function respond() { $payment = get_payment($_GET['code']); $billno = $_GET['billno']; $amount = $_GET['amount']; $mydate = $_GET['date']; $succ = $_GET['succ']; $msg = $_GET['msg']; $ipsbillno = $_GET['ipsbillno']; $retEncodeType = $_GET['retencodetype']; $currency_type = $_GET['Currency_type']; $signature = $_GET['signature']; $order_sn = intval(substr($billno, 0, 10)); if ($succ == 'Y') { $content = $billno . $amount . $mydate . $succ . $ipsbillno . $currency_type; $cert = $payment['ips_key']; $signature_1ocal = md5($content . $cert); if ($signature_1ocal == $signature) { if (!check_money($order_sn, $amount)) { return false; } order_paid($order_sn); return true; } else { return false; } } else { return false; } }
/** * 响应操作 */ function respond() { $payment = get_payment($_GET['code']); if ($_POST) { // Assign payment notification values to local variables $pm_id = $_POST['pm_id']; $amount = $_POST['amount']; $currency = $_POST['currency']; $track_id = $_POST['track_id']; $sub_track_id = $_POST['sub_track_id']; $state = $_POST['state']; $check_array = array($this->api_key, $pm_id, $amount, $currency, $track_id, $sub_track_id, $state, $this->secret_key); $check_msg = implode('|', $check_array); $check_sig = md5($check_msg); $notify_sig = $_POST['notify_sig']; if ($notify_sig == $check_sig) { switch ($state) { case 'completed': order_paid($track_id, PS_PAYED, 'Payssion trans id: ' . $_POST['transaction_id']); echo "OK"; break; default: break; } return true; } } return false; }
/** * 响应操作 */ function respond() { $payment = get_payment(basename(__FILE__, '.php')); $v_oid = trim($_POST['v_oid']); $v_pmode = trim($_POST['v_pmode']); $v_pstatus = trim($_POST['v_pstatus']); $v_pstring = trim($_POST['v_pstring']); $v_amount = trim($_POST['v_amount']); $v_moneytype = trim($_POST['v_moneytype']); $remark1 = trim($_POST['remark1']); $remark2 = trim($_POST['remark2']); $v_md5str = trim($_POST['v_md5str']); /** * 重新计算md5的值 */ $key = $payment['chinabank_key']; $md5string = strtoupper(md5($v_oid . $v_pstatus . $v_amount . $v_moneytype . $key)); /* 检查秘钥是否正确 */ if ($v_md5str == $md5string) { //验证通过后,将订单sn转换为ID 来操作ec订单表 if ($remark1 == 'voucher') { $v_oid = get_order_id_by_sn($v_oid, "true"); } else { $v_oid = get_order_id_by_sn($v_oid); } if ($v_pstatus == '20') { /* 改变订单状态 */ order_paid($v_oid); return true; } } else { return false; } }
function __construct() { $payment = get_payment('wxpay'); // // $sql = 'SELECT * FROM ' . $GLOBALS['ecs']->table('payment'). // " WHERE pay_code = '$code' AND enabled = '1'"; // $payment = $GLOBALS['db']->getRow($sql); // // if ($payment) // { // $config_list = unserialize($payment['pay_config']); // // foreach ($config_list AS $config) // { // $payment[$config['name']] = $config['value']; // } // } // // $payment['wxpay_app_id'] = 'wx0650d6f362b2a277'; // $payment['wxpay_app_secret']='ad3bd950f6abb0833c9a3a85ad330b5'; // $payment['wxpay_mchid']='1221660701'; // $payment['wxpay_key']='884256c5194701168d5232dabbb50081'; // $payment['notifyurl']='http://www.900lh.com/wxpay/demo/notify_url.php'; // $payment['successurl']='http://www.900lh.com/mobile/user.php?act=order_info&id='; //var_dump($payment); if (isset($payment)) { $this->wxpay_app_id = $payment['wxpay_app_id']; $this->wxpay_app_secret = $payment['wxpay_app_secret']; $this->wxpay_mchid = $payment['wxpay_mchid']; $this->wxpay_key = $payment['wxpay_key']; $this->notifyurl = $payment['notifyurl']; $this->successurl = $payment['successurl']; } //var_dump($this->notifyurl);exit(); }
