Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

I moved my working HSBC setup to a dedicated server, I'm using the IP address to test out the site before going live.

 

My config files use the IP but SSL of course uses the full site name, I am getting Hacking Attempt! (got all right files in CGI Bin + shared lib in /usr/lib).

 

Is this because of the SSL mismatch error that comes up when SSL kicks in? (IP and domain name)

Share this post


Link to post
Share on other sites

Are you getting a padlock? If you're not getting a padlock then HSBC won't work.

 

However, I don't think the 'Hacking Attempt' error will be related to that.

 

When you get to Checkout Confirmation, do a View Source and scroll down to see what's being sent to HSBC, and it's my guess there's no Hash Key there at all.

 

Vger

Edited by Vger

Share this post


Link to post
Share on other sites

Ive been trying to get this Payment Gateway setup for a while, is there a definative guide to setting this HSBC Gateway up?

 

Otherwise can someone PM me regarding setting this system up for me, will pay. Please post your developer flat rate for this job.

 

Cheers.

Edited by drone

Share this post


Link to post
Share on other sites
Please post your developer flat rate for this job.

 

We're not allowed to post such things on the forum. If we did, we'd get banned.

 

Vger

Share this post


Link to post
Share on other sites
We're not allowed to post such things on the forum. If we did, we'd get banned.

 

Vger

 

 

Ah OK, sorry I meant PM me. :)

 

 

How about a definative step by step guide to setup with the current version of the module? That would save me some bucks and make a few very confused users very happy.

Edited by drone

Share this post


Link to post
Share on other sites
Are you getting a padlock? If you're not getting a padlock then HSBC won't work.

 

However, I don't think the 'Hacking Attempt' error will be related to that.

 

When you get to Checkout Confirmation, do a View Source and scroll down to see what's being sent to HSBC, and it's my guess there's no Hash Key there at all.

 

Vger

 

Padlock does show but upon login there is a warning about domain mismatch.

 

On Checkout_confirmation.php I viewed source and saw this:

 

<input type="hidden" name="OrderHash">

 

It is missing the "value" there.

 

As I said is working on the other host but now we are moving the site to a new host. Any ideas how that issue could be resolved?

Share this post


Link to post
Share on other sites

I have noticed an increasing trend amongst hosts to not allow the HSBC files in the cgi-bin to operate - which are written in c++ and contain executable commands. Provided you have testHash.e in the cgi-bin and it has permissions of 755, and the pathway to the cgi-bin is correct (you did change it when you moved hosts?) then you should get a value for the hash.

 

Vger

Share this post


Link to post
Share on other sites

I can confirm that the path in hsbc.php is correct after changing host and that its 755. This is a dedicated server so I have full control over it. The host is 1&1, would they still have access to control testHash.e even though its a dedicated server?

 

The path in hsbc.php is:

 

/var/www/vhosts/domain.co.uk/httpdocs/cgi-bin

 

(domain censored)

 

There is also a cgi-bin outside httpdocs, I've tried this one too but no luck.

Edited by jhdesign

Share this post


Link to post
Share on other sites
The host is 1&1, would they still have access to control testHash.e even though its a dedicated server?

 

I'm assuming that they set the server up for you - so the answer would be 'Yes'.

 

Vger

Share this post


Link to post
Share on other sites

Hi

 

I am installing HSBC and just have a question about ssl certificates - I am on shared server have own ip and just ordering ssl (which i have no knowledge about) my hoster is asking for host name on the application - does the ssl need to be for the whole site or just part and if so which part for this hsbc module - sorry if this sounds dumb but I aint got a clue with ssl.

Thanks in advance!

Carl

Share this post


Link to post
Share on other sites

I think your hosting company is asking if you want the ssl cert made out to www.yourdomain.com or just yourdomain.com

 

Vger

Share this post


Link to post
Share on other sites

I am trying to figure out a way for multi-currencies.

