Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

hello, i've just swapped our website over to a new one.. and it almost runs fine... but the HSBC module didn't seem to transfer ok.. when i try and do an order now it says :

 

Hacking atempt! - orderHash=3QoTh9tJFmhqwp80pJvfikP67mc= hash=error while loading shared libraries

 

any ideas why this might be happening?

 

thanks in advance :)

kev.

Share this post


Link to post
Share on other sites
hello, i've just swapped our website over to a new one.. and it almost runs fine... but the HSBC module didn't seem to transfer ok.. when i try and do an order now it says :

 

Hacking atempt! - orderHash=3QoTh9tJFmhqwp80pJvfikP67mc= hash=error while loading shared libraries

 

any ideas why this might be happening?

 

thanks in advance

kev.

 

I had this error and it was resolved by my hosts installing the libCcCpiTools.so file in the correct location and updating the path to LD_LIBRARY_PATH. The bit in the integration guide that relates to this is:

 

Add the path to libCcCpiTools.so to the LD_LIBRARY_PATH environment variable (either by

suitable file location, or direct addition). It may be necessary for a merchant to speak to their host

regarding suitable location / installation of this file.

 

I posted this info to my hosts and they knew what to do. Hope this helps.

Share this post


Link to post
Share on other sites

Thank you for going through the pages im clearly lazzy. Ok i made a screw up and i wasnt made aware by HSBC the requirment for an SSL. Over the last 2 weeks i have relocated my webshost and purchased an SSL certificate.

 

I assumed this would fix the error however with the SSL certificate installed i STILL get the error.

 

Now excuse me for been dumb but how do i check if my hash key is correct?

 

Any help would be great i had HSBC ePayments for over 2 weeks and i havent been able to get it to work at all yet. :'(

 

After adding 5 years to my life in the 2 weeks it took me to sort this I sorta understand your frustration. By no means an expert but having been there...

 

The "hacking attempt" error is the only error message you seem to get and covers may issues.... so quite unhelpful.

 

Having read all 50 pages (several times) I managed to get it going (phew). It would be really good if someone/several people could take all the really useful advice in the 50 pages and produce some installation instructions - it would be really helpful.

 

From memory (Oh I thought I'd put this behind me :'(

 

- You are using a SSL certificate aren't you? Even needed in Test mode. Shared cert is ok - but you must connect with SSL.

 

- The hash is being generated correctly? You do have all the files in the right directories? There are certain files needed in your hosting server too - that work together to create the hash.

 

- The hash key provided by HSBC is correct? Several people here found that the issue was an incorrectly supplied hash key from HSBC (how incompetent and frustrating!!!!)

 

- When you do get to the HSBC screen - ignore the test 41111.. CC number - you need to use a real credit card number

 

- Your test transaction in "test mode" needs to be under £1.00 sterling for it to work

 

I think there is some good threads around page 42 (from memory)

Good luck

 

Johnnie

Share this post


Link to post
Share on other sites
Thank you for going through the pages im clearly lazzy. Ok i made a screw up and i wasnt made aware by HSBC the requirment for an SSL. Over the last 2 weeks i have relocated my webshost and purchased an SSL certificate.

 

I assumed this would fix the error however with the SSL certificate installed i STILL get the error.

 

Now excuse me for been dumb but how do i check if my hash key is correct?

 

Any help would be great i had HSBC ePayments for over 2 weeks and i havent been able to get it to work at all yet. :'(

 

UPDATE: I have updated the HSBC payment file in the payments folder to point to the corect CGI-BIN folder. The testhash.e file i just uploaded is from the itegration file i was sent from HSBC i just uploaded the one for a linux server to the folder, However i still get the Hacking Attempt Message.

Share this post


Link to post
Share on other sites

I had similar issues with the curl/libpaths settings. I had to find a way to use separate crypto functions in php. This approach works at least with a couple of different stores. If Rhea or Martin want (who do the updates for this module) I can do an update for this module or send them the files for review.

Edited by enigma1

Share this post


Link to post
Share on other sites

Actually Mark - these days I recommend that UK site owners use Protx Direct, which, in my opinion, is an infinitely superior system to either HSBC (Secure ePayments) or Barclays (ePDQ).

