Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

You are not going to get this to work unless you have the right files in the right place. Some of this is down to you, some of it is down to your hosting company.

 

1. You need to place the following files in the cgi-bin and set to 755 permissions:

CcOrderHash.e

CcResults.e

TestHash.e

2. Your web hosting company must have these files in the Shared Library folder:

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

Share this post


Link to post
Share on other sites

Hi,

 

If they don't match then that's the problem. The hacking attempt it only displayed if either the hash doesn't match or doesn't get generated (which is basically the same thing as it doesn't match).

 

It's not uncommon for HSBC to issue incorrect HASH keys, check to make sure the hash key you entered is exactly the same as the one provided by HSBC as even a one character difference will cause this problem.

 

Neil Westlake

Share this post


Link to post
Share on other sites

Hi,

 

I have got fraudshield problems. Everything appears to work fine up to the point where I am returned from HSBC to my site. Then all transactions are rejected with the message ?The transaction was rejected by Fraudshield.?

 

I have tried the 4111 test card number and various real card numbers and all the addresses have a number in the first line, but I always get the same result. Does anyone know what triggers fraudshield, I am struggling to know where to start!

 

Regards

Paul

Share this post


Link to post
Share on other sites
Hi,

 

If they don't match then that's the problem. The hacking attempt it only displayed if either the hash doesn't match or doesn't get generated (which is basically the same thing as it doesn't match).

 

It's not uncommon for HSBC to issue incorrect HASH keys, check to make sure the hash key you entered is exactly the same as the one provided by HSBC as even a one character difference will cause this problem.

 

Neil Westlake

 

Neil,

 

I've added the orderHash code and this does not match the Hash Key in my HSBC module setup, does this mean that my Hash Key is incorrect?

 

I get this: Hacking atempt! - orderHash=x/a8oTp8HwS6ERTTqX0Ps/6Qcts= hash=line 1

 

still trying to find out if host has all the shared libraries needed.

 

jacob

Share this post


Link to post
Share on other sites

Following our server being rebooted we're getting hacking attempt warnings coming up (except that I've edited the text so its less scary for customers). Since it was previously functioning I know that the hash key is ok, so what else could be causing the problem?


I've had 3 children.........how hard can this be???

Share this post


Link to post
Share on other sites

Lynda,

 

We had a similar problem a while ago when one of servers rebooted the time was an hour out.

 

Check to make sure the time on the server is correct as HSBC only allow a 1 hour difference.

 

Saying that, this normally causes an invalid data error.

 

Neil Westlake

Share this post


Link to post
Share on other sites

Lynda - just Rebooted? or Restored? If Restored then the necessary shared library files may no longer be in place - if they were not a default part of the shared library files originally.

 

Rhea

Edited by Vger

Share this post


Link to post
Share on other sites
You are not going to get this to work unless you have the right files in the right place. Some of this is down to you, some of it is down to your hosting company.

 

1. You need to place the following files in the cgi-bin and set to 755 permissions:

CcOrderHash.e

CcResults.e

TestHash.e

2. Your web hosting company must have these files in the Shared Library folder:

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

 

Vger

 

My host installed:

/usr/lib/libstdc++-libc6.2-2.so.3

and libCcCpiTools.so in /public_html/cgi-bin <- is this the correct location.

 

I'm still getting hacking attempt.

 

Jacob

Share this post


Link to post
Share on other sites
is this the correct location

 

No. They should be in the Shared Library folder.

 

Vger

Share this post


Link to post
Share on other sites
You are not going to get this to work unless you have the right files in the right place. Some of this is down to you, some of it is down to your hosting company.

 

1. You need to place the following files in the cgi-bin and set to 755 permissions:

CcOrderHash.e

CcResults.e

TestHash.e

2. Your web hosting company must have these files in the Shared Library folder:

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

 

Vger, if you pick up on this, am I right to avoid HSBC's suggestions about putting a LD_LIBRARY_PATH in the init, and therefore, at least on a fedora/redhat system will simply placing the gcc files in /usr/lib suffice, or do we need to path that in the mod's php itself?

 

Then what do we do with the putenv for LD_LIRARY_PATH in the module itself? Just nuke it?

 

Gettin' kinda puzzled here.

 

Tks.


"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

B. Franklin

Share this post


Link to post
Share on other sites

Ted,

 

If you don't have control over the server and the PHP setup allows it then you must use the

putenv("LD_LIBRARY_PATH=$path");

statment.

 

Regards

 

Neil Westlake

 

By the way, you only need to use libCcCpiTools.so and testhash.e.

Edited by ribs

Share this post


Link to post
Share on other sites

I did everything that was needed but still get hacking attempt. Willing to pay someone for help in order to get this working once and for all.