 

What I have done so far is to create copies of the hsbc modules as follow:

 

hsbc_return.php

includes/languages/english/modules/payment/hsbc.php

includes/modules/payment/hsbc.php

 

to

 

hsbc_eu_return.php

includes/languages/english/modules/payment/hsbc_eu.php

includes/modules/payment/hsbc_eu.php

hsbc_eu_return.php

includes/languages/english/modules/payment/hsbc_us.php

includes/modules/payment/hsbc_us.php

hsbc_eu_return.php

includes/languages/english/modules/payment/hsbc.php

includes/modules/payment/hsbc.php

 

I have done a manual editing of each files to replace 'hsbc' to respectively 'hsbc_eu' and 'hsbc_us'

and a fast find/replace for 'HSBC' to 'HSBC_EU' and 'HSBC_US' in each files as well.

 

Now I am trying to write a code that would hide the module if it isn't in it's currency with something like this for the file ''includes/modules/payment/hsbc.php'' line 36:

 

if ($currency_code = 'EUR') {

$this->enabled = false;

}

 

if ($currency_code = 'USD') {

$this->enabled = false;

}

 

and line 16:

 

var $code, $title, $description, $enabled, $currency;

 

 

offcourse it doesn't work but it would be great if someone could help me out here, my php skills fall too short <_< .

Share this post


Link to post
Share on other sites

Ay Caramba... Having read through all posts etc, I can't even get the HSBC Sample to work... I'm running on a Webfusion VPS & have access to everything, but...

 

My error log is telling me that TestHash can't find the .so library, but I've got it loaded in my Root /usr/lib/ & also in the Client /usr/lib/

 

Also, I've got an LD_LIBRARY_PATH entry in .bash_profile (it shows up after an 'env' check in the console) pointing to another copy in the Client lib folder but none of these work!!!

 

Any help or input Most Gratefully received...

Share this post


Link to post
Share on other sites

It's no direct help to you, but I have noticed lots of people having all sorts of problems running osCommerce with Web Fusion hosting on these forums.

 

Vger

Edited by Vger

Share this post


Link to post
Share on other sites

Hmmm... I must admit that their Support has been a bit poor... They told me I could only access restricted Client folders through an SSH console, but it works fine if you drill down through the Root GUI... I guess I'll have to wait until Monday to hassle them on the phone... :-(

 

If I get any joy, I'll certainly post it in here... :-)

Share this post


Link to post
Share on other sites

Oh; & Thanks for replying, Vger!!! I've been reading this Thread for so long I feel as if I've been posting in it, too... My Manners are Shocking... :blush:

Share this post


Link to post
Share on other sites

Ok, i'm at the point where i'm recieving the "The transaction failed because of invalid input data." error.

 

I know that this could be entirely down to the fact that I don't have SSL first. Infact, I know this would cause this error as I have read all 46 pages.

 

But before I spend money on an SSL I would like to see if the below seems correct:

 

I have put the below two lines around this middle line which was already in Jose's hsbc.php file:

 

---------------------------------------------

print "testH=". $cmd;

$ret=exec($cmd, $output);

print "<br>ret=".$ret;

---------------------------------------------

 

And this puts the below next to the Confirm Order button on the final page before HSBC:

 

--------------------------------------------------------------------

testH=/user/homepages/xx/x00000000/htdocs/cgi-bin/TestHash.e "xxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxx" "http://www.domain.co.uk/catalog/checkout_process.php" "http://www.domain.co.uk/catalog/hsbc_return.php" "Website Online Store order" "Order 00000-000000" "500" "826" "UK00000000GBP" "1162308247000" "Auth" "cfea243966be934d4a47d7b860dc6d7f" "99 Something Road" "Somewhere" "826" "Somewhereshire" "Firstname" "Surname" "POST CODE" "me@domain.net" "Something Road" "Somewhere" "826" "Somewhereshire" "Firstname" "Surname" "POST CODE" "T" 2>&1

ret=Hash value: yyyyyyyyyyyyyyyyyyyyyyyyyyy=

---------------------------------------------------------------------

 

Note that I have quite clearly changed several values above to hide data that may be sensitive.