 

With Protx Direct:

 

1. It's cheaper.

2. No need to load certain library files

3. No ned to load files into the cgi bin

4. No need to construct jump pages (ePDQ)

5. The customer stays on your website all the time, it's only the data which goes back and fore.

 

If a customer of mine insists on HSBC or Barclays then I install it for them - but if they haven't yet signed up for those systems then I steer them to Protx.

 

Vger

 

I had similar issues with the curl/libpaths settings. I had to find a way to use separate crypto functions in php. This approach works at least with a couple of different stores. If Rhea or Martin want (who do the updates for this module) I can do an update for this module or send them the files for review.
Edited by Vger

Share this post


Link to post
Share on other sites
Actually Mark - these days I recommend that UK site owners use Protx Direct, which, in my opinion, is an infinitely superior system to either HSBC (Secure ePayments) or Barclays (ePDQ).

 

With Protx Direct:

 

1. It's cheaper.

2. No need to load certain library files

3. No ned to load files into the cgi bin

4. No need to construct jump pages (ePDQ)

5. The customer stays on your website all the time, it's only the data which goes back and fore.

 

If a customer of mine insists on HSBC or Barclays then I install it for them - but if they haven't yet signed up for those systems then I steer them to Protx.

 

Vger

Ok I understand the economical aspects of it; but what you think is best to do with the hsbc code. You want the files to review them and upload them? It eliminates points 2,3 from above as the hash is taken care from php. The code is basically the same with minor changes and one extra php file provides the hash support.

 

I don't want to upload them and create confusion with this thread where you're doing support.

Share this post


Link to post
Share on other sites

Wakey wakey. No posts on this thread for a while.

 

I've been going through getting this module working on a site and there's been some effort involved but I've been able to figure out all of it..except the last bit.

 

Basically, most of it is working.

You do an order, go through the checkout, hand off to hsbc and then hsbc hands back.

 

When it hands back, it gets passed to checkout_process.php which kicks out "Hacking atempt!"

 

Now I'm confused, surely all that checking is done before handing off to HSBC and there's no need to check it when it comes back?

 

If I use the extra debugging message I get:

 

Hacking atempt! - orderHash= hash=TestHash encryptedKey hashElement...

 

The saga continues..

Share this post


Link to post
Share on other sites

I've commented out line 59 on checkout_process.php

 

// load the before_process function from the payment modules
//  $payment_modules->before_process();

 

This makes everything work. Having a look through the code itself, before_process is practically an exact copy of the checking code done by hsbc_return.php. The reason it fails is because hsbc_return.php forwards to checkout_process.php via:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', true));

 

My only question is, is it safe to leave before_process commented out or is it better to have that line of code also pass the _POST variables to checkout_process.php for that to do the checking again. If I interpret it correctly, without the duplicate checking it could theoretically be possible for someone to craft a request to checkout_process.php to make it look like they've paid when they haven't?

 

This is where I'm not sure what to do with the code. If the duplicate checking is needed, then I need to rewrite that redirect to do a post request to checkout_process.php but surely that's not necessary?

Share this post


Link to post
Share on other sites

Ive read through these pages a few times and can't see anything that answers my problem.

 

I'm on a Linux server

I have the 3 necessary files in the cgi-bin all on 775

I also have libstdc++-libc6.2-2.so.3 and libCcCpiTools.so in the cgi-bin as the server is not in safe mode.

I have the path to the cgi-bin correct /home/yduozcnp/public_html/cgi-bin.

I have SSL set up and the store is secure.

The store details are set correctly and I have the site in GBP.

 

At first I was getting a hacking error, but then realised that TestHash.e didnt have the correct permissions. After they were set correctly I now receive 'The transaction failed because of invalid input data.'

 

Any ideas what could be wrong?

 

Thank you.

Edited by newayblue

Share this post


Link to post
Share on other sites

is anyone else having trouble processing hsbc payments today? the last order i had through was 8:30am (uk time).. i've had a few cutomers ring up with a problem and the same when i do a test order:

 

when i click "Confirm Order" the site normally takes me to the HSBC page for me to type my card details etc.. but instead i get a :

 

 

The webpage cannot be found

HTTP 404

Most likely causes:

There might be a typing error in the address.

