Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

Hi All

 

I have the mod installed now BUT...

 

Problem is it takes payment fine, returns from HSBC to success.php and looks fine as a customer, it sends an email to the customer and me as the store owner BUT the order number is 450-xxxxxxxx - some bizarre number instead of the consecutive order numbers I have been using on the site and the order doesn't appear in the orders section of OSC admin so an invoice can't be generated.

 

If I try to recall my test order - eg the number 450- etc as above, it brings up order number 450 from way back in my site database!

 

Any ideas gratefully received!!

 

In the mean time, I've reverted back to the old HSBC mod I was using which does the job but with alot of flaws.

 

TIA - Tom @ MFYM

www.moreforyourmonkey.co.uk

Share this post


Link to post
Share on other sites

Hi

 

I am in the process of sorting out secure e-payments with HSBC but some of the posts on this thread are putting me off.

 

I don't really understand what the problems are or how it all fits together at the moment.

 

Exactly what questions should I ask my hosting provider to see if I will be able to run the secure e-payments mod? Do I need to know:

 

Can they switch the PHP server off safe mode?

Can I run an executable on their servers?

Do they have SSH installed?

 

Is there anything else I should ask them?

 

If they can't do it I might end up switching over to webfusion.co.uk - a bit annoying since I nearly chose them in the first place. Anyone else using europahosting.co.uk? Got it working?

 

Thanks

Tim

Share this post


Link to post
Share on other sites
Hi All

 

I have the mod installed now BUT...

 

Problem is it takes payment fine, returns from HSBC to success.php and looks fine as a customer, it sends an email to the customer and me as the store owner BUT the order number is 450-xxxxxxxx - some bizarre number instead of the consecutive order numbers I have been using on the site and the order doesn't appear in the orders section of OSC admin so an invoice can't be generated.

 

If I try to recall my test order - eg the number 450- etc as above, it brings up order number 450 from way back in my site database!

 

Any ideas gratefully received!!

 

In the mean time, I've reverted back to the old HSBC mod I was using which does the job but with alot of flaws.

 

TIA - Tom @ MFYM

www.moreforyourmonkey.co.uk

I have now managed to get this module working on FreeBSD using linux emulation!

 

However I am now getting the same OrderID problem as Tom - any suggestions??

Share this post


Link to post
Share on other sites
Hello,

I think with few modifications could run, but the time it takes to execute the java version it's infinite higher than the C one, also, most servers (afaik) doesn't run java, so...

 

The portion of code to change is when setting the LD_LIBRARY_PATH (not needed) and executing the testhash.e, I think results dumped out are in the same format.

 

Regards.

I wonder if you could address this OrderID mismatch issue we are now experiencing as a matter of urgency, I am testing on a live shop waiting to put this module live.

 

Kind regards

Simon.

Share this post


Link to post
Share on other sites

Hi all,

 

I'm working on a webshop using oscommerce and I have to use the HSBC CPI. Now, thanks to freerangemum and some others here for the work regarding the PHP part, I did manage to install the needed files and changes.

 

However, I only received a zip file with the CPI stuff in but no manual as for how to install or use it. Can someone give a primer for this?

 

Eternally thankfull!

 

BB

Peter

Share this post


Link to post
Share on other sites

Ok I've found a dirty fix for the order not submitting problem & order ID (I think).

 

As usual please backup your site before you make these changes, and you do so at your own risk.

 

The problem lies in that the checkout_process.php file is not being called by hsbc_return.php, so the first mod is on the hsbc_return.php file.

 

At about line 60 find:

 

if ($order_hash!=$hash) die ("Hacking atempt!");

tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

 

and change it to:

 

if ($order_hash!=$hash) die ("Hacking atempt!");

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

 

This will call the checkout_process.php file instead of checkout_confirmation.php.

 

Next open checkout_process.php and find:

 

// load the before_process function from the payment modules

$payment_modules->before_process();

 

change it to:

 

// load the before_process function from the payment modules

//$payment_modules->before_process();

 

This removes the call to the class: $payment_modules, this is because it kept returning to the payments page saying that you have cancelled your payment.

 

If anyone knows what this call does, and any repercussions that might occur by removing it please let me know.

 

I've tested the above on my site that's in development and it works how it should. eg. The cart is emptied and an email is sent. Also the order appears in the admin section how it should.