function respond() { $payment = get_payment('paypal'); $merchant_id = $payment['paypal_account']; $req = 'cmd=_notify-validate'; foreach ($_POST as $key =>$value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: ".strlen($req) ."\r\n\r\n"; $fp = fsockopen ('www.paypal.com',80,$errno,$errstr,30); $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $order_sn = $_POST['invoice']; $memo = !empty($_POST['memo']) ?$_POST['memo'] : ''; $action_note = $txn_id .'('.$GLOBALS['_LANG']['paypal_txn_id'] .')'.$memo; if (!$fp) { fclose($fp); return false; } else { fputs($fp,$header .$req); while (!feof($fp)) { $res = fgets($fp,1024); if (strcmp($res,'VERIFIED') == 0) { if ($payment_status != 'Completed'&&$payment_status != 'Pending') { fclose($fp); return false; } if ($receiver_email != $merchant_id) { fclose($fp); return false; } if (!pay::check_money($order_sn,$payment_amount)) { fclose($fp); return false; } if ($payment['paypal_currency'] != $payment_currency) { fclose($fp); return false; } pay::changeorders($order_sn,$action_note); fclose($fp); return true; } elseif (strcmp($res,'INVALID') == 0) { fclose($fp); return false; } } } }
function respond() { $payment = get_payment('wx_new_qrcode'); $notify = new Notify_pub(); $xml = $GLOBALS['HTTP_RAW_POST_DATA']; if ($payment['logs']) { $this->log(ROOT_PATH . '/data/wx_new_log.txt', "传递过来的XML\r\n" . var_export($xml, true)); } $notify->saveData($xml); if ($notify->checkSign() == TRUE) { if ($notify->data["return_code"] == "FAIL") { //此处应该更新一下订单状态,商户自行增删操作 if ($payment['logs']) { $this->log(ROOT_PATH . '/data/wx_new_log.txt', "return_code失败\r\n"); } } elseif ($notify->data["result_code"] == "FAIL") { //此处应该更新一下订单状态,商户自行增删操作 if ($payment['logs']) { $this->log(ROOT_PATH . '/data/wx_new_log.txt', "result_code失败\r\n"); } } else { //此处应该更新一下订单状态,商户自行增删操作 if ($payment['logs']) { $this->log(ROOT_PATH . '/data/wx_new_log.txt', "支付成功\r\n"); } $total_fee = $notify->data["total_fee"]; $log_id = $notify->data["attach"]; $sql = 'SELECT order_amount FROM ' . $GLOBALS['ecs']->table('pay_log') . " WHERE log_id = '{$log_id}'"; $amount = $GLOBALS['db']->getOne($sql); if ($payment['logs']) { $this->log(ROOT_PATH . '/data/wx_new_log.txt', '订单金额' . $amount . "\r\n"); } /* 检查支付的金额是否相符 */ if (intval($amount * 100) != $total_fee) { if ($payment['logs']) { $this->log(ROOT_PATH . '/data/wx_new_log.txt', '订单金额不符' . "\r\n"); } echo 'fail'; return false; } order_paid($log_id, 2); return true; } } else { $this->log(ROOT_PATH . '/data/wx_new_log.txt', "签名失败\r\n"); } return false; }
/** * 生成支付代码 * @param array $order 订单信息 * @param array $payment 支付方式信息 */ function get_code($order, $payment) { $parameter = array('orderName' => $order['order_sn'], 'orderid' => $order['log_id'], 'price' => $order['order_amount'] * 100); ksort($parameter); reset($parameter); $param = ''; foreach ($parameter as $key => $val) { $param .= "{$key}=" . urlencode($val) . "&"; } $code = "wxpay"; $arr = get_payment($code); foreach ($arr as $key => $val) { if ($key == "appid2" || $key == "appkey2" || $key == "partner2" || $key == "partnerKey2") { $param .= "{$key}=" . urlencode($val) . "&"; } } $param = substr($param, 0, -1); $button = '<div style="text-align:center"><input type="button" onclick="window.location.href=\'auth/wxpay.php?' . $param . '\';" value="' . $GLOBALS['_LANG']['pay_button'] . '" /></div>'; return $button; }
