HSBC Secure ePayments API

a.harris · #1 09-01-2005, 09:21 AM

If you are willing to do a little work, you'll be pleasently surprised that you can use the fully integrated ClearCommerce module as a base to link into the HSBC Secure ePayments API.

This means that clients do not get redirected to the HSBC website as part of the order process.

It works out the box for Visa and Mastercard, and requires a little bit of modification for Switch/Solo.

For config options:

Code:

Name = Username (normally your surname)
Password = Password
Client ID = 4 digit store ID (login to secure epayments and look at the top header)
Test Server = www.secure-epayments.apixml.hsbc.com
Live Server = www.secure-epayments.apixml.hsbc.com
Order Prefix = Blank

You also need to change one line (#45) in payment/cc_fuse.php:

From:

Code:

$port = ($module_params["testmode"]=="N" ? 443 : 11500);

To:

Code:

$port = ($module_params["testmode"]=="N" ? 443 : 443);

That's it! Enjoy the wonderful word of HSBC API.

If you would like to add Switch/Solo support; make the following changes to payment/cc_fuse.php:

Line 53: Add the following:

Code:

if ($userinfo["card_type"] == "VISA") {
	$card_type = "1";
} elseif ($userinfo["card_type"] == "MC") {
	$card_type = "2";
} elseif ($userinfo["card_type"] == "SW") {
	$card_type = "10";
} elseif ($userinfo["card_type"] == "SO") {
	$card_type = "9";
} elseif  ($userinfo["card_type"] == "UKE") {
	$card_type = "11";
}

Line 67 (on original document - next line after "$post[] = "<Expires...":

Code:

$post[] = "<IssueNum>".$userinfo["card_issue_no"]."</IssueNum>";
$post[] = "<StartDate DataType=\"StartDate\" Locale=\"840\">".substr($userinfo["card_valid_from"],0,2)."/".substr($userinfo["card_valid_from"],2,2)."</StartDate>";
$post[] = "<Type>".$card_type."</Type>";

You will need to enable:

Code:

Enable 'Issue Number' and 'Valid from' fields in the CC info form

In General Settings.

cotc2001 · #2 09-01-2005, 10:18 AM

Adam if that works then your are a true gent. is this got the latest 4.0.14???

If poss could you post the entire script (including switch/solo bits as im sure most people use them) here and just xxxx out your security sensitive bits.

I personally would appreciate and as im sure others would

a.harris · #3 09-01-2005, 10:29 AM

I have simply modded a module that already existed. When I have a free moment, I will make it into its own module so it is easily distributed.

We are using 4.0.14.

If you need any help making the changes I outlined, please do not hesitate to contact me off forum.

Dongan · #4 09-01-2005, 08:11 PM

surely, it is a great addition. cheers....

a.harris · #5 09-02-2005, 01:45 AM

Found one small bug for Switch/Solo.

The final code changes should read:

Code:

if (($card_type == 9)||($card_type == 10)){
	$post[] = "<IssueNum>".$userinfo["card_issue_no"]."</IssueNum>";
	$post[] = "<StartDate DataType=\"StartDate\" Locale=\"840\">".substr($userinfo["card_valid_from"],0,2)."/".substr($userinfo["card_valid_from"],2,2)."</StartDate>";
}

cotc2001 · #6 09-08-2005, 01:23 AM

can someone please, please please just post the full script with the changes

I've made the changes as above but it just hangs at the "Your order is being placed. Please wait..." section

a.harris · #7 09-08-2005, 07:11 AM

You need to make sure the $port line is set to 443 : 443; else it will hang until it timeouts.

Also make sure that the module is set to HTTPS in the Payment Modules area of the admin control panel.

