Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

So once I get my SSL (just getting one now), should it just spring into action?!

Share this post


Link to post
Share on other sites

So once I get my SSL (just getting one now), should it just spring into action?!

Share this post


Link to post
Share on other sites
Andrew,

 

As Vger said you do need a SSL server to use HSBC, but you sould still be able to generate a HASH key without one.

 

Regards

 

Neil Westlake

 

 

I can't understand why it doesn't generate a HASH. Maybe I don't have the files sorted correctly...

Share this post


Link to post
Share on other sites

HSBC does need to receive a session id from you, otherwise they generate one of their own and return this to your site - which, of course, your site does not recognise. The system breaks down at that point.

 

Possible causes of the session id not being transferred include the use of some javascript drop-down category menus, and Force Cookie Use being set to 'true' in Configuration --> Sessions.

 

Also, there are files other than TestHash.e which need to be in the cgi-bin. Have you added those to the cgi-bin?

 

Vger

Share this post


Link to post
Share on other sites
HSBC does need to receive a session id from you, otherwise they generate one of their own and return this to your site - which, of course, your site does not recognise.  The system breaks down at that point.

 

Possible causes of the session id not being transferred include the use of some javascript drop-down category menus, and Force Cookie Use being set to 'true' in Configuration --> Sessions.

 

Also, there are files other than TestHash.e which need to be in the cgi-bin.  Have you added those to the cgi-bin?

 

Vger

 

I currently have testHash.exe, CCOrderHash.exe, and CCResults.exe. in there....!

Share this post


Link to post
Share on other sites

Hi Guys,

 

Well this probably doesnt belong in here, but ive put all of the files from the HSBC CD into the CGI-BIN, and i have an SSL cert.

 

However, i still dont generate a HASH, and my https:// bit still doesnt work. everytime i click from a page in https:// i go straight back to http://.

 

Any ideas, or offers to help! are greatly appreciated!

 

 

Thanks

 

Andy

Share this post


Link to post
Share on other sites

On the ssl part of things. If your cert was issued to www.yourdomain.com then this is how both your http cookie domain and https cookie domain should be listed in both of your configure.php files. If your cert was issued to just yourdomain.com then enter it that way.

 

Similarly your http_server address should be either http://www.yourdomain.com or http://yourdomain.com - depending upon how your cert was issued. Same for https cookie domain.

 

If you are getting any error messages when you go to an https page then note down what they are and PM them to me.

 

Vger

Edited by Vger

Share this post


Link to post
Share on other sites

Vger,

 

You're a star. I have managed to get the https:// bit working fantastically now.

 

All i need to sort os my hashing and i'm onto a winner. Which files do i need in the cgi-bin, what files do i need to edit, and anything else i need to do!?

 

Thanks Vger and guys!

 

Andy

Share this post


Link to post
Share on other sites

The files we keep in the cgi-bin are:

CcOrderHash.e

CcResults.e

TestHash.e

libCcCpiTools.so

 

There are relatively few files to edit in the module themselves, and they're marked where you do need to edit them.

 

Vger

Share this post


Link to post
Share on other sites

OK,

 

So i've got all of those files plus a few more.

 

I am still getting the "storefront inccorectly configured" or whatever it says!

 

i have all the mhash() and mcrypt() stuff installed, and i dont run safe mode....

Share this post


Link to post
Share on other sites

Sometimes it's just down to the server you're on and the setup. I recently had someone come to me who'd had a developer trying to get ePDQ working on their site and couldn't. I looked at their server setup and found that Curl was not compiled with php. Moved the site, made a few changes to the files and it's all up and running now.

 

If you've looked all through this thread you'll find one other common theme - HSBC sending out the wrong hash code. If all else fails get them to send you a new hash key.

 

Vger

Edited by Vger

Share this post


Link to post
Share on other sites

Ah now there's a point. Maybe the hash they sent me is wrong.

 

i just don't generate anything. its stupid! I wish i had told my client to stuff it and use SecPAY or paypal lol!

Share this post


Link to post
Share on other sites

Hi guys,

 

It's amazing anyone has got any hair left after trying to get this going :blink:

 

As you might have guessed I'm also having trouble!

 

I know the OrderHash isn't being generated by looking at the source of the confirmation page. So I've isolated the command it is running and have tried to run it from the shell to see if it errors, and it does..

 

The command I'm running is...

 

./TestHash.e "iv0yx6fg7HGjd7hdX8WVx/zRzuCmnnjX" "https://www.mysite.net/checkout_process.php" "https://www.mysite.net/hsbc_return.php" "MYSITE order" "Order 05166-103153" "549" "826" "UKXXXXXXXXGBP" "1118910713000" "Auth" "154a2140493e5cc8458845366986b6c83" "59 Here Street" "Manchester" "826" "" "Fred" "Bloggs" "M123MM" "fred@bloggs.com" "59 Here Street" "Manchester" "826" "" "Fred" "Bloggs" "M123MM" "T"

 

and it returns...

./TestHash.e: cannot execute binary file

 

I'm running Fedora Core 1, and the files I've copied into the CGI-BIN are as follows...

libCcCpiTools.so

CcOrderHash.e

CcResults.e

TestHash.e

 

Those are from the c/SunOS folder.

 

The files have execute permissions.

 

Am I using the wrong files, or is there some dependancy I do not know about?

 

Please help. :'(

 

Thanks.

Share this post


Link to post
Share on other sites

Tony,

 

The problem you are having generating the orderhash is fairly common, the error you are getting "cannot execute binary file" is most likely because PHP is compiled as a CGI and not an Apache module.

 

I never found a way around this unfortunately and every client I've worked for that had this problem changed hosts.

 

If you have control over the server try recompiling PHP as an Apache module instead.

