Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

Vger to the rescue again, thanks I remembered that one as I started to read the solution

 

Open the file in a text editor -> place your mouse cursor after the very last ?> tag at the very end of the file and press the 'delete' key on your computer keyboard. Make sure that whitespace does not exist before the opening <?php tag at the very beginning of the file - delete whitespace if present. Save and upload the file to your installation.

 

Thanks Martin. That solved the problem so far as the headers being sent. However the orders still didn't post back to admin so I managed to find Neils quick fix at the start of this thread and that did the job! everything working, I guess I just need to get HSBC to put it into production mode for me now.

 

Thanks for all your help. That was a tough one!!!!

Share this post


Link to post
Share on other sites

I'm setting up this module a a NetFirms account running FreeBSD. I can't use the Linux binaries and I don't have access to a FreeBSD system with a compiler. The server doesn't appear to have Java installed either. What are my options?

Share this post


Link to post
Share on other sites
I'm setting up this module a a NetFirms account running FreeBSD. I can't use the Linux binaries and I don't have access to a FreeBSD system with a compiler. The server doesn't appear to have Java installed either. What are my options?

 

I just took a look at the HSBC CD and there's no source code for the shared library. If you had that it would probably have been possible to find someone that could build the programs for you.

 

I think you have a few options, 1. get java on the server, 2. move to another provider, 3. talk to HSBC to see if they can give you a free BSD shared lib and example programs, chances are someone else has asked for it.

 

Martin.

Share this post


Link to post
Share on other sites

Thanks Martin. I'll contact HSBC about a FreeBSD port but I think it may be time to move to another server. NetFirms have been pretty shoddy in my experience.

Share this post


Link to post
Share on other sites

Not sure if this is relevant to anybody using this forum. Yesterday we had a payment on our HSBC CPI for a customer we have no reference to. The worry I have is that somebody is using the HSBC.PHP source code that references the Offer.uk.Com order reference field and is pathed to our server. I appreciate that to be able to access the HSBC server our CPI code would be required but as we were one of the first people to implement the HSBC source with the help of Jose then our CPI code maybe floating about somewhere. If anybody has any knowledge of this I would appreciate your help.

 

Regards

 

 

johnhall@ycr.co.uk

Share this post


Link to post
Share on other sites

Hi John,

 

It seems highly unlikely that someone is using your account to process payments. If they are then they would need the following to do it:

 

Your HSBC Merchant ID

Your Hash Key

 

Have you contacted the purchaser as this sounds more like a failed return from HSBC which has caused the order not to show up in the backend.

 

Check if there is an account matching the order in osCommerce.

 

If there is no account for the customer then I would be worried.

 

Neil Westlake

Share this post


Link to post
Share on other sites

Rhea,

 

That post has nothing to do with Johns problem, in fact it's the complete opposite. My understanding is he has the money but no order.

 

The post you link to refers to a problem where there is an order but no money. This problem and similar has been around for a while now but is not an issue if the payment module is written correctly.

 

Neil Westlake

Share this post


Link to post
Share on other sites

Hi everyone.

 

I have been using this module for about 9 months, and on occassions, I get the message "Transaction failed because of invalid input data". Now it happens to a small proportion of my customers, and I have read that we need to ensure the length of the fields in the address, etc. I managed to speak with a customer who failed, and could pin down the time they called. Now HSBC say it was because there was NO delivery address for that customer (although there was a billing address), which I find odd. The customer says they did not DELETE the shipping address (but I guess she they did - or did they?), as the default should be that the delivery address, matched the shipping address in OSC?

 

Any thoughts on a way around this?

Share this post


Link to post
Share on other sites

This may have to do with "bounds checking" or the length of the fields and the data put into them.

 

There is a discussion about this on the Protx Direct contribution thread. The latest version (of the Protx Direct module) has bounds checking code inserted if people wish to use it.

 

Vger

Edited by Vger

Share this post


Link to post
Share on other sites

What you could do, is install the master password contribution (Master Password) then try logging in as the problem customer.

 

You'll see on the checkout confirmation page if the delivery address is missing or not.

 

Neil Westlake

Share this post


Link to post
Share on other sites

Hi Vger. [sorry HI RIBS]

 

I already have that contribution [since i have to log in as my customers when they do not return from the HSBC page. I can see the payment on the HSBC merchant page, but their basket has not been checked out. I simply check out their basket, saying I will pay by cheque, then immediateoly change it to reflect the cc payment i already have.] In the instance I have mentioned, I already did the check, and could see that the address was BLANK. So my guess is that they must have cleared it, or for some reason OSC is not filling it on the (e.g. 1 in 20) occasions when the customer received this message!

