Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

is there anyone who has successfully integrated HSBC? Please get in touch with a price on undertaking the integration as soon as possible.

 

Many Thanks in advance..

 

alexiophoto (-at-) googlemail.com

Share this post


Link to post
Share on other sites

I have successfully installed HSBC on my dedicated server up to a point. I can connect to HSBC and make payment no problem at all, but when the transaction is complete or canceled the session is lost and you are redirected to login page or the create account page.

  • The session ID is showing in the URL.
  • Once you log back in after cancel order the error message shows correctly.
  • I have tried adding
    if (!empty($_POST['MerchantData']))  $_GET['osCsid']=$_POST['MerchantData'];

    to checkout_shipping.php, but does not help.

  • config looks correct and session options look right.
  • fast_account has been installed!

The redirect happens at this point:

 

if (!tep_session_is_registered('customer_id')) {
$navigation->set_snapshot();
tep_redirect(tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));
}

 

So you can see there is no registered customer in the session or no session at all.

 

 

Please help, Thanks,

 

Gareth

Edited by WS Evolution

Share this post


Link to post
Share on other sites
I have successfully installed HSBC on my dedicated server up to a point. I can connect to HSBC and make payment no problem at all, but when the transaction is complete or canceled the session is lost and you are redirected to login page or the create account page.
  • The session ID is showing in the URL.
  • Once you log back in after cancel order the error message shows correctly.
  • I have tried adding
    if (!empty($_POST['MerchantData']))  $_GET['osCsid']=$_POST['MerchantData'];

    to checkout_shipping.php, but does not help.

  • config looks correct and session options look right.
  • fast_account has been installed!

The redirect happens at this point:

 

if (!tep_session_is_registered('customer_id')) {
$navigation->set_snapshot();
tep_redirect(tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'));
}

 

So you can see there is no registered customer in the session or no session at all.

Please help, Thanks,

 

Gareth

 

 

Session ID is correct at hsbc return page, which goes to checkout_shipping.php where its then re-redirected to create_account1.php and a new session ID is created. Once you log in you can view the error message sent from HSBC.

Share this post


Link to post
Share on other sites

I am still loosing the session and the user is logged out when returned from HSBC! Surely someone must have some knowledge of what might be causing this problem.

 

Any help would be much appreciated.

 

Thanks, Gareth

Share this post


Link to post
Share on other sites

Hi there, I've made my own site using PHP (I'm a total PHP newbi) and I've set up ePayments with HSBC using their API. The documentation they supply has left me totally clueless! I've been supplied with all the files and my CPI hash key but I don't know what I have to do or where to start!!! I can't event open the libCcCpiTools.so, CcOrderHash.e, CcResults.e and TestHash.e files in a text editor. Can someone please tell me what I have to do or what I have to set up? I'm really in the dark! From reading here I realise it's best I use the "C" API. My site is hosted with 1and1.

 

Id some one can spare a few emails to help me out I'd be your best mate! I'm desperate!

Share this post


Link to post
Share on other sites
I am still loosing the session and the user is logged out when returned from HSBC! Surely someone must have some knowledge of what might be causing this problem.

 

Any help would be much appreciated.

 

Thanks, Gareth

 

 

Adding the following code to application top fixed the issue.

 

if (!empty($_POST['MerchantData'])) $HTTP_POST_VARS['osCsid']=$_POST['MerchantData'];

 

Session is now restored. :rolleyes:

Share this post


Link to post
Share on other sites

Hi everyone, just a quick question as a client is interested in HSBC CPI integration, is SSL required for this? or just the mhash, mcrypt php extensions?

 

Oh also, after looking over the code, where do you enter configuration data such as merchant ID etc? In the code or in an admin section?

 

Thanks :D

Edited by alli14404

Share this post


Link to post
Share on other sites
Hi everyone, just a quick question as a client is interested in HSBC CPI integration, is SSL required for this? or just the mhash, mcrypt php extensions?

 

Oh also, after looking over the code, where do you enter configuration data such as merchant ID etc? In the code or in an admin section?

 

Thanks :D

 

An SSL cert is required for CPI integration - the return page has to start with https:// - it fails for self signed and (so far for me anyway) all the free certificate authorities.

 

You don't need the merchant ID for the CPI or API, the things that are required you enter through the admin section in the HSBC payment module.

Share this post


Link to post
Share on other sites

due to the HSBC secure payments system going down twice this year so far, and for a long weekend last time, and now again today, i've made a little script to change from hsbc to another payment system if a request to https://www.cpi.hsbc.com/servlet isn't succesful.. it's seems to be working for me anyway...