Share this post


Link to post
Share on other sites
Ted,

 

If you don't have control over the server and the PHP setup allows it then you must use the

putenv("LD_LIBRARY_PATH=$path");

statment.

 

Regards

 

Neil Westlake

 

By the way, you only need to use libCcCpiTools.so and testhash.e.

 

Thanks, Neil

 

I've settled for that. Now the sample.html file is producing an order hash, but i keep getting an error 12, (store details). So I assume there is a store ID/supplied hash problem?

 

 

Tks


"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

B. Franklin

Share this post


Link to post
Share on other sites

More on the above. According to HSBC the hash being received by them from the test page does not match the outgoing url. I assume they are using the url as part of the hashing process?

 

I am seriously puzzled by this statement by a person from the sub continent. Can you enlighten me at all?


"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

B. Franklin

Share this post


Link to post
Share on other sites

And finally a little light:

 

traps fr young players number 20067776: just because phpinfo reports every hashing engine known to man as being installed and active, doesn't meant the mcrypt library is in the server's lib directory. CHECK CHECK CHECK!!!

 

Further the subcontinental advice turned out to mean that we were not sending a hash at all, but instead sending the path to 'TestHash-e' where we should have been sending a hash.

 

This is still occuring. Any ideas???


"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

B. Franklin

Share this post


Link to post
Share on other sites

Ok, here 'tis. First it seems some of the dependency libraries that load with mcrypt and its kin were needed so even though mcrypt wasn't, by installing it and restarting Apache things got a little better, (the sample html page started outputting a hash). But I still couldn't get past the blasted "hacking attempt" response on the site and couldn't get a hash match. So I downloaded the hsbc contrib from downhome consulting, which does use mcrypt algos and it worked straight out of the box, just like it said on the tin.

 

It may be that the hashing routines in v3.0 and V3.1 don't work properly on servers running virtual sites (can't think why and have no time to mess around with the chicken's entrails that comprise our virtuals).

 

But if anyone can't get a result with the hsbc conrib, try this one.


"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

B. Franklin

Share this post


Link to post
Share on other sites
You are not going to get this to work unless you have the right files in the right place. Some of this is down to you, some of it is down to your hosting company.

 

1. You need to place the following files in the cgi-bin and set to 755 permissions:

CcOrderHash.e

CcResults.e

TestHash.e

2. Your web hosting company must have these files in the Shared Library folder:

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

Vger

 

Where exactly do I get the above files from? Do I need to request them from HSBC, or do I need to write them myself based on the examples in the CPI Integration Guide?

 

Thanks,

 

Pappa

Edited by Pappa

Share this post


Link to post
Share on other sites
I'm looking for the HSBC contribution which used mhash and mcrypt but I cant find it on the contributions list. Has any still got a copy?

 

Thanks

Stephen Weir

 

try this

 

http://forums.oscommerce.com/index.php?s=&...st&p=934997


"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."

B. Franklin

Share this post


Link to post
Share on other sites

I currently have the mhash, mcrypt version of the HSBC CPI payment method installed on one of my clietns sites. The client wishes to use the HSBC API - is there anyone out there that could point me in the right direction or assist in the work.

 

The site is on a dedicated server and it's fairly busy.

 

Thanks

 

ANdy

Share this post


Link to post
Share on other sites

Hi,

 

I'm sorry if you've answered these questions before, but I'm stuck and can't seem to work ou what I should be doing next.

 

I have installed the following files in /www/cgi-bin and chmoded them to 755

CcOrderHash.e

CcResults.e

TestHash.e

 

libstdc++-libc6.2-2.so.3 was preinstalled in /usr/lib

 

I have installed libCcCpiTools.so in /usr/local/lib (as I do not have the root access required to install it in /usr/lib). As far as I know, this location should be fine.

 

I have rebooted my vs since these file

 

if I execute ./TestHash.e in the shell, I get the error, ./TestHash.e: error while loading shared libraries: libCcCpiTools.so: cannot open shared object file: No such file or directory.

 

Also, trying to process an order online produces he error, Hacking atempt! - orderHash=kbMDLDMchWOeXnfkNvnZ6Z8uFbQ= hash=error while loading shared libraries

 

Any help would be greatly appreciated.

 

Pappa

Share this post


Link to post
Share on other sites

After re-reading through parts of this thread again, I copied libCcCpiTools.so to my cgi-bin (as I'll have to wait until Monday for my host to copy it to /usr/lib anyway).

 

Now, everything goes swimingly through the HSBC secure epayments site, but when the payement is finally about to be confirmed the user is returned to my site and is given the error message The transaction was rejected by FraudShield.

 

???

 

Thanks,

 

Pappa

Share this post


Link to post
Share on other sites

Pappa,

 

If you are doing a test transaction, make sure the total amount of the payment is less then ?1 - anything over that gives that Fraudshield error

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×