Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

using my own account now, i'm the guy uploading the site for surface2air, and i've exhausted all the ideas i've had for solving the problem with the hacking attempt, i can't see what's wrong with it after looking through all of the other related posts. I've tried using the absolute path, i have a shared ssl certificate and a dedicated one on the way, files are uploaded to the cgi bin with chmod 755 but it still comes up with hacking attempt-any ideas anyone?

Link to comment
Share on other sites

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

using my own account now, i'm the guy uploading the site for surface2air, and i've exhausted all the ideas i've had for solving the problem with the hacking attempt, i can't see what's wrong with it after looking through all of the other related posts. I've tried using the absolute path, i have a shared ssl certificate and a dedicated one on the way, files are uploaded to the cgi bin with chmod 755 but it still comes up with hacking attempt-any ideas anyone?

problem now sorted...

Link to comment
Share on other sites

Paul,

 

Unfortuantely the Invalid Data Error is not because you are in test mode it's because something is wrong.

 

Check to make sure your hash is generating, to do this open the source for the confirm order page and search for OrderHash, if there is no value then the hash is not generating.

Regards

Neil Westlake

DJBox.co.uk

I've had this error message come up too, while in test mode though. I searched for OrderHash in checkout_confirmation.php and there is a value, but it's still not working. Any ideas? Cheers, Jon

Link to comment
Share on other sites

Free BSD - excuse me while I roll over on my back, kick my legs up in the air, and die laughing!

 

Sorry - just my jaundiced view of Free BSD (used by the likes of PowWeb).

 

Really though - you're going to have more than enough trouble trying to get this to operate on a decent server setup, let alone trying to run it on FreeBSD.

 

Vger

Link to comment
Share on other sites

Kev,

 

You most likely have an error in your checkout_process.php file, this file is responsible for entering the data into the database and sending the email.

 

Trying accessing the file using a browser to see if it outputs an error, if it directs you to the login page the error could still be there but it's not a parsing error.

 

Regards

 

Neil Westlake

DJBox.co.uk

Link to comment
Share on other sites

think i've fixed it

 

mainly because the site is heavily modded

adding:

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_PROCESS, 'order_id='.$insert_id, 'SSL'));

 

to hsbc_return file and having

 

tep_redirect(tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'order_id='.$insert_id, 'SSL'));

 

at the end of checkout_process file seems to have cured it

Edited by K-P
Link to comment
Share on other sites

Kev,

 

In test mode the orders will show just the same as in production mode. Believe me the problem your looking for is very difficult to find.

 

Check the order_id, the database is set to only hold 11 digits, if this goes over or theres any letters in there it won't update.

 

Regards

 

Neil Westlake

DJBox.co.uk

Link to comment
Share on other sites

Hi Neil,

 

Why don't you give webfusion.co.uk a go?

 

I've not even got a top account and I can host anything! It's got a great control panel, very good customer service and my programmer seemed to set everything up fine!

 

You get SSH which is what you need to run the executables (??) which I know you need...

 

Give it ago, I'm using SoHo - ?150/year.

 

Alex

 

P.S. I don't work for them, believe it or not!

Link to comment
Share on other sites

  • 3 weeks later...

Okay - after having the HSBC e-Secure module up and running for over six months without a hitch it's now well and truly broken.

 

Last night the new version of the website was uploaded, and HSBC stopped working. No HSBC files were overwritten. At first I thought it was to do with a new javascript drop down header, but that was replaced with a simple header on all the SSL pages - but it's still returning an 'invalid data input' error.

 

Any idea as to what could be causing the problem?

 

Vger

Link to comment
Share on other sites

Vger,

 

Without seeing the problem it's difficult to diagnose what could be wrong. I've checked your site and you've disabled the HSBC payment method. If you can take a copy of the source from the checkout_confimation page after selecting HSBC, email it across to me and I'll take a look.

 

Regards

 

Neil Westlake

DJBox.co.uk

Link to comment
Share on other sites

Hi Neil, Thanks for that offer. We've already checked the source against a former checkout_confirmation.php page that we had kept for reference and they are identical. The problem is not there. However, I shall e-mail it to you, in case you can see something that we can't! HSBC isn't even giving a 'Hacking attempt!' error, just bouncing us straight back to the site with the 'Invalid input data' error.