 

<?php
##############################
##############################
##				##
##	Kev	HSBC Checker V.1	##
##				##
##############################
##############################
require_once('YOUR CONNECTION FILE'); 


$request = "https://www.cpi.hsbc.com/servlet";

	if (@fopen($request,"r")) {
##$status = "This URL s readable";
		$updateSQL = sprintf("update customers_groups set group_payment_allowed = 'hsbc.php' WHERE group_payment_allowed = 'securetrading.php'");
	} else {
		$updateSQL = sprintf("update customers_groups set group_payment_allowed = 'securetrading.php' WHERE group_payment_allowed = 'hsbc.php'");
##$status = "This URL is not readable";
} 

##print "$status";

mysql_select_db($database, $connectionstring);
mysql_query($updateSQL, $connectionstring) or die(mysql_error());
?>

 

I've set this up as a CRON JOB to run every couple of minutes :)

 

in my example it changes from hsbc to secure trading.. not very glamorous i know, but handy for me

 

:D

Share this post


Link to post
Share on other sites
Ok, a little update to my last post.

Hi everyone

 

We've been using HSBC payment service for almost a year now.

Not with the now public hsbc module, ive rolled my own integration

back then.

Now we want to move our shop to another server.

It used to run on a dedicated one, put now its a shared hosting thingie.

So i'm not allowed to put libCcCpiTools.so into the servers lib folder.

Ok, so im trying to do this:

 

$new = "/usr/home/(accountname)/lib/libCcCpiTools.so"; // extra path

if ($old) { $new .= ";$old"; } // append old path if it existed

putenv("LD_LIBRARY_PATH=$new"); // set new

 

and then

dl (php_hsbccpi.so);

 

i have php_hsbccpi.so in the same (ssl) folder as the rest of the stuff.

now the problem is , dl doesnt work cause php_hsbccpi.so cant find libCcCpiTools.so:

 

Unable to load dynamic library './php_hsbccpi.so' - Shared object

"libCcCpiTools.so" not found in ...

 

(the libCcCpiTools.so file *is* in that via putenv specified folder).

if i do a

print getenv ("LD_LIBRARY_PATH");

(after setting my new path) i get the expected result, ie the dir i

specified, so putenv seems to 'work' ...

but, it is empty before i set it to anything..(?)

 

I'm getting desperate :o :o

Can someone think of what im doing wrong ? any ideas what i could try?

Thanks so much for any help / pointers..

Cheers

-Andreas

 

Hi

I too have this same problem.

Hello Andreas i am too using the Shared hosting i also face this same problem. But i am not able to fix it. Please help me how u got the solution.


Senthil Kumar R

Share this post


Link to post
Share on other sites

Hi,

 

I have a client who would like to use HSBC. I'm a long time user of OSC, and have integrated payment modules before, but I've never seen anything as daunting as this...

 

In searching about a bit I've notice mention of another, less mature module for integrating with the HSBC XML API , rather than the CPI version. By the sounds of things this is easier to work with. http://www.oscommerce.com/community/contri...ns,5585/page,13

 

Does anybody on this board have any experience with the HSBC API approach? What are the advantages/disadvantages? One advantage I can see for sure is not have to get the .so file installed by host. But is it really easier?

 

Any advice greatly appreciated.

 

Thanks

Subd

Share this post


Link to post
Share on other sites

Hi,

I have a client who has signed up with HSBC and I would appreciate a few quotes from people who know how to install the e-payments module and get it working fairly quickly. I haven't arranged hosting yet but from reading in this forum am thinking webfusion seem to be a good option - I'm open to advice though. Please PM me.

 

Thanks,

Mike

Share this post


Link to post
Share on other sites

Dear Sirs and Madams,

 

I'm having tons of problems with the HSBC - it's my nightmare and my headache.

 

I installed HSBC XML API contribution, but HSBC declines any order placed, even if the card data is correct and it doesn't work for dummy test data.

 

I've just installed HSBC e-Secure v3.1. Upon pressing the 'Confirm' button on checkout confirmation page, it takes me to the https://www.cpi.hsbc.com/servlet, but within a second redirects to the https://www.mysite.co.uk/hsbc_return.php and shows the following message: 'Hacking Attempt'.

 

It returns the following POST variables:

[storefrontId] =>XXXXX

[OrderId] => Order XXXXX-YYYYYY

[PurchaseAmount] => 596

[PurchaseCurrency] => 826

[PurchaseDate] => 1223304982707

[shopperEmail] => my@email

[MerchantData] => ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ

[CpiResultsCode] => 12

 

What should I do in order to make e-Secure 3.1 work.

