Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

Josh,

 

What's wrong with the order ID? When I looked into this query before I couldn't find a problem.

 

 

Let me know, I'll look into it.

 

 

Regards

 

 

Neil Westlake

 

PS. If anyone needs to see the HSBC module working, you can access my test server at: http://neil.redirectme.net/catalog/.

 

You can place an order using the card number 4111 1111 1111 1111 and any expiry date. The CPI is in test mode so none of the transactions will be processed.

Share this post


Link to post
Share on other sites

Sorry ignore that last bit in my post about using my test server, because the certificate is not registered to that domain, it doesn't display the secure pages outside my internal network.

 

Sorry.

 

 

Neil

Share this post


Link to post
Share on other sites

Neil,

 

The problem I have with the order ID is that the one seen at HSBC - the long one, is not used in the email that is sent or the order history. The number used for the email/order history seems to be a stadard mysql auto_increment. Therefore if a user has a query about an order and they didn't write down the one they saw at HSBC it means we'll have to track back and see which order with a HSBC number corresponds to the OSC order number the are sent with their email.

 

That aside its working well, thanks for all your help.

 

Oh one other thought, anyone using multiple currencies? If so whats the best way to do it? As you are given different hash keys is adding other instances of the module the only way?

 

Thanks again

 

Josh

Share this post


Link to post
Share on other sites

Hi again,

 

I'm now testing it online and the order ID problem seems to be ok (in the emails that are sent) BUT when i click close from HSBC it redirects to an empty shopping cart with no comformation of the order. Any ideas?

 

Josh

Share this post


Link to post
Share on other sites
Neil,

 

The problem I have with the order ID is that the one seen at HSBC - the long one, is not used in the email that is sent or the order history. The number used for the email/order history seems to be a stadard mysql auto_increment. Therefore if a user has a query about an order and they didn't write down the one they saw at HSBC it means we'll have to track back and see which order with a HSBC number corresponds to the OSC order number the are sent with their email.

This is still the case for me too - but the only way round I can see is for HSBC not to display the transaction confirmation page to the customer but to proceed back to OSC for confirmation.

 

I dont understand why hsbc has to get involved with order ids, surely thats the job of a shopping cart!?!?

 

Simon.

Share this post


Link to post
Share on other sites

Does it have something to do with the fact that the order id field is an INT and the orderID has a "-" in it? I've tried changing the order id field to varchar but this with have repercussions on other payment modules as you can't auto_increment a varchar.

 

That issue aside has anyone got ideas regarding my other problem. Sorry to winge on but its driving me mad! :angry:

 

What happens is this - goes through the HSBC CPI fine, goes to hsbc_return.php then suddenly ask if i want to go to a non ssl page and fires me to an empty chopping cart. Whats wrong?

 

I've fiddled with hsbc_return.php, checkout_process.php cookie settings but no joy. I'm sure it's just one line of code or something small but i don't know what. Help!

 

Thanks

Josh

Share this post


Link to post
Share on other sites

Josh,

 

The problem lies in the hsbc_return.php file, PM me the last 20 or so lines and I'll have a look for you.

 

 

Neil

Share this post


Link to post
Share on other sites

Ok hopefully this will cure the orderID problem, I can now see what the problem is. If a customer submits an order using the e-commerce CPI, the last page displays a confirmation, in this confirmation is states that if the customer has any queries they should use the following order number.

 

The number it gives is generated by the hsbc payment module and not osc, so in turn the order number doesn't tie up with the order number on the admin page.

 

I can understand why the developer of the hsbc module done it this way, the hsbc cpi needs an order no, but osc doesn't generate this number until the order is finalised, hence the problem.

 

So my solution uses the hsbc module order number as the order id for both the hsbc cpi and the admin/customer order number. The only problem was I had to shorten it because the original order number is defined as a integer which only holds 10 digits, and the generated number was 13 digits long.

 

Enough explaining, heres the solution: (hopefully!)

 

*** Remember to backup before making any changes!! ***

 

Checkout_success.php

 

Line 90: <?php echo tep_draw_form('order', tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'action=update', 'SSL')); ?>

 

to: <?php echo tep_draw_form('order', tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'action=update', 'NONSSL')); ?>

 

hsbc_return.php

 

Line 66: tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', true));

 

to: tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false).'?osCsid='.$MerchantData.'&orderid='.$GLOBALS["OrderId"]);

 

hsbc.php

 

Line 360:

//Generation of the order_id

srand ((float) microtime() * 10000000);

$r1 = rand(100,999);

$t1 = date("yzhis");

 

to:

//Generation of the order_id

$r1 = rand(1,9);

$t1 = date("zHis");

$sequence = $t1.$r1;

 

checkout_process.php

Line 61:

Add: if (!$orderid)

{

//Generation of the order_id

$r1 = rand(1,9);

$t1 = date("zHis");

$insert_id = $t1.$r1;

}

else

{

$insert_id = $orderid;

}

 

Line 116:

Proceed both lines with //

$insert_id = tep_db_insert_id();

if (!empty($_POST['OrderId'])) $insert_id=$_POST['OrderId'];

 

Sorry if this is a little hard to understand, but if you have any comments or bugs, post them here.

