问题
EBS can return the response parameters as single GET parameter when the return url is specified as 'http://www.yourdomainname.com/response.extension?DR={DR}' as described in knowledgeable.
However I can not find the specification how to decrypt and validate the response. Also the Integration guide (v.3) does not contain any information on the subject.
I have found few examples which uses this options and decrypts their response via custom RC43 decoder.
With the DR variable specified the response contains single encoded/encrypted string. However the I am unable to recognise what sort of algorithm is actually used (I suspect RC4 stream cyphers) and most examples ends with the decryption (without actual validation).
I am looking for any information on the subject.
回答1:
The integration kits actually provide a way How to use and decode the response. However not all kits use this or verify the response at all.
To use the encrypted response the return url must complain the following format as specified in knowledgebase: 'http://www.yourdomainname.com/response.extension?DR={DR}'
$DR = preg_replace("/\s/","+",$_GET['DR']);
$rc4 = new Crypt_RC4($secret_key);
$QueryString = base64_decode($DR);
$rc4->decrypt($QueryString);
$QueryString = explode('&',$QueryString);
$response = array();
foreach($QueryString as $param){
$param = explode('=',$param);
$response[$param[0]] = urldecode($param[1]);
}
return $response
The Crypt_RC43 class which actually takes care of the decryption is then provided by EBS inside of Rc43 file which is part of the integration kits.
Note: As I have stated the Rc43 file is not part of every integration kit. Some kits even includes the Crypt_RC43 class as a private inner class of the controller. For mine implementation I have used the Rc43 file contained in Wordpress-3.7.x Donate integration kit.
来源:https://stackoverflow.com/questions/32726164/ebs-payment-gateway-encoded-response