Latest News: (loading..)
Sign in to follow this  
Followers 0
freerangemum

HSBC secure-epayment module

1,158 posts in this topic

Erm - the timestamp needs to be 13 characters long and in milliseconds, so the code you have removed is essential. A.

I've played around some more & got it working!

 

I'm now using

	  //POST time
 $time=time();

  //Change the 0 if your server is located at a different GMT time  
  $time=($time+(0*3600));
$time= $time."000";

 

Only thing I now need to fix is to change the setting so that the payment needs to be manually set to shipped in the HSBS admin.

Share this post


Link to post
Share on other sites
I've played around some more & got it working!

 

I'm now using

	  //POST time
 $time=time();

  //Change the 0 if your server is located at a different GMT time  
  $time=($time+(0*3600));
$time= $time."000";

 

Only thing I now need to fix is to change the setting so that the payment needs to be manually set to shipped in the HSBS admin.

 

Ah - I understand what you were after now. This is a fix for those people whose timestamp is coming out in E notation instead of a string, yes?

Share this post


Link to post
Share on other sites
Ah - I understand what you were after now. This is a fix for those people whose timestamp is coming out in E notation instead of a string, yes?

Yes indeedy, except that I didn't know the term 'E notation'. That's one of the things I love about OSC , and about this HSBC mod - always teaching you new things!

Share this post


Link to post
Share on other sites

I don't BELIEVE this!

 

Moved to a new server & now its not working again. So far I've tried register_globals (is on), the timestamp (reverted to the original code which produces timestamp in the correct format, but doesn't fix the problem), the document_root, and checked that the files are in the right place.

 

No matter what I've tried, I'm still getting the hacking attempt message from hsbc_return.php. Anyone have suggestions for what to try next please? ;)

Share this post


Link to post
Share on other sites

First thing always is to check what you are sending to HSBC. Get as far as the checkout confirmation in your web browser, view the source, and see what fields you are passing. In particular, check that there is a hash value.

 

If you are testing through the live HSBC server with the test flag set, remember that transactions must be less than a pound in value and that your card details must be real ones.

 

What is different on your new server? OS? PHP/MySQL versions? OSC release? File permissions or ability to run executable code?

 

A.

 

I don't BELIEVE this!

 

Moved to a new server & now its not working again. So far I've tried register_globals (is on), the timestamp (reverted to the original code which produces timestamp in the correct format, but doesn't fix the problem), the document_root, and checked that the files are in the right place.

 

No matter what I've tried, I'm still getting the hacking attempt message from hsbc_return.php. Anyone have suggestions for what to try next please? ;)

Share this post


Link to post
Share on other sites
First thing always is to check what you are sending to HSBC. Get as far as the checkout confirmation in your web browser, view the source, and see what fields you are passing. In particular, check that there is a hash value.

That's my problem this time -

<input type="hidden" name="OrderHash" value="error while loading shared libraries">

 

So I checked the location of the files

//Path where the TestHash.e executable is located
			$path='/home/****/public_html/cgi-bin';	

			putenv("LD_LIBRARY_PATH=$path");

 

Files are in the cgi-bin, permissions set to 755.

 

What is different on your new server? OS? PHP/MySQL versions? OSC release? File permissions or ability to run executable code?

 

A.

 

I had OSC RC2 working on the old server (PHP4). The new server is PHP 5.2.6 (Zend: 2.2.0), MySQL 5.0.51a-community. I've already fixed a 'unknown column' bug in checkout_process.php (which I though had been sorted out in RC2?)

Share this post


Link to post
Share on other sites

Hi there, I am having problems finalising an hsbc install.

 

Everything works apart from order logging in the backend. After some digging around I think it has something to do with the way osc/the hsbc payment module deals with sessions. I think that the session information is not being passed to checkout_process.php as it errors out on:

 

if (!tep_session_is_registered('customer_id')) {    
$navigation->set_snapshot(array('mode' => 'SSL', 'page' => FILENAME_CHECKOUT_PAYMENT));
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); }

 

I have tried forcing cookies on and off in the configuration and i have tried the session.use_only_cookies and session.use_trans_sid settings in php.ini.

