微信支付回调验证签名:一定要验证签名,可能不造成伪造数据,或者数据库造到灌水;
<?php /** * 微信支付回调类 * @name CallbackAction.class.php * @author yangzl * @date(20180820) */ class CallbackAction extends Action{ /** * @param 获取微信支付回调接口 * @return [type] [descripti * @date(20180820) * @author yangzl */ public function getPayMentCallBack(){ $curl_request = $_SERVER['REQUEST_METHOD']; //获取请求方式 if($curl_request == 'POST'){ $xmldata=file_get_contents("php://input"); libxml_disable_entity_loader(true); //把微信支付回调结果写入日志 $this->writeLogs(RUNTIME_PATH.'Logs/','getPayMentCallBack',"\r\n-------------------".date('Y-m-d H:i:s')."微信支付回调结果---------\r\n---响应数据:".json_encode(simplexml_load_string($xmldata, 'SimpleXMLElement', LIBXML_NOCDATA))."\r\n------------\r\n"); //处理微信支付返回的xml数据 $data = json_encode(simplexml_load_string($xmldata, 'SimpleXMLElement', LIBXML_NOCDATA)); $sign_return = json_decode($data,true)['sign']; $sign = $this->appgetSign(json_decode($data,true)); //给微信返回接收成功通知,生成xml数据 $this->returnXml(); if($sign == $sign_return){ //把数据提交给订单处理方法 $this->proOrders($data); } } } /* * 格式化参数格式化成url参数 生成签名sign */ public function appgetSign($data){ require_once WEB_LIB."WxPay.Config.php"; $config = new WxPayConfig(); $appwxpay_key = $config->GetKey(); //签名步骤一:按字典序排序参数 ksort($data); $String = $this->callbackToUrlParams($data); //签名步骤二:在string后加入KEY if($appwxpay_key){ $String = $String."&key=".$appwxpay_key; } //签名步骤三:MD5加密 $String = md5($String); //签名步骤四:所有字符转为大写 $result_ = strtoupper($String); return $result_; } /** * 格式化参数格式化成url参数 */ public function callbackToUrlParams($Parameters){ $buff = ""; foreach ($Parameters as $k => $v){ if($k != "sign" && $v != "" && !is_array($v)){ $buff .= $k . "=" . $v . "&"; } } $buff = trim($buff, "&"); return $buff; } /** * @param 拼装xml数据返回 * @author yangzl <[<email address>]> */ public function returnXml(){ header("Content-type:text/xml;"); $xml = "<?xml version='1.0' encoding='UTF-8'?>\n"; $xml .= "<xml>\n"; $xml .= "<return_code>SUCCESS</return_code>\n"; $xml .= "<return_msg>OK</return_msg>\n"; $xml .= "</xml>\n"; echo $xml; } /** * @param 支付回调程序处理 * @author yangzl * @date(20180820) */ public function proOrders($data){ if (!$data) { $date = date("Y-m-d H:i:s",time()); log::write( "proOrders方法错误".$date); } //处理则返回数据入库 分表 $orders_info = json_decode($data,true); $orders_model = new OrdersModel(); $branch_id = json_decode($orders_info['attach'],true)['branch_id']; //查询排重 $result_pay_data = $orders_model->get_pay_data($branch_id,$orders_info['transaction_id']); if(!$result_pay_data){ //不存在 //存数据 $table_id = json_decode($orders_info['attach'],true)['table_id']; //根据tableid查询桌台信息 $tables_model = new TablesModel(); $table_info = $tables_model->get_table_by_id( $table_id, $branch_id); if($table_info['is_delete'] == '0'){ $title = $table_info['title']; } //回调支付信息 $pay_info = array( 'branch_id' => $branch_id, 'transaction_id' => $orders_info['transaction_id'], 'cash_fee' => sprintf("%.2f",$orders_info['cash_fee']/100), 'pay_type' => 1, 'mch_id' =>$orders_info['mch_id'], 'result_code' => $orders_info['result_code'] == 'SUCCESS' ? 1 : 0, 'orders_id' =>$orders_info['out_trade_no'], 'time_end' => $orders_info['time_end'], 'title' => $title, 'openid'=> $orders_info['openid'], 'pay_source' => 1, 'is_subscribe' => $orders_info['is_subscribe'] == 'Y' ? 