Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

Thanks to Neil Westlake that installed the HSBC contribution for me, my web site www.blunoa.com is now working perfectly.

 

But i have a small problem when the customer is switching the currencie from British Pound to Euro the and is choosing HSBC as a metod of payment the web is giving a message " INVALID IMPUT DATA" so i had to remove the currencie box to avoid this error, the fact is that with paypal this is not happening.

 

Any idea thank you.

Edited by blunoa
Link to comment
Share on other sites

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

hello community

hi VGER , hello ribs

 

we are reeeeeeeeeeallllllly close here

 

orders are vsisble in hsbc

test and production work

but order dont come back to osc db

after placing order and going through hsbc we get back to checkout_success.php but the orders don't show up in osc admin

 

all this on a vanilla osc latest version with just hsbc contrib on it and running like

single language country and all zones everything is correct

 

woudl apreciate any push in right direction, enlighten me please

GUIDO

 

srry for my english I am german and helping out an 'englishman' on his prob ;)

Link to comment
Share on other sites

I have multiple currencies in my store but people checkout in our default currency. Checkout the site http://www.theleftyshop.com

 

The individual programming of the checkout in default currency was done by e-shop fitters.

 

This really should be a contribution but that wasn't something I stipulated when I ordered the coding.

Link to comment
Share on other sites

referring to my post below I would like to add some information in case this might be usefull for assiting me/us

 

as written in hsbc we do have the order

when it comes back the hsbc_return.php directs me to checkout success and due to the code on top the hsbc-return.php oscsid is correctly appended so if I understand right the oscsid is forwarded to hsbc on checkout by modul as MerchtData and then in return the MerchantData is assigned to the oscsid, please correct me if I misinterpreat :huh:

 

the order id is a three didgit random number for testing at the moment (verified in hsbc) so this shuldn't cause any poblems I think

 

in the module I set orderstatus to 1 which is pending as I have from vanilla osc only 3, think this should be no reason then as well

 

we are trying since 2 weeks now and simply do not get an order to osc database :( thus they are all nicely in HSBC, we are in porduction mode btw as we switch old shopsystem to osc so no problem with interferences by HSBC we assume as from old shop orders are wellprocessed as well

 

please help,feeling kind of desperate :(

 

thx

 

 

hello community

hi VGER , hello ribs

 

we are reeeeeeeeeeallllllly close here

 

orders are vsisble in hsbc

test and production work

but order dont come back to osc db

after placing order and going through hsbc we get back to checkout_success.php but the orders don't show up in osc admin

 

all this on a vanilla osc latest version with just hsbc contrib on it and running like

single language country and all zones everything is correct

 

woudl apreciate any push in right direction, enlighten me please

GUIDO

 

srry for my english I am german and helping out an 'englishman' on his prob ;)

Link to comment
Share on other sites

have to add they I just noticed now, that after final completion in hsbc and comming back to osc the products purchased are still in the basket ???

 

while in hsbc it says

 

43xxxxxx-xxxx-xxxx-xxxx-0003bac62f71 Sale Approved 02/02/06 02:18:26 ?0.90

 

 

and yet nothing in osc orders table

:( :( :( :(

Edited by dahui
Link to comment
Share on other sites

I've spoken to Michael and it would appear the reason his HSBC doesn't work is because his hosting with 1and1.

 

I've said it before and I'll say it again, if your hosted with 1and1 you'll never get HSBC to work. I've been there wasted many hours, emailed tech support but still nothing. For some reason there servers do not accept the hidden return post which updates the DB and send the emails.

 

You've been warned.

 

Neil Westlake

Link to comment
Share on other sites

I've spoken to Michael and it would appear the reason his HSBC doesn't work is because his hosting with 1and1.

 

I've said it before and I'll say it again, if your hosted with 1and1 you'll never get HSBC to work. I've been there wasted many hours, emailed tech support but still nothing. For some reason there servers do not accept the hidden return post which updates the DB and send the emails.

 

You've been warned.

 

Neil Westlake

 

 

hey neill

 

I trust ya having spent so many hours on hsbc

but may I state 2 things

 

a) if I understand it well VGER got it running on 1and1 see

http://www.oscommerce.com/forums/index.php?sho...ic=76967&st=540

we are exactly there

 

b ) I have set up a new osc , vanilla with just hsbc on my own VPS where I have full root rights and it's not hosted by 1and1 but hosteurope in germany, and same thingy

 

I use thewrath1 exact logins and codes hahese and we connect to hsbc on checkout, make payment and are processed well back

 

only the data is not written in db

 

as said I could make any php config or setting I want to and place the equivalent files wherever i need to, samesame all well but no data in oscdb

 

I can understand from theboard here that there must be quiet a few peolple having it running and that it is only a question of altering the rights files

 

sumit up any input on which file and what todo is highly appreciated ;)

Edited by dahui
Link to comment
Share on other sites

Michael,

 

The best thing you can do to prove it is create a simple PHP counter script (search google), save it as checkout_process.php and upload (obviously save the original one first).

