Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

Have you changed the production mode from T to P and are you creating the hash with the new mode as well?

 

How do I create the hash with the new mode?

Share this post


Link to post
Share on other sites
How do I create the hash with the new mode?

 

If you are using the oscommerce MOD and you've changed the mode to P in the Admin section you won't need to check this. A lot of people not using the oscommerce MOD also use this thread as there isn't anywhere else that supports the HSBC ePayments system.

Share this post


Link to post
Share on other sites

You say you have changed it from Test to Production mode - but it's not enough to do this with the contribution you also have to Telephone/Fax HSBC e-Secure and get them to change it over at their end of things. It then takes up to 24 hrs for this to be done. Did you contact them?

 

Vger

Share this post


Link to post
Share on other sites
You say you have changed it from Test to Production mode - but it's not enough to do this with the contribution you also have to Telephone/Fax HSBC e-Secure and get them to change it over at their end of things.  It then takes up to 24 hrs for this to be done.  Did you contact them?

 

Vger

 

Hi vger

Yes, the client contacted them on Monday so i'm guessing (without checking of course) that it has been done. Im hoping it hasn't yet, and that there really is no problem. ! I'll speak to the client again tommorow.

 

Cheers

F5

Share this post


Link to post
Share on other sites

Hi Guys,

 

I'm having the old "Storefront configured incorrectly" problem. Cant seem to find a solution...

 

Any ideas?! I also dont have any of the files that need to go into the cgi-bin.

 

Thanks in advance.

 

Andy

Share this post


Link to post
Share on other sites

The files that need to go into the cgi-bin are contained on the HSBC CD Rom. Open it in Windows Explorer and you'll be able to navigate to them. If you just launch it as an interactive CD Rom you'll never find them.

 

Vger

Share this post


Link to post
Share on other sites
The files that need to go into the cgi-bin are contained on the HSBC CD Rom.  Open it in Windows Explorer and you'll be able to navigate to them.  If you just launch it as an interactive CD Rom you'll never find them.

 

Vger

 

 

Thats brilliant. I will have a look at that.

 

Thanks!

Share this post


Link to post
Share on other sites

Hi

 

Trying to install the module by Kostuk Nikolas do you need to change anything?

 

EG

 

Line 824:

 

function SecCrypto()

{

$s = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXX";

$s1 = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

$s2 = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";

$this->a =chr(98).chr(84).chr(120).chr(114).chr(66).chr(87) .chr(80).chr(112);

$this->_fldif = $this->initKey($s, $s1, $s2);

$this->_fldif=substr($this->_fldif,0,44);

}

 

Do I need to change the XXXXXXX from the included ones or anything else as it doesn't appear to work code 10 returned?

Share this post


Link to post
Share on other sites

There's no need to alter any of the files provided by HSBC (the ones that go into the CGI-Bin), which is where I think that reference comes from.

 

Vger

Share this post


Link to post
Share on other sites

Barry,

 

I'm not sure why you've X'd out all the values, but what was there was correct eg:

 

    function SecCrypto()
   {
       $s = "KmJTwzVPwjoxQdWJb1BxbuhBSa2RuM05+/aUdgYoGdFWWf04CKIQTxtxLeKCp+5J";
       $s1 = "y8YhmjsAoMUW9RxfXBSos0A6LwGd+5pXv/MRAKCYFLG";
       $s2 = "BqRkPAG8DFFAdeN5SMAArktCYuUGXi2q88EDoOs3Ykw0k";
 $this->a =chr(98).chr(84).chr(120).chr(114).chr(66).chr(87).chr(80).chr(112);
       $this->_fldif = $this->initKey($s, $s1, $s2);
 $this->_fldif=substr($this->_fldif,0,44);
   }

 

If your getting a error 10 from HSBC then there is something wrong with the data you are sending. You should check the form fields on the checkout_confirmation.php page to see if the orderhash value is set.

 

Neil Westlake

DJBox.co.uk

Share this post


Link to post
Share on other sites

Hi thanks for that.

 

I was wondering if you had to replace them with your hash code or not.

 

This is the form on the checkout_confirmation.php page...

