Apparently HSBC has a CPI Integration Guide - but I can;t find a download for it - perhaps you can contact them and ask for it:

[ukbusiness.hsbc.com...]

There is an osCommerce addon module for HSBC - you could download it and see how they implemented for ideas.

hi, i've got the integration guide... but still lost :$

Hi,

I'm also in the process of getting this up and running on Linux/Apache, just got my Hash Key from HSBC on friday so I'll be working on it from tomorrow.

Have you got any further with it? I'm pretty sure I know what's required but any tips would be very useful.

Cheers

I've given up, I must admit.

vincevincevince - it's difficult to give any advice or help without knowing a bit more about how the HSBC integration works.

Do you send details via a SSL HTTP POST? If so, you probably want to use the CURL functions in php. (Provided you have CURL installed on the server, of course)

"I've given up, I must admit."

I'll post back here once I've got it up and running if you like, well either that or I'll post something similar to the above :)

Cheers

The basic things it involves:

Putting together a SSL Post using SSL 3.0 and sending it to the HSBC server... so far so good...

but...

The POST must contain a hash generated by HSBC provided libraries (java and C++). This must be installed on the server and makes a hash of all order details. The problem has been for me getting this library to work.

I don't know any way of accessing functions within C libraries directly through PHP, and numerous attempts to create some form of C wrapper for the function have been met with compilation problems.

My main problem is that the source code of the library is not available, so I am unable to port it into PHP.

Have you tried using the Java functions in PHP? If you've got a JVM installed on the server you can recompile php to give access to it. You *should* then be able to use the HSBC Java library supplied.

I haven't done this myself, but it's certainly possible:
[uk2.php.net ]

I'm just using exec() call the c executable. Just copied the libraries over and copied some of the code from the OSCommerce module.

<?php
$cmd = "test1";

$path='/srv/www/htdocs';

$cmd="$path/TestHash.e HSBCHASHKEYHERE $cmd";

$ret=exec($cmd);

$ret=split(':',$ret);

//Returns the hash
$hash=trim($ret[1]);
echo $hash;
?>

Seems to work fine. Haven't tried hooking up to the HSBC system yet though.

You're lucky - the executable segfaults on my machine, and I don't have Java installed either :( Keep posting if you solve any more problems though, I might have to go back over this!

Hi,

I'm also trying to do this and can call the 'TestHash.e' from within my php script but when I run it I get:

TestHash.e: error while loading shared libraries: libCcCpiTools.so: cannot open shared object file: No such file or directory

Where do I put the 'libCcCpiTools.so' file so that it get picked up?

Thanks

Chris

Hi,

I've got this up and running now :) Albeit after many phone calls and emails to the HSBC tech team!

You need to drop it in your path somewhere, I put it in /lib

Cheers

Hi Thanks for that. I can now get the c program to run but I'm getting an error message "Error generating hash!"

I thought it was because of the data I was pushing through to it but I copied the example from the manual and still getting the error :( This is driving me crazy! :(

Do you have the email address for the tech support team, I can't find it anywhere?

Thanks

Chris

Did you ever get PHP to interface with HSBC's secure epayments CPI? It's a nightmare!

I think I have libCcCpiTools.so loaded, though I can't find any reference to it using phpinfo()... perhaps it is only loaded when required?

Can I access the library's function GenerateHash directly from PHP, and if so, do you have a PHP snippet that shows me how to do this?

Or must I go through a compiled binary such as testhash.e?

Regards,
Ian Tresman
Derby, UK

Hi all, I got an HSBC integration running at the end of last year with Linux/PHP. It's a real bugbear and the samples provided by HSBC are fairly poor in my view. It's not easy like worldpay. I had to re-write and re-compile the C scripts provided and then used exec() to call them from PHP. HSBC seem to have made little effort to build more helpful guides to using scripting languages with their product.

Hi I ended up just calling 'testhash.e' and passing the required params to it. This method saved a lot of time, but is not the greatest way of implementing it.

Oh well at least it works. Any problems give me a shout and I'll see if I can help out.