 

Now call the file directly, ie http://www.yoursite.com/catalog/checkout_process.php, now check the counter file and make sure its incremented by one.

 

Now run an order through the shop, when HSBC returns check the counter file again if it's incremented then you need to find the problem, but if it doesn't increment then this proves that 1and1 did not accept the hidden post from HSBC's server.

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

Michael,

 

The best thing you can do to prove it is create a simple PHP counter script (search google), save it as checkout_process.php and upload (obviously save the original one first).

 

Now call the file directly, ie http://www.yoursite.com/catalog/checkout_process.php, now check the counter file and make sure its incremented by one.

 

Now run an order through the shop, when HSBC returns check the counter file again if it's incremented then you need to find the problem, but if it doesn't increment then this proves that 1and1 did not accept the hidden post from HSBC's server.

 

Regards

 

Neil Westlake

 

thx neill will try, but as said for the moment we are on a NON 1and1 server !!!

Link to comment
Share on other sites

The latest version (3.0) has now been released by Jos? (the author of the original version) for download as a Contribution from this website. It can be located here:

 

http://www.oscommerce.com/community/contributions,3997

 

Vger

 

 

Hi Vger,

 

Is this a recently re-written module, or is the version 3 module that has been sitting on Jose's website for download for sometime ?

 

Just to clarify :-) or did u just decide to post this for convenience because it was missing from the contribs section?

 

TIA

Q/ How many therapist's does it take to change a lightbulb?

A/ Two. But the lightbulb has to really 'want' to change.

Link to comment
Share on other sites

The original module written by Jos? and available from Contributions was out of date. The newer version was only available from his website. There was a new HSBC contribution which people were having trouble with and which contained advertising. Both of these Contributions were pulled - and so there was no HSBC e-Secure contribution available from Contributions on this site.

 

Through someone else I received confirmation from Jos? that he was happy for the contribution available for download from his website to be made available here under GPL. So that's what I have done. I made some amendments to the install instructions to make them more readable and understandable, but that's all. It also links into this support thread.

 

Vger

Edited by Vger
Link to comment
Share on other sites

I am attempting to install this module for a client.

The hash and order_hash are different.

 

If I echo the command PHP is running, and the hash that osCommerce creates, and then run the same command myself from commandline, I get a totally different hash to oscommerce.

 

Can someone please let me know how to fix this. HSBC are unable to help, as they do not support php.

Link to comment
Share on other sites

Check with HSBC that the hash they have given you is valid. They hav ebeen known to screw up.

 

But before you do that check that you have entered the HSBC Hash Key correctly in your HSBC Payment Module. A common mistake is to enter zeros instead of the letter 'O'. HSBC does not use zeros in their hash keys, so those entries will either be the letter 'o' (lower case) or 'O' (upper case).

 

Vger

Link to comment
Share on other sites

Check with HSBC that the hash they have given you is valid. They hav ebeen known to screw up.

 

But before you do that check that you have entered the HSBC Hash Key correctly in your HSBC Payment Module. A common mistake is to enter zeros instead of the letter 'O'. HSBC does not use zeros in their hash keys, so those entries will either be the letter 'o' (lower case) or 'O' (upper case).

 

Vger

Vger, thanks for the info. There's no o/O/0's in the hask key provided.

I will check with HSBC that it is valid, however both they and I managed to obtain the same hash using commandline from some submitted data.

 

I'm running osC on a freebsd machine running php in safe_mode. The testhash.e file has been placed into /nonexec to allow anyone on the server access to it if required.

Link to comment
Share on other sites

Hi All,

 

Has anyone heard of anyone getting this problem and if so how it was fixed?

 

A customer in the UK creates an account and buys and pays for their order using HSBC Module (V2) NO PROBLEM.

 

But, 2 customers 1 in USA and 1 in Spain do exactly the same thing, but HSBC reports Invalid input error so the sales remain in customer basket.

 

HSBC Says that the HASH generated by our store for these 2 clients does not match the HASH generated by them??????? and that we have an error in the Module somewhere.

 

I have checked the output of the module and everything is as HSBC dictates in their CPI Manual Specs. ISO country code are being passed OK and UK Currency ISO remains fixed at 826 and all field lengths are within 25 character limit.