 

I have put some mail functions inside hsbc_return to see what it gets back and here it is:

 

(ORIG_POST) StorefrontId = UK1234567GBP
(ORIG_POST) OrderId = Order 0939-050406
(ORIG_POST) PurchaseAmount = 036
(ORIG_POST) PurchaseCurrency = 826
(ORIG_POST) PurchaseDate = 1234196359500
(ORIG_POST) ShopperEmail = xxx@xxx.com
(ORIG_POST) MerchantData = 2oplu0gtkk4mr4jmoh30go2rt2
(ORIG_POST) CpiResultsCode = 0
(ORIG_POST) OrderHash = atXj3cZmbJcDo9vMq/2VWMUsoLQ=



(POST) StorefrontId = UK1234567GBP
(POST) OrderId = Order 0939-050406
(POST) PurchaseAmount = 036
(POST) PurchaseCurrency = 826
(POST) PurchaseDate = 1234196359500
(POST) ShopperEmail = xxx@xxx.com
(POST) MerchantData = 2oplu0gtkk4mr4jmoh30go2rt2
(POST) CpiResultsCode = 0
(POST) OrderHash = atXj3cZmbJcDo9vMq/2VWMUsoLQ=
(GET) osCsid = 2oplu0gtkk4mr4jmoh30go2rt2

 

The blank lines is where the session information should go.

 

Anyone have any ideas as to what is going wrong?

 

Thanks in advance!

Share this post


Link to post
Share on other sites

I have a question regarding the $time code in this contribution.

 

According to the authors comment, and several replies I've seen on this thread we need to do this...

 

//POST time
$time = time();

//Change the 0 if your server is located at a different GMT time  
$time = ( $time + ( -8 * 3600 ) );
$time = $time * 1000;

 

...to make the contribution work in a none GMT time zone. I've found this to be incorrect, in php the function time() returns a unix timestamp, which does not have time zones, so adjusting it will end up switching the time that's posted to HSBC from GMT to the local time (in the above code PST). The HSBC documentation states that the time posted to the CPI should be +/- 1 hour from GMT, so a local time will always fail.

 

I can't see any reason for this code, has anyone set up a store on a server outside the UK and successfully made this adjustment?

 

I have the contribution working without that adjustment, if I do make the 8 hour time zone change I get an error 4 (The processor did not return a response.) from the CPI.

 

I've therefore changed the code to this.

//POST time, in milliseconds
$time = time() * 1000;

Edited by mikebates

Share this post


Link to post
Share on other sites

Hi there,

 

I am getting a Fatal error: Call to a member function on a non-object in /home/******/private_html/hsbc_return.php on line 40

 

I am in Test mode and using valid cc details and the returned POST details look ok (CpiResultsCode = 0).

 

Regarding line 40 ( $hash=$hsbc->getHash($post_2); ) what is this for/ what does it actually do?

 

$order_hash=$_POST['OrderHash'];

$hsbc=$GLOBALS['hsbc'];

 

I am finding that $order_hash is ok, but $hsbc is blank.

 

I would have thought that (as the result code was 0 = ok) moving this:

$CpiResultsCode=$_POST['CpiResultsCode'];

if ($CpiResultsCode=='0')

{

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));

}

above line 40 would be ok - any thoughts on this??

 

Thanks,

Chaman

 

btw I had the scientific / e-notation thing for the timestamp but used the following to make it a string:

$TimeStamp = time()*1000; //Time has to be in microseconds, hence the *1000

$TimeStamp = sprintf("%f", $TimeStamp); // turn into float

$TimeStamp = explode(".",$TimeStamp);

$time = $TimeStamp[0]; // ditch the decimals

Share this post


Link to post
Share on other sites
Hi everyone, just a quick question as a client is interested in HSBC CPI integration, is SSL required for this? or just the mhash, mcrypt php extensions?

 

Oh also, after looking over the code, where do you enter configuration data such as merchant ID etc? In the code or in an admin section?

 

Thanks :D

 

 

Er, let me rephrase this - that'll teach me for posting when I thought I knew it all.

 

You don't need the merchant ID for the CPI, but you do need it for the API.

Share this post


Link to post
Share on other sites

Hi,

 

Hope you can help. Looking at integrating this with a store we host, the client has said that he is only covered against fraud if the delivery address matches the card address (house name / number and postcode). Does this module pass this information through to hsbc?