Adam

cotc2001 · #8 09-08-2005, 08:23 AM

Yeah done all that still just hangs,
This is my code - I will happily pay if someone can sort this out

Code:

<?php
/*****************************************************************************\
+-----------------------------------------------------------------------------+
| X-Cart                                                                      |
| Copyright (c) 2001-2005 Ruslan R. Fazliev <rrf@rrf.ru>                      |
| All rights reserved.                                                        |
+-----------------------------------------------------------------------------+
| PLEASE READ  THE FULL TEXT OF SOFTWARE LICENSE AGREEMENT IN THE "COPYRIGHT" |
| FILE PROVIDED WITH THIS DISTRIBUTION. THE AGREEMENT TEXT IS ALSO AVAILABLE  |
| AT THE FOLLOWING URL: http://www.x-cart.com/license.php                     |
|                                                                             |
| THIS  AGREEMENT  EXPRESSES  THE  TERMS  AND CONDITIONS ON WHICH YOU MAY USE |
| THIS SOFTWARE   PROGRAM   AND  ASSOCIATED  DOCUMENTATION   THAT  RUSLAN  R. |
| FAZLIEV (hereinafter  referred to as "THE AUTHOR") IS FURNISHING  OR MAKING |
| AVAILABLE TO YOU WITH  THIS  AGREEMENT  (COLLECTIVELY,  THE  "SOFTWARE").   |
| PLEASE   REVIEW   THE  TERMS  AND   CONDITIONS  OF  THIS  LICENSE AGREEMENT |
| CAREFULLY   BEFORE   INSTALLING   OR  USING  THE  SOFTWARE.  BY INSTALLING, |
| COPYING   OR   OTHERWISE   USING   THE   SOFTWARE,  YOU  AND  YOUR  COMPANY |
| (COLLECTIVELY,  "YOU")  ARE  ACCEPTING  AND AGREEING  TO  THE TERMS OF THIS |
| LICENSE   AGREEMENT.   IF  YOU    ARE  NOT  WILLING   TO  BE  BOUND BY THIS |
| AGREEMENT, DO  NOT INSTALL OR USE THE SOFTWARE.  VARIOUS   COPYRIGHTS   AND |
| OTHER   INTELLECTUAL   PROPERTY   RIGHTS    PROTECT   THE   SOFTWARE.  THIS |
| AGREEMENT IS A LICENSE AGREEMENT THAT GIVES  YOU  LIMITED  RIGHTS   TO  USE |
| THE  SOFTWARE   AND  NOT  AN  AGREEMENT  FOR SALE OR FOR  TRANSFER OF TITLE.|
| THE AUTHOR RETAINS ALL RIGHTS NOT EXPRESSLY GRANTED BY THIS AGREEMENT.      |
|                                                                             |
| The Initial Developer of the Original Code is Ruslan R. Fazliev             |
| Portions created by Ruslan R. Fazliev are Copyright (C) 2001-2005           |
| Ruslan R. Fazliev. All Rights Reserved.                                     |
+-----------------------------------------------------------------------------+
\*****************************************************************************/

#
# $Id: cc_fuse.php,v 1.13.2.2 2005/01/12 07:43:07 svowl Exp $
#

if (!defined('XCART_START')) { header("Location: ../"); die("Access denied"); }

@set_time_limit(100);

$pp_login = $module_params["param01"];
$pp_pass = $module_params["param02"];
$pp_client = $module_params["param03"];
$domen = ($module_params["testmode"]=="N" ? $module_params["param06"] : $module_params["param07"]);
$port = ($module_params["testmode"]=="N" ? 443 : 443); 
$curr = $module_params["param08"];