 

Surley if a UK client can place and pay for an order with no error, logic dictates that everyone can.

 

This simple conclusion was beyond the HSBC e-payments experts comprehension at the technical support center, as they constantly blamed the payment module in oscommerce.

 

I asked for the contents of the log to see what was allegedly the error, but never got it, I spent almost an hour trying to work this out with them but the language accent barrier proved to be the down fall, (yes all i could get thru to was the overseas service desk I was not able to talk to anyone in the UK despite trying).

 

At the moment we are having to ask anyone who has this problem to let us know and we will take payment over the phone, (not very professional is it!).

 

I throw this one open to all for any ideas on a solution.

 

All the best to all

Andrew

Literally, Laterally Thinking! If you cannot get through it, go round it.

Link to comment
Share on other sites

Andrew,

 

If you have the currency fixed at 826 then I would think it has something to do with the ISO country code. Have you tried fixing that aswell.

 

If I remember rightly unless you have a multi currency agreement with HSBC you can only accept orders in GBP and I think the ISO code must match the UK aswell (Although I may be wrong).

 

Regards

 

Neil Westlake

Link to comment
Share on other sites

You do require to have a Multi-Currency account with HSBC e-Secure in order to be able to accept payments in other currencies. And a Multi-Currency account does not come cheap!

 

There's also the problem of increased risk, because HSBC can only validate House Address and Post code for card-holder addresses within the UK, so for foreign orders the only validation you'd be left with is the Customer Name, Card Number and Expiry Date - which anyone who stole the card would have.

 

I'v been working for some time now with Barclays' ePDQ, HSBC e-Secure and only in the past week have installed Protx Direct for someone. I have to say I have changed my view about Protx - especially their Protx Direct service.

 

The contribution that has been written for it is an excellent piece of coding. The module is completely self-contained, requires no modification of other files, no shared library files, and the customer never leaves your website.

 

The only website requirements are that you must have an SSL connection and cURL must be compiled into PHP.

 

Vger

Link to comment
Share on other sites

Check with HSBC that the hash they have given you is valid. They hav ebeen known to screw up.

 

But before you do that check that you have entered the HSBC Hash Key correctly in your HSBC Payment Module. A common mistake is to enter zeros instead of the letter 'O'. HSBC does not use zeros in their hash keys, so those entries will either be the letter 'o' (lower case) or 'O' (upper case).

 

Vger

Vger, I've just checked with HSBC, and they say there's nothing wrong with the hash key.

They created a hash using some submitted data, and my client's hash key.

I then ran the exact same command as them on the server, and got the same hash as they did.

 

It seems it is just osCommerce that appears to be getting a different hash to the same data hashed by either HSBC or my manually via commandline.

 

Other than setting the currenty to 826 for GBP, and setting the path to the testhash.e file, is there anything else I need to do to the hsbc.php payment module file?

Link to comment
Share on other sites

If the Hash Key is correct and both HSBC and yourself (from the command line) return a valid hash then I can only suggest that you look again at how you have entered the hash key in the HSBC module settings in your osC admin panel. Try removing what you have there and then re-entering it (very carefully).

 

Vger

Link to comment
Share on other sites

If the Hash Key is correct and both HSBC and yourself (from the command line) return a valid hash then I can only suggest that you look again at how you have entered the hash key in the HSBC module settings in your osC admin panel. Try removing what you have there and then re-entering it (very carefully).

 

Vger

Vger, I have just confirmed with HSBC that the hash key is inputted exactly as they have provided it.

I have even overwritten the hsbc.php payment module file with the one from the contribution zip file.

 

I'm still getting the "Hacking attempt!" error.

I am also getting a CPIResultsCode of 10

 

HSBC has advised me that as far as they are aware the problem lies with the module, rather than them.

Link to comment
Share on other sites

It's worth checking this out. HSBC requires that you pass them a session id, because if you don't then they create an id which they pass back to your site - only your site does not recognise that id.

 

So make sure that you have Force Cookie Use set to 'false' in your osCommerce admin panel under Configuration --> Sessions.

 

Vger

Link to comment
Share on other sites

It's worth checking this out. HSBC requires that you pass them a session id, because if you don't then they create an id which they pass back to your site - only your site does not recognise that id.

 

So make sure that you have Force Cookie Use set to 'false' in your osCommerce admin panel under Configuration --> Sessions.

 

Vger

Force Cookie Use is set to False

 

In the hsbc.php payment file, it has

'MerchantData'=>tep_session_id()

 

which looks like it's passing a session id to HSBC in the MerchantData field.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...