Jump to content
Sign in to follow this  
freerangemum

HSBC secure-epayment module

Recommended Posts

Hi

 

I have one issue, if a user does not return after paying on the HSBC CPI, the order does not show up in my orders. I have done Neils fix and the order numbers are correct. What can I do to resolve this.

 

Regards

Raj

 

SimplySpice - Authentic Indian Foods & Spices

Share this post


Link to post
Share on other sites

In some of my earlier findings one workaround I posted causes the above problem.

 

You should not comment out $payment_modules->before_process(); in checkout_process.php.

 

And in hsbc_return.php you should make sure that the checkout_success call is:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL', false, false).'?osCsid='.$MerchantData.'&orderid='.$GLOBALS["OrderId"]);

 

and not:

 

if ($order_hash!=$hash) die ("Hacking atempt!");

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

 

As I had stated in earlier posts.

 

Please accept my apologies for the confusion but these posts were done when the HSBC module was in it's infancy and I was desperate to get it working.

 

Regards

 

Neil Westlake

www.djbox.co.uk

Share this post


Link to post
Share on other sites

HSBC's generateHash function merely generates a 28-character hash.

 

1. Can anyone confirm that this is in fact an SHA-1 hash converted to base64.

2. In which case, PHP's sha1 function can surely be used instead?

3. How does the hash operate on an array of strings: are the strings just concatonated to produce one long string?

 

Regards,

Ian Tresman

Derby, UK

Share this post


Link to post
Share on other sites

Well Hi! I have been plugging away, digesting this thread and poring over the documentation to get this module working. I have some input as well as some questions!

 

Call me stupid but I didn't realise at first that the files on the HSBC CD had to be placed on my server. After reading the thread, I worked out the placements and paths, but here's what I had to figure out...

 

Tip - read your server logs! I know it's basic, but I was stumped by my server not finding TestHash.e for ages. This leads me on to my second tip...

 

Tip - *nix servers are case sensitive! I spent ages playing with the path to TestHash.e in the code, only to realise I was calling TestHash.e and the file in my web root was called testhash.e. Doh!

 

Question : I am running my module on a development box at the moment, running Red Hat 9. After trying to make a card payment, I am either returned to the store with the ocs message "The transaction failed because of invalid input data." or dumped back to the login page.

 

Would this be due to the lack of SSL?

 

If so, can I test the install by installing OpenSSL and self-signing a certificate? I figure that if I do this, I will have all the tools I need to get it working prior to going live.

 

Since I would only require OpenSSL for a local test of this install, is there an easier option to proceed or is SSL connection a requisite of HSBC even at the test stage?

 

TIA!

Share this post


Link to post
Share on other sites

Hi Guys

 

Firstly can I say this contribution solved a very big issue for me. Excellent contribution.

 

I have one issue remaining.

 

I am not using the autoincrement orderid, I am using the following

 

in file checkout_confirmation.php

 

$r1 = rand(1,9);

$t1 = date("zHis");

$insert_id = $t1.$r1;

$orderid = $t1.$r1;

 

and in file checkout_process.php

 

if (!$orderid)

{

//Generation of the order_id

$r1 = rand(1,9);

$t1 = date("zHis");

$insert_id = $t1.$r1;

$orderid = $t1.$r1;

}

else

{

$insert_id = $orderid;

}

 

 

The problem I have is that checkout_process.php is unable to see the $orderid that was generated by checkout_confirmation.php, and the $orderid is recalculated giving a diferent number after the credit card is processed.

 

I presume it is something to do with passing to the variable to the form checkout_process.php by checkout_confirmation.php.

 

 

 

Can you help, please.

 

Regards

Raj Bangar

 

SimplySpice (UK)

Buy bargain Indian food ingredients online here

Bring the taste of India to your home with SimplySpice - Indian foods & spices delivered directly to your door. Free delivery for orders over ?25 - one of the widest ranges of Indian food online.

Share this post


Link to post
Share on other sites
2. the libCcCpiTools.so and TestHash.e file need to be transfered in binary mode to a folder on your server, but the libCcCpiTools.so file needs to be in /bin/lib if your php servers are set to run in 'safe' mode which does not allow you to use the
$ export LB_LIBRARY_PATH=[path where you have placed both files]

which is located in the hsbc.php file in /catalog/includes/modules/payment folder

I may be being a bit slow here...

 

...but if my server says 'safe_mode off' does this mean that I can upload libCcCpiTools.so into a folder under public_html on my webserver, without access to /usr/lib?

 

If so, that would save a lot of hassle asking my webhost to upload this file to /usr/lib for me!

