Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

You need to update the version of osCommerce you are using, and fix this problem especially:

 

Order Status Filtering

http://www.oscommerce.com/community/bugs,1543

------------------------------------------------------------------------------

 

Problem:

 

After changing the order status filtering on the Administration Tool -> Customers -> Orders page, selecting "All Orders" would show an empty listing of orders.

 

Solution:

 

Line 357 in catalog/admin/orders.php must be changed from:

 

} elseif (isset($HTTP_GET_VARS['status'])) {

 

to:

 

} elseif (isset($HTTP_GET_VARS['status']) && is_numeric($HTTP_GET_VARS['status']) && ($HTTP_GET_VARS['status'] > 0)) {

 

Vger

Share this post


Link to post
Share on other sites
You need to update the version of osCommerce you are using, and fix this problem especially:

Vger

 

fantastic thanks, thats sorted it! Oh happy day...

Share this post


Link to post
Share on other sites
Ok now I'm puzzled, made those changes and payment with a real card, but still not getting the order showing up in admin OR the database. Strange...

 

Thanks anyway

J

I'm still struggling along with this module. I have it taking orders and posting correctly to HSBC and returning to the successful order page. However no orders are being posted back into oscommerce admin or the database. Can anyone suggest anything I'm really desparate now.¿?

 

J

Share this post


Link to post
Share on other sites

I have been trying to install hsbc for a while with no luck from my host provider to add the hsbc files to the shared server, therefore can anyone recomend to me an hosting package or even a dedicated/virtual server that is good value and also works with php4.

 

thanks

carl

Share this post


Link to post
Share on other sites
I have been trying to install hsbc for a while with no luck from my host provider to add the hsbc files to the shared server, therefore can anyone recomend to me an hosting package or even a dedicated/virtual server that is good value and also works with php4.

 

thanks

carl

 

If you have a cgi-bin and your host runs linux this may work for you, it did for a 'me2uweb' hosted site.

 

Check you are running on a linux server, Admin -> Tools -> Server Info, system info should have a version like 2.6.xx

 

Copy the TestHash.cgi, libCcCpiTools.so into the cgi-bin, obtain a copy of libstdc++-libc6.2-2.so.3 and put that in, I had it on another server, can email it if you contact me direct.

 

Set the files to be executable, 755 should do it.

 

Make the hsbc.php look like this

 

  
	//Path where the TestHash.e executable is located
	$path='/home/this_will_be_your_path/cgi-bin';	

	putenv("LD_LIBRARY_PATH=$path");

	//Executes the TestHash to get the hash
	$cmd="$path/TestHash.cgi \"".MODULE_PAYMENT_HSBC_HASH."\" $cmd";

 

For dedicated servers memset are excellent, me2uweb are ok.

Share this post


Link to post
Share on other sites
If you have a cgi-bin and your host runs linux this may work for you, it did for a 'me2uweb' hosted site.

 

Check you are running on a linux server, Admin -> Tools -> Server Info, system info should have a version like 2.6.xx

 

Copy the TestHash.cgi, libCcCpiTools.so into the cgi-bin, obtain a copy of libstdc++-libc6.2-2.so.3 and put that in, I had it on another server, can email it if you contact me direct.

 

Set the files to be executable, 755 should do it.

 

Make the hsbc.php look like this

 

  
	//Path where the TestHash.e executable is located
	$path='/home/this_will_be_your_path/cgi-bin';	

	putenv("LD_LIBRARY_PATH=$path");

	//Executes the TestHash to get the hash
	$cmd="$path/TestHash.cgi \"".MODULE_PAYMENT_HSBC_HASH."\" $cmd";

 

For dedicated servers memset are excellent, me2uweb are ok.

 

Thanks Martin - I have placed in the above, i now dont get the hacking attempt. On confirming the order i go through to a page titled CPI Thankyou it then comes up with " security alert - redirection to a page that is not secure notice" with https://......./hsbc_return.php page opening - so maybe my configure file is not set up correct...

If i then click continue it takes me back to my site???

 

any ideas?

Edited by angelbud

Share this post


Link to post
Share on other sites

libstdc++-libc6.2-2.so.3 (Shared Library folder)

TestHash.e (cgi-bin)

CcOrderHash.e (cgi-bin)

CcResults.e (cgi-bin)

 

Vger

Share this post


Link to post
Share on other sites
libstdc++-libc6.2-2.so.3 (Shared Library folder)

 

Vger

 

If you can't get your provider to put this in the systems shared lib it seems to work in the cgi-bin.

