Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

using my own account now, i'm the guy uploading the site for surface2air, and i've exhausted all the ideas i've had for solving the problem with the hacking attempt, i can't see what's wrong with it after looking through all of the other related posts. I've tried using the absolute path, i have a shared ssl certificate and a dedicated one on the way, files are uploaded to the cgi bin with chmod 755 but it still comes up with hacking attempt-any ideas anyone?

Share this post


Link to post
Share on other sites
using my own account now, i'm the guy uploading the site for surface2air, and i've exhausted all the ideas i've had for solving the problem with the hacking attempt, i can't see what's wrong with it after looking through all of the other related posts. I've tried using the absolute path, i have a shared ssl certificate and a dedicated one on the way, files are uploaded to the cgi bin with chmod 755 but it still comes up with hacking attempt-any ideas anyone?

problem now sorted...

Share this post


Link to post
Share on other sites
Paul,

 

Unfortuantely the Invalid Data Error is not because you are in test mode it's because something is wrong.

 

Check to make sure your hash is generating, to do this open the source for the confirm order page and search for OrderHash, if there is no value then the hash is not generating.

Regards

Neil Westlake

DJBox.co.uk

I've had this error message come up too, while in test mode though. I searched for OrderHash in checkout_confirmation.php and there is a value, but it's still not working. Any ideas? Cheers, Jon

Share this post


Link to post
Share on other sites

Free BSD - excuse me while I roll over on my back, kick my legs up in the air, and die laughing!

 

Sorry - just my jaundiced view of Free BSD (used by the likes of PowWeb).

 

Really though - you're going to have more than enough trouble trying to get this to operate on a decent server setup, let alone trying to run it on FreeBSD.

 

Vger

Share this post


Link to post
Share on other sites

Hello,

 

I've got the module working but i receive no order updated in oscommerce admin, and no order emails come through, the order goes through on hsbc site tho

 

 

any ideas?

Share this post


Link to post
Share on other sites

Kev,

 

You most likely have an error in your checkout_process.php file, this file is responsible for entering the data into the database and sending the email.

 

Trying accessing the file using a browser to see if it outputs an error, if it directs you to the login page the error could still be there but it's not a parsing error.

 

Regards

 

Neil Westlake

DJBox.co.uk

Share this post


Link to post
Share on other sites

hmm all seems ok,

 

site works fine with paypal aswel

 

when going to test mode should orders show up in the osc admin also?

Edited by K-P

Share this post


Link to post
Share on other sites

think i've fixed it

 

mainly because the site is heavily modded

adding:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, 'order_id='.$insert_id, 'SSL'));

 

to hsbc_return file and having

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'order_id='.$insert_id, 'SSL'));

 

at the end of checkout_process file seems to have cured it

Edited by K-P

Share this post


Link to post
Share on other sites

Kev,

 

In test mode the orders will show just the same as in production mode. Believe me the problem your looking for is very difficult to find.

 

Check the order_id, the database is set to only hold 11 digits, if this goes over or theres any letters in there it won't update.

 

Regards

 

Neil Westlake

DJBox.co.uk

Share this post


Link to post
Share on other sites

Thanks for the reply neil,

 

I'm pretty sure i've fixed it now, and the order id number is only 9 chars so far, so hopefully it wont go over 11 :)

 

Thanks

 

Kev

Share this post


Link to post
Share on other sites

You can always intervene in the mysql database to get the order_id to accept a larger number of digits.

 

Vger

Share this post


Link to post
Share on other sites

Hi,

 

I use Web Fusion SOHO and i am trying to use the HSBC payment module. Can anyone give detailed instructions on how this is done - seeing as some people have completed this seemingly complex task? Thanks!

Share this post


Link to post
Share on other sites
Hi Neil,

 

Why don't you give webfusion.co.uk a go?

 

I've not even got a top account and I can host anything! It's got a great control panel, very good customer service and my programmer seemed to set everything up fine!

 

You get SSH which is what you need to run the executables (??) which I know you need...

 

Give it ago, I'm using SoHo - ?150/year.

 

Alex

 

P.S. I don't work for them, believe it or not!

Share this post


Link to post
Share on other sites

Okay - after having the HSBC e-Secure module up and running for over six months without a hitch it's now well and truly broken.

 

Last night the new version of the website was uploaded, and HSBC stopped working. No HSBC files were overwritten. At first I thought it was to do with a new javascript drop down header, but that was replaced with a simple header on all the SSL pages - but it's still returning an 'invalid data input' error.

 

Any idea as to what could be causing the problem?

 

Vger

Share this post


Link to post
Share on other sites

Vger,

 

Without seeing the problem it's difficult to diagnose what could be wrong. I've checked your site and you've disabled the HSBC payment method. If you can take a copy of the source from the checkout_confimation page after selecting HSBC, email it across to me and I'll take a look.