 

<form name="checkout_confirmation" action="https://www.cpi.hsbc.com/servlet" method="post">

<input type="hidden" name="CpiDirectResultUrl" value="https://www.themusicroom-online.co.uk/checkout_payment.php">

<input type="hidden" name="CpiReturnUrl" value="https://www.themusicroom-online.co.uk/checkout_process.php">

<input type="hidden" name="Mode" value="T">

<input type="hidden" name="OrderDesc" value="Item Description">

<input type="hidden" name="OrderId" value="2-20050523051208">

<input type="hidden" name="PurchaseAmount" value="3999">

<input type="hidden" name="PurchaseCurrency" value="826">

<input type="hidden" name="StorefrontId" value="UKXXXXXXGBP">

<input type="hidden" name="TimeStamp" value="1116861128000">

<input type="hidden" name="TransactionType" value="Auth">

<input type="hidden" name="UserId" value="2">

<input type="hidden" name="BillingAddress1" value="BillingAddress1">

<input type="hidden" name="BillingCity" value="Bradford">

<input type="hidden" name="BillingCountry" value="826">

<input type="hidden" name="BillingCounty" value="West">

<input type="hidden" name="BillingFirstName" value="Barry">

<input type="hidden" name="BillingLastName" value="Gambles">

<input type="hidden" name="BillingPostal" value="BD13 1js">

<input type="hidden" name="ShopperEmail" value="bgambles@XXXXXXXX">

<input type="hidden" name="ShippingAddress1" value="ShippingAddress1">

<input type="hidden" name="ShippingCity" value="Bradford">

<input type="hidden" name="ShippingCountry" value="826">

<input type="hidden" name="ShippingFirstName" value="Barry">

<input type="hidden" name="ShippingLastName" value="Gambles">

<input type="hidden" name="ShippingPostal" value="BD13 1js">

<input type="hidden" name="OrderHash" value="t8i5IdRsR9pIDcwkpIKX18xNEuA=">

<input type="image" src="includes/languages/english/images/buttons/button_confirm_order.gif" border="0" alt="Confirm Order" title=" Confirm Order "></form>

Share this post


Link to post
Share on other sites

My goodness, going through 22 pages in this thread was fun!!

 

The only problem I have is that every time someone got near giving an answer to my problem, the subject seemed to change.

 

I am having the old "Hacking attempt" issue. I seem to have an Order Hash but no Hash. I have installed the latest HSBC Payment module (2.0) and I have an SSL cert. The files in HSBC's CD-ROM have been installed in the cgi-bin directory and the path points to them. I am not running PHP in safe mode.

 

I have seen people write that "Everything works like a dream". HOW???

 

Any thoughts would be greatly appreciated

 

Nick

Share this post


Link to post
Share on other sites

Do you have 'Force Cookie Use' set to true in Configuration --> Sessions in your osCommerce admin panel? If so, set it to false. For HSBC e-Secure to work you must pass them a session id generated by your site. If you do not then they (HSBC) will generate a session id which gets passed back to your site, is not recognised by your site (because it did not generate it), and that results in errors.

 

Vger

My goodness, going through 22 pages in this thread was fun!!

 

The only problem I have is that every time someone got near giving an answer to my problem, the subject seemed to change.

 

I am having the old "Hacking attempt" issue. I seem to have an Order Hash but no Hash. I have installed the latest HSBC Payment module (2.0) and I have an SSL cert. The files in HSBC's CD-ROM have been installed in the cgi-bin directory and the path points to them. I am not running PHP in safe mode.

 

I have seen people write that "Everything works like a dream". HOW???

 

Any thoughts would be greatly appreciated

 

Nick

Share this post


Link to post
Share on other sites

Thanks vger,

 

"Force kookie use" = false. Anything else I should be looking for?

 

Nick

Share this post


Link to post
Share on other sites

Once you've arrived on the checkout_confirmation page use View Source and look at the code in that page. You should see what is being passed to HSBC, along with a session id.

 

Recently we installed a javascript drop down menu on one site and that broke the insertion of the session id into the code being sent to HSBC.