If you clicked on a link, it may be out of date.

 

What you can try:

Retype the address.

 

Go back to the previous page.

 

Go to https://www.cpi.hsbc.com and look for the information you want.

 

More information

 

and https://www.cpi.hsbc.com in the location bar...

 

any reasons why this might be happening?

 

thanks in advance :)

kev.

 

 

i don't think anything has changed on my site today to make this happen..

 

i've telephoned hsbc support and they said there's nothing wrong there end (3 different support people)

Share this post


Link to post
Share on other sites

hmmm. it appears to be working again now.. i'm guessing they had some technical difficulties that the support guys didn't know about....

Share this post


Link to post
Share on other sites

Hi guys,

 

Having read through a number of pages on this thread I am still uncertain how to resolve the 'Hacking Attempt' message I seem to be getting.

 

I have the latest version of the contribution and using Apache server.

 

Any help appreciated,

 

Mike

Share this post


Link to post
Share on other sites

Hi guys

 

This is my first time posting here, and my first time trying to implement the HSBC CPI payment module into oscommerce. And I must admit that its, so far, been a (how shall I put it?) ......interesting experiance to say the least lol :)

 

Im trying to implement the shop for the small local charity that I work for, so would really appreciate some help if possible!

 

So far Ive managed to install the module into oscommerce, successfully setup (with thanks to Roy from HSBC tech support), and am able to send test purchases from the shop to HSBC etc fine.

 

The problem Im having now is as follows:

 

1. After making payment on the HSBC secure site, and clicking the "continue" button to take me back to the shop, instead of taking me to the successful purchase page it takes me to the front page of the shop. Any suggestions as to how to remedy this one?

 

2. Orders I showing up store backup after paying for them via HSBC. They show up fine if I do a test purchase using COD.

 

3. HSBC told me I need to change the transaction type module (?) to authorise or capture so that I dont have to manually authorise each payment. For the life of me, I cant see where this is.....or even if its possible.

 

Perhaps 2 & 3 are linked?

 

Any help and advice would be very welcome please.

 

Daryl

Share this post


Link to post
Share on other sites

First of all thanks for this wonderful forum. I have almost completed with the integration of HSBC payment gateway after reading the replies from here .

 

But now i am facing a problem, please help me out as my client is shouting on me.

 

My card details are fine, but ALL transactions are coming up with

> “The transaction was rejected by FraudShield.

 

Please friends help me out ASAP.

 

Thanks.

Share this post


Link to post
Share on other sites
I've commented out line 59 on checkout_process.php

 

// load the before_process function from the payment modules
//  $payment_modules->before_process();

 

 

For anyone else looking into this, this is a bad idea even though I've only just notice. The problem was actually one of the changes that someone somewhere recommended.

 

The module should work like this:

 

Customer does checkout

Customer clicks button to go to HSBC

Customer does HSBC stuff

HSBC passed the customer back to checkout_success.php via hsbc_return.php

HSBC server itself calls checkout_process.php

 

I can't remember where I got it but somewhere along the lines the redirect to checkout_success.php got changed to a redirect to checkout_process.php. As a result both the HSBC server and the customer were calling checkout_process.php and with the checking commented out the request from the HSBC server was processed as a valid order regardless of the error code.

 

The proper solution is to change to the customer redirect back to the original checkout_success.php and uncomment the line of code I commented out as above.

 

Sorry I haven't got time to help out the other folks who are struggling with their own problems.

Share this post


Link to post
Share on other sites

Im having a problem with this contrib. Ive got it installed etc. But when you use it as a paying option it comes up with a white screen saying "Hacking Attempt!"

 

Ideas?

Share this post


Link to post
Share on other sites

Can this module be installed for an hsbc bank in the world? Do I need a payment gateway or I pass directly from osc to hsbc server?