 

Please post any comments if you make the above mod, also with the order ID issue, because my site is not live I didn't see any problems. Could someone let me know if and what the problem is.

 

Thanks

 

 

Neil Westlake

Share this post


Link to post
Share on other sites

Just I quick note: If you remove the before_process line from the checkout_process file, your shop will not work with any payment module, just this one because you are processing the order in the return, not in the internal post made by the cpi...

 

Regards.

Share this post


Link to post
Share on other sites

I must admit, I have only got two payment modules installed: HSBC & COD.

 

It works fine with both of these, but I will try some of the other modules.

 

Regards

 

Neil

Share this post


Link to post
Share on other sites
I must admit, I have only got two payment modules installed: HSBC & COD.

 

It works fine with both of these, but I will try some of the other modules.

 

Regards

 

Neil

Apart from the order number on hsbc it appears to work! - THANKS Neil

 

can confirm that it works along side my online & cheque payment modules too. :D

 

 

can the order number for osc be passed to hsbc instead of hsbc generating one?

Share this post


Link to post
Share on other sites

Simon,

 

I think you'll find the order number is generated from OSC and not the HSBC CPI.

 

What is the order number your getting and what do you want it to be?

 

Let me know

 

 

Neil Westlake

Share this post


Link to post
Share on other sites

Hi

 

I've installed the HSBC module, configured it, configured it some more, but I'm still getting "The transaction failed because of invalid input data".

 

I have a valid hash key, the testhash is working, i have secure connections during the checkout process. Any ideas? Have i missformatted something?

 

It tries to connect to the HSBC CPI page and takes absolutely ages before comming back with the error.

 

I'm currently doing this on a local test server (Apache on WIN XP).

 

Any help greatly apprcieated.

 

Thanks

Share this post


Link to post
Share on other sites

Have you phoned up HSBC to enable production mode?

 

They check over your site to make sure it has return policies, delivery, contact details etc etc.

 

If it works fine on test mode, then that's the problem.

 

Alex

Share this post


Link to post
Share on other sites

Thanks for the quick reply.

 

I'm still trying to get it working in test mode at the moment.

 

Any other ideas?

 

Thanks

Share this post


Link to post
Share on other sites

Josh,

 

Have you read my previous post about the time stamp, when I was testing on my XP box I had the same problem.

 

Regards

 

Neil

Share this post


Link to post
Share on other sites

Newbie is as newbie does.

 

Sorry, I just re-read all the posts and Neil's time fix for windows has worked.

 

One more question, as the system is in test mode can i use the 4111... CC number or do I have to use a real one? and just to be sure (apologies for asking the obvious but i just want to be sure) whilst in test mode it won't process the transaction will it?

 

Thanks

Share this post


Link to post
Share on other sites
At about line 60 find:

 

if ($order_hash!=$hash) die ("Hacking atempt!");

tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

 

and change it to:

 

if ($order_hash!=$hash) die ("Hacking atempt!");

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

Hi

 

Sorry about that. Right, I have the system working locally bar the order not being submitted problem. However, I can't find the relevant lines of code in hsbc_return.php. Am i looking in the right file?

 

Thanks

Share this post


Link to post
Share on other sites

My hsbc_return must differ slightly from yours but I put that line in the most similar place.

 

After

 if ($order_hash!=$hash) die ("Hacking atempt! - orderHash=".$order_hash." hash=".$hash);

was as close as i got but it worked fine.

 

Thanks a lot Neil and co :D

Share this post


Link to post
Share on other sites
Newbie is as newbie does.

 

Sorry, I just re-read all the posts and Neil's time fix for windows has worked.

 

One more question, as the system is in test mode can i use the 4111... CC number or do I have to use a real one? and just to be sure (apologies for asking the obvious but i just want to be sure) whilst in test mode it won't process the transaction will it?

 

Thanks

So long as you are in test mode transactions will appear to be processed, but nothing will actually be charged. When you're done testing you need to set it to live & notify the bank.

 

hth

free


I've had 3 children.........how hard can this be???

Share this post


Link to post
Share on other sites

I'm setting up a store and my client has decided to use HSBC. He has provided me with his UserID, a Hash key and the CPI URL. I have entered these into the fields in the HSBC payment module in osCommerce. I have also carried out the amendments to the relevant PHP pages in osCommerce as described in the contribution installation notes.

