寫小程序發(fā)現(xiàn)微信支付有了v3版本, 就想著接個(gè)新的支付看看, 結(jié)果發(fā)現(xiàn),有毒,記錄一下歷程
先是統(tǒng)一下單
//統(tǒng)一下單
public function wechartAddOrder($name,$ordernumber,$money,$openid){
$url = "https://api.mch.weixin.qq.com/v3/pay/transactions/jsapi";
$urlarr = parse_url($url);
$appid = config('config.appId');//appID
$mchid = config('config.mchid');//商戶ID
$xlid = config('config.apiXL');//API序列號
$data = array();
$randstr = getRanStr(16,false);//隨機(jī)字符串長度不超過32
$time = time();
$data['appid'] = $appid;
$data['mchid'] = $mchid;
$data['description'] = $name;//商品描述
$data['out_trade_no'] = $ordernumber;//訂單編號
$data['notify_url'] = "https://www.xffly.cn/api/admin/order/wechartCallback";//回調(diào)接口
// $data['amount']['total'] = $money;//金額
$data['amount']['total'] = 1;
$data['payer']['openid'] = $openid;//用戶openID
$data = json_encode($data);
$key = $this->getSign($data,$urlarr['path'],$randstr,$time);//簽名
$token = sprintf('mchid="%s",serial_no="%s",nonce_str="%s",timestamp="%d",signature="%s"',$mchid,$xlid,$randstr,$time,$key);//頭部信息
$header = array(
'Content-Type:'.'application/json; charset=UTF-8',
'Accept:application/json',
'User-Agent:*/*',
'Authorization: WECHATPAY2-SHA256-RSA2048 '.$token
);
$ret = curl_post_https($url,$data,$header);
return $ret;
}
計(jì)算簽名, 也是按照文檔弄了好多遍
//微信支付簽名
public function getSign($data=array(),$url,$randstr,$time){
$str = "POST"."\n".$url."\n".$time."\n".$randstr."\n".$data."\n";
$key = file_get_contents('apiclient_key.pem');//在商戶平臺下載的秘鑰
$str = getSha256WithRSA($str,$key);
return $str;
}
通過統(tǒng)一下單接口得到prepay_id
在小程序里面用他的wx.requestPayment接口調(diào)起支付,沒啥含量,不貼代碼了,照著文檔寫
其中調(diào)起支付還需要一個(gè)簽名,同理
//調(diào)起支付的簽名
public function getWechartSign($post){
$data = array();
$data['timeStamp'] = $post['timeStamp'];
$data['nonceStr'] = $post['str'];
$data['package'] = $post['package'];
$str = config('config.appId')."\n".$data['timeStamp']."\n".$data['nonceStr']."\n".$data['package']."\n";
$key = file_get_contents('apiclient_key.pem');
$str = getSha256WithRSA($str,$key);
return $str;
}
重點(diǎn)是支付成功的回調(diào),簡直有毒
返回回來的json信息, json_decode解析就成了空, 復(fù)制出來再解析是可以解析的,說是他有bom信息吧, 弄了也不好使, 用htmlspecialchars_decode轉(zhuǎn)義一下, 調(diào)試工具可以成功, 可是真實(shí)微信支付,還是不行,最后沒辦法, 存的log里面, 自己再取一下,就可以用了
//微信回調(diào)寫入日志文件并返回
public function writeWechartLog($post){
if(!is_dir("upload/log")){
mkdir("upload/log",0777,true);
}
$log = fopen("upload/log/wechart.txt", "a+");
if(is_array($post)){
$post = json_encode($post);
}
fwrite($log, $post."\n");
fclose($log);
$read = fopen("upload/log/wechart.txt", "r");
fseek($read, -1, SEEK_END);
$s = '';
while (($c = fgetc($read)) !== false) {
if ($c == "\n" && $s) break;
$s = $c . $s;
fseek($read, -2, SEEK_CUR);
}
fclose($read);
return $s;//取剛剛存的最后一條回調(diào)信息
}
回調(diào)信息里面,有個(gè)加密的東西,還得解密一下,這個(gè)傳入的是自己又從log里面取出來的數(shù)據(jù)
sodium_crypto_aead_aes256gcm_decrypt 這個(gè)解密密方法需要php擴(kuò)展 sodium
//微信回調(diào)解密
public function wechartDecrypt($str) {
$str = htmlspecialchars_decode($str,ENT_COMPAT);
$post = json_decode($str,true);
$key = config("config.apiv3Key");//商戶平臺設(shè)置的api v3 密碼
$text = base64_decode($post['resource']['ciphertext']);
$str = sodium_crypto_aead_aes256gcm_decrypt($text,$post['resource']['associated_data'],$post['resource']['nonce'],$key);
return json_decode($str,true);
}
然后就是取到回調(diào)信息后的業(yè)務(wù)處理了
又看到這個(gè)文章的朋友, 如果知道為什么 微信回調(diào)回來的 json信息, 沒辦法直接使用的, 麻煩告告我,謝謝啦, 研究一天沒研究出來, 只能先這樣處理了...