 

Martin

Share this post


Link to post
Share on other sites
Thanks Martin - I have placed in the above, i now dont get the hacking attempt. On confirming the order i go through to a page titled CPI Thankyou it then comes up with " security alert - redirection to a page that is not secure notice" with https://......./hsbc_return.php page opening - so maybe my configure file is not set up correct...

If i then click continue it takes me back to my site???

 

any ideas?

 

Does the order show in HSBC? if yes I reckon your TestHash.cgi is fine and you're probably right about the config. I'm sure Vger has posted example config setting on the forum, try searching for https on this forum.

 

A good way to see the hash and data going up to HSBC is to view source on the confirm order screen, there's a really long line with all the form data that goes off to HSBC. I think you'll see the return address in there.

 

Also if the TestHash.cgi is working it proves that dropping the shared lib in the cgi-bin does work ok :-))

 

Martin

Share this post


Link to post
Share on other sites
I'm still struggling along with this module. I have it taking orders and posting correctly to HSBC and returning to the successful order page. However no orders are being posted back into oscommerce admin or the database. Can anyone suggest anything I'm really desparate now.¿?

 

J

 

 

this happened to me until i removed "java" from my spiders.txt file :)

Share this post


Link to post
Share on other sites
this happened to me until i removed "java" from my spiders.txt file :)

 

I dont think there is any java in my includes/spiders.txt file all i see is the following;

$Id: spiders.txt 6137 2005-05-10 12:59:09Z jim $

almaden.ibm.com

appie 1.1

architext

ask jeeves

asterias2.0

augurfind

baiduspider

bannana_bot

bdcindexer

crawler

crawler@fast

docomo

fast-webcrawler

fluffy the spider

frooglebot

geobot

googlebot

gulliver

henrythemiragorobot

ia_archiver

infoseek

kit_fireball

lachesis

lycos_spider

mantraagent

mercator

moget/1.0

muscatferret

nationaldirectory-webspider

naverrobot

ncsa beta

netresearchserver

ng/1.0

osis-project

polybot

pompos

scooter

seventwentyfour

sidewinder

sleek spider

slurp/si

slurp@inktomi.com

steeler/1.3

szukacz

t-h-u-n-d-e-r-s-t-o-n-e

teoma

turnitinbot

ultraseek

vagabondo

voilabot

w3c_validator

zao/0

zyborg/1.0

 

is there anything I should be removing here??

Share this post


Link to post
Share on other sites
Thanks Martin - I have placed in the above, i now dont get the hacking attempt. On confirming the order i go through to a page titled CPI Thankyou it then comes up with " security alert - redirection to a page that is not secure notice" with https://......./hsbc_return.php page opening - so maybe my configure file is not set up correct...

 

I noticed that when I am returned to my site from HSBC the following appears in the browsers adddress bar:

https://web24.secure-secure.co.uk/buzzstuff.co.uk/checkout_success.php?osCsid=38ed3d65c3c41fc0f6f771bb9a0538db

 

Should it be returning to hsbc_return.php instead. Could this explain why orders are not being posted in the database or admin area?? and if so where do I change this???

 

J

Share this post


Link to post
Share on other sites
I noticed that when I am returned to my site from HSBC the following appears in the browsers adddress bar:

https://web24.secure-secure.co.uk/buzzstuff.co.uk/checkout_success.php?osCsid=38ed3d65c3c41fc0f6f771bb9a0538db

 

Should it be returning to hsbc_return.php instead. Could this explain why orders are not being posted in the database or admin area?? and if so where do I change this???

 

J

 

There may be another reason why orders aren't showing up, the checkout_success.php is called by hsbc_return.php so that might be ok. Check the return url by looking at the page source on the confirm order page, if you have your configuration correct you will see the right return url. If your have the right return url then you may find there's a problem with the hsbc_return.php.

 

You should see something like this in the source along with all the other data that gets sent to hsbc, this is built from the contents of the config file.

 

name="CpiDirectResultUrl" value="https://web24.secure-secure.co.uk/buzzstuff.co.uk/checkout_process.php">

 

My hsbc_return.php looks like this, search through the forum for discussions on the orders not showing in the admin panel, you could also try this hsbc_return.php and see if it works for you.