switch($module_params["testmode"]) {
	case "N": $pp_mode="P"; break;
	case "A": $pp_mode="Y"; break;
	default: $pp_mode="N"; break;
}
if ($userinfo["card_type"] == "VISA") {
   $card_type = "1";
} elseif ($userinfo["card_type"] == "MC") {
   $card_type = "2";
} elseif ($userinfo["card_type"] == "SW") {
   $card_type = "10";
} elseif ($userinfo["card_type"] == "SO") {
   $card_type = "9";
} elseif  ($userinfo["card_type"] == "UKE") {
   $card_type = "11";
} 
$post = "";
$post[] = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";
$post[] = "<EngineDocList><DocVersion>1.0</DocVersion><EngineDoc><ContentType>OrderFormDoc</ContentType>";
$post[] = "<User><Name>$pp_login</Name><Password>$pp_pass</Password><ClientId DataType=\"S32\">$pp_client</ClientId></User>";
$post[] = "<Instructions><Pipeline>Payment</Pipeline></Instructions><OrderFormDoc><Mode>$pp_mode</Mode>";
#$post[] = "<Instructions><Pipeline>PaymentNoFraud</Pipeline></Instructions><OrderFormDoc><Mode>Y</Mode>";
$post[] = "<Consumer>";
$post[] = "<Email>".$userinfo["email"]."</Email>";
$post[] = "<BillTo><Location><TelVoice>".$userinfo["phone"]."</TelVoice>";
$post[] = "<Address><Name>".$userinfo["b_firstname"]." ".$userinfo["b_lastname"]."</Name>";
$post[] = "<City>".$userinfo["b_city"]."</City><Street1>".$userinfo["b_address"]."</Street1>";
$post[] = "<StateProv>".$userinfo["b_state"]."</StateProv><PostalCode>".$userinfo["b_zipcode"]."</PostalCode></Address></Location></BillTo>";
$post[] = "<PaymentMech><CreditCard><Number>".$userinfo["card_number"]."</Number>";
$post[] = "<Expires DataType=\"ExpirationDate\" Locale=\"840\">".substr($userinfo["card_expire"],0,2)."/".substr($userinfo["card_expire"],2,2)."</Expires>";
$post[] = "<IssueNum>".$userinfo["card_issue_no"]."</IssueNum>";
$post[] = "<StartDate DataType=\"StartDate\" Locale=\"840\">".substr($userinfo["card_valid_from"],0,2)."/".substr($userinfo["card_valid_from"],2,2)."</StartDate>";
$post[] = "<Type>".$card_type."</Type>"; 
$post[] = "<Cvv2Val>".$userinfo["card_cvv2"]."</Cvv2Val>";
$post[] = "<Cvv2Indicator>".(!empty($userinfo["card_cvv2"])?1:2)."</Cvv2Indicator>";
$post[] = "</CreditCard></PaymentMech></Consumer>";
$post[] = "<Transaction><Type>Auth</Type><ChargeDesc1></ChargeDesc1>";
$post[] = "<CurrentTotals><Totals><Total DataType=\"Money\" Currency=\"".$curr."\">".(100*$cart["total_cost"])."</Total></Totals></CurrentTotals>";
$post[] = "</Transaction></OrderFormDoc></EngineDoc></EngineDocList>";


$pst = array("CLRCMRC_XML=".join("",$post));
list($a,$return)=func_https_request("POST","https://".$domen.":$port/",$pst);

$return=preg_replace("/\n/","",$return);

if (preg_match("/<CcReturnMsg(.*)>(.*)<\/CcReturnMsg>/",$return,$out))
	$bill_output["billmes"] = $out[2];

if (preg_match("/<CcErrCode(.*)>(.*)<\/CcErrCode>/",$return,$out)) {
	$bill_output["code"] = ($out[2] == "1") ? 1 : 2;
	$bill_output["billmes"] .= " (CcErrCode: ".$out[2].")";
}
else
	$bill_output["code"] = 0;

if ($bill_output["code"] == 1) {
	preg_match("/<AuthCode(.*)>(.*)<\/AuthCode>/",$return,$out);
	$bill_output["billmes"] .= " (AuthCode: ".$out[2].")";

	preg_match("/<CardholderPresentCode(.*)>(.*)<\/CardholderPresentCode>/",$return,$out);
	$bill_output["billmes"] .= " (CardholderPresentCode: ".$out[2].")";

	preg_match("/<InputEnvironment(.*)>(.*)<\/InputEnvironment>/",$return,$out);
	$bill_output["billmes"] .= " (InputEnvironment: ".$out[2].")";

	preg_match("/<TerminalInputCapability(.*)>(.*)<\/TerminalInputCapability>/",$return,$out);
	$bill_output["billmes"] .= " (TerminalInputCapability: ".$out[2].")";

	preg_match("/<SecurityIndicator(.*)>(.*)<\/SecurityIndicator>/",$return,$out);
	$bill_output["cvvmes"] = "SecurityIndicator: ".$out[2];
}
elseif ($bill_output["code"] == 2) {
	preg_match("/<Text(.*)>(.*)<\/Text>/",$return,$out);
	$bill_output["billmes"] .= $out[2];

