First make sure the callback address written when paying is correct!!!!!!
Be sure to make sure the callback address written refers to you. Put the one that writes the callback verification inside. Don’t go back and find the error later. It’s too difficult.
Find the signature verification class encapsulated by Alipay, rsaCheckV1 (this is also In the app2.0 interface)
This is the class that Alipay has encapsulated: (Recommended learning:PHP video tutorial)
/** rsaCheckV1 & rsaCheckV2
* 验证签名
* 在使用本方法前,必须初始化AopClient且传入公钥参数。
* 公钥是否是读取字符串还是读取文件,是根据初始化传入的值判断的。
**/
public function rsaCheckV1($params, $rsaPublicKeyFilePath,$signType='RSA') {
$sign = $params['sign'];
$params['sign_type'] = null;
$params['sign'] = null;
$this->alipayrsaPublicKey = $rsaPublicKeyFilePath;
return $this->verify($this->getSignContent($params), $sign, $rsaPublicKeyFilePath,$signType);
}
public function rsaCheckV2($params, $rsaPublicKeyFilePath, $signType='RSA') {
$sign = $params['sign'];
$params['sign'] = null;
return $this->verify($this->getSignContent($params), $sign, $rsaPublicKeyFilePath, $signType);
}
function verify($data, $sign, $rsaPublicKeyFilePath, $signType = 'RSA') {
if($this->checkEmpty($this->alipayPublicKey)){
$pubKey= $this->alipayrsaPublicKey;
$res = "-----BEGIN PUBLIC KEY-----\n" .
wordwrap($pubKey, 64, "\n", true) .
"\n-----END PUBLIC KEY-----";
}else {
//读取公钥文件
$pubKey = file_get_contents($rsaPublicKeyFilePath);
//转换为openssl格式密钥
$res = openssl_get_publickey($pubKey);
}
($res) or die('支付宝RSA公钥错误。请检查公钥文件格式是否正确');
//调用openssl内置方法验签,返回bool值
if ("RSA2" == $signType) {
$result = (bool)openssl_verify($data, base64_decode($sign), $res, OPENSSL_ALGO_SHA256);
} else {
$result = (bool)openssl_verify($data, base64_decode($sign), $res);
}
if(!$this->checkEmpty($this->alipayPublicKey)) {
//释放资源
openssl_free_key($res);
}
return $result;
}L
SQLite
SQLite3
SQLSRV
Sybase
tokyo_tyrant
Also, don’t use these two The two methods are confused. The former needs to pass signtype, but the latter does not (the first two methods will call the third method). Another important point is that this method itself extracts the public key from the file, but I It is passed directly, so I modified this method slightly so that it can directly read the public key I passed. This signature verification method returns (bool) true or (bool) false to determine whether the signature verification is successful.
Three points should be noted here:
1—注意公钥的正确性,还有用的是支付宝公钥不是你当初生成的公钥
2—区别这里的方法和支付宝接口本身方法的公钥获取方式
3—注意接口方法本身的注释,很重要
Alipay’s callback parameters are returned in the form of post, but when testing, we can write the callback url directly in in the address bar, and then use the get method to accept it, so there is no need to spell the parameters, the result is the same (the callback URL can be recorded in the log file), and when verifying the signature, all return parameters need to be intact You can automatically verify the signature, and here you can just accept whatever parameters you need. I won’t go into details here, it’s just a matter of accepting parameters normally. The following is the code I use to check the order amount and merchant number when verifying parameters, for reference only (I use tp5):
public function check($receipt_amount,$buyer_pay_amount,$order_price,$app_id,$seller_email){
if($receipt_amount !== $order_price || $buyer_pay_amount !== $order_price){
// echo 1;
return $this->log('订单支付金额有误!');
}
//支付宝支付的所有参数
$alipay_config = Config::get('alipay_config');
if($app_id !== $alipay_config['appid']){
// echo 2;
return $this->log('商家编号有误!');
}
//验证收款商家是否正确
if($seller_email !== $alipay_config['seller_id']){
// echo 3;
return $this->log('收款商家有误!');
}
return 'success';
}
Check order
here The main thing is to check the inventory. It is best to use transaction processing here (although your order volume may not necessarily return to this point). My code is given below for reference only (tp5):
public function index($order_sn='')
{
if(isset($_POST['order_sn']) && empty($order_sn)){
$order_sn = $_POST['order_sn'];
}
$table = self::order_info($order_sn);
if($table == 'failure'){return 'false';}
$oid = $table['order_id'];
//通过订单id $oid 查询出订单中物品的id
$goodsTable = Db::name('goods');
$allgoods = Db::name("test1")->where('o_id', $oid)->field('g_id,g_num')->select();
foreach ($allgoods as $k => $v) {
//事务处理
$goodsTable->startTrans();//事物开始
try {
//判断库存数量
$goodsTable->query('update test2 set g_num = g_num-' . $v['g_num'] . ' where g_num >= ' . $v['g_num'] . ' and gid =' . $v['g_id']);
} catch (\Exception $e) {
$goodsTable->rollBack();//事物回滚
}
$goodsTable->commit();// 事物提交
}
//修改订单
$res = Db::name('test3')->where('order_sn',$order_sn)->update(['order_state' => '1','pay_time'=>time()]);
if($res != 0){
return 'success';
}
}
Next Just return the result to Alipay. Failure: return 'failure'; success: return 'success'; It ends here.
The above is the detailed content of How to write Alipay callback in php. For more information, please follow other related articles on the PHP Chinese website!