Forum Moderators: coopster
I've not had experience with HSBC CPI before, and am trying to integrate a shopping cart with it.
The server is Linux/Apache, and I have coded the cart in PHP. I'm desperately hoping that someone can give me a few pointers on what to do here, especially regarding the POST statements.
testhash.e HASHKEY "Monkey"
Into the command line. However, I've just spent 20 minutes chasing a bug (yes - we just got our Hash Key - huzzah!)... I had entered a '0' instead of a 'O'. Note that, in the letter they send with the HashKey - if the 0 has no dot in the middle, it's a capital 'o'. If it has a dot in the middle, it's numeric. Something to check...
Did you Telnet in or SSH to your domain and run the TestHash.e file from the command line?
Im using Putty and SSH'd in. I went to the directory the TestHash file was in and typed the command you entered in above. It then said TestHash.e command not found.
Something im doing wrong?!
Luigi
I have been reading through these posts many times now, but I still cannot find a solution to the simple Order Hash generation problem.
Could someone be so kind to post the complete code to generate the Order Hash. Would you also please tell me where to put the libraries, either .e or .so?
We have a Linux Fedora 2 server, with Apache. Have copied (for now) the TestHash.e into the main www directory and ccLib.so into /lib. But if we execute the following code, nothing happens.
A complete example would be really appreciated.
Kind regards, Cristiano
$args = ('
"GBP" "1092082969" "https://www.mysite.com/confirm_process.php" "https://www. mysite.com/resultpost.cgi" "12345670000GBP" "Online purchase from mysite.com" "7150" "826" "Auth" "User00000001" "T" "1b300dad0c100197b109058627d47251"
');
$path='/var/www/html';
$cmd= $path.'/TestHash.e '.$args;
$ret=exec($cmd);
$ret=split(':',$ret);
Returns the hash
$hash=trim($ret[1]);
echo $hash;
Some people managed to integrate it? I just cannot figure out how.
Thanks, Cristiano
1./ Have you installed 'libCcCpiTools.so' into your '/lib' directory?
2./ After you have uploaded the file, you will need to 'chmod' it to make it executable. Just run 'chmod ug+x TestHash.e' from SSH when you're in the directory containing the file.
3./ You may have to access the command using './TestHash.e' instead of just 'TestHash.e'. You should then be able to run './TestHash.e HASHKEY "Monkey"' and it should produce a (useless) orderHash. (Obviously, putting your actual hashKey instead of HASHKEY).
.
Cristiano
I would suggest trying to get it to run as above before trying to integrate it with PHP. I would advise logging into your server with SSH, and getting it to run OK on the command line.
The .so file is the library, and should be installed into your lib directory (as you have done). The .e file is just the executable - so that can be anywhere you like - but you will need it somewhere 'handy' so you can call it from your scripts. '/var/www/bin' or anywhere will do.
Also - I think there is a problem with how you are sending the parameters to the file in your code. I don't see your hashKey being sent to the program...
$hashKey = "32DigitHashKey";
$cmd = "/var/www/bin/TestHash.e $hashKey $args";
.
The PHP Module...
...Seems to work fine! I've only compiled it on a windows machine at the moment though, and will try to compile it for Linux remotely on my production server so that you guys can use it. Naturally, full source will be supplied (and you would be advised to compile it for yourself)
thanks for the detailed reply :-) We are getting somewhere. I have done as you described, but if I run ./TestHash.e I now get this error message:
./TestHash.e: error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory
Now, what is this library. The other one (/lib/libCcCpiTools.so) is correctly installed and chmoded to ug+x
Any clue?
Thanks Cristiano
Fedora still uses 'rpm' and 'up2date' I presume? If so, then you might want to try running;
up2date compat-libstdc++
ldconfig
Be warned though - if your system still needs the standard C++ libraries installing, there could be a lot of packages that need installing as dependencies - so the process might take a while. It might also take up a lot of disk space (is it your server? / is your space limited?). Of course, it might not, but I have a feeling it will install a bunch of gcc/g++ stuff too.
After installing these libs, TestHash.e should be happy!
THANKS! That worked. I can now produce a Hash. Now I'll try to connect to HSBC. I suspect I'll be back with more questions :-)
Can I buy you a beer?
Cristiano
As for my own php_hsbccpi module - it's not compiling quite right under linux at the moment, so I'll have to have a play when I'm not at work. Still, hopefully soon!
Are you going to post the gereric code code? :)
Cheers, Cristiano
Thanks for your help and time in the matter.
I have got a bit further with running the TestHash.e file from the command line however it is saying 'Error generating hash!.
I have set both the permissions for TestHash.e and the libCcCpiTools.so to 755. Still no luck.
Your help appreciated...
./TestHash.e 1234567890abcdef=/+1234567890abc "Monkey"
If it were having problems with libraries or permissions - you could get a more 'linux-y' error (File not Found, Cannot Load Library etc). As I said before - be VERY careful when typing your HashKey from the printed version - you really have to check the O's carefully (no dot inside them, and they're a capital letter - a dot inside means they are numeric). Hope this helps!
