBC module by Jose Leon, available by download from his site at:

 

http://oscommerce.qadram.com/modules.php?n...wdownload&cid=4

 

If what you are doing results in a better version of the module, and available via osCommerce then good luck! I was just wondering if you were aware or not of the 3rd module by Jose Leon at the time of writing your update to the 1st and 2nd modules.

 

The file you mentioned (testHash.e) as being in the 'catalog' directory has previously been placed in the cgi-bin, along with the other HSBC files, and I would have thought this was more secure.

 

Vger

Share this post


Link to post
Share on other sites

Neil Westlake

DJBox.co.uk

 

Rocks

 

This guy installed the hsbc module and I was up and running all within a working

day

 

If your running a business, my advice don?t spend days trying to install it

 

Get the pro in who also gives you support if you hit a problem

 

Thanks Neil

 

Regards Andy

Share this post


Link to post
Share on other sites
This usually happens with people who don't realise that they have to put certain files in the cgi-bin, and set the right permissions on those files.  The files are included in the HSBC CD Rom Integration Guide.

 

Vger

 

 

Ok, Vger, this is giving me a headache. :'( :D

 

What files do I need to put into the cgi-bin folder? I went through there CPI integration guide and basically got nowhere.

 

Oh, and while I'm at it. Is this the correct file (Payment Modules 2.0 ) on the site link that you gave?

 

Thanks,

Paul

Edited by Fourbit

Share this post


Link to post
Share on other sites

I'm not sure whether the version 2.0 contains an update to the HSBC module or not. As it has three more banks etc. listed it may be that it is just a bigger zip containing integration guides for more banks, rather than an update to the HSBC one. I use HSBC from the v1.0 and it works fine (once you know how to do it all). It is worth doing when it all works correctly, but there is no doubting that it is a major pain to get it all up and running.

 

The files (I think, if I remember correctly) are four in total, and they are all there on the HSBC CD Rom Integration Guide (CPI), both in text that you can save as file, and as actual files.

 

Vger

Share this post


Link to post
Share on other sites

Hello Paul,

 

There are two files that need to be put in the cgi-bin, they are TestHash.e & libCcCpiTools.so, they can be found on the HSBC CD in the Linux directory (I think).

 

When you uploaded them make sure you you set the permissions to execute & read.

 

Now open the hsbc.php in the payments folder and find the line:

 

  $path='';

 

You'll need to to put the absolute path in there as seen by the server eg. /home/user/sites/cgi-bin

 

With that in place you should at least be able to generate the hash key.

 

Regards

 

Neil Westlake

DJBox.co.uk

Share this post


Link to post
Share on other sites

Vger,

 

Thank you for your response. ;) I did a quick comparison of the payment modules in both v1 and v2 on Qadrams site and found them to be identical. So, doesn't matter which one you use there. :thumbsup:

Thanks

 

Neil,

 

Thank you for going into a bit more detail. I managed to glean all that info out of this thread and from another thread on a different site finally. :) That usually happens. Just after I give up on something and post a question somewhere, I get the answer. :D

 

So, I have the thing working fine now in the Test mode. But, when I switch to Production. It just comes back to my site with this. /checkout_payment.php?error_message=The+transaction+failed+because+of+invalid+input+data.

 

I'm hoping that is a result of HSBC not placing the account in production mode. But, I have to wait for 8 hours or so to check with them. :P

 

Thanks again for your responses.

 

Paul

Edited by Fourbit

Share this post


Link to post
Share on other sites

Paul,

 

Unfortuantely the Invalid Data Error is not because you are in test mode it's because something is wrong.

 

Check to make sure your hash is generating, to do this open the source for the confirm order page and search for OrderHash, if there is no value then the hash is not generating.

 

 

Regards

 

 

Neil Westlake

DJBox.co.uk

Share this post


Link to post
Share on other sites
Paul,

 

Unfortuantely the Invalid Data Error is not because you are in test mode it's because something is wrong.

 

Check to make sure your hash is generating, to do this open the source for the confirm order page and search for OrderHash, if there is no value then the hash is not generating.

Regards

Neil Westlake

DJBox.co.uk

 

 

Neil,

 

I think I was a bit confusing. Everything is fine in test mode. I just get the error when I'm in the production mode.

 

In test, I can go through the whole process and even brings me back to the site with a "thank you" etc. . Now, in test mode I don't get anything posted to the orders. But, I figure that's the way it should be. That's why I tried a purchase in the Production mode. And I just keep getting bounced back at that point.

 

Sorry for the confusion.

