In order to accept Credit Card payments, they provided us with a set of files including an executable with a .e extension that is supposed to run on a Linux plateform...but no joy, no real help from their help line either....

Have you set the file permissions so it is executable?

There seems to be a bug in one of the files, I get this error when running from the command line:

./CcOrderHash.e
Content-type: text/html

<HTML>
<HEAD>
<TITLE>Sample CPI OrderHash Generator</TITLE>
<SCRIPT>
function singleSubmit(trgForm)
{
trgForm.submitButton.disabled = true;
}
</SCRIPT>
</HEAD>
<BODY>
<BODY>
<CENTER>
<H1>Sample CPI Merchant OrderHash</H1>
<p>
Segmentation fault (core dumped)

All the other files are working fine so I presume that the file is corrupt. I have tried reuploading the file but with no joy. The rest is working fine as the testhash executes and gives me a result so the ss.txt is being seen via the libCcCpiTools.so file.

I don't know what to do next as the HSBC help line fails to return my emails or phone calls...

We are using HSBC ePayments on a Linux server. The setup for HSBC is a bit complicated and is not helped by the fact that their documentation is full of mistakes.

First you need to install the file libCcCpiTools.so in the correct place. HSBC will tell you to put it into the shared library folder. This may or may not be true depending on how your web server is set up. If it is running ensim then each web site will have its own set of folders so it is the library folder for your web site (/lib) and not the one for the entire server. This may also be true of other systems.

You need to set libCcCpiTools.so to executable and install TestHash.e in the same folder as the script you are using to create the order hash (we put our in /cgi-bin/because a Perl script is used to create the hash.

The command to generate the hash should have each parameter enclosed in eaither single or double quotes. The order of the parameters does not matter but they must all be included.

Your store ID is the ID number they give you prefixed by UK (I assume you are in the UK) and suffixed by the currency example UK1234567890GBP. If your account is multi currency remeber that the store ID will change according to the currency.

If you have problems with error messages from HSBC ePayments when you test make sure the timestamp is correct to GMT. Also make sure the key they give you is correct. We spent ages messing around only to find that they had supplied an invalid key (they did this twice).

The good thing is that once up and running it works very well. If you have any specific problems you can leave a private message.

we manage to have the sample page work (credit to our ISP who spent time reading the documentation, searching the internet and re-installing...)

Now I am updating my form before I can even think to submit it (limit email address to 64 char, separate town from zip code, etc.

no doubt I will bump into problems when I start to submit it to the bank tools / bank....

But I take your rain check!

Fred

Here are a few points that HSBC do not tell you.

1. Before HSBC set your system live you must send "T" as the Mode. This changes to "P" after you system is live.

2. If you are sending the customer name and address etc. these must be included as parameters when you generate the hash (don't foget that the country is a 3 digit code)

3. If you are using your own script to create the input form (where customer enters name etc) and just want the HSBC program to generate a hash use TestHash.e and not CcOrderHash.e

4. If you are using TestHash.e the parameters are sent enclosed in either single or double quotes (try both because this can be system dependant) and separted by a space. Example: TestHash.e 'parameter' 'parameter'

Why can't I use CcOrderHash and transmit the same form elements than the sample.html form is sending?

Why can't I use CcOrderHash and transmit the same form elements than the sample.html form is sending?

If the web server will run CcOrderHash.e and CcOrderHash.e returns something to the web server it should work. I could not get this file to work so wrote my own script to process the order form. The script calls TestHash.e to create the hash then inserts it into a hidden form which is submitted to HSBC.

Using your own script to handle the order form processing also gives you more control over page layout etc.

Now I am using the TestHash file as you suggested (The CcOrderHash was working but was displaying the form with a "Submit" button to be clicked. This could not stay for an operational environment)

Now I have another issue: I get a "Invalid data" if I submit data with an "&" inside..... (like a &quot; for example)

Any idea??

Our system works by first having the customer submit the order which is recorded in the database. Then the form and hash are created for transferring the customer to HSBC. This way we can control what is sent to HSBC. Their system does not return all fields so you can't rely on it to capture specific ordr data.

I did a little experimenting using TestHash.e and found that I could only use &quot; or other HTML encoding if the paramters are enclosed in double quotes.

Example:

This works
TestHash.e "parameter" "parameter" "A &quot;parameter&quot;"

This returns an error
TestHash.e 'parameter' 'parameter' 'A &quot;parameter&quot;'

Thank you for your time, I do exactly the same work flow:
the customer posts from the checkout into a blank page that records into the database then submits to the bank.

My testhash command line is built like this:
$allparam .= " \"".$BankShippingCity."\"";

and this does not take the &quot; within the variable...any way I fixed it by sending different data to the bank (I just allow the characters:

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890-_;*().,[]@:

) than the data I store in the db (which is what comes from the post after I clean the possible slashes and other tricks a hacker would try in a text box.....

Thank you again, I will send you a 10% discount code for your first order on the site once it works!