Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

Europahosting has worked well for me. I was expecting to have loads of trouble since it is so cheap but it has been OK. Only trouble is the servers are in the US so you will have to play around with system time.

 

I've heard Webfusion are good too.

 

Cheers

Tim

Share this post


Link to post
Share on other sites

Am i doing somthing stupid ?

 

i unziped the hsbc module in my catalog directory (is this where i need to do this ?)

and im not seeing the module in the admin pages ?

was this the right place to unzip the module or do i need to unzip it somwhere else ?

 

Regards

 

Dan

Share this post


Link to post
Share on other sites

Hi

 

I seem to be having a few problems, I think?, with this module, after a bit of strugling i got it installed and configured, so I went to try it.

 

1st attemp I got a comms failure, found what caused it put it right.

 

2nd attempt got an attempted hacking message from hsbc_return.php

(removed GBP from end of store id, was this right?)

 

3rd attempt without GBP. dumps me back to cart logged of and no messages.

 

Can anyone give me a few pointers?

 

Also i belive that the POSTCODE field on the SSL Cert must be blank stipulated by HSBC, where i am testing it is populated, is this what causes the error in second attemp.

 

TIA

Andy


Literally, Laterally Thinking! If you cannot get through it, go round it.

Share this post


Link to post
Share on other sites
When I place an order now it calls the hsbc servlet but then goes to hsbc_return, then finishes up telling me it's a hacking attempt. I changed the hacking attampt message to

if ($order_hash!=$hash) die ("Hacking atempt! - orderHash=".$order_hash." hash=".$hash);

 

This shows me that I don't have a value in my $order_hash variable. i.e. the error message is now

Hacking atempt!- orderHash= hash=cxBt/eKx0zzcjV9wvb+2sfWMJCg=

or something similar.

 

Does anyone have any idea why this might be? Is the TestHash.e file not executing properly?

Hi,

 

I have been trying to get the HSBC module working with osCommerce and have ended up with the same problem that Tim Elliott had at one stage.

 

I get a "hacking attempt" error from hsbc_return.php and when I examine the contents of "orderHash" and "hash" I find that hash has a value, but orderHash is empty!

 

Tim, I couldn't see in any posts how you solved the problem!

 

Any pointers would be much appreciated.

 

Thanks

Share this post


Link to post
Share on other sites

barking boy

 

I had made a mistake with my client ID and entered the 4 digit number given to me by HSBC rather than the UKXXXXXXXXGBP string. After I changed that it worked OK.

 

Good luck.

 

Tim

Share this post


Link to post
Share on other sites

Hi Tim,

 

Can you help? I am setting the hsbc mod up on an almost virgin copy of osc, the only other mod is a modified random ordernuber generator i've put in checkout_process.php.

 

Modded hsbc.php to display OrderHash, Hash and result code.

 

all I get back is an OrderHash, NO Hash and a result code of 10.

 

I think there is a problem with data being sent to CPI. But only being working with PHP for a couple of days so still learning.

 

Can you tell me how you managed to get it working?

 

TIA

Andy


Literally, Laterally Thinking! If you cannot get through it, go round it.

Share this post


Link to post
Share on other sites
I had made a mistake with my client ID and entered the 4 digit number given to me by HSBC rather than the UKXXXXXXXXGBP string.  After I changed that it worked OK.

Hi Tim,

 

Thanks for the pointer. I originally had the UK & GBP characters as lower case. Changing them to upper case gives me Error 10 or "The transaction failed because of invalid input data."

 

I think this is an improvement though still! :D Anyway, do you have any suggestions - I have read this thread about 10 times and I am sure I have followed every thing such as the time stamp fix but nothing seems to help!

 

I am using Apache on Linux and there are no errors in my server logs (not now anyway). Always check logs. I did have a lot of permission issues previously.

 

Anyway, I was thinking as there have been so many tweaks and changes to the files originally supplied that perhaps someone who has got this working could paste the source of the changed files in full for us to see? B)

 

Regards, Michael

Share this post


Link to post
Share on other sites

Just wondering if you had made any progress in this matter?