 

Thanks

 

Neil Westlake

Share this post


Link to post
Share on other sites

Oops,

 

One last thing I forgot, you'll need to run this mySQL queries:

 

ALTER TABLE `orders` CHANGE `orders_id` `orders_id` INT(11) NOT NULL;

 

This stops it auto incrementing, not sure if it's necessary, but just in case.

 

Neil

Share this post


Link to post
Share on other sites

Hi Guys,

Just a quick follow up to my previous post. I dont know if i am stating the obvious but the reason I couldnt get through to the hsbc site as a customer on your websites was that I am running IE v5.0, which as standard is only capable of 40-bit security. This is very easily upgraded with the increased security patch but I would still be interested to know how many customers you are losing as a result of this.

May I suggest pointing this out to customers on your payment pages and/or placing a link through to the IE patch.

I guess now I am aware of the above I will once again have to ponder the pros and cons of getting this mod implemented!!

All the best with your own work,

Richandzhaoyan


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites
The number it gives is generated by the hsbc payment module and not osc, so in turn the order number doesn't tie up with the order number on the admin page.

 

I can understand why the developer of the hsbc module done it this way, the hsbc cpi needs an order no, but osc doesn't generate this number until the order is finalised, hence the problem.

Hi Neil, I'm afraid I can't help you with the code (which is why I paid Jose to do it for me ;) ) but the order number is generated by osC before passing to HSBC because I found that many customers were seeing the final screen of HSBC where it says the transaction is complete & not returning to my site.

 

The dash in the order number is because of the random order number contribution. I believe Jose posted about what to change a few pages back.

 

hth

FRM


I've had 3 children.........how hard can this be???

Share this post


Link to post
Share on other sites

Hi

 

I've managed to get the module working now and its great.

 

Next question, does anyone have it working with multiple currencies? The problem is that HSBC supply you with different CPI Hash Keys for each currency and only one hash key can be entered in the module options. Does this mean that I will have to create three seperate instances, one for each currency?

 

Any thoughts welcome

 

cheers

 

Josh

Share this post


Link to post
Share on other sites

Hi All

 

I'm having the same trouble Josh was having a little while back - namely that you go through the CPI OK, click close and it fires me into an empty shopping cart, ad the order is not added to my orders table.

 

Josh, how did you manage to fix that?

 

At the moment in my hsbc_return.php I have this redirect:

tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL', false).'?osCsid='.$_POST["MerchantData"]);

I've also tried it with

tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL', true);

 

Anyone got any idea why it goes to the empty shopping cart?

 

Thanks

Tim

Share this post


Link to post
Share on other sites

Tim,

 

I solved this problem by changing the hsbc_return.php back to the orginal

if ($order_hash!=$hash) die ("Hacking atempt! - orderHash=".$order_hash." hash=".$hash);
 
  	 $CpiResultsCode=$_POST['CpiResultsCode'];
 
  	 if ($CpiResultsCode=='0') 
  	 {
 
 tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));

 }

 

The order will still get processed as hsbc.php tells it to. However, if you want the orders to be submitted to oscommerc (which obviously you do :) ) then you need to add Neils order id fix with one slight alteration.

 

In checkout_process.php

 

change

  $sql_data_array = array('orders_id'=>$insert_id,     
         'customers_id' => $customer_id,

to

//Neils order id fix
if (!$orderid)
{//Generation of the order_id 
$r1 = rand(1,9);
$t1 = date("zHis");
$insert_id = $t1.$r1;
}
else
{
$insert_id = $orderid;
}
 $sql_data_array = array('orders_id'=>$insert_id,     
         'customers_id' => $customer_id,

 

That worked for me.

 

Regards Josh

Share this post


Link to post
Share on other sites

Thanks Josh, I'm getting there now. My orders generated with Neil's fix now appear in the database, although they still won't show up in the admin section of the OSC.

 

However, with an HSBC order I'm still getting dumped back to an empty shopping cart after the order. I belive this must be smething to do with these line in checkout_success.php:

// if the customer is not logged on, redirect them to the shopping cart page
 if (!tep_session_is_registered('customer_id')) {
   tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
 }

So I guess it thinks the returning customer isn't registered. I'll try again with the

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', true));

or

tep_redirect(tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

 

lines and hopefully get somewhere.

