Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

Hi All,

 

Managed to make some slow progress on this - I've got past the "Hacking attempt" screen but after confirming my order the store tries to connect to https://www.cpi.hsbc.com/servlet but instantly gets redirected back to my store login page.............. Even though I'm already logged in!

 

I've installed the HSBC v3.0 contribution - amended the path to testhash.e in my HSBC.php file, uploaded libCcCpiTools.so, CcOrderHash.e, CcResults.e and TestHash.e to my cgi-bin and set permissions to 755.

 

That got me past the "Hacking attempt" warning.........

 

Why am I being kicked out of the HSBC site????

 

 

Thanks in advance...

Link to comment
Share on other sites

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

I am still totally stuck and cant get past hacking attempt error while loading shared libraries.

 

I have my testhash.e file in a writable folder on my Web site and my path to testhash is fine.

 

My .so file has been uploaded by my host to /usr/lib and they tell me it is loading into ram.

 

Could anyone tell me whether I still need to have the putenv line in of do I change it to point to /usr/lib? How does the teshhash.e file access the library?

 

I am going out my mind here!

 

Eddy

Link to comment
Share on other sites

  • 1 month later...

Ok so I have dabbled with getting this module to work - I am a fairly experienced php user but have a 5 page a4 list of things to do!

 

If someone would like to quote me a price for this completion I would appreciate - or someone give me a hint as to what to do?

 

its the same aforementioned problem where 1and1 doesn't appear to accept HSBC's post - nothing is saved down to database.

 

It all works bar this small part - Apparently Jose has fixed for Volumax - What was the fix? Can we make it public or will someone do it for a price?

 

Will look forward to PM's / Replies.

 

 

 

 

 

 

"im not a businessman, Im a Business Maaaaan"

dotWdot

http://www.wheels-near-u.co.uk

Link to comment
Share on other sites

Hmmm... The saga continues... HSBC say that Transaction Type needs to be Authorise & not Capture, but I can't see an option to set this in Jose's module... Anyone hit this one before? HSBC are sitting on funds that they've 'captured', but won't release... Oh Dear... ;-)

Link to comment
Share on other sites

Opps... It's been a while since I've worked on this, so sorry for my dopey enquiry... Apparantly the Transaction Type should be Capture, & it's set in \includes\modules\payment\hsbc.php (just for the record)... Value can be 'TransactionType'=>'Capture', or 'TransactionType'=>'Auth', according to the HSBC 'literature'... :blush: Well that's that then... ;)

Link to comment
Share on other sites

Opps... It's been a while since I've worked on this, so sorry for my dopey enquiry... Apparantly the Transaction Type should be Capture, & it's set in \includes\modules\payment\hsbc.php (just for the record)... Value can be 'TransactionType'=>'Capture', or 'TransactionType'=>'Auth', according to the HSBC 'literature'... :blush: Well that's that then... ;)

 

 

Funny, this one popped up on me last week.

 

I had mine set to AUTH. And it appeared to be processing CC transactions ok. Then my client contacted me and said she was having to manually do something within the HSBC admin to get the money into her account. After a few calls to the HSBC support people it appears that it needed to be set to CAPTURE.

 

Have just done this though my client hasn't yet had a HSBC payment through her site yet to prove she no longer needs to do the manual thing.

 

As to what AUTH or CAPTURE means.. Sorry don't know. But I'd set to CAPTURE.

 

Hope that helps

 

J

Link to comment
Share on other sites

  • 3 weeks later...

Hi, I really need all the experts help.

 

I am thai, and english is my second language. I need to set up the HSBC secure-epayment page working on my website. Unfortunately, I have only a tiny clues about all the C+, java, php language. And everything I have learn (including this english language) is through google.

 

I got a documentation from HSBC and google it for step by step instruction. And I have read almost of every topics and posts here but unfortunately I have not understand at all.

 

I have ask my hosting to install .so files on the shared libary but they said since I am my own hosting I can do it myself. (which i just learn that I have to do it through SSH) but I have no clue how that works. and how to add path to LD_LIBRARY_PATH.

 

THE HSBC sale girl is selling me this service and told me that its only take a little html knowledgable which I am stuck as I have absolutely no clue at all. The support desk does not know what I am talking about because I failed to explain to them what I need.

 

I failed to read the instructions from 100 experts on here because I am not sure where to run command and everything. I only need step by step guide if anyone will be able to help this poor little girl :D

 

my email address is [email protected] hope I can hear from you guys.