Share this post


Link to post
Share on other sites

Hi Darkside

 

If safe mode is off like mine then yes you dont have to put it in /bin/lib/ folder, thats what i was getting at, but then i put it in a folder outside my public viewable (www) folder, as i dont want anything but my scripts to call testhash.e (overly cautious may be but better to be safe that sorry :) )

 

Andy


Literally, Laterally Thinking! If you cannot get through it, go round it.

Share this post


Link to post
Share on other sites
If safe mode is off like mine then yes you dont have to put it in /bin/lib/ folder

Cheers! That's perfect...

 

My host let's me create folders alongside /public_html/ and safe mode is off.

I think everything is now working - just waiting for the SSL to go live and fingers crossed, the testing can begin!

Share this post


Link to post
Share on other sites

Help needed fast Guys,

 

I have been setup with HSBC for a few months now with a couple hundred orders have gone through succesfully - Now, its all gone for a bag of rats!

 

As of last night the HSBC are taking the payment OK but the orders are not showing up in OScommerce Admin - Meaning people are happily paying me for stuff but I don't know what to send them.....

 

I know Tim Elliot had a similar problem a couple of pages back but cant see an explanation of what was wrong or how to fix it!

 

I am guessing that either HSBC or my hosts (United Hosting) must have changed something as I have not done any work at all on the site recently.

 

If anyone out there can confirm that their system is working ok, particularly if they are hosting with UH I would appreciate it.

 

Also, any thoughts on what might be wrong could really help out,

 

Cheers Guys.


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites
Help needed fast Guys,

 

I have been setup with HSBC for a few months now with a couple hundred orders have gone through succesfully - Now, its all gone for a bag of rats!

 

As of last night the HSBC are taking the payment OK but the orders are not showing up in OScommerce Admin - Meaning people are happily paying me for stuff but I don't know what to send them.....

 

I know Tim Elliot had a similar problem a couple of pages back but cant see an explanation of what was wrong or how to fix it!

 

I am guessing that either HSBC or my hosts (United Hosting) must have changed something as I have not done any work at all on the site recently.

 

If anyone out there can confirm that their system is working ok, particularly if they are hosting with UH I would appreciate it.

 

Also, any thoughts on what might be wrong could really help out,

 

Cheers Guys.

Hi Richard

 

Just checked my system the HSBC side is working fine, looks like it is probably your Host.

 

Regards

Raj

Share this post


Link to post
Share on other sites

Hi Raj,

 

Thanks for the speedy response,

 

Yep, it looks as though it could be the hosts, apparently they have been doing some upgrades, according to the forum.

 

I have just contacted them and waiting to hear back.

 

Any thoughts on what it might have affected and how to put it right?

 

Richard


Only Dead Fish Go With The Flow......

Share this post


Link to post
Share on other sites

Richard

 

Hope you got my email. As I said, if your hosts have changed your server HSBC's DNS server doesn't seem to update very quickly. They are still working on this.

 

The work around is to put the IP of your secure server into the CpiDirectResultUrl in hsbc.php

 

Mine now reads:

'CpiDirectResultUrl'=>'https://67.15.54.137/~kidzdens/catalog/checkout_process.php',

 

instead of:

'CpiDirectResultUrl'=>'https://ssl.europahosting.co.uk/~kidzdens/catalog/checkout_process.php',

 

This has to be a temporary measure and if you confirm this is the problem I will give HSBC some more hassle about it.

 

Hope that helps

Tim

Share this post


Link to post
Share on other sites

Update to Richard's problem - it's a problem I had last night as well.

 

If anyone else is finding orders not going through properly and the last order they received was order_id 2147483647 then read on.

 

2147483647 is the largest number that can fit into a int field in MySQL. Any order numbers above this are all put in as this number, so subsequent orders fail to get entered - duplicate order id.

 

My order id is generated using JJJHHMMSSR

JJJ = 3 digit julian day

HH = 2 digit hour

MM = 2 digit minute

SS = 2 digit second

R = Random number between 0 and 9.

 

So at the start of day 215 in the year the order id is higher than 2147483647 and any subsequent order is entered as 2147483647 into the order_id INT(11) field.

 

I solved the problem like this:

 

Changed all orders_id fields in the orders tables (I think there are 6 tables that need changing) from int(11) to bigint(11). This allows higher order numbers.

 

In orders.php and a few other files in the admin side there are references to (int)$oID. This can be changed to $oID for all cases. It seems to work for me now.

 

Another different solution would be to change the generation of the order id so it never goes above 2147483647. Haven't come up with a suitable way yet though.

 

Hope this helps

 

Tim

Share this post


Link to post
Share on other sites
$ export LB_LIBRARY_PATH=[path where you have placed both files]

My contribution has the line

 

putenv("LD_LIBRARY_PATH=$path");

 

where I use $path so I can test on both a local and live server without making any changes.