 

Thanks,

Serge

Share this post


Link to post
Share on other sites

I have a Client with HSBC module version 1.0 which requires mhash and mycrypt to be installed on the server. The server management company have now installed mhash and mycrypt but a transaction returns the error: The transaction failed because of invalid input data. Error 10. Does this mean that mhash and mycrypt are not working correctly or am I likely to be missing other files. There's references on the net to files libCcCpiTools.so and php_hsbccpi.so being required.

 

Does the latest HSBC module also require these extra files? If not then is it likely that we can migrate to this latest module?

Share this post


Link to post
Share on other sites

Make sure that:

 

1. You send a session id to HSBC. "Force Cookie Use" should be turned off if you use HSBC.

2. When tesing make sure that the total purchase price, including postage, is less than 50 pence.

3. If your site uses a template it's likely that the session id may get lost before checkout_confirmation, so do a "View Source" to make sure the session id is present

4. If your server is based outside of the UK then the server time zone will be wrong, and the code need to be adjusted for it. One hour, plus or minus GMT is all that HSBC will accept.

 

Vger

Share this post


Link to post
Share on other sites

The module was working on another server but has now beed transfered to a new server. mhash and mycrypt are now installed and working but clicking the 'confirm' button in the checkout returns "The transaction failed because of invalid input data. Error10".

 

I suspect this is due to missing library files on the server. The way HSBC works seems over complex compared with the Protx and Worldpay modules. I think the module contribution should contain a warning to explain that the chosen webserver must be preconfigured with specific library files and settings. The last post to the contribution includes a C library file but with very little explanation - a lot of technical knowledge is assumed.

 

I've read in an earlier post that the following are required:

 

1. compiled c module 'testhash.e' for testing the hash key.

 

2. C modules libCcCpiTools.so, CcOrderHash.e, CcResults.e

 

3. PHP safe mode to be switched off

 

4. Allowed to run an executable

 

Where should the files in 1 & 2 above be located? I've seen them located in eg httpdocs/cgi-bin on another server, but should they be in whatever path is set for the server environment variable LD_LIBRARY_PATH (not LB_LIBRARY_PATH as in the installation help notes)? On my dedicated CentOS server LD_LIBRARY_PATH is set to /usr/local/apache/lib.

Share this post


Link to post
Share on other sites

I've uploaded the files in 1 & 2 above to /home/domainname/public_html/cgi-bin/ . In the Apache httpd.conf file it has:

ScriptAlias /cgi-bin/ /home/domainname/public_html/cgi-bin/

 

(phpinfo.php says LD_LIBRARY_PATH is set to /usr/local/apache/lib).

The cgi-bin directory has 755 permissions, so execution should be allowed, however the HSBC module still returns error 10.

 

Where are the C module files called from?

Share this post


Link to post
Share on other sites

[i thought we used to be able to edit these posts - can't see any edit button]

 

I've tested TestHash.e using the following command in PuTTY:

./testHash.e HASHKEY "Monkey"

and it returns the following error:

error while loading shared libraries: libCcCpiTools.so: cannot open shared object file: No such file or directory

 

However the file libCcCpiTools.so does exist in the same directory and is chmod 755.

 

I'm seriously considering changing this complicated module for the one mentioned here which apparently only requires mhash and mycrypt. Anyone have any experience with this alternative module?

Share this post


Link to post
Share on other sites

I think the above error loading the library was because I had not set LB_LIBRARY_PATH.

 

The main reason the checkout was returning error 10 was that my test product had no weight which caused the shipping fields to be empty, once I added some weight to the product then the hsbc module worked.

 

I would be interested to hear from anyone who's used the hsbc module 1.1 dated 2005 in my link above; I briefly tested it but found that the HSBC site hung and the order was not entered into osc; maybe there was an issue on the HSBC server or maybe there are some compatibility issues, I don't know.

Share this post


Link to post
Share on other sites

Hi all,

 

I recently tried to install the HSBC e-payments CPI module and after trying for several days to get it working and finally realising that my hosting company weren't going to allow me to install the necessary files I gave up and used the API module instead. I found this one much easier to install, the contribution from AlexJudd worked without any hitches and I didn't need to re-apply to HSBC or anything, I just called the technical support and they told me where to find the codes etc I needed in the HSBC admin website. I'm far far from an expert php programmer and it's now working well without any problems so far.

 

When I originally read on HSBC's website about the two different methods I thought CPI sounded as though it would be easier to install and use but when I tried it the opposite was the case.

 

Hope this saves some people some time and headaches. :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×