签名都是按照参数的键值字母排序组成字符串,经过md5加密再转成大写字母
发起支付时传递的签名
$arr = array('dingdan'=>time(),'userid'=>$userid,'money'=>$money); $data = json_encode($arr); $data = base64_encode($data); $appid = "lalalalalalalallalalala"; $body = $money."元金币充值"; $callback_url = "http://123456.cn/pay/success"; $channel_id = "default"; $out_trade_no = $data; $total_fee = $money; $version = "2.0"; $sign_prep = "app_id=".$appid."&body=".$body."&callback_url=".$callback_url."&channel_id=".$channel_id."&out_trade_no=".$out_trade_no."&total_fee=".$total_fee."&version=".$version.$this->key; $sign = strtoupper( md5($sign_prep) );
中间回调的签名验证,第四方post传递过来的参数,除了sign,其它参与排序计算签名再和sign对比,一样返回success
$cpparam = $request->get('cpparam'); $orderNo = $request->get('orderNo'); $price =$request->get('price'); $status = $request->get('status'); $synType = $request->get('synType'); $time = $request->get('time'); $sign = $request->get('sign'); $str = "cpparam=".$cpparam."&orderNo=".$orderNo."&price=".$price."&status=".$status."&synType=".$synType."&time=".$time.$this->key; $str = strtoupper( md5($str) ); if($sign == $str){ if($status == "success"){ //获取参数,发送命令给服务端 $data = $request->get('cpparam'); $dingdan = $request->get('orderNo'); $data = base64_decode($data); $data = json_decode($data,true); $result = "1"; if(PFGameCommand::recharge($data['userid'],$data['money'],$dingdan,$result)){ return "success"; } }else{ PFGameCommand::recharge("0000","0","0","0"); } }else{ PFGameCommand::recharge("0000","0","0","0"); return ""; }