 

Is this the same line (putenv instead of $ export) in a later version of the contribution?

 

TIA

Share this post


Link to post
Share on other sites

Further update to the large integer order_id problem.

 

I suggest that if anyone else gets this problem then they change the way they generate the order id. Instead of JJJHHMMSSR use JJJHHMMRR which will never go over 2147483647.

 

If you do want to keep it as JJJHHMMSSR then all the (int)$order_id refeences need to be changed to $order_id for the entire site. Not a good solution but possible. I don;t know what efect this will have on operation though so can't recommend it.

 

Tim

Share this post


Link to post
Share on other sites

Ok I'll hold my hands up and admit that the order_id failing was completly my fault. :( so I do appologise to everyone that has been inconvenienced by this, this was caused by the mySQL table only setup to handle values up to: 2147483647

 

If your looking for a solution here is one I have used:

 

Firstly in checkout_process.php:

 

replace

 

if (!$orderid)
	 {
 //Generation of the order_id  
  $r1 = rand(1,9);
                 $t1 = date("zHis");
  $insert_id = $t1.$r1;
}
else
{
 $insert_id = $orderid;
}

 

with

 

 // Generate Random Order ID if not already set
 if(!$order_id)
	 {
  while (get_order_id() > 0);
  $insert_id = $rndnum;
}
 else
{
$insert_id = $order_id;
}

 

in hsbc.php

 

replace

 

   $r1 = rand(1,9);
                 $t1 = date("zHis");
  $sequence = $t1.$r1;

 

with

 

	
               global $rndnum;
               while (get_order_id() > 0);
$sequence = $rndnum;

 

and finally in general.php

 

add to the bottom.

 

// Get a unique random number for the order id
function get_order_id()
 {
 global $rndnum;
 $rndnum = rand(0,100000000);
 $query = "SELECT * FROM `orders` WHERE orders_id = ".$rndnum;
 $results = tep_db_query($query);

 return tep_db_num_rows($results);
 }

 

Hopefully this will last a little longer, as long as no one reaches 100000000 orders soon that is.

 

 

Regards

 

Neil Westlake

www.djbox.co.uk

Share this post


Link to post
Share on other sites

Hi,

 

Can anyone tell what exactly does this error code mean?

 

CpiResultsCode 4: The processor did not return a response.

 

I got a response back from the CPI after submitting data to it. My generated Hask Key matches the returned results.

 

Any ideas?

 

Thanks,

 

Kevin

Edited by treadmill

Share this post


Link to post
Share on other sites

Hi all

 

Sorry Kevin cannot help you with that could try the HSBC support because this looks like a CPI/API error code.

 

Anyway I was looking for this contribution to download it under the OSC contributions section and was not able to find it. I did find 1840 "HSBC Payment Module" is this is same one, which yous are working on?

 

If not can some one post a link to the contribution.

 

Thanks

Richard


Richard

Share this post


Link to post
Share on other sites

OK - it's late and I am sure I am missing something but I have been all through the forum and can't get any success!

 

What I *can* do is get to the HSBC page and all the details of the order are there!

 

What I *can't* do is return from the page and have the order processed.

 

All that happens is that I return to the site as a guest. As soon as I log back in, the goods are still in my basket.

 

I suspect that this is the order ID change discusssed earlier but I followed it to the letter and still get the problems!

 

Any clues?

 

I am tempted to go back to a clean install and start again -can anyone summarise the changes needed above and beyond the installation changes to get an order to process?

 

Cheers!

Share this post


Link to post
Share on other sites

Hello,

 

After reading all the past 23 pages and installing different HSBC contributions, I am still having trouble:

 

First:

I managed to do payments using the contribution: 3 May 2004 ? HSBC payment modile:

http://www.oscommerce.com/community/contri...y,1/search,hsbc

 

The only problem I had with this one was no order was stored in the admin eShop.

 

Second:

Now, I started from scratch again and installed the contribution proposed by Jos?.

http://oscommerce.qadram.com/modules.php?n...wdownload&cid=4

 

My actual problem is whenever clicking on the 'Confirm Order' button in my eShop, my browser will start to load the HSBC gateway (https://www.cpi.hsbc.com/servlet) but instead of connecting to it and displaying the HSBC page it goes back directly to the eShop logging page.

Then if I log again, the basket stays full.

 

I cannot find anymore information and start to be seriously confused by all the posts.

I tried most of the changes proposed on the previous pages of this forum but nothing really helped! My lack of PHP programming does not help too <_< ?.slowly but surely.

 

Do any change(s) must be made to Jos? contributions???

 

Thank you for a reply and all the hard works which have been put in this section.

Edited by SauCisson

Share this post


Link to post
Share on other sites
What I *can't* do is return from the page and have the order processed.

