Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HSBC secure-epayment module


Guest

Recommended Posts

  • Replies 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Sorry for pestering you all again.

 

I've just tried again, everything goes well as before, but this time, when the user is returned to my site, they receive the message - The transaction was placed in Review state by FraudShield.1. Is this good?

Link to comment
Share on other sites

Hi Pappa,

that's the message for error9. You can get rid of it by adding 9 to the list of pending error codes in the Payment Modules section of the admin section.

 

Your next problem might be a payment successful screen but orders not registering in oscommerce on return from HSBC. Then you will have caught up with me!

 

Paul

Link to comment
Share on other sites

Hi Pappa,

that's the message for error9. You can get rid of it by adding 9 to the list of pending error codes in the Payment Modules section of the admin section.

 

Your next problem might be a payment successful screen but orders not registering in oscommerce on return from HSBC. Then you will have caught up with me!

 

Paul

 

Hi,

 

I've tried to process an order with a real card number also, but ths seems to 'hang' the HSBC process at the point when it is checking the card, it just does nothing except state that it is checking the card details.

 

I've now added 9 to the list of Pending Error Codes, but for some reason the order gets set to "On Hold" (not that that's a problem).

 

Pappa

Link to comment
Share on other sites

I think I've sorted it now. I changed the billing address of the user to a US address when using the 4111* test card number, this worked and set the order status to "processing" in my admin section.

 

I assume all I have to do now is inform HSBC that I'm no longer testing.

 

Thanks to everyone who's pitched in here.

 

Pappa

Link to comment
Share on other sites

Pappa,

 

Did you have to make any changes to the files checkout_process.php, checkout_success.php and hsbc_return.php to get the orders to show in your database?

 

 

Only the one change to checkout_process.php quoted in the checkout_process.php.changes.txt file:

1∫. Just one change:

Before the first include, to include the application_top.php, put this line:

if (!empty($_POST['MerchantData']))  $_GET['osCsid']=$_POST['MerchantData']; 

So will look this way:

if (!empty($_POST['MerchantData']))  $_GET['osCsid']=$_POST['MerchantData']; 

include('includes/application_top.php');

The only other things I did was to change the "Set Order Status" to "Processing", and "Pending Error Codes" to "0,9", although on reflection, I suppose this should just be "9". I don't recall making any other changes.

 

Pappa

Link to comment
Share on other sites

I use Network Solutions for hosting. Having got my site ready to go and integrating the HSBC CPI module the hosting company has now said they will not put the so file in the usr/lib directory as it is shared hosting.

 

Grrrrr.....

 

Is there anyway around this ?

 

If not can anyone recommend an ISP that will or has allowed this.

 

Thanks

 

Damian

Link to comment
Share on other sites

Yes, it needs to be https, but it can be either a full or shared ssl which you use.

 

Vger

Thanks vger. Just thought I'd clear that small doubt up.

 

While you're there can you just confirm then that the page which connects to HSBC from oscommerce must be of the following format;

 

https://www.domain.com/checkout_confirmation.php

Link to comment
Share on other sites

You can change the pathway to it in the includes/modules/payment/hsbc.php file. Look at the pathway to the cgi-bin and try replicating that.

 

Vger

I use Network Solutions for hosting. Having got my site ready to go and integrating the HSBC CPI module the hosting company has now said they will not put the so file in the usr/lib directory as it is shared hosting.

 

Grrrrr.....

 

Is there anyway around this ?

 

If not can anyone recommend an ISP that will or has allowed this.

 

Thanks

 

Damian

Link to comment
Share on other sites

Hi all,

 

I need a bit of a hand!

 

I've setup and installed the HSBC files on my server, and thats working fine.

 

Now when I try testing the HSBC module, it comes back with Hacking attempt.

 

I've done a bit more of an investigation, and it seems that I am getting a response back from HSBC (by echoing out $_POST) and its generating error 12.

Anyway, my question is that $_POST['OrderHash'] does not exist, and this is what is causing the Hacking Attempt error.

So, does this mean that $_POST['OrderHash'] is not being returned from HSBC? Is it not being returned because of the error (error 12)?

 

Any thoughts on this?

