Forum Moderators: coopster
I've not had experience with HSBC CPI before, and am trying to integrate a shopping cart with it.
The server is Linux/Apache, and I have coded the cart in PHP. I'm desperately hoping that someone can give me a few pointers on what to do here, especially regarding the POST statements.
Your an absolute star! :))
I can now generate an order hash correctly! I will continue to integrate the CPI further with your email address in mind if ever I fall into any more pitholes.
Thanks
LuiGi
Its seems I can generate a hash from the command line with the hashkey sample you gave me ok! The only thing I cant do now it get my PHP script to work with the TestHash.e file. Nothing is being returned from the function below. Here is it....
function create_hash(){
$hashKey = "esfmrwwruiu6tk5lsfq6p/gu3sak2z/w";
$teststr = '"Monkey"';
$path = "/home/virtual/site66/fst/var/www/html/c";
$cmd = "$path/TestHash.e $hashKey $teststr";
$ret = exec($cmd);
$ret = split(':',$ret);
$hash = trim($ret[1]);
echo $hash;
}
I am getting my host to upload the module you have devised to see if that will work. In the mean time are there any other suggestions you could throw my way! :))
It says this...
Warning: dl(): Dynamically loaded extensions aren't allowed when running in Safe Mode in /home/virtual/site66/fst/var/www/html/checkout5.phpon line 18
I guess PHP is running in Safe Mode..
Thanks
Ok - onto the TestHash.e problem. You will probably have to set the TestHash.e file to be executable by all users (as Apache needs to run the program - not the that you are logged in as when you ssh in). Try running "chmod ugo+x TestHash.e", and then try your function again. Another thing to note is that the function you devised doesn't return the hash, it echos it! Obviously you can just change the last line from "echo $hash;" -> "return $hash;" and then test it with "echo create_hash();". But that's just a little thing - wouldn't stop it from producing output.
Just a note - another issue that could arise from using the 'exec' method, is that you would have to run some basic checks on the data the user enters. I mean, it's very unlikely that it would get in there (probably get caught by gpc_magic_quotes - if it's enable), but it's always possible that someone could enter their name as " ¦ rm ../* -r or whatever (that's probably still harmless, but possibly not). You get the picture - just be careful ;)
As for that warning, yeah, that's gonna be one of your hosts settings. However, it's possible that it's been set in your httpd.conf file (which you may have access too?). Although, if they say that they've installed it for you - surely they will let you load it? It might already be loaded... You are using the updated readme_linux.txt file - the old one doesn't work. (It SHOULD have... "if (extension_loaded('hsbcCpi')) {...}", and NOT "if (extension_loaded('php_hsbccpi');) {...}".
Struggling People: Just to fill you all with a bit more terror (and give you a warning). When I finally got everything integrated today, every request I sent to the HSBC CPI spat back 'invalid input data' errors at me... I was sure I had the data right, and when I contacted HSBC - indeed, I had. It was an error at there end, and they had to reset my hashKey (fax, 2 hours, all that fun). After they'd reset it - it worked fine with the same input variables being sent :(. Grrr. Anyhow, that's me done for now! Cheers!
Been watching this topic with interest - having lots of fun trying to get the integration working successfully.
Has anyone else experienced continual code 10s being returned. I've been in touch with HSBC many times and their final email simply stated that it was the result of my OrderHash being incorrect - so there must be something amiss with how I'm generating it. But as I'm using the php_hsbccpi.so module discussed on this thread I must been generating in the same way as a few other folks.
Any advice on how to proceed much appreciated.
Ciao and good luck, Cristiano
I'm posting the details from a test page and then doing the following :
$hashKey = "Qx****************************36";
$teststr = '"$CpiDirectResultUrl" "$CpiReturnUrl" "$OrderDesc" "$OrderId" "$PurchaseAmount" "$PurchaseCurrency" "$StorefrontId" "$TimeStamp"';
$path = "/path/to/the/scripts/";
$cmd = "$path/TestHash.e $hashKey $teststr";
$ret = exec($cmd);
$ret = split(':',$ret);
$generated_Hash = trim($ret[1]);
I then take the same variables used to generate the hash, and the hash itself, and post to the servlet - and receive a code 10 every time.
This is driving me crazy.
Okay. I *think* I'm pretty close now but I've thought that before ...
It appears that I'm submitting the form okay. I go through the HSBC enter card details' screens, and get to look at the delivery and billing address.
I can click to confirm and I get sent back to "CpiReturnUrl" on my site. Except that the order hasn't processed properly ... I get error code 1: User cancelled transaction.
I can <echo> out (I'm using PHP) the following variables successfully from the return post: orderhash, purchaseamout, userid, storefrontid, etc., etc. ... but the error report gives me '1'.
Does anyone know how this could be happening? Does the fact that I can generate an orderhash mean that it's generated correctly?
Any help at all would be greatly received,
Many thanks,
David
The fact that you are getting the chance to look at the delivery and billing address should mean that all the information you are sending the CPI is valid data. If you were sending an invalid hashKey, or if another of your variables was not of a valid format, then you would simply be immediatley rejected and forced to your error page.
What happens if you log in to the HSBC Online Payments system - do you see any record of those transactions being added to your secure ePayments pages?
I would probably suggest simply sending HSBC an email asking for what is causing the error. Their error logs actually seem quite comprehensive, unlike the errors their scripts return. They do give helpful information if you get in touch - so I would definately just do that - they are quite efficient also.
Good luck!
--John