 

Regards

 

Neil Westlake

Westhost.co.uk (formally DJBox.co.uk)

Share this post


Link to post
Share on other sites

I've just been looking at this thread and it makes me want to curl up in a ball on the floor and cry. I cant help but thing to myself, "WHY DIDNT YOU JUST USE WORLDPAY???"

 

In any event, there's no point in me even trying to install this. I just simply don't have the knowledge or capability to do it. I run www.opticalbeauty.com and am trying to install this HSBC contribution with little success. (I havent tried, but I dont think it's going to matter how much I try)

 

If anyone could help me out, I'd be very thankful. Please email me any quotations or costs to sam@opticalbeauty.com.

Share this post


Link to post
Share on other sites
./TestHash.e: cannot execute binary file

 

The actual problem and solution may not be anything to do with the way php was compiled. It could simply be that you uploaded those files to the cgi-bin in Binary Mode via FTP. They must be uploaded in ASCII mode.

 

Vger

Share this post


Link to post
Share on other sites

Thanks for the help! :)

 

Unfortunatley I've not had any further success. As far as I can tell PHP is loaded as a module. (it has "LoadModule php4_module modules/libphp4.so" in a conf file)

 

I'd not thought of the format it was uploading in, it was automatic before. So to be sure I set it to be ASCII, but still no luck.

 

Which files are you using (from which folder?) and what are your server operating systems. I'm half thinking I might need to compile the program from the source provided but am not 100% sure how to do this. :huh:

 

Any help is appreciated.

Share this post


Link to post
Share on other sites

Tony,

 

There are only two files you need to use:

 

libCcCpiTools.so

TestHash.e

 

Remember that these are Linux files that are executed by the operating system not the web server. These files don't need to be in the cgi-bin, although this where most people put them.

 

Regards

 

Neil Westlake

Westhost.co.uk

Share this post


Link to post
Share on other sites

Hi Neil, Thanks for another prompt reply.

 

Just so I know the files are executing ok I am trying to run them by ssh'ing into the server and running them from the command line. I was unaware it only needed those 2 files so thanks for the info.

 

The files and folders that were provided by my customer were as follows..

 

HP-UX

include

sample_src

SunOS

WinNT

 

The only folder that contains the files of the types you mentioned is the SunOS folder, are those the files I should be using, or have I not been provided with specific Linux files? Or do I need Fedora Core 1 specifically compiled versions?

Share this post


Link to post
Share on other sites

Nevermind :-"

 

My customer hadn't sent me ALL the files because I have rung HSBC and they have sent me them all which includes a LINUX folder!

 

I've now got it generating the hash, hopefully the rest should fall into place.

 

Many thanks for your help! :)

Share this post


Link to post
Share on other sites

Yikes!!!

 

 

Just a warning to others=>

 

I had an uninvited spider on my site last night, busy adding items to his cart, so I uploaded the latest version of spiders.txt avaialable from the contributions section.

 

Today, NO ORDERS online......

 

Ran a test order through as far as reaching the HSBC page earlier in the day with no trouble so figured all was well, just very quiet (put it down to the weather - Kind of warm). Unfortunately I did not carry on to complete the order.

 

I was monitoring the user tracking during the day and sure enough it was quiet.

 

However, come tonight, happened to just fire up user tracking as someone went through to complete an order - finally I thought.... BUT, no confirmation e-mail sent to me and no order registered in admin.

 

So, ran another test order through to completion and sure enough same result - or lack of it!!!

 

Replaced the spiders.txt with the one I was using before and ...... no problem, back to normal and working fine.

 

There are alot of wildcards used in the latest spiders.txt and one of them must be blocking HSBCs return post. Had a quick look but cant figure which it is but thought it might be worth posting the warning.

 

Anyone else come across similar problems?

 

Anyhow, luckily only two payments with no order details gone through today so only two customers to phone and explain the problems to in the morning.......

 

Cheers,

Rich


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

Richard,

 

Thanks for the warning, I believe the reason for this is because someone has entered "java/" as a spider, I'm not sure if there is such a spider but I certainly know that in the return post from HSBC there user_agent is java/, this is why you weren't getting your orders.

 

So if you want to use the up2date spiders file you must remove the java/ line.

 

Regards

 

Neil Westlake

Westhost.co.uk

aka DJBox.co.uk

Share this post


Link to post
Share on other sites

hi ya,

 

bit stuck with getting this to run, getting CpiResultsCode 10. I think its to do with the SSL. The page requesting the cpi page isn't https://. I can't see how to make the checkout area https:// - I have edited configure.php!!

 

when I get through to the hsbc_return.php I've got it to print some post variables to screen (note that the $hash=''):

 

StorefrontId: UK34786091GBP

OrderId: Order 05186-082336

PurchaseAmount: 598

PurchaseCurrency: 826

PurchaseDate: 1120656244235

ShopperEmail: wilczyk@hotmail.com

MerchantData: f659fb31772fbe7b4351abc653fb5f7f

CpiResultsCode: 10

OrderHash: GkaAVvxcMCuKmsBEjxdznBurZio=

 

Hacking attempt!

Order Hash: GkaAVvxcMCuKmsBEjxdznBurZio= Hash:

 

 

Any help would be great!!

 

Cheers,

 

Dan.

Share this post


Link to post
Share on other sites

Dan,

 

For starters, if you don't enable SSL on the checkout you'll never see the HSBC page.

 

In configure.php make sure that SSL is set to true and the URL for the secure server starts https.

 

If $hash is blank then it sounds like your hash is not being generated, this is a common problem and sometimes requires changing web hosts just to get it to work!

 

Good luck

 

Neil Westlake

Westhost.co.uk

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×