 

Regards

 

Neil Westlake

DJBox.co.uk

Share this post


Link to post
Share on other sites

Hi Neil, Thanks for that offer. We've already checked the source against a former checkout_confirmation.php page that we had kept for reference and they are identical. The problem is not there. However, I shall e-mail it to you, in case you can see something that we can't! HSBC isn't even giving a 'Hacking attempt!' error, just bouncing us straight back to the site with the 'Invalid input data' error.

 

We have removed the javascript drop down that we thought was the cause of the problem - because in ssl mode it used a blank.html page as a buffer, and this was causing a 'mixed content' error. We resolved that easily enough, but decided to remove the drop down anyway.

 

I have done file comparisons all day between the old site files and the new site files (all of the relevant ones anyway) and it keeps coming back 'files identical'. I'm now beginning to wonder if it is to do with the CCGV Contribution. It was installed on the old site but not activated until now.

 

It's either that or something really silly and otherwise minor that is throwing HSBC off. As you know - it doesn't take much to do that!

 

Many Thanks - Vger

Share this post


Link to post
Share on other sites

Hi

 

I am down to my last few strands of hair now!!

All working apart from the order numbers being different.

i.e. HSBC number is different from the one sent via e-mail - or is this normal?

So many changes - I am getting confused as to which ones may be relevant for what seems like the final piece.

Can anyone help please - my eyes are burning from reading through this thread so many times.

Share this post


Link to post
Share on other sites

Depends what you mean by 'numbers' sent by HSBC. If this is an order number they generate then 'yes' it will probably be different to your own, because your orders will include any test orders you've run through, including Payment By Cheque orders.

 

Consider yourself lucky if that is your only problem with HSBC tonight!

 

Vger

Share this post


Link to post
Share on other sites

Thank you for the reply & apologies for any confusion.

Point taken - believe me this is not the only problem I have had with this module, as lots of others including yourself can verify.

Not being that clued up with programming / scripting - I am probably expecting miracles here but is there any way that the HSBC Order ID can be used as the shop 'order_id' - or does that have to be a manual tie-up process?

 

eg

HSBC Order ID - 86468114121 (Generated in hsbc.php?)

My order_id=681948577 (The one sent in e-mail to the customer & shop)(Generated on return to CHECKOUT_PROCESS?)

 

Not being a programmer - please excuse my lack of knowledge and feel free to correct my misunderstandings of how the process works.

Share this post


Link to post
Share on other sites

Greg,

 

Cant think of the answer right now as its late and its been a long time since I installed this but YES, your order numbers should tie up.

 

Something is not quite right. If you havent sussed it by tomorrow and nobody else comes up with the answer I will delve back through my workings.

 

If your going to be handling alot of orders this is something that needs to be right, trust me!

 

G'night,

Rich


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

Thanks.

As long as it's not just me then.

 

To re-iterate the thoughts of others - huge thanks to ALL who have contributed to this thread.

Share this post


Link to post
Share on other sites

Hi Richard

 

Apologies - hovered over the add reply button for too long & sent the reply before I had completed it. Another excuse for tearing more hair out!

Thanks for the reply - your help is really appreciated.

I am getting really frustrated now as I feel I am so close but not quite there just yet.

 

Happy days!

 

Greg

Share this post


Link to post
Share on other sites

Greg,

 

To solve your order number problem you can do the following:

 

in hsbc.php:

 

find:

 

      //Generation of the order_id  
     srand ((float) microtime() * 10000000);
     $r1 = rand(100,999);
     $t1 = date("yz-his");

     $sequence = $t1.$r1;

 

and replace it with:

 

      //Generation of the order_id  
 while (get_order_id() > 0);
 $sequence = $GLOBALS['rndnum'];

 

in checkout_process.php replace the original order generation code with:

 

 // Generate Random Order ID if not already set
 if(!$_POST['OrderId'])
	 {
 while (get_order_id() > 0);
 $insert_id = $rndnum;
}
 else
{
$insert_id = $_POST['OrderId'];
}

 

and in functions/general.php add this to the bottom:

 

// Get a unique random number for the order id
function get_order_id()
 {
 global $rndnum;
 $rndnum = rand(0,10000);
 $query = "SELECT * FROM `orders` WHERE orders_id = ".$rndnum;
 $results = tep_db_query($query);

 return tep_db_num_rows($results);
 }

 

finally run the following with phpMyadmin or similar:

 

ALTER TABLE `orders` CHANGE `orders_id` `orders_id` INT(10)  UNSIGNED NOT NULL

 

Let me know how you get on or if you have any problems.

 

Regards

 

Neil Westlake

DJBox.co.uk

Edited by ribs

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×