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 HSBC Payment Module Copyright (c) 2003,2004 qadram software
 http://www.qadram.com

 Module developed for FreeRangeKids
 http://www.freerangekids.co.uk  

 Released under the GNU General Public License
*/

 include('includes/application_top.php');

 // load selected payment module
 require(DIR_WS_CLASSES . 'payment.php');
 $payment_modules = new payment($payment);


	reset($_POST);
	$post_2=array();

	while(list($k,$v)=each($_POST))
	{
		if ($k!='OrderHash')
		{
			$post_2[$k]=$v;
		}
	}

	$order_hash=$_POST['OrderHash'];
	$hsbc=$GLOBALS['hsbc'];
	$hash=$hsbc->getHash($post_2);


	if ($order_hash!=$hash) die ("Hacking attempt!");

	$CpiResultsCode=$_POST['CpiResultsCode'];

	if ($CpiResultsCode=='0') 
	{
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',false).'?osCsid='.$GLOBALS["MerchantData"]);
	}


	$error=MODULE_PAYMENT_HSBC_TEXT_ERROR1;

	switch($CpiResultsCode)
	{
		case 1: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR1; break;
		case 2: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR2; break;
		case 3: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR3; break;
		case 4: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR4; break;
		case 5: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR5; break;
		case 6: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR6; break;
		case 7: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR7; break;
		case 8: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR8; break;
		case 9: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR9; break;
		case 10: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR10; break;
		case 11: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR11; break;
		case 12: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR12; break;
		case 13: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR13; break;
		case 14: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR14; break;
		case 15: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR15; break;
		case 16: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR16; break;									

	}

	$codes=split(",",MODULE_PAYMENT_HSBC_PENDING_CODES);


	if (in_array($CpiResultsCode,$codes))
	{
		tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL',false).'?osCsid='.$GLOBALS["MerchantData"]);
	}		

	tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($error), 'SSL', true, false));

?>

Share this post


Link to post
Share on other sites
There may be another reason why orders aren't showing up, the checkout_success.php is called by hsbc_return.php so that might be ok. Check the return url by looking at the page source on the confirm order page, if you have your configuration correct you will see the right return url. If your have the right return url then you may find there's a problem with the hsbc_return.php.

 

You should see something like this in the source along with all the other data that gets sent to hsbc, this is built from the contents of the config file.

 

name="CpiDirectResultUrl" value="https://web24.secure-secure.co.uk/buzzstuff.co.uk/checkout_process.php">

 

Thanks Martin, my "CpiDirectResultUrl" looks eactly like the one above, so I guess its not the confirm order page thats the problem. I tried your hsbc_return code but got the following after I had gone through the hsbc process and upon returning to my site;

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/buzzstuff.co.uk/public_html/hsbc_return.php:2) in /home/sites/buzzstuff.co.uk/public_html/includes/functions/sessions.php on line 97

Warning: Cannot modify header information - headers already sent by (output started at /home/sites/buzzstuff.co.uk/public_html/hsbc_return.php:2) in /home/sites/buzzstuff.co.uk/public_html/includes/functions/general.php on line 34

 

did this happen to you. Any suggestions would be very much appreciated....

 

J

Share this post


Link to post
Share on other sites
Thanks Martin, my "CpiDirectResultUrl" looks eactly like the one above, so I guess its not the confirm order page thats the problem. I tried your hsbc_return code but got the following after I had gone through the hsbc process and upon returning to my site;

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/buzzstuff.co.uk/public_html/hsbc_return.php:2) in /home/sites/buzzstuff.co.uk/public_html/includes/functions/sessions.php on line 97

Warning: Cannot modify header information - headers already sent by (output started at /home/sites/buzzstuff.co.uk/public_html/hsbc_return.php:2) in /home/sites/buzzstuff.co.uk/public_html/includes/functions/general.php on line 34

 

did this happen to you. Any suggestions would be very much appreciated....

 

J

 

I've seen this when the file hasn't copied over correctly, try different ftp modes binary/asci

Share this post


Link to post
Share on other sites

Top of this page --> Network --> Knowledge Base --> Common Problems --> Headers already sent

 

Vger

Edited by Vger

Share this post


Link to post
Share on other sites
Top of this page --> Network --> Knowledge Base --> Common Problems --> Headers already sent

 

Vger

 

Vger to the rescue again, thanks I remembered that one as I started to read the solution

 

A common cause to the problem is spaces ("whitespace") existing before the first <?php tag and/or after the last ?> tag with the files involved. By removing all spaces so that <?php is at the very start of the file and that ?> is at the very end of the file, no content would have been sent to the client and headers can be set safely.

 

Open the file in a text editor -> place your mouse cursor after the very last ?> tag at the very end of the file and press the 'delete' key on your computer keyboard. Make sure that whitespace does not exist before the opening <?php tag at the very beginning of the file - delete whitespace if present. Save and upload the file to your installation.

Share this post


Link to post
Share on other sites

Top of this page --> Community --> Contributions --> Payment Modules

 

Vger

Share this post


Link to post
Share on other sites

its weird, I cant find

if (!empty($_POST['MerchantData'])) $_GET['osCsid']=$_POST['MerchantData'];

 

in my root/checkout_process.php

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×