Everyone: Could someone please confirm that the libCcCpiTools.so file you have is 65536 bytes big? I'm pretty sure that the file is actually damaged - and I have a feeling that the file that HSBC have been sending out is damaged :(. On that note - I don't suppose anyone has an email address to contact the techy-people with? (Don't really wanna phone about insanely technical stuff like this and get 'regular phone people' that won't understand about linux programming ;))
Yes the size of libCcCpiTools.so is 65,536 bytes and you can contact the tech. guys of HSBC at secure-epayments@hsbc.com
I have uploaded the windows version of my php module, php_hsbccpi. Unfortunately, I cannot compile it from within linux because it will not link with the (apparently broken) file 'libCcCpiTools.so' - which means the linux version is kind of useless until it can ;). When I get it working under linux as well, I will publish the full source code (there's not much) - but it's a real mess at the moment as I've been hacking it to make it work under both OS'es (and didn't realise that error was down to a broken lib until after much playing...) Still - you can now generate an orderHash with 1 line of PHP :)
[edited by: jatar_k at 4:55 pm (utc) on Aug. 17, 2004]
[edit reason] removed url [/edit]
So, 2 more updates for you guys. First of all, the linux version of the php module is now there for your downloading pleasure. At only a 5Kb download, why not give it a shot? It allows you to generate your orderHash with only 1 or 2 lines of PHP script - whoo! Comes with a detailed readme file on setting it up too! [angryrooster.co.uk ].
Also, I'm not entirely sure if I'm allowed to distribute this file (I can't see why not though), but I've uploaded the full (fixed) version of the libCcCpiTools.so file for those of you with the 64Kb version. I'm not going to publish a link on my site to it though, and I'll be removing it in a couple of weeks just incase it's not meant for prying eyes. You can find that one here: [angryrooster.co.uk ]. It's gzipped - so it's only 35Kb to download or so... Enjoy!
I tried yoru code (there is a minor parse error - missing semicolon on line 13), without loading your library at startup (through PHP). It might just be my Fedora system, but the second condition fails with the runtime download.
I modified your code slightly to take this possibility into account, by introducing a $loaded variable which is true if the library loads correctly at runtime.
This is how it looks.
<?php
/*
* This if-block is not required if you are loading the module from php.ini
*/
if (!extension_loaded("php_hsbccpi")){
$loaded = dl("php_hsbccpi.so");
}
if (extension_loaded("php_hsbccpi") &&!$loaded) {
echo "The module 'php_hsbccpi' could not be loaded - your order will not process through the HSBC CPI.";
} else {
$hashKey = "12345678901234567890123456789012"; /* Your 32-Digit Hash Key */
$variables = array( "Here", "Are", "Some", "Variables" );
$orderHash = _hsbccpi_generate_hash($variables, $hashKey);
}
if ( empty($orderHash) ) {
echo "Order Hash was not set! Please ensure that the hashKey supplied was correct!";
} else {
echo "Order Hash was generated: {$orderHash}";
}
?>
Thanks again, Cristiano
Would any one be willing to a fake or a dummy Hash Key (I mean one that has the correct format but doesnt belong to anyone) - hope that made sense.
Oh by the way my libCcCpiTools.so file is 81kb if that helps.
if (!extension_loaded("hsbcCpi")){
$loaded = dl("php_hsbccpi.so");
}if (extension_loaded("hsbcCpi")) {
die();
} else {
// Do Your Worst with the Hash!
}
If it's still not working - are you sure you have the 85Kb libCcCpiTools.so in '/usr/lib', and that php_hsbccpi.so is sitting in '/usr/lib/php4' (or your php extensions dir). If this doesn't work - what version of PHP are you using?
Luigi: Of course - just throw an email my way if you have any problems, and I'll help all I can! I'll usually respond pretty quick - if I'm at work. For some 'dummy' hash keys - I've just written a tiny php script to generate some, try these 'esfmrwwruiu6tk5lsfq6p/gu3sak2z/w', '1er3nfa6ks37xlq59orfj019kxpsb1t'. They should see you through until the end of testing.
Everyone: New versions of the modules are available for download. The Linux one just has an updated readme - I think the PHP should work this time (but can't test it on my windows box). However, I have made an Important Update to the Windows Module - in that, it now works on more than a tiny selection of machines (stupid bug - grr). Version 1.0.0 probably won't work - so if you've got it, overwrite it with this one. Also, the readme was updated (and tested) with working code. Enjoy!
Your an absolute star! :))
I can now generate an order hash correctly! I will continue to integrate the CPI further with your email address in mind if ever I fall into any more pitholes.