 

Thanks in advance,

 

Andrew

Share this post


Link to post
Share on other sites

Im at my wits end with this, I dont know if my host has the exe .so file installed (123-reg / webfusion?) and all I get constantly is the "hacking attempt" message.

 

As far as I can tell it should be working, I am thinking of just screwing this over and trying to get the Java version to work and then patch that into the HSBC module for OSCommerce somehow...

 

If anyone here can help it would be appreciated, ill give the hosting logins if I have to, the site was meant to be lauched last week and without this im screwed!!!!

Share this post


Link to post
Share on other sites

Hi there,

 

I have received my second hash key, the original was corrupted - this took ages to agree with HSBC. However I am now at the point where I am not getting a value in the POST commend for the ORDER HASH variable. Where should I be looking to fix this error?

 

With all the delays caused by the faulty hash key the client has demanded the site be running live by this Friday or the whole project will be pulled. Any assistance will be greatfully received.

 

We have a stand alone server with the library files installed and a correctly running Sample.html test file. IF you need further info to help me let me know and I'll supply it.

 

Many thanks,

Babs

Share this post


Link to post
Share on other sites

I have an issue at the moment -from what I can see HSBC requires DLL files to be installed on the server, but my server with Nativespace is a linux server. They are clear that they cannot help with OS Commerce stuff - I just need to speak to OS Commerce (hmmmm) and that DLL files only run on windows servers.

I am not sure but is this really the case? Is anyone running the HSBC CPI module on a Linux server?

Do I need to change host, and if so can anyone recommend a hosting site on which they are sucessfully running HSBC CPI?

Is anyone running a more straightforward and problem free payment gateway that they can recommend? Looking through the payment modules none of them seem that problem free.

I want to go live my the end of April, and at the moment am just chasing my tail- this is the first time I have set up a website - am i being unrealistic?

Can anyone recommend a next step?

Cheers

Joe

Share this post


Link to post
Share on other sites

Hi

 

I installed the contribution and made all the necessary amendments and all was working fine in Test Mode. The CPI came up, entered the CC details and was returned to the shop - Order appeared within admin and confirmation email sent and received.

However, when I switched on Production Mode I now get kicked straight back to the shop when the CPI Servlet is loading and receive the error message 'The transaction failed because of invalid input data'.

 

I've had a look through the thread but can't find anything that relates to this problem, buit if anyone can offer help or advice I'd be most grateful.

 

John Keiller

Share this post


Link to post
Share on other sites

I have an issue at the moment -from what I can see HSBC requires DLL files to be installed on the server, but my server with Nativespace is a linux server. They are clear that they cannot help with OS Commerce stuff - I just need to speak to OS Commerce (hmmmm) and that DLL files only run on windows servers.

I am not sure but is this really the case? Is anyone running the HSBC CPI module on a Linux server?

Do I need to change host, and if so can anyone recommend a hosting site on which they are sucessfully running HSBC CPI?

Is anyone running a more straightforward and problem free payment gateway that they can recommend? Looking through the payment modules none of them seem that problem free.

I want to go live my the end of April, and at the moment am just chasing my tail- this is the first time I have set up a website - am i being unrealistic?

Can anyone recommend a next step?

Cheers

Joe

 

 

If you are running on a Linux server you don't need the DLL files. There should be a Linux folder on the CD you received from HSBC ... or within the files that they may have emailed to you. You will find the necessary files in there : TestHash.e and Libtools.so (not the correct file name but pretty similar).

 

JK

Share this post


Link to post
Share on other sites

Hi

 

I have had several orders where the payment has been process by HSBC, but the order is not added to the oscommerce order database, nor have I received a confirmation email of an order.

 

Please can anyone tell me how to fix this as it is a very big problem as with these order I do not know what the customer has ordered and am having to issue refunds and so am losing business!

 

Thanks in advance.

Share this post


Link to post
Share on other sites

Hi

 

I have had several orders where the payment has been process by HSBC, but the order is not added to the oscommerce order database, nor have I received a confirmation email of an order.

 

Please can anyone tell me how to fix this as it is a very big problem as with these order I do not know what the customer has ordered and am having to issue refunds and so am losing business!

 

Thanks in advance.

 

 

 

OK this is wierd.

 

Orders are not added to the database because the site is using cookies???