Share this post


Link to post
Share on other sites

Hi, Is there someone who could help me with activating the HSBC module that I have installed on the osCommerse template 12973. I have, I believe, installed it correctly as per instructions that came in the folder I downloaded from the contribution section. In the payment modules of the administration the HSBC module has been installed and in edit mode is inviting me to enter all the settings such as enable module on, client ID, Hash Key etc. However, when viewing the shop and going through the process of making a payment, the HSBC payment method is not present and if does not do anything when you hit continue, as well it might as nothing has been selected. What do you think I am doing wrong? The other thing that concerns me is that it's not asking me for capture or authorise, sometimes HSBC require the userID but this is not manditory.

Share this post


Link to post
Share on other sites

Can someone please host the following files please :

 

 

CcOrderHash.e

CcResults.e

TestHash.e

 

libCcCpiTools.so

libstdc++-libc6.2-2.so.3

 

I only wish to download them once as I have lost my hsbc cd

 

Or e-mail them too me ! a_intim@hotmail.com

 

thanks in advance

Edited by beta

Share this post


Link to post
Share on other sites

Please help? I have not got very far and cant seem to even get past the hacking attempt and am now getting this message:

 

Hacking atempt! - orderHash=Kz6nZow0yWO3J3+GQHZV9aAhDog= hash=error while loading shared libraries

 

I have uploaded TestHash.e and the .so files to the cgi-bin, set the path correctly and set permissions on both files to 755. The server is not running in safe mode. I have even tried placing the files in the payment folder with the same results.

 

Can anyone suggest how I can get over this hurdle?

 

If anyone needs to know, the site is at www.coffeebeanstealeaves.co.uk/catalog

 

Thanks

Share this post


Link to post
Share on other sites

Please help? I have not got very far and cant seem to even get past the hacking attempt and am now getting this message:

 

Hacking atempt! - orderHash=Kz6nZow0yWO3J3+GQHZV9aAhDog= hash=error while loading shared libraries

 

I have uploaded TestHash.e and the .so files to the cgi-bin, set the path correctly and set permissions on both files to 755. The server is not running in safe mode. I have even tried placing the files in the payment folder with the same results.

 

Can anyone suggest how I can get over this hurdle?

 

If anyone needs to know, the site is at www.coffeebeanstealeaves.co.uk/catalog

 

Thanks

Share this post


Link to post
Share on other sites
error while loading shared libraries

 

Probably means that libstdc++-libc6.2-2.so.3 is not loaded into the shared library folder for your website. It's not something that hosts routinely install - you have to ask them to do it for you.

 

Vger

Share this post


Link to post
Share on other sites
Probably means that libstdc++-libc6.2-2.so.3 is not loaded into the shared library folder for your website. It's not something that hosts routinely install - you have to ask them to do it for you.

 

Vger

 

Many thanks for this

 

I have passed this on to my host and got the following reply

 

"The library is loading into ram:

 

root@ns9 [/usr/lib]# ldconfig --verbose|grep libCcCpiTools.so

libCcCpiTools.so -> libCcCpiTools.so

 

Also, we presently support the other lib, version 6.0.3:

 

root@ns9 [/usr/lib]# ldconfig --verbose|grep stdc

ldconfig: Cannot stat /usr/lib/libGLU.so: No such file or directory

libstdc++.so.6 -> libstdc++.so.6.0.3"

 

I asked them to put the .so file in /usr/lib and yet the also seemed to refer to it being in /usr/bin

 

What would the path to this file be?

 

Below is an extract of the relevant section of hsbc.php

 

//Path where the TestHash.e executable is located

$path='/home/edwa7063/public_html/cgi-bin/hsbc';

 

putenv("LD_LIBRARY_PATH='/usr/lib'");

 

I am still getting error while loading library every time.

 

Hope someone can help me. This is ridiculously difficult!

 

Thanks in anticipation

Edited by acideddy

Share this post


Link to post
Share on other sites

I am wondering if nobody understands what the issue here is with my HSBC installation. I have spend many weeks developing the site and paid my money to HSBC and it is extremely frustrating that I cant sell anything!

 

I wish I had known that this was so problematic. Did I make a mistake using HSBC or OsCommerce?

 

To cut a long story short....I am willing to pay someone to sort this issue out. Can someone please help me :rolleyes:

 

Thanks, PM me if you can help. Fingers crossed there is someone out there who understands what to do

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×