1 : 0, //是否关注公众账号 'sub_mch_id' => $orders_info['sub_mch_id'], 'total_fee' =>sprintf("%.2f",$orders_info['total_fee']/100), 'bank_type' => $orders_info['bank_type'], ); //存数据 $add_data = $orders_model->add_pay_info($branch_id,$pay_info); if(!$add_data){ log::write( "支付数据存储失败".$orders_info['transaction_id']); return false; } if($orders_info['result_code'] == 'SUCCESS'){ //查询订单信息 // $order_data = $orders_model->get_orders_data($table_id, $branch_id); $order_data = $orders_model->get_orders_tem($table_id, $branch_id); if(!$order_data){ log::write( "查询订单信息失败".time()); return false; } $this->writeLogs(RUNTIME_PATH.'Logs/','proOrders',"\r\n-------------------".date('Y-m-d H:i:s')."查询订单信息---------\r\n---响应数据:".json_encode($order_data)."\r\n------------\r\n"); //数据处理 $data_handle = $orders_model->data_handle($order_data,$table_id,$branch_id,$orders_info['cash_fee']/100,$orders_info['transaction_id']); $this->writeLogs(RUNTIME_PATH.'Logs/','proOrders',"\r\n-------------------".date('Y-m-d H:i:s')."微信支付数据处理结果---------\r\n---响应数据:".json_encode($data_handle)."\r\n------------\r\n"); //支付方式入库 $pay_data = array( 'orders_id' => $data_handle['orders_id'], //订单编号 'branch_id' => (int)$branch_id, // 店铺 ID 'pay_sn' => $orders_info['transaction_id'], // 支付 SN 'pay_total' => sprintf("%.2f",$orders_info['cash_fee']/100), // 支付金额 'pay_type' => 1, // 支付类型 'table_id' => $table_id, // 桌台ID ); //添加副表 $pay_sn = $orders_model->add_orders_pay_sn($pay_data); $pay_state = $data_handle['state']; if($pay_state == 1){ //完成订单 //完成订单后,没有确认的订单也全部清空 add yangzl $del_redis_orders = $orders_model->del_redis_orders_p($branch_id, $table_id); if (!$del_redis_orders){ log::write( "现金订单完成后收尾".$table_id); } //设置状态 $table_model = new TablesModel(); $state = $table_model->set_table_state($table_id, $branch_id, 4); } // 服务员下单一对一推送 $table_base = $table_model->get_table_by_id($table_id,$branch_id); $table_title = $table_base['title']; Push::app_push_waiter_checkout($table_id, $table_title, '1'); exit(); }else{ //支付失败 log::write( "支付订单号数据支付失败::支付订单号".$orders_info['transaction_id']); exit(); } }else{ log::write( "支付订单号数据已处理".$orders_info['transaction_id']); $this->returnXml(); exit(); } } /**********写入日志方法***********/ /** * 日志记录 * @param $path string 日志文件目录 * @param $file string 日志文件名,不包含后缀 * @param $content string 记录内容 * @param @author yangzl * @return void **/ public function writeLogs($path,$file,$content,$more=true){ $newpath = ''; if (!file_exists($path)) { mkdir ($path); @chmod ($path, 0777 ); } if($more){ $newpath .= $path.$file.@date('Y-m-d').".log"; }else{ $newpath .= $path.$file.".log"; } $content .="\r\n"."----------------------------------------------------------------------------------------------------------------"."\r\n"; $this->write_file($newpath,$content,"a+"); } /** * 写内容 * @param $filename string 日志文件名 * @param $data string 记录内容 * @param $method * @author yanzl **/ private function write_file($filename,$data,$method="rb+",$iflock=1){ @touch($filename); $handle=@fopen($filename,$method); if($iflock){ @flock($handle,LOCK_EX); } @fputs($handle,$data); if($method=="rb+") @ftruncate($handle,strlen($data)); @fclose($handle); @chmod($filename,0777); if( is_writable($filename) ){ return 1; }else{ return 0; } } } ?>