 

Vger

Edited by Vger

Share this post


Link to post
Share on other sites

Thanks again Vger,

 

The form contains

 

<form name="checkout_confirmation" action="https://www.cpi.hsbc.com/servlet" method="post" onsubmit="return check_agree(this);">

<input type="hidden" name="osCsid" value="2ec9a29422cfa5e59c695ce47fa61bd2" />

<input type="hidden" name="CpiDirectResultUrl" value="https://alle.co.uk/checkout_process.php">

<input type="hidden" name="CpiReturnUrl" value="https://alle.co.uk/hsbc_return.php">

<input type="hidden" name="OrderDesc" value="alle order">

<input type="hidden" name="OrderId" value="Order 05143-014640">

<input type="hidden" name="PurchaseAmount" value="13523">

<input type="hidden" name="PurchaseCurrency" value="826">

<input type="hidden" name="StorefrontId" value="UKxxxxxxGBP">

<input type="hidden" name="TimeStamp" value="1116938800000">

<input type="hidden" name="TransactionType" value="Auth">

<input type="hidden" name="MerchantData" value="2ec9a29422cfa5e59c695ce47fa61bd2">

<input type="hidden" name="BillingAddress1" value="8 Evelyn Drive">

<input type="hidden" name="BillingCity" value="Pinner">

<input type="hidden" name="BillingCountry" value="826">

<input type="hidden" name="BillingCounty">

<input type="hidden" name="BillingFirstName" value="Nick">

<input type="hidden" name="BillingLastName" value="Paradiso">

<input type="hidden" name="BillingPostal" value="HA5 4RX">

<input type="hidden" name="ShopperEmail" value="paradin@holonsystems.com">

<input type="hidden" name="ShippingAddress1" value="8 Evelyn Drive">

<input type="hidden" name="ShippingCity" value="Pinner">

<input type="hidden" name="ShippingCountry" value="826">

<input type="hidden" name="ShippingCounty">

<input type="hidden" name="ShippingFirstName" value="Nick">

<input type="hidden" name="ShippingLastName" value="Paradiso">

<input type="hidden" name="ShippingPostal" value="HA5 4RX">

<input type="hidden" name="Mode" value="T">

<input type="hidden" name="OrderHash">

 

Nick

Share this post


Link to post
Share on other sites

Okay, your site is not generating the order hash value, as in (example):

 

<input type="hidden" name="OrderHash" value="abCdEf+hiJkLmnop+rtsUVWxx=">

 

Vger

Share this post


Link to post
Share on other sites

Thanks again, Vger

 

Does that signify an ssl problem or just sheer incompetence on my part?

 

Nick

Share this post


Link to post
Share on other sites

OK, I give up!!

 

Can anyone suggest a developer who could install the HSBC module for me?

 

Nick

Share this post


Link to post
Share on other sites
OK, I give up!!

 

Can anyone suggest a developer who could install the HSBC module for me?

 

Nick

 

Yes, ribs is an excellent guy. His real name is Neil Westlake.

 

Drop me a line if you want his email address. He installed it for me in seconds!

 

Regards,

 

Peter

Share this post


Link to post
Share on other sites
Yes, ribs is an excellent guy. His real name is Neil Westlake.

 

Drop me a line if you want his email address. He installed it for me in seconds!

 

Regards,

 

Peter

 

Hi, could you please put me in contact with him :)

Share this post


Link to post
Share on other sites

Just look on the page before this one and you'll see his last post.

 

Vger

Share this post


Link to post
Share on other sites

Hi guys,

 

having looked over my checkout_confirmation.php page, I notice I haven't generated a HASH either.

 

I don't have an SSL certificate, and looking over the previous posts, I presume I need one?

 

Any other help would be brilliant, as I cant HASH and I know I need that!

 

Thanks

Share this post


Link to post
Share on other sites

It's down in the HSBC CPI Integration Guide CD Rom that HSBC won't connect to you on an http connection - so yes, you need ssl.

 

Vger

Share this post


Link to post
Share on other sites

Andrew,

 

As Vger said you do need a SSL server to use HSBC, but you sould still be able to generate a HASH key without one.

 

Regards

 

Neil Westlake

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×