/** * 响应操作 */ function respond() { if (!empty($_POST)) { foreach ($_POST as $key => $data) { $_GET[$key] = $data; } } $payment = get_payment($_GET['code']); $seller_email = rawurldecode($_GET['seller_email']); $order_sn = str_replace($_GET['subject'], '', $_GET['out_trade_no']); $order_sn = trim($order_sn); /* 检查支付的金额是否相符 */ if (!check_money($order_sn, $_GET['total_fee'])) { return false; } /* 检查数字签名是否正确 */ ksort($_GET); reset($_GET); $sign = ''; foreach ($_GET as $key => $val) { if ($key != 'sign' && $key != "n" && $key !== "h" && $key != "at" && $key != 'sign_type' && $key != 'code') { $sign .= "{$key}={$val}&"; } } $sign = substr($sign, 0, -1) . $payment['alipay_key']; //$sign = substr($sign, 0, -1) . ALIPAY_AUTH; if (md5($sign) != $_GET['sign']) { return false; } if ($_GET['trade_status'] == 'TRADE_FINISHED') { // echo $order_sn; // exit; /* 改变订单状态 */ return order_paid($order_sn); // true; } else { return false; } }
/** * 处理函数 */ function respond() { //exit; $payment = get_payment('allpay_card24'); $timestamp = time(); $key = trim($payment['allpay_card24_key']); $iv = trim($payment['allpay_card24_iv']); $order_id = $_REQUEST['MerchantTradeNo']; $log_id = $_REQUEST['log_id']; $mer_id = $_REQUEST['MerchantID']; $input_array = array("MerchantID" => $mer_id, "MerchantTradeNo" => $order_id, "TimeStamp" => $timestamp); ksort($input_array); $checkvalue = "HashKey={$key}&" . urldecode(http_build_query($input_array)) . "&HashIV={$iv}"; $checkvalue = strtolower(urlencode($checkvalue)); $checkvalue = md5($checkvalue); $input_array["CheckMacValue"] = $checkvalue; $sned_string = http_build_query($input_array); $gateway = "https://payment.allpay.com.tw/Cashier/QueryTradeInfo"; //$gateway = "http://payment-stage.allpay.com.tw/Cashier/QueryTradeInfo"; $result = $this->get_result($gateway, $sned_string); if (check_money($log_id, $_REQUEST['TradeAmt'])) { $checkAmount = "1"; } parse_str($result, $res); //echo $_REQUEST['RtnCode'] . "||" . $checkAmount . "||" . $res["TradeStatus"] . "||" . $res["TradeAmt"] . "||" . $_REQUEST['TradeAmt'] . "||"; if ($_REQUEST['RtnCode'] == '1' && $checkAmount == '1' && $res["TradeStatus"] == "1" && $res["TradeAmt"] == $_REQUEST['TradeAmt']) { $note = "付款完成" . date("Y-m-d H:i:s"); order_paid($log_id, PS_PAYED, $note); return true; } else { return false; } }
/** * 處理函數 */ function respond() { $arPayment = get_payment('ecshop_allpay_card'); $isTestMode = $arPayment['ecshop_allpay_card_test_mode'] == 'Yes'; $arFeedback = null; $arQueryFeedback = null; $szLogID = $_GET['log_id']; $szOrderID = $_GET['order_id']; $this->HashKey = trim($arPayment['ecshop_allpay_card_key']); $this->HashIV = trim($arPayment['ecshop_allpay_card_iv']); try { // 取得回傳的付款結果。 $arFeedback = $this->CheckOutFeedback(); if (sizeof($arFeedback) > 0) { // 查詢付款結果資料。 $this->ServiceURL = $isTestMode ? "https://payment-stage.allpay.com.tw/Cashier/QueryTradeInfo/v2" : "https://payment.allpay.com.tw/Cashier/QueryTradeInfo/V2"; $this->MerchantID = trim($arPayment['ecshop_allpay_card_account']); $this->Query['MerchantTradeNo'] = $arFeedback['MerchantTradeNo']; $arQueryFeedback = $this->QueryTradeInfo(); if (sizeof($arQueryFeedback) > 0) { $arOrder = order_info($szOrderID); // 檢查支付金額與訂單是否相符。 if (round($arOrder['order_amount']) == $arFeedback['TradeAmt'] && $arQueryFeedback['TradeAmt'] == $arFeedback['TradeAmt']) { $szCheckAmount = '1'; } // 確認付款結果。 