 

After a few months building my site I am now in exactly the same position. With the same result (hacking error, order hash but no hash no.) being returned.

Obviously trying to connect to the CPI (It gives the title Thank You at the top of IE very briefly!) but just getting shunted straight back to the return page.

I must have read this whole thread a hundred times but am still at a loss.

 

So far, I have installed the HSBC mod and uploaded the .e and .so files fom the secure epayments cd to my cgi bin and pointed the hsbc.php file to the correct location. I know my server is running with safe mode set to off and I am using shared SSL. Is there anything I am missing? Should I be doing anything else with the .so file in the way of installing/loading it? Anything else I can check on my webspace. I know it will be something daft!!

 

Any help or updates as to how things are going for yourselves would be much appreciated.


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

After spending a lot of time and posting all my findings on this forum I finally managed to get the HSBC module working.

 

I must say that it's not for the faint hearted as I needed to make quite a few changes to various files to get it all working.

 

If anyone is completely stuck, I will setup there hsbc secure e-payment for them. Please PM for a quote.

 

 

Regards

 

Neil Westlake

www.thedjbox.com

Share this post


Link to post
Share on other sites

I am not sure if this will help people, but I was getting Error 10 (The transaction failed because of invalid input data.") and was rather stumped as to why, anyway to cut a long story short I tried making sure that the currency was set to ? rather than $ and it worked like a charm! :D

 

Now I seem to have a problem that nothing is being written into the database afterwards (the order info) which is a bit perplexing!

Share this post


Link to post
Share on other sites

Michael,

Dont know if you can help me, but I am still getting bumped back with just the orderhash string and no hash string. I have not had chance to work on it yet today but cant quite get my head around whether or not it as actually executing the scripts. I have my suspiscions that it is not. Did you get this result at any point or were you get the hash string all along. Also can you confirm that the testhash.e and .so files just need uploading to the cgi-bin or is there something more complicated needed in the way of installation.

Hope your getting there with your database troubles anyway.

Cheers,

Richard.


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites
Michael,

Dont know if you can help me, but I am still getting bumped back with just the orderhash string and no hash string.

Cheers,

Richard.

OK,

 

1. Make sure that you have the correct information for "CPI URL", "Hash Key" & "Client ID or Alias" in osCommerce. I found that the letters for "Client ID or Alias" need to be upper case!

 

2. Assuming you are using Apache, check the apache error logs as they should show up calls to missing files / bad permissions etc.

 

3. Make sure you are using ?'s for your shop (add a new currency in the admin section of osCommerce).

 

4. Make sure you are using a secure server (https).

 

5. Also, on one of the pages was a "time fix" which you may need to apply.

 

Try those and see what happens. :)

 

BTW, I fixed the DB problem following an earlier post (page 4/5 area). Just trying to configure sendmail for the emails now.

Share this post


Link to post
Share on other sites

Well, another good few hours down the line and I am no closer, still getting exactly the same message back - orderhash value but no value for the hash!!!!

 

As far as I can tell, at no point is the testhash.e file being called. I have checked my error logs and there is no mention of it which on the surface sounds good BUT if I delete it from my cgi-bin there is still no mention of it in my error logs. I just dont understand, surely if the testhash file is not on the server and it is called from the hsbc.php it should show up in the errorlogs right? Or am I missing the point completely?

 

I am pretty sure my CPI URL, Hash Key and Client ID are all ok because it is trying to connect, but it just gets bumped straight back with the hacking error. If I change any of these values then I don't get returned to the HSBC_Return url.

 

I am trying to install this on a clean OSCommerce install to rule out any interferance from any other mods I have installed to my site. Its getting a bit depressing as I feel like I havent got past the starting post yet! Neils offer of quoting for an install is looking quite promising at the moment, although I think if I could just get started then I would be in with a chance. I pretty much follow the rest of the threads on this forum.

 

Any help would be much appreciated,

Thanks in advance,

Richard.


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

What platform are you running on Richard? It does sound like your TestHash.e is not being run!