 

Thanks in advance.

Link to comment
Share on other sites

After much sweat and blood, I have managed to get a lot further with this. I sorted the .so file (it suddenly started working after a few weeks!). Then I sorted the time stamp and order number.

 

My last remaining problem was that customers were being returned to the site with an empty shopping cart. I tried all the mods suggested above with varying effects but none of them worked. Then, after messing around with the code again, I get the dreaded Hacking Attempt!

 

The only two files I have been messing with to resolve this final issue are hsbc_return.php and checkout_process.php.

 

Is there anyone who could have a quick look at my code for these files please and see what I have done wrong?

 

I am sure it is something simple but with all the changes, I have lost where I am!

 

Hope someone can help please :thumbsup:

 

Thanks

 

Eddy

Link to comment
Share on other sites

Hey everyone - just to say I managed it, and here's a few things that might help:

 

 

I did it with the following:

  • Latest version of HSBC Module
  • Files from HSBC CD (they send you it)
  • on 1and1 hosting
  • with no previous knowledge regarding cpi

KEY NOTE: If you are hiding the shop while you work on it e.g. using .htaccess to password it - this will obviously stop HSBC doing the postback and mean that no data is written to the database or emails sent. Its a simple obvious thing but it had me caught for a while! - Make sure when testing that the whole shop is accessable to the public - because if its not then hsbc cant access it either.

 

Things to try if not working:

  • make sure you have LATEST version
  • make sure public can access shop
  • if getting hacking attempt error - mess about with currencies

The actual install works completly fine on 1and1, you can view my shop @ http://www.wheels-near-u.co.uk (shop not open till october)

 

 

Hope this helps a little!!!

 

.w.

Link to comment
Share on other sites

Can somebody tell me where I can get the TestHash.e file from. I cannot find it in any of the packages. Is it something that HSBC gives to the customer or is it in the contribution?

Link to comment
Share on other sites

  • 2 weeks later...

HSBC API XML Module

 

Hi everyone

 

We need to use the API interface for our HSBC integration rather than the currently supported CPI one, and I wanted to ask, before we embark on making one, whether anyone else has done this yet?

 

We've contributed some other things to the site so will be happy to give back the module we make, and my plan is to take the one for Cube Cart, convert to OSCommerce format, and use this.

 

Let me know - DDay is tomorrow as we have an eager client!

 

Kindest regards

 

Alex

 

alex (at) skywire (dot) co (dot) uk

Link to comment
Share on other sites

  • 4 weeks later...

HSBC vs Protx

 

Hello

 

does anyone here have any experience of both modules? I have a customer who banks with HSBC and wants to use them to as a payment module, however, I'm currently using Protx and have had little problem with them and the charges are reasonable and I would prefer him to use them.

 

I just wondered if anyone with any experience of both might be able to summarise any pro's and cons?

 

Thanks

 

Dave

Link to comment
Share on other sites

Actually Mark - these days I recommend that UK site owners use Protx Direct, which, in my opinion, is an infinitely superior system to either HSBC (Secure ePayments) or Barclays (ePDQ).

 

With Protx Direct:

 

1. It's cheaper.

2. No need to load certain library files

3. No ned to load files into the cgi bin

4. No need to construct jump pages (ePDQ)

5. The customer stays on your website all the time, it's only the data which goes back and fore.

 

If a customer of mine insists on HSBC or Barclays then I install it for them - but if they haven't yet signed up for those systems then I steer them to Protx.

 

Vger

 

Vger,

 

just found this post of your's!

 

Thanks for the info, just what I was looking for

 

Cheers

 

Dave

Link to comment
Share on other sites

Of course - I made that post 7 months ago, and since then Protx have screwed up so many times, and cost customers millions of pounds in lost revenue, that I now recommend Sec Pay.

 

Nothing stays static in this business for long!

 

Vger

Edited by Vger
Link to comment
Share on other sites

Hi,

 

The debate about which payment module is the best would go on forever and there would never be a clear winner.

 

We have developed professional payment modules that use the HSBC API system and the ProTX Direct method. Both have their advantages. I have a customer that's currently using SecPay who is changing to HSBC because of problems with SecPay.

 

There are two sides of every story, if your using an open source payment module to integrate with either of these services then ProTX Direct wins, this doesn't mean ProTX is better it's just that no one has developed an open source integration for HSBC API.

 

As a developer I neither favor HSBC or ProTX, they are both excellent payment systems. ProTX does come out on top slighlty as it has a better testing environment.

