微信支付回调验证签名:一定要验证签名,可能不造成伪造数据,或者数据库造到灌水;
<?php /** * 微信支付回调类 * @name CallbackAction.class.php * @author yangzl * @date(20180820) */ class CallbackAction extends Action{ /** * @param 获取微信支付回调接口 * @return [type] [descripti * @date(20180820) * @author yangzl */ public function getPayMentCallBack(){ $curl_request = $_SERVER['REQUEST_METHOD']; //获取请求方式 if($curl_request == 'POST'){ $xmldata=file_get_contents("php://input"); libxml_disable_entity_loader(true); //把微信支付回调结果写入日志 $this->writeLogs(RUNTIME_PATH.'Logs/','getPayMentCallBack',"\r\n-------------------".date('Y-m-d H:i:s')."微信支付回调结果---------\r\n---响应数据:".json_encode(simplexml_load_string($xmldata, 'SimpleXMLElement', LIBXML_NOCDATA))."\r\n------------\r\n"); //处理微信支付返回的xml数据 $data = json_encode(simplexml_load_string($xmldata, 'SimpleXMLElement', LIBXML_NOCDATA)); $sign_return = json_decode($data,true)['sign']; $sign = $this->appgetSign(json_decode($data,true)); //给微信返回接收成功通知,生成xml数据 $this->returnXml(); if($sign == $sign_return){ //把数据提交给订单处理方法 $this->proOrders($data); } } } /* * 格式化参数格式化成url参数 生成签名sign */ public function appgetSign($data){ require_once WEB_LIB."WxPay.Config.php"; $config = new WxPayConfig(); $appwxpay_key = $config->GetKey(); //签名步骤一:按字典序排序参数 ksort($data); $String = $this->callbackToUrlParams($data); //签名步骤二:在string后加入KEY if($appwxpay_key){ $String = $String."&key=".$appwxpay_key; } //签名步骤三:MD5加密 $String = md5($String); //签名步骤四:所有字符转为大写 $result_ = strtoupper($String); return $result_; } /** * 格式化参数格式化成url参数 */ public function callbackToUrlParams($Parameters){ $buff = ""; foreach ($Parameters as $k => $v){ if($k != "sign" && $v != "" && !is_array($v)){ $buff .= $k . "=" . $v . "&"; } } $buff = trim($buff, "&"); return $buff; } /** * @param 拼装xml数据返回 * @author yangzl <[<email address>]> */ public function returnXml(){ header("Content-type:text/xml;"); $xml = "<?xml version='1.0' encoding='UTF-8'?>\n"; $xml .= "<xml>\n"; $xml .= "<return_code>SUCCESS</return_code>\n"; $xml .= "<return_msg>OK</return_msg>\n"; $xml .= "</xml>\n"; echo $xml; } /** * @param 支付回调程序处理 * @author yangzl * @date(20180820) */ public function proOrders($data){ if (!$data) { $date = date("Y-m-d H:i:s",time()); log::write( "proOrders方法错误".$date); } //处理则返回数据入库 分表 $orders_info = json_decode($data,true); $orders_model = new OrdersModel(); $branch_id = json_decode($orders_info['attach'],true)['branch_id']; //查询排重 $result_pay_data = $orders_model->get_pay_data($branch_id,$orders_info['transaction_id']); if(!$result_pay_data){ //不存在 //存数据 $table_id = json_decode($orders_info['attach'],true)['table_id']; //根据tableid查询桌台信息 $tables_model = new TablesModel(); $table_info = $tables_model->get_table_by_id( $table_id, $branch_i