签名都是按照参数的键值字母排序组成字符串，经过md5加密再转成大写字母

发起支付时传递的签名

$arr = array('dingdan'=>time(),'userid'=>$userid,'money'=>$money);

$data =  json_encode($arr);
$data = base64_encode($data);

$appid = "lalalalalalalallalalala";
$body = $money."元金币充值";
$callback_url = "http://123456.cn/pay/success";
$channel_id = "default";
$out_trade_no = $data;
$total_fee = $money;
$version = "2.0";

$sign_prep = "app_id=".$appid."&body=".$body."&callback_url=".$callback_url."&channel_id=".$channel_id."&out_trade_no=".$out_trade_no."&total_fee=".$total_fee."&version=".$version.$this->key;
$sign = strtoupper( md5($sign_prep) );

中间回调的签名验证，第四方post传递过来的参数，除了sign，其它参与排序计算签名再和sign对比，一样返回success

$cpparam = $request->get('cpparam');
$orderNo = $request->get('orderNo');
$price =$request->get('price');
$status = $request->get('status');
$synType = $request->get('synType');
$time = $request->get('time');
$sign = $request->get('sign');

$str = "cpparam=".$cpparam."&orderNo=".$orderNo."&price=".$price."&status=".$status."&synType=".$synType."&time=".$time.$this->key;
$str = strtoupper( md5($str) );
if($sign == $str){
    if($status == "success"){
        //获取参数，发送命令给服务端
        $data = $request->get('cpparam');
        $dingdan = $request->get('orderNo');
        $data = base64_decode($data);
        $data = json_decode($data,true);
        $result = "1";

        if(PFGameCommand::recharge($data['userid'],$data['money'],$dingdan,$result)){
            return "success";
        }

    }else{
        PFGameCommand::recharge("0000","0","0","0");
    }
}else{
    PFGameCommand::recharge("0000","0","0","0");
    return "";
}