 

The main thing to note is that they part with a lot of X's matches the Hash key specified in the osCommerce HSBC module admin configuration.

 

The part with a lot of Y's matches no key I have been given.

 

So, does anything look correct? Anything look incorrect? Am I insane to be asking this before I have even installed SSL?

 

Fire away!

Share this post


Link to post
Share on other sites

Vger,

 

Can you confirm again:

 

1) That testing from IP (with SSL for a www.domain.com) does not cause any issues?

 

2) That HSBC works with php5?

 

After the server move we are still having issues. Mainly testHash.e not being executed (no hash code in checkout_conformation.php) even though hsbc.php points to the right path.

 

Thanks.

Jacob

Share this post


Link to post
Share on other sites

1. Your checkout pages need to be https (send https headers) to HSBC.

 

2. I don't know if the HSBC module code is PHP 5 compatible. I was not happy with PHP 5 and never implemented it on our servers. It seems this was the right move as PHP is now dropping 5, moving on to 6 and 6 will drop some of the features introduced with 5.

 

Vger

Share this post


Link to post
Share on other sites
Vger,

 

Check the file spiders.txt in the includes directory, look for a line that contains java/, if this exists delete it as this will cause the problem.

 

Regards

 

Neil Westlake

 

 

woohoo :)

 

just fixed an install for me that was working fine apart from the order not being recorded in the DB

 

:D

Share this post


Link to post
Share on other sites

Vger,

 

Downgrading to PHP4 corrected the issue I had. Now I get a has code generated in checkout_confirmation and no longer see the hacking attemp.

Share this post


Link to post
Share on other sites

Very often when hosts upgrade to PHP 5 they also put in place a lot of other restrictions. I think it was probably those that caused the problem, but glad you got it sorted.

 

Vger

Share this post


Link to post
Share on other sites
Hi,

 

I'm sorry if you've answered these questions before, but I'm stuck and can't seem to work ou what I should be doing next.

 

I have installed the following files in /www/cgi-bin and chmoded them to 755

CcOrderHash.e

CcResults.e

TestHash.e

 

libstdc++-libc6.2-2.so.3 was preinstalled in /usr/lib

 

I have installed libCcCpiTools.so in /usr/local/lib (as I do not have the root access required to install it in /usr/lib). As far as I know, this location should be fine.

 

I have rebooted my vs since these file

 

if I execute ./TestHash.e in the shell, I get the error, ./TestHash.e: error while loading shared libraries: libCcCpiTools.so: cannot open shared object file: No such file or directory.

 

Also, trying to process an order online produces he error, Hacking atempt! - orderHash=kbMDLDMchWOeXnfkNvnZ6Z8uFbQ= hash=error while loading shared libraries

 

Any help would be greatly appreciated.

 

Pappa

 

I'm getting the same hash=error while loading shared libraries error since three days ago but my site has been working over the last few weeks and taking orders. The hosting company assure me that nothing has changed on the server and they have also tried reinstalling the .so file to no avail. I've checked that the permissions on the cgi-bin is correct, have https, timeStamp fix has been implemented.

 

Has anyone else had this problem recently? Can anyone suggest anything else I can do?

 

 

Many thanks

Share this post


Link to post
Share on other sites

If HSBC was working and is not working now, and oyu haven't changed anything, then there are only two possibilities.

 

1. There's a problem at the hSBC end of things.

 

2. Your hosting company has changed something but the person you spoke to doesn't know it. This is the most likely possibility. Very often when you are talking to 'Customer Support' or even 'Technical Support' you are talking to some lowly paid person who are reading their answers from a crib sheet on the screen. If it's not in the crib sheet then they don't know anything.

 

Vger

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×