 

Also, while I'm here - we're not running on a secure server at the moment - would this cause a problem? <_<

Link to comment
Share on other sites

Also, while I'm here - we're not running on a secure server at the moment - would this cause a problem?

 

If you had bothered to read HSBC's Secure ePayments Terms and Conditions you'd know that you can only connect to HSBC on a secure connection. If that seems harsh, it's a basic requirement and you should know it.

 

Vger

Link to comment
Share on other sites

If you had bothered to read HSBC's Secure ePayments Terms and Conditions you'd know that you can only connect to HSBC on a secure connection. If that seems harsh, it's a basic requirement and you should know it.

 

Vger

 

Cheers for that - I'm aware that HSBC stipulate a sercure connection, but as the site is still in development, I've not got a certificate sorted yet. I was purely wondering whether it is possible to communicate with HSBC without a certificate? Will it operate with a certificate that has not been signed by an official certification authority?

 

Regards,

 

Mark

Link to comment
Share on other sites

  • 3 weeks later...

Having seen all the problems encountered by people with this contrib, I opted instead to use the contrib recommened by Ted Doyle in this post:

 

http://www.oscommerce.com/forums/index.php?s=&...st&p=934997

 

Use the contribution from DownHome Consulting:

 

http://www.downhomeconsulting.com/Downloads/downloads.php

 

It worked first time out of the box! It's not truly open-source as it uses some form of encryption - but hell it works like a dream.

 

Regards

Link to comment
Share on other sites

Yeah, you can trust a download from a site with this on the page!

 

db: could not connect to the database server (dev.dhwd.com, project).

 

db: bad SQL query: SELECT vars.id FROM u_Session AS sess, u_Session_vars AS vars WHERE sess.id = vars.session AND sess.LastAction < 1160547480

 

 

db: bad SQL query: DELETE FROM u_Session WHERE LastAction < 1160547480

 

 

db: bad SQL query: UPDATE u_Session SET userID = NULL WHERE LastAction < 1160547480

 

 

db: bad SQL query: SELECT * FROM u_Session WHERE id = '0MV3r6quADMSZakd8shl'

 

 

db: bad SQL query: INSERT INTO u_Session VALUES ('0MV3r6quADMSZakd8shl',1160569080,'195.137.4.162',NULL)

 

Error: Can't create session cookie

db: bad SQL query: SELECT DATE_FORMAT(news_date, '%c/%e/%y') AS fmt_date, p.* FROM project p WHERE news_inactive <> '1' AND (news_summary <> '' OR news_story <> '' ) ORDER BY news_date DESC LIMIT 4

 

Vger

Link to comment
Share on other sites

OK you need to give the cmd.exe read and execute privilages via the internet guest user. After you have done this your error message will transform from the infamous "unable to fork" to the more famous "hacking attempt"

 

I'm trying to get this working on a shared windows server and don't seem to be able to get beyond this - my hosts say they can't relax the permissions on cmd.exe because it's a shared server. Although they tantilisingly add that they have other customers using osCommerce and the HSBC payment gateway on their shared windows servers.

 

Anyone got any idea how to do this?

Link to comment
Share on other sites

Although they tantilisingly add that they have other customers using osCommerce and the HSBC payment gateway on their shared windows servers.

 

Yeah, I bet they did. I could even bet on who they are.

 

Give up now - save yourself a load of grief. Use a host with servers that actually support running HSBC Secure e-Payments.

 

Vger

Link to comment
Share on other sites

Give up now - save yourself a load of grief. Use a host with servers that actually support running HSBC Secure e-Payments.

 

If only it were that simple ;) I've inherited a site written in ASP, which kind of limits my options a bit regarding hosts.

 

Since the only way I could get the TestHash thing working was by using the asp version supplied by HSBC it looks like I'm going to have to write an ASP script to generate the hash and ammend the hsbc.php payment module to use that instead of running the testhash.exe directly.

 

I think it should be possible...

Link to comment
Share on other sites

Can anyone help, think I have the path wrong somehow, here is the hacking attempt reply:

 

Hacking atempt! - orderHash=nOPIA4VGVCboUr8ANBdmjYuS8/0= hash=/home/virtual/thomaswilsondesign.co.uk/var/www/cgi-bin/TestHash.e

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...