Edited by doni

Share this post


Link to post
Share on other sites

The HSBC module should automatically update the order in osCommerce regardless of whether or not the customer returns from HSBC.

 

If the delivery address is empty then you've got a bug that is causing the delivery address details not to populate correctly. As far as I know there is no way for the customer to have a blank delivery address.

 

Regards

 

Neil Westlake

Share this post


Link to post
Share on other sites
In the instance I have mentioned, I already did the check, and could see that the address was BLANK. So my guess is that they must have cleared it, or for some reason OSC is not filling it on the (e.g. 1 in 20) occasions when the customer received this message!

 

I think that can happen if you're selling physical and virtual (downloadable) goods and the customer orders a mix of both.

Share this post


Link to post
Share on other sites

Ali - that is very astute. We mainly sell physical products, but have a small selection of downloadable ones too. In this instance, it was a single downloadable item that didn't go through .... hmmm ... now I am wondering whether the problems ONLY occur when someone has a single OR a mix of physical and downloadable items ...

 

 

Ribs - I am not sure whether I have a bug in the module. I recall some initial problems wit setting this up, and think I may have hacked something to make it work (knowing that I may have to check out a customer's basket, BUT cannot remember what the problem was at the time - I have probably posted here when I experienced the problem. The thing is, it has been working brilliantly for a number of months, save for the having to log in and check out the occasional basket).

Share this post


Link to post
Share on other sites

[ASIDE]

 

However, it cannot be an "all time" problem for downloadable items, since I know that many customers are able to pay for downloadable items and checkout through the HSBC module themselves !

Share this post


Link to post
Share on other sites

Ok I have to confess that I have no experience with downloadable products as I have never used them in an osCommerce store. But it does sound logical, if the product is downloadable then there is obviously no need for a delivery address.

 

I think Ali has hit the nail right on the head with this one.

 

Don, I think you'll need to do some testing to figure exactly where and why the problem occurs.

 

Your HSBC module is setup incorreclty but is probably done this way because the return post that updates the order never gets received (1and1 servers have this problem).

 

Regards

 

Neil Westlake

Share this post


Link to post
Share on other sites

I think you might find that if customers only buy downloadable products they'll checkout fine and if they buy only physical products it works fine, the problem only occurs if they have both types in their basket. OSC gets confused. If that is the problem you're having I coded a fix for it, I'll just have to remember where abouts it was...

Share this post


Link to post
Share on other sites

Thanks Guys.

 

We use DSVR servers which we control and host about 50 domains on, and I think you are right about thr return path ...

 

Yes - I will need to do more testing to try to find out why, and when this happens, but it's quite tricky because, we only find out when the customer calls to pay by phone. I'll see what information we can get from the logs - which I'm sure may assist here.

 

In this instance it was a problem with SINGLE downloadable item, so either they removed the address, or it was removed by OSC ...

 

Thanks for your guidance ...

Share this post


Link to post
Share on other sites

If an order is only for downloadable (virtual) goods then there is no Shipping Address - because there is nowhere to ship to.

 

If an order has only physical (non-virtual) or a mix (virtual and non-virtual) then the shipping address is carried forward.

 

Vger

Share this post


Link to post
Share on other sites

I've just had an order appear in admin with status 'Pending', but I've got no record of any transaction for it in HSBC. I can't figure out how this has happened, anyone got any ideas?

Share this post


Link to post
Share on other sites

It's possible to 'spoof' the checkout process in osCommerce, if someone gets as far as the checkout_confirmation.php page and then manually edits the address bar to read checkout_success.php and hits the 'Enter' button on their keyboard. This will take them to checkout_success.php, and the order will appear as whatever the Default Oder Status is set to - but it's not a real order just someone trying it on.

 

Vger

Share this post


Link to post
Share on other sites
It's possible to 'spoof' the checkout process in osCommerce, if someone gets as far as the checkout_confirmation.php page and then manually edits the address bar to read checkout_success.php and hits the 'Enter' button on their keyboard. This will take them to checkout_success.php, and the order will appear as whatever the Default Oder Status is set to - but it's not a real order just someone trying it on.

 

Vger

 

I'd read about that, but when I tried to replicate it myself there was no order created. I'm confused :(

Share this post


Link to post
Share on other sites

I'm stuck. I've got it accepting card transactions, storing them in the hsbc system and returning cpi code 0 but it isn't saving the orders in the osc database.

 

The problem is that the session is not being restored in checkout_process.php. I've added the required line and the session ID is being copied into the osCsid GET var (and it's the right session ID) but it still isn't working! Any ideas?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×