 

When I try and run an order through, the form posts to HSBC but is then returned with the error

 

I have 3 questions:

 

1. Does anyone know why the following error is being returned? "The transaction failed because the Storefront was configured incorrectly."

 

2. Also, the client is using non-SSL shared web space. Should he be using SSL space?

 

3. I'm unclear on the whole TestHash stuff. Is it necessary to install some software on the web server for this?

 

Thanks

Share this post


Link to post
Share on other sites

Hi guys,

 

After a couple of months of building my site offline I am at the stage of getting things up and running. This is the first time I have worked with OScommerce which is a very impressive piece of software and it is due to the excellence of these support forums that I have not found the need to post any queries up till now.

 

I am posting here now because I would like to know how the hsbc mod is working out. I am currently with hsbc and have merchant status with them so using their e-payments makes sense. However after having read through their literature and having followed this forum thread I am not too confident of trying to implement the mod.

 

I have tied to place an order at freerangemum's website to view the system in action, only to be met with the same error message as listed in the previous post: "The transaction failed because the Storefront was configured incorrectly"

 

Is this down to the setup on my browser? If so are orders being lost because of this?

 

Basically I would like to hear any opinions as to whether it is worth tring to implement this system, any views from people already using the system as to its effectiveness or whether I should spend more time looking into more tried and tested alternatives, ie. Worldpay/protx.

 

Any links to sites with the system fully working would be much appreciated also.

 

Thanks in advance for any replies and keep up the excellent work with the forums and contributions,

 

Richandzhaoyan


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

Hi all

 

Like many others writing on this thread I'm having problems getting the HSBC mod installed.

 

I have placed the linux files CcOrderHash.e, CcResults.e, TestHash.e and libCcCpiTools.so in my cgi_bin directory and changed the $path variable to point to the right place.

 

When I place an order now it calls the hsbc servlet but then goes to hsbc_return, then finishes up telling me it's a hacking attempt. I changed the hacking attampt message to

if ($order_hash!=$hash) die ("Hacking atempt! - orderHash=".$order_hash." hash=".$hash);

 

This shows me that I don't have a value in my $order_hash variable. i.e. the error message is now

Hacking atempt!- orderHash= hash=cxBt/eKx0zzcjV9wvb+2sfWMJCg=

or something similar.

 

Does anyone have any idea why this might be? Is the TestHash.e file not executing properly?

 

 

Another question I have for Neil Westlake is this:

In a previous post you wrote this

Ok I've found a dirty fix for the order not submitting problem & order ID (I think).

 

As usual please backup your site before you make these changes, and you do so at your own risk.

 

The problem lies in that the checkout_process.php file is not being called by hsbc_return.php, so the first mod is on the hsbc_return.php file.

 

At about line 60 find:

 

if ($order_hash!=$hash) die ("Hacking atempt!");

tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

 

and change it to:

 

if ($order_hash!=$hash) die ("Hacking atempt!");

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

 

This will call the checkout_process.php file instead of checkout_confirmation.php.

 

I can't find this line or anything like it around line 60 of hsbc_return.php. The file provided in the contribution has

  if ($order_hash!=$hash) die ("Hacking atempt!- orderHash=".$order_hash." hash=".$hash);
 
  	 $CpiResultsCode=$_POST['CpiResultsCode'];

  	 if ($CpiResultsCode=='0') 
  	 {
     tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));
  	 }

at lines 37-44. Is your version of this heavily modded from the original contribution?

 

Thanks for your help

Tim

Share this post


Link to post
Share on other sites

Tim,

 

Sorry for the confusion with the hsbc_return.php file, just to clarify things the line you are changing from a virgin copy of hsbc_return.php is 44:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));

 

you need to change this to:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', true));

 

Hope this clears things up.

 

 

Regards

 

 

Neil Westlake

Share this post


Link to post
Share on other sites

Hi

 

Did anyone manage to solve the order id issue? The order ID is generated by osc and is used by HSBC so surely its just a question of knowing the variable name.

 

The code -

if (!empty($_POST['OrderId'])) $insert_id=$_POST['OrderId'];  

Should do it but it doesn't work?

 

Anybody have the answer?

 

Thanks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×