Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Sign in to follow this  
Guest

HSBC secure-epayment module

Recommended Posts

Pappa,

 

If you are doing a test transaction, make sure the total amount of the payment is less then ?1 - anything over that gives that Fraudshield error

 

Thanks Paul, I din't realise that.

 

Pappa

Share this post


Link to post
Share on other sites

Sorry for pestering you all again.

 

I've just tried again, everything goes well as before, but this time, when the user is returned to my site, they receive the message - The transaction was placed in Review state by FraudShield.1. Is this good?

Share this post


Link to post
Share on other sites

Hi Pappa,

that's the message for error9. You can get rid of it by adding 9 to the list of pending error codes in the Payment Modules section of the admin section.

 

Your next problem might be a payment successful screen but orders not registering in oscommerce on return from HSBC. Then you will have caught up with me!

 

Paul

Share this post


Link to post
Share on other sites
Hi Pappa,

that's the message for error9. You can get rid of it by adding 9 to the list of pending error codes in the Payment Modules section of the admin section.

 

Your next problem might be a payment successful screen but orders not registering in oscommerce on return from HSBC. Then you will have caught up with me!

 

Paul

 

Hi,

 

I've tried to process an order with a real card number also, but ths seems to 'hang' the HSBC process at the point when it is checking the card, it just does nothing except state that it is checking the card details.

 

I've now added 9 to the list of Pending Error Codes, but for some reason the order gets set to "On Hold" (not that that's a problem).

 

Pappa

Share this post


Link to post
Share on other sites

I think I've sorted it now. I changed the billing address of the user to a US address when using the 4111* test card number, this worked and set the order status to "processing" in my admin section.

 

I assume all I have to do now is inform HSBC that I'm no longer testing.

 

Thanks to everyone who's pitched in here.

 

Pappa

Share this post


Link to post
Share on other sites

Pappa,

 

Did you have to make any changes to the files checkout_process.php, checkout_success.php and hsbc_return.php to get the orders to show in your database?

Share this post


Link to post
Share on other sites
Pappa,

 

Did you have to make any changes to the files checkout_process.php, checkout_success.php and hsbc_return.php to get the orders to show in your database?

 

 

Only the one change to checkout_process.php quoted in the checkout_process.php.changes.txt file:

1∫. Just one change:

Before the first include, to include the application_top.php, put this line:

if (!empty($_POST['MerchantData']))  $_GET['osCsid']=$_POST['MerchantData']; 

So will look this way:

if (!empty($_POST['MerchantData']))  $_GET['osCsid']=$_POST['MerchantData']; 

include('includes/application_top.php');

The only other things I did was to change the "Set Order Status" to "Processing", and "Pending Error Codes" to "0,9", although on reflection, I suppose this should just be "9". I don't recall making any other changes.

 

Pappa

Share this post


Link to post
Share on other sites

I'm going to ask a really noob question but;

 

to use the HSBC ePayments module is it true you must use an SSL certificate with a dedicated IP?

 

If I wasn't using an SSL would I receive a CPIRESULTSCODE 10?

Share this post


Link to post
Share on other sites

Without ssl you wouldn't even be allowed to connect to HSBC. You can use a shared ssl, though full ssl is preferable - and for a full ssl on a shared server your site needs its own dedicated ip address.

 

Vger

Share this post


Link to post
Share on other sites

I use Network Solutions for hosting. Having got my site ready to go and integrating the HSBC CPI module the hosting company has now said they will not put the so file in the usr/lib directory as it is shared hosting.

 

Grrrrr.....

 

Is there anyway around this ?

 

If not can anyone recommend an ISP that will or has allowed this.

 

Thanks

 

Damian

Share this post


Link to post
Share on other sites

Yes, it needs to be https, but it can be either a full or shared ssl which you use.

 

Vger

Thanks vger. Just thought I'd clear that small doubt up.

 

While you're there can you just confirm then that the page which connects to HSBC from oscommerce must be of the following format;

 

https://www.domain.com/checkout_confirmation.php

Share this post


Link to post
Share on other sites

You can change the pathway to it in the includes/modules/payment/hsbc.php file. Look at the pathway to the cgi-bin and try replicating that.

 

Vger

I use Network Solutions for hosting. Having got my site ready to go and integrating the HSBC CPI module the hosting company has now said they will not put the so file in the usr/lib directory as it is shared hosting.

 

Grrrrr.....

 

Is there anyway around this ?

 

If not can anyone recommend an ISP that will or has allowed this.

 

Thanks

 

Damian

Share this post


Link to post
Share on other sites

Hi all,

 

I need a bit of a hand!

 

I've setup and installed the HSBC files on my server, and thats working fine.

 

Now when I try testing the HSBC module, it comes back with Hacking attempt.

 

I've done a bit more of an investigation, and it seems that I am getting a response back from HSBC (by echoing out $_POST) and its generating error 12.