	preg_match("/<ResourceId(.*)>(.*)<\/ResourceId>/",$return,$out);
	$bill_output["billmes"] .= " (ResourceID: ".$out[2].")";

	preg_match("/<Sev(.*)>(.*)<\/Sev>/",$return,$out);
	$bill_output["billmes"] .= " (Sev: ".$out[2].")";
}
else
{
	$bill_output["code"] = 0;
}

if(preg_match("/<DocumentId(.*)>(.*)<\/DocumentId>/",$return,$out))
	$bill_output["billmes"].= " (DocumentId: ".$out[2].")";

if(preg_match("/<FraudResultCode(.*)>(.*)<\/FraudResultCode>/",$return,$out))
	$bill_output["avsmes"] = "FraudResultCode: ".$out[2];


?>

cotc2001 · #9 09-08-2005, 08:35 AM

a.harris бё100 to you if you can get this to work for me by tomorrow 8am (and im a man of my word)

ShishaPipeUK · #10 03-18-2006, 11:37 AM

Has this been completed, as i am just getting this from HSBC and would like to use my own pages and dont want the customer to be diverted.
I am using 4.0.18 at the moment and my full code which is at shopcart/payment/cc_fuse.php is below.

Code:

<?php

#
# $Id: cc_fuse.php,v 1.13.2.2 2005/01/12 07:43:07 svowl Exp $
#

if (!defined('XCART_START')) { header("Location: ../"); die("Access denied"); }

@set_time_limit(100);

$pp_login = $module_params["param01"];
$pp_pass = $module_params["param02"];
$pp_client = $module_params["param03"];
$domen = ($module_params["testmode"]=="N" ? $module_params["param06"] : $module_params["param07"]);
# $port = ($module_params["testmode"]=="N" ? 443 : 11500);
$port = ($module_params["testmode"]=="N" ? 443 : 443);
$curr = $module_params["param08"];

switch($module_params["testmode"]) {
	case "N": $pp_mode="P"; break;
	case "A": $pp_mode="Y"; break;
	default: $pp_mode="N"; break;
}

# Mod 1 - Added this line as per x-cart http://forum.x-cart.com/viewtopic.php?t=22246
if ($userinfo["card_type"] == "VISA") { 
   $card_type = "1"; 
} elseif ($userinfo["card_type"] == "MC") { 
   $card_type = "2"; 
} elseif ($userinfo["card_type"] == "SW") { 
   $card_type = "10"; 
} elseif ($userinfo["card_type"] == "SO") { 
   $card_type = "9"; 
} elseif  ($userinfo["card_type"] == "UKE") { 
   $card_type = "11"; 
} 
# Mod 1 - Finish Mode 1

$post = "";
$post[] = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";
$post[] = "<EngineDocList><DocVersion>1.0</DocVersion><EngineDoc><ContentType>OrderFormDoc</ContentType>";
$post[] = "<User><Name>$pp_login</Name><Password>$pp_pass</Password><ClientId DataType=\"S32\">$pp_client</ClientId></User>";
$post[] = "<Instructions><Pipeline>Payment</Pipeline></Instructions><OrderFormDoc><Mode>$pp_mode</Mode>";
#$post[] = "<Instructions><Pipeline>PaymentNoFraud</Pipeline></Instructions><OrderFormDoc><Mode>Y</Mode>";
$post[] = "<Consumer>";
$post[] = "<Email>".$userinfo["email"]."</Email>";
$post[] = "<BillTo><Location><TelVoice>".$userinfo["phone"]."</TelVoice>";
$post[] = "<Address><Name>".$userinfo["b_firstname"]." ".$userinfo["b_lastname"]."</Name>";
$post[] = "<City>".$userinfo["b_city"]."</City><Street1>".$userinfo["b_address"]."</Street1>";
$post[] = "<StateProv>".$userinfo["b_state"]."</StateProv><PostalCode>".$userinfo["b_zipcode"]."</PostalCode></Address></Location></BillTo>";
$post[] = "<PaymentMech><CreditCard><Number>".$userinfo["card_number"]."</Number>";
$post[] = "<Expires DataType=\"ExpirationDate\" Locale=\"840\">".substr($userinfo["card_expire"],0,2)."/".substr($userinfo["card_expire"],2,2)."</Expires>";