 

Under Linux, I put TestHash.e, CCOrderHash.e & CCResults.e (I don't think the second two are required though) into my cgi-bin directory and then libCcCpiTools.so into my share library directory (usr/lib I think).

 

My Apache log showed an error when it couldn't execute the TestHash.e (due to permissions problems) and when it couldn't find libCcCpiTools.so.

 

Oh yes and one other thing, make sure you have set the path correctly to your TestHash.e file. It was in hsbc.php. The default was:

 

$path='/home/virtual/site131/fst/var/www/cgi-bin'

Share this post


Link to post
Share on other sites

One Small Step......

 

Right, finally some slight progress, even if it is only really a sideways step.

 

Thanks for the input Michael, it was the lack of any errors on the log files that was driving me loopy!! The cause? Well I had the site setup on a shared SSL which must have been sending the errors to some shared log file as opposed to the ones for my domain!! Oh well only about 3 days wasted on that then.

 

I have set the SSL to false for the time being and.......

 

..... now I know why I am getting no hash, because my TestHash.e file is not being found in my cgi-bin. However, why its not finding it I do not know. I ftp'd the file into the cgi-bin directory and changed the CHMOD to 755. I have changed the $path string to the cgi path given by my hosting company yet still I recieve the No Such File or Directory.

 

Again I am stumped. I guess this is more of a hosting/cgi query than HSBC mod but any input would be much appreciated.

 

How are things with your setup Michael, have you finished the setup yet?


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

Hi there!

 

I wonder if you could give me a hand with this please?

 

I'm setting up a store and my client has decided to use HSBC. He has provided me with his UserID, a Hash key and the CPI URL. I have entered these into the fields in the HSBC payment module in osCommerce. I have also carried out the amendments to the relevant PHP pages in osCommerce as described in the contribution installation notes.

 

When I try and run an order through, the form posts to HSBC but is then returned with the error

 

I have 2 questions:

 

1. Does anyone know why the following error is being returned? "The transaction failed because the Storefront was configured incorrectly."

 

2. I'm unclear on the whole TestHash stuff. Is it necessary to install some software on the web server for this? If so, where can I get it?

 

Thanks

 

Martin Sweeney

Edited by sweeney

Share this post


Link to post
Share on other sites

Martin,

 

I cant help you a great deal as I am still falling at the first hurdle. However it sounds to me as though you dont have the HSBC e-payments CD. This has the TestHash.e and the .so files that you will need. I believe they can be downloaded from the HSBC webpage.

 

Once you have these they need putting in the correct place on your site, see Michaels post above. This is I think where I am having a few difficulties. I get access denied when trying to FTP to the usr/lib directory. Any ideas on that one?

 

That aside, as posted on the previous page, this really is not a straight forward install. I am only perceveiring out of a matter of pride ( I think most of my problems are still to come, I am still trying to get the web space set up properly).

 

Still, sit down with a nice large glass of whisky and start off by reading all 10 pages of this thread and you may have a better idea of whats to come.

 

Good Luck!


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

Right Quick Update,

 

I have connected - Yipee!

 

Thanks for your post above Michael, it was indeed the path to the cgi-bin that was the problem, traced through the log files as you suggested.

 

- Just out of interest, I have entered the path as just

 

//Path where the TestHash.e executable is located

$path='/var/www/cgi-bin'

 

This is working beautifully but as it is obviousley rather different to the original I would just like to know if there are going to be any problems with it.


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

Can anyone offer some advice on whats happening here ?

 

ive go the payment module configured and i go to the checkout and all goes well untill i post to hsbc

 

the response i get back from the cpi servlet is 'the transaction failed due to invalid data' ?

 

the post and data look fine to me (included below)

 

ive deliberateley xx'ed out my StorefrontId but in reality it is there and correct ...

anyone got any ideas ?