Thanks
LuiGi
Its seems I can generate a hash from the command line with the hashkey sample you gave me ok! The only thing I cant do now it get my PHP script to work with the TestHash.e file. Nothing is being returned from the function below. Here is it....
function create_hash(){
$hashKey = "esfmrwwruiu6tk5lsfq6p/gu3sak2z/w";
$teststr = '"Monkey"';
$path = "/home/virtual/site66/fst/var/www/html/c";
$cmd = "$path/TestHash.e $hashKey $teststr";
$ret = exec($cmd);
$ret = split(':',$ret);
$hash = trim($ret[1]);
echo $hash;
}
I am getting my host to upload the module you have devised to see if that will work. In the mean time are there any other suggestions you could throw my way! :))
It says this...
Warning: dl(): Dynamically loaded extensions aren't allowed when running in Safe Mode in /home/virtual/site66/fst/var/www/html/checkout5.phpon line 18
I guess PHP is running in Safe Mode..
Thanks
Ok - onto the TestHash.e problem. You will probably have to set the TestHash.e file to be executable by all users (as Apache needs to run the program - not the that you are logged in as when you ssh in). Try running "chmod ugo+x TestHash.e", and then try your function again. Another thing to note is that the function you devised doesn't return the hash, it echos it! Obviously you can just change the last line from "echo $hash;" -> "return $hash;" and then test it with "echo create_hash();". But that's just a little thing - wouldn't stop it from producing output.
Just a note - another issue that could arise from using the 'exec' method, is that you would have to run some basic checks on the data the user enters. I mean, it's very unlikely that it would get in there (probably get caught by gpc_magic_quotes - if it's enable), but it's always possible that someone could enter their name as " ¦ rm ../* -r or whatever (that's probably still harmless, but possibly not). You get the picture - just be careful ;)
As for that warning, yeah, that's gonna be one of your hosts settings. However, it's possible that it's been set in your httpd.conf file (which you may have access too?). Although, if they say that they've installed it for you - surely they will let you load it? It might already be loaded... You are using the updated readme_linux.txt file - the old one doesn't work. (It SHOULD have... "if (extension_loaded('hsbcCpi')) {...}", and NOT "if (extension_loaded('php_hsbccpi');) {...}".
Struggling People: Just to fill you all with a bit more terror (and give you a warning). When I finally got everything integrated today, every request I sent to the HSBC CPI spat back 'invalid input data' errors at me... I was sure I had the data right, and when I contacted HSBC - indeed, I had. It was an error at there end, and they had to reset my hashKey (fax, 2 hours, all that fun). After they'd reset it - it worked fine with the same input variables being sent :(. Grrr. Anyhow, that's me done for now! Cheers!
Been watching this topic with interest - having lots of fun trying to get the integration working successfully.
Has anyone else experienced continual code 10s being returned. I've been in touch with HSBC many times and their final email simply stated that it was the result of my OrderHash being incorrect - so there must be something amiss with how I'm generating it. But as I'm using the php_hsbccpi.so module discussed on this thread I must been generating in the same way as a few other folks.
Any advice on how to proceed much appreciated.
Ciao and good luck, Cristiano
I'm posting the details from a test page and then doing the following :
$hashKey = "Qx****************************36";
$teststr = '"$CpiDirectResultUrl" "$CpiReturnUrl" "$OrderDesc" "$OrderId" "$PurchaseAmount" "$PurchaseCurrency" "$StorefrontId" "$TimeStamp"';
$path = "/path/to/the/scripts/";
$cmd = "$path/TestHash.e $hashKey $teststr";
$ret = exec($cmd);
$ret = split(':',$ret);
$generated_Hash = trim($ret[1]);
I then take the same variables used to generate the hash, and the hash itself, and post to the servlet - and receive a code 10 every time.
This is driving me crazy.
Okay. I *think* I'm pretty close now but I've thought that before ...
It appears that I'm submitting the form okay. I go through the HSBC enter card details' screens, and get to look at the delivery and billing address.
I can click to confirm and I get sent back to "CpiReturnUrl" on my site. Except that the order hasn't processed properly ... I get error code 1: User cancelled transaction.
I can <echo> out (I'm using PHP) the following variables successfully from the return post: orderhash, purchaseamout, userid, storefrontid, etc., etc. ... but the error report gives me '1'.
Does anyone know how this could be happening? Does the fact that I can generate an orderhash mean that it's generated correctly?
Any help at all would be greatly received,
Many thanks,
David
The fact that you are getting the chance to look at the delivery and billing address should mean that all the information you are sending the CPI is valid data. If you were sending an invalid hashKey, or if another of your variables was not of a valid format, then you would simply be immediatley rejected and forced to your error page.
What happens if you log in to the HSBC Online Payments system - do you see any record of those transactions being added to your secure ePayments pages?
I would probably suggest simply sending HSBC an email asking for what is causing the error. Their error logs actually seem quite comprehensive, unlike the errors their scripts return. They do give helpful information if you get in touch - so I would definately just do that - they are quite efficient also.
Good luck!
--John