# Mod 2 - Added another from xcart mod
if (($card_type == 9)||($card_type == 10)){ 
   $post[] = "<IssueNum>".$userinfo["card_issue_no"]."</IssueNum>"; 
   $post[] = "<StartDate DataType=\"StartDate\" Locale=\"840\">".substr($userinfo["card_valid_from"],0,2)."/".substr($userinfo["card_valid_from"],2,2)."</StartDate>"; 
} 
# Mod2 - Finished adding mod 2

$post[] = "<Cvv2Val>".$userinfo["card_cvv2"]."</Cvv2Val>";
$post[] = "<Cvv2Indicator>".(!empty($userinfo["card_cvv2"])?1:2)."</Cvv2Indicator>";
$post[] = "</CreditCard></PaymentMech></Consumer>";
$post[] = "<Transaction><Type>Auth</Type><ChargeDesc1></ChargeDesc1>";
$post[] = "<CurrentTotals><Totals><Total DataType=\"Money\" Currency=\"".$curr."\">".(100*$cart["total_cost"])."</Total></Totals></CurrentTotals>";
$post[] = "</Transaction></OrderFormDoc></EngineDoc></EngineDocList>";


$pst = array("CLRCMRC_XML=".join("",$post));
list($a,$return)=func_https_request("POST","https://".$domen.":$port/",$pst);

$return=preg_replace("/\n/","",$return);

if (preg_match("/<CcReturnMsg(.*)>(.*)<\/CcReturnMsg>/",$return,$out))
	$bill_output["billmes"] = $out[2];

if (preg_match("/<CcErrCode(.*)>(.*)<\/CcErrCode>/",$return,$out)) {
	$bill_output["code"] = ($out[2] == "1") ? 1 : 2;
	$bill_output["billmes"] .= " (CcErrCode: ".$out[2].")";
}
else
	$bill_output["code"] = 0;

if ($bill_output["code"] == 1) {
	preg_match("/<AuthCode(.*)>(.*)<\/AuthCode>/",$return,$out);
	$bill_output["billmes"] .= " (AuthCode: ".$out[2].")";

	preg_match("/<CardholderPresentCode(.*)>(.*)<\/CardholderPresentCode>/",$return,$out);
	$bill_output["billmes"] .= " (CardholderPresentCode: ".$out[2].")";

	preg_match("/<InputEnvironment(.*)>(.*)<\/InputEnvironment>/",$return,$out);
	$bill_output["billmes"] .= " (InputEnvironment: ".$out[2].")";

	preg_match("/<TerminalInputCapability(.*)>(.*)<\/TerminalInputCapability>/",$return,$out);
	$bill_output["billmes"] .= " (TerminalInputCapability: ".$out[2].")";

	preg_match("/<SecurityIndicator(.*)>(.*)<\/SecurityIndicator>/",$return,$out);
	$bill_output["cvvmes"] = "SecurityIndicator: ".$out[2];
}
elseif ($bill_output["code"] == 2) {
	preg_match("/<Text(.*)>(.*)<\/Text>/",$return,$out);
	$bill_output["billmes"] .= $out[2];

	preg_match("/<ResourceId(.*)>(.*)<\/ResourceId>/",$return,$out);
	$bill_output["billmes"] .= " (ResourceID: ".$out[2].")";

	preg_match("/<Sev(.*)>(.*)<\/Sev>/",$return,$out);
	$bill_output["billmes"] .= " (Sev: ".$out[2].")";
}
else
{
	$bill_output["code"] = 0;
}

if(preg_match("/<DocumentId(.*)>(.*)<\/DocumentId>/",$return,$out))
	$bill_output["billmes"].= " (DocumentId: ".$out[2].")";

if(preg_match("/<FraudResultCode(.*)>(.*)<\/FraudResultCode>/",$return,$out))
	$bill_output["avsmes"] = "FraudResultCode: ".$out[2];

?>