Cheers

Chris

I did get it working, just took ages. Did you get one of the dodgy cds with the corrupted libCpi library? That was a real hoot getting to the bottom of that one. I see you generated the hash using the binary provided, but did you manage to validate the return POST as well? Glad you got it working anyway :)

Hi,

I have found this forum very helpful and am finally getting somewhere with this gateway.

I'm still a bit stuck though.

I can generate a hash using c:

function create_hash($str){
$path='/srv/www/htdocs';

$cmd="$path/TestHash.e HSBCHASHKEYHERE $str";

$ret=exec($cmd);

$ret=split(':',$ret);

//Returns the hash
$hash=trim($ret[1]);
return $hash;
}

But how do i build the $str?

Do I just implode the post?

Or do I have to put the fields in a certain order?
ie $str=$_POST['OrderID'].$_POST['TimeStamp'] etc.

Please help!

I have changed the hash generation script a little, but I pass the parameter in a url encoded format:

$strParam = str_replace(' ','+',$strParam);
$strParam = str_replace("&","\\&",$strParam);

only difference is that the ampersand must be escaped so it can pass to the script via exec().

I added in some different return codes throughout so that I could catch them with exec() if hash generation failed.

exec($strParam,$output,$returncode);

Not sure why you are imploding a POST, unless you are passing everything from another script in your purchase sequence. But you could do something like..

$keys = array_keys($_POST);

foreach ($keys as $key)
{
write your \&key=value stuff to a string in here
}

one other thing.. hard coding the CPI key in your php script is against the terms and conditions set by HSBC. You seem to be doing that in your exec() call?

Hi, Thanks for your reply.

The initial form is posted to a confirmation page. The confirmation page submits the info to hsbc.

On the confirmation page I am now generating the hash value with the following:

$fields=array('OrderId','OrderHash','TimeStamp','CpiReturnUrl',
'CpiDirectResultUrl','StorefrontId','OrderDesc','PurchaseAmount','PurchaseCurrency','TransactionType',
'UserId','Mode','MerchantData'
);

foreach($fields as $field){
$str.="$field=".$_POST[$field]."&";
}
$str=substr($str,0,-1);

$str = str_replace("&","\\&",$str);

Altho the hash values aren't matching up,,,

Is there something wrong with my string?

I also have now moved the hash key out of the web path. Thanks for noticing that.

I just noticed 'OrderHash' shouldn't be in the array. I've taken that out. But still no joy :(

Because the php set up is running in safe mode I don't need to escape the ampersands. So I've taken out:

$str = str_replace("&","\\&",$str);

Still doesn't work tho!

Think I've cracked it. Any data in whitespace needs to be enclosed in double quotes.

The resultant string should look like:

8718386 1091115521000 [url...] [url...] shopid "Fine sample merchandise" 1995 826 Capture 1 T test

Hi Guys,

I also need to integrate HSBC with PHP for a UK Client. But after looking at the posts it seems integrating HSBC isn't that easy. So can anyone of you give me the details of the web hosts on which you were able to get HSBC running with PHP. I would prefer a Linux Host.

I'm looking at the whole integration again and I'm working right now on moving the site to another isp.

[edited by: jatar_k at 3:45 pm (utc) on July 30, 2004]
[edit reason] removed url [/edit]

Here's another gem that I found out - HSBC doesn't accept SSL Certificates with a postcode extension (X509 v3 extension). Only had to go back and get our SSL certificate re-issued! Took about a fortnight to sort that one out!

ajimenez, I don't exactly know what paramaters you are passing and where to be honest. Did you compile your own code for generating the hash? Are you generating the merchant POST or validating the return POST?

In that instance I was generating the merchant post.

I created a string of all the values I was going to post to HSBC (enclosed with quotes and separated by spaces).

Then I generated the has by sending the string to the testhash function using an exec call.

Hi Guys,

Glad I have found some people who are experiencing problems with Integrating the HSBC CPI. First off does anyone know the address where the form should POST to reach the CPI server? Its not in the manual.

The samples are very poor.

Thanks

Anthony