 

All that happens is that I return to the site as a guest. As soon as I log back in, the goods are still in my basket.

After re-reading the forum again and again I have narrowed the problem down to the line in hsbc_return.php that redirects the user to the correct page.

 

As it stands at the moment, I have:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL', false).'?osCsid='.$GLOBALS["MerchantData"]);

 

I still get the problem of being logged out on return to the store. It would seem that the store is losing the session information and therefore not processing the order.

 

I have tried all the suggested variants of the above line but cannot get it to work. Any clues or trouble shooting tips greatly appreciated!

Share this post


Link to post
Share on other sites

Hi Darkside,

 

I had similar problem, fixed it by adding this to the top of the hsbc_return.php file:-

 

 ?if (!empty($_POST['MerchantData'])) ?$_GET['osCsid']=$_POST['MerchantData'];
?include('includes/application_top.php');

Now the top of the file looks like this:-

<?php
/*
?osCommerce, Open Source E-Commerce Solutions
?http://www.oscommerce.com

?HSBC Payment Module Copyright (c) 2003,2004 qadram software
?http://www.qadram.com

?Module developed for FreeRangeKids
?http://www.freerangekids.co.uk ?

?Released under the GNU General Public License
*/
?if (!empty($_POST['MerchantData'])) ?$_GET['osCsid']=$_POST['MerchantData'];
?include('includes/application_top.php');
?
?// load selected payment module
?require(DIR_WS_CLASSES . 'payment.php');
?$payment_modules = new payment($payment);
?
?
?reset($_POST);
?$post_2=array();
?
?while(list($k,$v)=each($_POST))

I also removed the bit

'?osCsid='.$GLOBALS["MerchantData"]

 

so my return works with this:-

if ($CpiResultsCode=='0') 
? ?	{
? ? ?tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));
? ?	}

Full File now look like this:-

<?php
/*
?osCommerce, Open Source E-Commerce Solutions
?http://www.oscommerce.com

?HSBC Payment Module Copyright (c) 2003,2004 qadram software
?http://www.qadram.com

?Module developed for FreeRangeKids
?http://www.freerangekids.co.uk ?

?Released under the GNU General Public License
*/
?if (!empty($_POST['MerchantData'])) ?$_GET['osCsid']=$_POST['MerchantData'];
?include('includes/application_top.php');
?
?// load selected payment module
?require(DIR_WS_CLASSES . 'payment.php');
?$payment_modules = new payment($payment);
?
?
?reset($_POST);
?$post_2=array();
?
?while(list($k,$v)=each($_POST))
?{
?	if ($k!='OrderHash')
?	{
? ?$post_2[$k]=$v;
?	}
?}
?
?$order_hash=$_POST['OrderHash'];
?$hsbc=$GLOBALS['hsbc'];
?$hash=$hsbc->getHash($post_2);
?
?
?if ($order_hash!=$hash) die ("Hacking attempt!");
?
? ?	$CpiResultsCode=$_POST['CpiResultsCode'];

? ?	if ($CpiResultsCode=='0') 
? ?	{
? ? ?tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, '', 'SSL'));
? ?	}
? ?	
?	
? ?	$error=MODULE_PAYMENT_HSBC_TEXT_ERROR1;
? ?	
? ?	switch($CpiResultsCode)
? ?	{
? ? ?case 1: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR1; break;
? ? ?case 2: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR2; break;
? ? ?case 3: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR3; break;
? ? ?case 4: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR4; break;
? ? ?case 5: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR5; break;
? ? ?case 6: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR6; break;
? ? ?case 7: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR7; break;
? ? ?case 8: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR8; break;
? ? ?case 9: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR9; break;
? ? ?case 10: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR10; break;
? ? ?case 11: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR11; break;
? ? ?case 12: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR12; break;
? ? ?case 13: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR13; break;
? ? ?case 14: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR14; break;
? ? ?case 15: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR15; break;
? ? ?case 16: $error=MODULE_PAYMENT_HSBC_TEXT_ERROR16; break; ? ? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
? ?	}
? ?	
? ?	$codes=split(",",MODULE_PAYMENT_HSBC_PENDING_CODES);
? ?	
? ?	
? ?	if (in_array($CpiResultsCode,$codes))
? ?	{
? ? ? ?	tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'error_message=' . urlencode($error), 'SSL', true, false)); ? ? ?
? ?	} ? ?	
? ?	
? ? ? ?tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode($error), 'SSL', true, false));
? ? ?
?>

 

It seems that when returning from HSBC's site OsC cannot see the OscId therefore i would assume can link to complete sale properly and then empty basket.

 

give the above a try and see, all I can say is that it works for me.

 

Hope this helps

Andy

Edited by Johnson

Literally, Laterally Thinking! If you cannot get through it, go round it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×