 

I dont know what is happening here but on our previous host HSBC and cookies worked fine, now I have enable cookies on our new host and HSBC takes payment but fails to tell oscommerce, so the order isnt added to eh database.

 

Anyone have any ideas?

Share this post


Link to post
Share on other sites

Hi all!

 

I just find your website and as everybody on this topic i'm trying to install HSBC CPI on my website.

 

You talk about a module to download but I can't find any module to download on your website.

 

Can anyone give me the URL to download it?

 

Thanks in anticipation

Regards

Share this post


Link to post
Share on other sites

Hi all!

 

I just find your website and as everybody on this topic i'm trying to install HSBC CPI on my website.

 

You talk about a module to download but I can't find any module to download on your website.

 

Can anyone give me the URL to download it?

 

Thanks in anticipation

Regards

 

You should get it fromthe HSBC site

Nic

Share this post


Link to post
Share on other sites

Hi,

 

I hope someone can help me on this one:

 

My hosting won't allow access to the lib folder or install any executable files on the shared server, php exec() is blocked by the firewall... changing hosting providers is not an option and I suspect any good hosting company will be tightening up their 'defences' in the coming months / years.

 

So I looked for the alternative php version of the HSBC module but the links on this forum no longer work: http://www.downhomeconsulting.com/Downloads/downloads.php.

 

What I did do was find an HSBC module from another shopping cart solution that does use a php class to generate the order hash from here: http://www.ecartservice.net/01012009/hsbc-cpi-payment-module/

 

I downloaded the file and took out orderHash.php and put it into the Oscommerce modules/classes folder.

 

This orderHash.php script I found looks very similar to yet another one that I found here: http://www.davebarnes.co.uk/blog/2010/02/hsbc-php-cpi-integration-without-installing-software/ so I assume they both work fine.

 

I am getting a hash generated but it isn't matching the HSBC hash, I know all the other fields are being sent to HSBC correctly because I phoned HSBC and asked them the status of the test orders - they said all the data was fine except for the matching hash codes.

 

Obviously to get this far I had to modify modules/payment/hsbc.php to use the php class script (orderHash.php) instead of the OrderHash.e with libCcCpiTools.so and this is where my php strength fails:

 

I made 2 changes to hsbc.php:

 

Added:

 

include(DIR_WS_CLASSES . 'orderHash.php');

 

and changed:

 

//Function to generate a hash to perform the POST or to check received parameters
       function getHash($fields)
       {
               $cmd="";
               reset($fields);
               while(list($k,$v)=each($fields))
               {
                       $cmd.=" \"$v\" ";
               }

               //Path where the TestHash.e executable is located
               $path='/home/sites/domain.co.uk/public_html/includes/modules/payment';  

               putenv("LD_LIBRARY_PATH=$path");

               //Executes the TestHash to get the hash
               $cmd="$path/TestHash.e \"".MODULE_PAYMENT_HSBC_HASH."\" $cmd 2>&1";

               $ret=exec($cmd, $output);

               $ret=split(':',$ret);

               //Returns the hash
               $hash=trim($ret[1]);                    
               return($hash);
       }

 

to:

 

//Function to generate a hash to perform the POST or to check received parameters
       function getHash($fields)
       {
               $cmd="";
               reset($fields);
               while(list($k,$v)=each($fields))
               {
                       $cmd.=" \"$v\" ";
               }
		$cmd.=" 2>&1";

               //Path where the TestHash.e executable is located
               //$path='/home/sites/domain.co.uk/public_html/includes/modules/payment';  

               //putenv("LD_LIBRARY_PATH=$path");

               //Executes the TestHash to get the hash
               //$cmd="$path/TestHash.e \"".MODULE_PAYMENT_HSBC_HASH."\" $cmd 2>&1";

               //$ret=exec($cmd, $output);

	$ret = generateHash($cmd, MODULE_PAYMENT_HSBC_HASH);


               //$ret=split(':',$ret);

               //Returns the hash
               $hash=$ret;                    
               return($hash);
       }

 

I really am not sure if I have altered this correctly to get the correct hash from the php class so I would appreciate any help or assistance anyone could provide in getting this alteration correct.

 

If this can be achieved it means we can create an HSBC module that works entirely in PHP which could be made available without the need to install executable files.

 

Thanks in advance for your help,

 

Garry.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0