 

Regards

Dan

 

<form name="checkout_confirmation" action="https://www.cpi.hsbc.com/servlet" method="post">

<input type="hidden" name="CpiDirectResultUrl" value="https://www.surplusstore.co.uk/catalog/checkout_process.php">

<input type="hidden" name="CpiReturnUrl" value="https://www.surplusstore.co.uk/catalog/hsbc_return.php">

<input type="hidden" name="OrderDesc" value="osCommerce order">

<input type="hidden" name="OrderId" value="0498-114925868">

<input type="hidden" name="PurchaseAmount" value="3500">

<input type="hidden" name="PurchaseCurrency" value="826">

<input type="hidden" name="StorefrontId" value="UKxxxxxxxxGBP">

<input type="hidden" name="TimeStamp" value="1.081464565E+12">

<input type="hidden" name="TransactionType" value="Auth">

<input type="hidden" name="MerchantData" value="1343982c21cda078b6c9581425ae247e">

<input type="hidden" name="BillingAddress1" value="12 Downsway">

<input type="hidden" name="BillingCity" value="Southwak">

<input type="hidden" name="BillingCountry" value="826">

<input type="hidden" name="BillingCounty" value="Surrey">

<input type="hidden" name="BillingFirstName" value="Dan">

<input type="hidden" name="BillingLastName" value="Heaver">

<input type="hidden" name="BillingPostal" value="BN41 4WC">

<input type="hidden" name="ShopperEmail" value="xxxx@purplevibes.com">

<input type="hidden" name="ShippingAddress1" value="24 Downsway">

<input type="hidden" name="ShippingCity" value="Southwark">

<input type="hidden" name="ShippingCountry" value="826">

<input type="hidden" name="ShippingCounty" value="Surrey">

<input type="hidden" name="ShippingFirstName" value="Dan">

<input type="hidden" name="ShippingLastName" value="Heaver">

<input type="hidden" name="ShippingPostal" value="BN42 4WB">

<input type="hidden" name="Mode" value="T">

<input type="hidden" name="OrderHash" value="ongthaM0FSO0GYR6X9VpZYTpK2U=">

<input type="image" src="includes/languages/english/images/buttons/button_confirm_order.gif" border="0" alt="Confirm Order" title=" Confirm Order ">

</form>

Edited by danthemanheaver

Share this post


Link to post
Share on other sites

Dan,

 

I'd say the offending line is:

 

"<input type="hidden" name="TimeStamp" value="1.081464565E+12">"

 

Neil Westlake posted the following fix:

 

In hsbc.php, Replace:

 

$time=($time+(0*3600));

$time=$time*1000;

 

with:

 

$time = $time."000";

 

Then you should be fine. :)

 

===

 

Richard, I am glad you are getting there - it is worth it in the end! The PATH to your cgi-bin will be fine - it will vary on the server configuration.

 

I think everything is working for me now on my test machine - I even got the email notifications working (after setting up sendmail) and created the shop catalogue. Now I have to sort out some hosting and do the whole thing again. :lol:

Share this post


Link to post
Share on other sites

thanks barking boy ! that seems to have done it !

 

should the orders not show up in the admin section or do i have to log on to the hsbc site to check them ?

 

cheers

Dan

Share this post


Link to post
Share on other sites

Just to let everyone know who is currently using HSBC secure-epayments live, I've found a potentially serious problem with this implementaiton.

 

Take this scenario:

 

Customer adds item to basket, checks out and select's HSBC as a payment method, they confirm order and are then forwarded to HSBC to take there payment details.

 

The customer fills out all of there details and on the last page HSBC presents a page saying that the payment is succesful. The customer then closes the browser and waits for there goods to arrive.

 

Problem: It's not until the customer clicks close on the HSBC site and hsbc_return.php is called. then the order is submitted.

 

I've received quite a few emails from customers saying they placed an order but haven't received there goods. This is because they closed there browser and didn't return back to my store.

 

I'm currently working on a fix for this, but just to make sure everyone suffers the same problem, try submitting an order and on the last HSBC screen, close the confirmation window without returning to your store.

 

See if the order is in the admin section or has it got lost?

 

I'll post my findings and a fix here next week.

 

Neil Westlake

www.thedjbox.com

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×