Anyway, my question is that $_POST['OrderHash'] does not exist, and this is what is causing the Hacking Attempt error.

So, does this mean that $_POST['OrderHash'] is not being returned from HSBC? Is it not being returned because of the error (error 12)?

 

Any thoughts on this?

 

Also, while I'm here - we're not running on a secure server at the moment - would this cause a problem? <_<

Share this post


Link to post
Share on other sites
Also, while I'm here - we're not running on a secure server at the moment - would this cause a problem?

 

If you had bothered to read HSBC's Secure ePayments Terms and Conditions you'd know that you can only connect to HSBC on a secure connection. If that seems harsh, it's a basic requirement and you should know it.

 

Vger

Share this post


Link to post
Share on other sites
If you had bothered to read HSBC's Secure ePayments Terms and Conditions you'd know that you can only connect to HSBC on a secure connection. If that seems harsh, it's a basic requirement and you should know it.

 

Vger

 

Cheers for that - I'm aware that HSBC stipulate a sercure connection, but as the site is still in development, I've not got a certificate sorted yet. I was purely wondering whether it is possible to communicate with HSBC without a certificate? Will it operate with a certificate that has not been signed by an official certification authority?

 

Regards,

 

Mark

Share this post


Link to post
Share on other sites
Guest

Having seen all the problems encountered by people with this contrib, I opted instead to use the contrib recommened by Ted Doyle in this post:

 

http://forums.oscommerce.com/index.php?s=&...st&p=934997

 

Use the contribution from DownHome Consulting:

 

http://www.downhomeconsulting.com/Downloads/downloads.php

 

It worked first time out of the box! It's not truly open-source as it uses some form of encryption - but hell it works like a dream.

 

Regards

Share this post


Link to post
Share on other sites

Yeah, you can trust a download from a site with this on the page!

 

db: could not connect to the database server (dev.dhwd.com, project).

 

db: bad SQL query: SELECT vars.id FROM u_Session AS sess, u_Session_vars AS vars WHERE sess.id = vars.session AND sess.LastAction < 1160547480

 

 

db: bad SQL query: DELETE FROM u_Session WHERE LastAction < 1160547480

 

 

db: bad SQL query: UPDATE u_Session SET userID = NULL WHERE LastAction < 1160547480

 

 

db: bad SQL query: SELECT * FROM u_Session WHERE id = '0MV3r6quADMSZakd8shl'

 

 

db: bad SQL query: INSERT INTO u_Session VALUES ('0MV3r6quADMSZakd8shl',1160569080,'195.137.4.162',NULL)

 

Error: Can't create session cookie

db: bad SQL query: SELECT DATE_FORMAT(news_date, '%c/%e/%y') AS fmt_date, p.* FROM project p WHERE news_inactive <> '1' AND (news_summary <> '' OR news_story <> '' ) ORDER BY news_date DESC LIMIT 4

 

Vger

Share this post


Link to post
Share on other sites
Guest
OK you need to give the cmd.exe read and execute privilages via the internet guest user. After you have done this your error message will transform from the infamous "unable to fork" to the more famous "hacking attempt"

 

I'm trying to get this working on a shared windows server and don't seem to be able to get beyond this - my hosts say they can't relax the permissions on cmd.exe because it's a shared server. Although they tantilisingly add that they have other customers using osCommerce and the HSBC payment gateway on their shared windows servers.

 

Anyone got any idea how to do this?

Share this post


Link to post
Share on other sites
Although they tantilisingly add that they have other customers using osCommerce and the HSBC payment gateway on their shared windows servers.

 

Yeah, I bet they did. I could even bet on who they are.

 

Give up now - save yourself a load of grief. Use a host with servers that actually support running HSBC Secure e-Payments.

 

Vger

Share this post


Link to post
Share on other sites
Guest
Give up now - save yourself a load of grief. Use a host with servers that actually support running HSBC Secure e-Payments.

 

If only it were that simple ;) I've inherited a site written in ASP, which kind of limits my options a bit regarding hosts.

 

Since the only way I could get the TestHash thing working was by using the asp version supplied by HSBC it looks like I'm going to have to write an ASP script to generate the hash and ammend the hsbc.php payment module to use that instead of running the testhash.exe directly.

 

I think it should be possible...

Share this post


Link to post
Share on other sites
I've inherited a site written in ASP

 

Okay - so why are you posting questions on the osCommerce forum?

 

Vger

Share this post


Link to post
Share on other sites
Guest
Okay - so why are you posting questions on the osCommerce forum?

 

Vger

 

Because I'm trying to get osCommerce to work.

Share this post


Link to post
Share on other sites
Guest

Can anyone help, think I have the path wrong somehow, here is the hacking attempt reply:

 

Hacking atempt! - orderHash=nOPIA4VGVCboUr8ANBdmjYuS8/0= hash=/home/virtual/thomaswilsondesign.co.uk/var/www/cgi-bin/TestHash.e

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×