 

We have removed the javascript drop down that we thought was the cause of the problem - because in ssl mode it used a blank.html page as a buffer, and this was causing a 'mixed content' error. We resolved that easily enough, but decided to remove the drop down anyway.

 

I have done file comparisons all day between the old site files and the new site files (all of the relevant ones anyway) and it keeps coming back 'files identical'. I'm now beginning to wonder if it is to do with the CCGV Contribution. It was installed on the old site but not activated until now.

 

It's either that or something really silly and otherwise minor that is throwing HSBC off. As you know - it doesn't take much to do that!

 

Many Thanks - Vger

Link to comment
Share on other sites

Hi

 

I am down to my last few strands of hair now!!

All working apart from the order numbers being different.

i.e. HSBC number is different from the one sent via e-mail - or is this normal?

So many changes - I am getting confused as to which ones may be relevant for what seems like the final piece.

Can anyone help please - my eyes are burning from reading through this thread so many times.

Link to comment
Share on other sites

Depends what you mean by 'numbers' sent by HSBC. If this is an order number they generate then 'yes' it will probably be different to your own, because your orders will include any test orders you've run through, including Payment By Cheque orders.

 

Consider yourself lucky if that is your only problem with HSBC tonight!

 

Vger

Link to comment
Share on other sites

Thank you for the reply & apologies for any confusion.

Point taken - believe me this is not the only problem I have had with this module, as lots of others including yourself can verify.

Not being that clued up with programming / scripting - I am probably expecting miracles here but is there any way that the HSBC Order ID can be used as the shop 'order_id' - or does that have to be a manual tie-up process?

 

eg

HSBC Order ID - 86468114121 (Generated in hsbc.php?)

My order_id=681948577 (The one sent in e-mail to the customer & shop)(Generated on return to CHECKOUT_PROCESS?)

 

Not being a programmer - please excuse my lack of knowledge and feel free to correct my misunderstandings of how the process works.

Link to comment
Share on other sites

Greg,

 

Cant think of the answer right now as its late and its been a long time since I installed this but YES, your order numbers should tie up.

 

Something is not quite right. If you havent sussed it by tomorrow and nobody else comes up with the answer I will delve back through my workings.

 

If your going to be handling alot of orders this is something that needs to be right, trust me!

 

G'night,

Rich

Only Dead Fish Go With The Flow......

Link to comment
Share on other sites

Hi Richard

 

Apologies - hovered over the add reply button for too long & sent the reply before I had completed it. Another excuse for tearing more hair out!

Thanks for the reply - your help is really appreciated.

I am getting really frustrated now as I feel I am so close but not quite there just yet.

 

Happy days!

 

Greg

Link to comment
Share on other sites

Greg,

 

To solve your order number problem you can do the following:

 

in hsbc.php:

 

find:

 

      //Generation of the order_id  
     srand ((float) microtime() * 10000000);
     $r1 = rand(100,999);
     $t1 = date("yz-his");

     $sequence = $t1.$r1;

 

and replace it with:

 

      //Generation of the order_id  
 while (get_order_id() > 0);
 $sequence = $GLOBALS['rndnum'];

 

in checkout_process.php replace the original order generation code with:

 

 // Generate Random Order ID if not already set
 if(!$_POST['OrderId'])
	 {
 while (get_order_id() > 0);
 $insert_id = $rndnum;
}
 else
{
$insert_id = $_POST['OrderId'];
}

 

and in functions/general.php add this to the bottom:

 

// Get a unique random number for the order id
function get_order_id()
 {
 global $rndnum;
 $rndnum = rand(0,10000);
 $query = "SELECT * FROM `orders` WHERE orders_id = ".$rndnum;
 $results = tep_db_query($query);

 return tep_db_num_rows($results);
 }

 

finally run the following with phpMyadmin or similar:

 

ALTER TABLE `orders` CHANGE `orders_id` `orders_id` INT(10)  UNSIGNED NOT NULL

 

Let me know how you get on or if you have any problems.

 

Regards

 

Neil Westlake

DJBox.co.uk

Edited by ribs
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...