 

Cheers

Tim

Share this post


Link to post
Share on other sites

Tim this was the exact problem i was having.

 

I thought it was

// if the customer is not logged on, redirect them to the shopping cart page
if (!tep_session_is_registered('customer_id')) {
? tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
}

too, but even commenting it out didn't work. This meant it was going wrong elsewhere.

 

This is what fixed it for me -

 

Change

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', true));

 

 

to

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));

 

(in hsbc_return.php)

 

and give it a try.

 

 

 

 

Josh

Edited by magicman

Share this post


Link to post
Share on other sites

Josh

 

That's exactly what I have in there at the moment. I agree it's something to do with that line but for some reason it ain't working for me.

 

I'll continue to have another play and hopefully come up with the answer.

 

Do your orders with the long orderID show up in the admin orders page? Mine are in the DB but the orders page doesn't show them.

 

Just another problem t add to the list.

 

Cheers

Tim

Share this post


Link to post
Share on other sites

Hi Tim

 

Yeah my orders with the long id are in the admin/orders section.

 

I just noticed a slight mistake in the earlier fix

on line 67 in checkout_process.php

change

  $sql_data_array = array(          'customers_id' => $customer_id,

 

to

 $sql_data_array = array('orders_id'=>$insert_id,     
  	 'customers_id' => $customer_id,

 

This inserts the generated order id into orders.

 

Hope it helps, unless you've already done this in which case, sorry.

 

 

Are the emails being sent? What do the orders look like in the db?

 

Josh

Share this post


Link to post
Share on other sites

Josh

 

I spotted that mistake in the earlier fix. What I didn't spot was the last instruction on Neil's random orderID mod that tells you to comment out 2 lines around line 116 in checkout_process.php. I've done that now and the orders show up in the admin section.

 

For the second problem I've changed the redirect to

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

This works OK now so I think I'm there. Everyhting seems to be working. I'll make a few extra orders just to check it over but I think It's all OK now.

 

Thanks very much Josh, Neil, for your help, and of course Freerangemum and Jose for posting the mod in the first place.

 

Cheers

Tim

Share this post


Link to post
Share on other sites

can confirm I have everything working too - thanks to everyone for this contribution :D

 

For those FreeBSD users out there, HSBC are going to be supporting it. They are currently testing the module and will be available in a few months.

 

I will say however the more people that tell HSBC about problems to their system the more they WILL listen or so i've been told and this FreeBSD is proof....

 

I'm still thinking they should allow murchants to opt out of using their "web" api and do it behind the scenes so the customer dont see HSBC at all - any thoughts on this??

 

 

Simon.

Share this post


Link to post
Share on other sites

Hi

 

Has anyone else tested the HSBC pages with the Safari browser on the Mac? I had a tester fail to complete checkout using Safari 1.02 and we're pretty sure it's an issue with HSBC's pages.

 

I informed them and they said they haven't tested their site with Safari. Hopefully they'll look onto the problem, but if anyone else has the same problem, like Simon says, the more that tell HSBC of the problems the more likely they are to fix it.

 

Personally I'm happy for my customers to see HSBC. I think a big name like that can give customers a little bit of extra confidence - one reason why I chose them in the first place.

 

I think you can choose to take the card details yourself and still get HSBC to process the payments though.

 

Regards

Tim

Share this post


Link to post
Share on other sites

Hi

 

Just to let people know, if you have the hsbc mod working (including the random order number mod) and you want to use paypal IPN as well you need to make the following changes to catalog/ipn.php

 

(This for version 1.7 of PayPal_Shopping_Cart_IPN):

 

Around line 70 you have:

 $order_totals = $order_total_modules->process();

$sql_data_array = array('customers_id' => $customer_id,

 

Change to

$order_totals = $order_total_modules->process();

if (!$orderid)
{//Generation of the order_id 
$r1 = rand(1,9);
$t1 = date("zHis");
$insert_id = $t1.$r1;
}
else
{
$insert_id = $orderid;
}
 $sql_data_array = array('orders_id'=>$insert_id,     
              'customers_id' => $customer_id,

 

Search for:

$insert_id = tep_db_insert_id();

 

and comment out the line so it looks like

 

//$insert_id = tep_db_insert_id();

 

This is basically a repeat of what was done to the checkout_process.php for the random order id.

 

Hope it helps

 

Tim

Share this post


Link to post
Share on other sites

HOSTING THAT WORKS WITH TESTHASH.E

 

I need to move a clinet of his current hosting on a shared raq4 to shared Linux hosting which definately works with the testhash.e file.

 

Can anyone recommend anything?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×