 

Paul

Share this post


Link to post
Share on other sites

Hello folks,

well the HSBC module has been running fine for some months then stopped working when there was an upgrade to PHP.

I no longer seem to be able to instantiate the COM object CcCpiCOM.OrderHash although it is working fine in the ASP example from HSBC.

 

Any ideas what could be wrong, I have a gut feeling there is something in the php.ini file that needs setting but no idea what.

Share this post


Link to post
Share on other sites

Hi,

 

this is where I'm up to with this mod. If anyone can shed any light I'd be very grateful.

 

In hsbc_return.php I've changed the code to

if ($order_hash!=$hash) die ("Hacking atempt! - orderHash=".$order_hash." hash=".$hash);

 

Now when I try to make a purchase I get the result below.

 

Hacking atempt! - orderHash=2AXV/wIHVFspefz8tORKMVAyc9g= hash=

 

Is this showing TestHash.e is not working on my server? TestHash.e is in the cgi-bin 'chmodded' to 755 and the full path to it has been placed in hsbc.php.

 

?? Puzzled

 

Many thanks

 

Byron

Share this post


Link to post
Share on other sites

Bryon,

 

Your hash key is almost certainly not being generated. You say that you placed the Testhash.e file in the cgi-bin, have you put the libCcCpiTools.so file there too.

 

You also need to make sure that the path set in hsbc.php that calls Testhash.e is relative to the file.

 

Regards

 

Neil Westlake

DJBox.co.uk

Share this post


Link to post
Share on other sites
Bryon,

 

Your hash key is almost certainly not being generated. You say that you placed the Testhash.e file in the cgi-bin, have you put the libCcCpiTools.so file there too.

 

You also need to make sure that the path set in hsbc.php that calls Testhash.e is relative to the file.

 

Regards

 

Neil Westlake

DJBox.co.uk

 

Hi Neil, thanks for the reply.

 

libCcCpiTools.so is in the cgi-bin and I have the path set like so:

//Path where the TestHash.e executable is located
 $path='/home/hsphere/local/home/*myserver/*mydomain/cgi-bin';

 

where *myserver and *mydomain are the actual directories.

 

As it happens I sent you an email this afternoon. Did you receive it? (it went to your hotmail address).

 

thanks again,

 

Byron

Share this post


Link to post
Share on other sites

hello guys!

i have following standard problem - 'Hacking Attempt' after checkout confirmation,

but $hash key is generating success (in hsbc_return), and in $_POST are nothing like OrderHash, or other fields. where is a mistake?

i'm sorry again for this may be stupid question - but i'm simply blonde woman, so... :)

thanks!

Share this post


Link to post
Share on other sites
hello guys!

i have following standard problem - 'Hacking Attempt' after checkout confirmation,

but $hash key is generating success (in hsbc_return), and in $_POST are nothing like OrderHash, or other fields. where is a mistake?

i'm sorry again for this may be stupid question - but i'm simply blonde woman, so... :)

thanks!

Another customer has told me about that problem, there is no OrderHash in the post because it's returning a falta error and the error is that the StoreFrontID is not configured properly, my customer solved it by checking the storefrontID, both in the osCommerce admin panel and in the HSBC CPI, there was something wrong there.

 

You can also modify the hsbc_return.php to show the error when it says hacking attempt.

 

Regards

Share this post


Link to post
Share on other sites

I've installed the version 2 from the spanish site, with all the files uploaded from the CPI with chmod 777, but i'm getting the error shown below-can anyone enlighten me as to how i correct it?

 

 

Fatal error: Cannot redeclare tep_db_connect() (previously declared in /homepages/25/d84430073/htdocs/surface2air/Final/Html/test/catalog/includes/functions/database.php:13) in /homepages/25/d84430073/htdocs/surface2air/Final/Html/test/catalog/includes/functions/database.php on line 13

 

 

Cheers, Jon

Share this post


Link to post
Share on other sites

Jon,

 

Which page does it display this error on? This error is normally caused when you try to include or require the same file twice.

 

Regards

 

Neil Westlake

DJBox.co.uk

Share this post


Link to post
Share on other sites

it's on the hsbc_return.php page, when i'm trying to proceed with the order. I will take a look to see the if the include is being run twice. Thanks for the fast response, Jon

Share this post


Link to post
Share on other sites

ok, so as soon as that was sorted and changed i've come across another issue-it comes up with the hacking attempt message, but i have all of the files uploaded into my cgi-bin with chmod 755, can anyone point me in the right direction as to where i might be going wrong? Could it be that the address in hsbc.php for TestHash.e is not absolute? If that is the issue, does anyone know how i can get this address? Thanks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×