 

As a user, they are both the same as far as usage, they take the customers payment and put the money in your bank. The main difference here is the reliability, as Rhea stated ProTX have had some really bad unforgivable problems lately, whereas HSBC as far as I know have only had one problem I'm aware of in the past 3 years.

 

So in summary, if you're developing a module from scratch then ProTX direct is much easier. If you're an end user then HSBC seems more reliable but doesn't have a free open module.

 

Hope this helps.

 

Regards

 

Neil Westlake

 

PS. I'm comparing ProTX direct to HSBC API. Not the ProTX Form to HSBC CPI.

 

ProTX Direct and HSBC API allows for total integration into your store, including accepting, settling and credting payments all from within your store.

ProTX Form and HSBC CPI requires customers to enter their payment details on either ProTX's or HSBC's site. You must then login to the relevent merchant site to settle or credit payments.

Edited by ribs
Link to comment
Share on other sites

okay.. now got the hashes correct, but whilst adding some debuggin code i'm getting the following error ...

 

ret=/home/p/l/plough/public_html/cgi-bin//TestHash.e: 11: Syntax error: newline unexpected (expecting ")")

 

now, is this a server config error, or is it somethingin the module?

 

Thanks

Link to comment
Share on other sites

Of course - I made that post 7 months ago, and since then Protx have screwed up so many times, and cost customers millions of pounds in lost revenue, that I now recommend Sec Pay.

 

Nothing stays static in this business for long!

 

Vger

 

Thanks for the update, I didn't notice that it was 7 months ago!

 

Regards

 

Dave

Link to comment
Share on other sites

Hi All,

 

my customer still wants to go down the HSBC route because they bank with HSBC. They spoke to HSBC about using a 3rd party as their card processor rather than using Secure ePayments and were told basically 'why would you want to do that, they would still need HSBC to be the merchant bank and paying for protx or another third party would be an additional expense'.

 

I hoped you might be able to answer a couple of things?

 

Firstly, is that statement true?

 

Secondly, will this contribution allow API integration? It appears from what I can see that it won't, and there are companies selling modules to do this for £295.

 

And lastly, any other feedback, pro's and cons of this contribution and Secure ePayments you feel would be of use would be much appreciated.

 

Thanks for your time

 

Dave

Link to comment
Share on other sites

Hi Dave,

 

They are correct, why would you want to pay twice? You'll pay HSBC £25 pm for the merchant account but you won't use their gateway, and then you'll pay ProTX £20 pm to provide a gateway.

 

The only reason I can see why you would use ProTX in the first place is if your bank doesn't have their own gateway. HSBC does and it works really well.

 

Like you said, their are paid for modules out there that integrate into HSBC's API system, this is far superior to the CPI system that has been discussed over 50 odd pages here. The API doesn't require HASH keys or hidden posts back from HSBC to work.

 

Look at it this way, if you use HSBC and ProTX you'll be paying £45 pm (£20 extra) just because a Free module for ProTX is available, in the first year its going to cost you £240.00. Why not save that money and just put it towards a proper supported API module that works with osCommerce and HSBC.

 

Regards

 

Neil

Link to comment
Share on other sites

Hi Neil,

 

thanks for the information, that does make sense.

 

Do you know if there are a number of paid solutions for the API system or just thee one I stumbled across? And are there any that are recommended?

 

Thanks

 

Dave

Link to comment
Share on other sites

hi aLL :) got this working now using the downhomeconsulting mod :)

 

one thing though, when there is an error such as the fraud protection error thrown back from HSBS, and it returns you to the checkout process page, there is the error message displayed in the URL, is there any way to display this in the page itself, or a customer error?

Link to comment
Share on other sites

There is also a CPI system which is not available here (deleted for some reason), which only needs mcrypt and mhash to be installed in PHP (which they mostly are).

 

You can download it from here: http://www.downhomeconsulting.com/Downloads/downloads.php

 

Vger

 

Thanks for the info Rhea

 

Dave

Link to comment
Share on other sites

I have installed the CPI system from http://www.downhomeconsulting.com/Downloads/downloads.php but I cannot seem to test a card payment.

 

Can someone please have a look at my site and see whats wrong: www.heatingsapres247.com

 

At the moment when I type in a credit card no when selecting the HSBC CPI Gateway payment option and try to process the order I get an error message saying "The transaction failed because of invalid input data."

 

I would appreciate your help.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...