if ($arFeedback['RtnCode'] == '1' && $szCheckAmount == '1' && $arQueryFeedback["TradeStatus"] == '1') { $szNote = $GLOBALS['_LANG']['text_paid'] . date("Y-m-d H:i:s"); order_paid($szLogID, PS_PAYED, $szNote); if ($_GET['background']) { echo '1|OK'; exit; } else { return true; } } else { if ($_GET['background']) { echo !$szCheckAmount ? '0|訂單金額不符。' : $arFeedback['RtnMsg']; exit; } else { return false; } } } else { throw new Exception('AllPay 查無訂單資料。'); } } } catch (Exception $ex) { /* 例外處理 */ } return false; }
/** * 响应操作 */ function respond() { $payment = get_payment('wxpay'); /*取返回参数*/ $fields = 'bank_billno,bank_type,discount,fee_type,input_charset,notify_id,out_trade_no,partner,product_fee' . ',sign_type,time_end,total_fee,trade_mode,trade_state,transaction_id,transport_fee'; $arr = null; foreach (explode(',', $fields) as $val) { if (isset($_REQUEST[$val])) { $arr[$val] = trim($_REQUEST[$val]); } } $order_sn = $arr['out_trade_no']; $log_id = get_order_id_by_sn($order_sn); /* 如果trade_state大于0则表示支付失败 */ if ($arr['trade_state'] > 0) { return false; } /* 检查支付的金额是否相符 */ if (!check_money($log_id, $arr['total_fee'] / 100)) { return false; } $sign = $_REQUEST['sign']; $sign_md5 = $this->create_sign($arr); if ($sign_md5 != $sign) { return false; } else { /* 改变订单状态 */ order_paid($log_id); return true; } }
/** * 响应操作 */ function respond() { $payment = get_payment($_GET['code']); //--获取云网支付网关向商户发送的支付通知信息(以下简称为通知信息) $c_mid = $_REQUEST['c_mid']; //商户编号,在申请商户成功后即可获得,可以在申请商户成功的邮件中获取该编号 $c_order = $_REQUEST['c_order']; //商户提供的订单号 $c_orderamount = $_REQUEST['c_orderamount']; //商户提供的订单总金额,以元为单位,小数点后保留两位,如:13.05 $c_ymd = $_REQUEST['c_ymd']; //商户传输过来的订单产生日期,格式为"yyyymmdd",如20050102 $c_transnum = $_REQUEST['c_transnum']; //云网支付网关提供的该笔订单的交易流水号,供日后查询、核对使用; $c_succmark = $_REQUEST['c_succmark']; //交易成功标志,Y-成功 N-失败 $c_moneytype = $_REQUEST['c_moneytype']; //支付币种,0为人民币 $c_cause = $_REQUEST['c_cause']; //如果订单支付失败,则该值代表失败原因 $c_memo1 = $_REQUEST['c_memo1']; //商户提供的需要在支付结果通知中转发的商户参数一 $c_memo2 = $_REQUEST['c_memo2']; //商户提供的需要在支付结果通知中转发的商户参数二 $c_signstr = $_REQUEST['c_signstr']; //云网支付网关对已上信息进行MD5加密后的字符串 //--校验信息完整性--- if ($c_mid == "" || $c_order == "" || $c_orderamount == "" || $c_ymd == "" || $c_moneytype == "" || $c_transnum == "" || $c_succmark == "" || $c_signstr == "") { //echo "支付信息有误!"; return false; } //--将获得的通知信息拼成字符串,作为准备进行MD5加密的源串,需要注意的是,在拼串时,先后顺序不能改变 //商户的支付密钥,登录商户管理后台(https://www.cncard.net/admin/),在管理首页可找到该值 $c_pass = trim($payment['c_pass']); $srcStr = $c_mid . $c_order . $c_orderamount . $c_ymd . $c_transnum . $c_succmark . $c_moneytype . $c_memo1 . $c_memo2 . $c_pass; //--对支付通知信息进行MD5加密 $r_signstr = md5($srcStr); //--校验商户网站对通知信息的MD5加密的结果和云网支付网关提供的MD5加密结果是否一致 if ($r_signstr != $c_signstr) { //echo "签名验证失败"; return false; } //验证通过后,将订单sn转换为ID 来操作ec订单表 if ($c_memo2 == 'voucher') { $c_order = get_order_id_by_sn($c_order, "true"); } else { $c_order = get_order_id_by_sn($c_order); } /* 检查支付的金额是否相符 */ if (!check_money($c_order, $c_orderamount)) { //echo "订单金额不对"; return false; } //--校验商户编号 $MerchantID = trim($payment['c_mid']); //商户自己的编号 if ($MerchantID != $c_mid) { //echo "提交的商户编号有误"; return false; } if ($c_memo1 != abs(crc32($payment['c_memo1']))) { //echo "个性签名不一致"; //return false; } // $r_orderamount = $row["订单金额"]; //商户从自己订单系统获取该值 // if($r_orderamount!=$c_orderamount){ // echo "支付金额有误"; // exit; // } //--校验商户订单系统中记录的订单生成日期和云网支付网关通知信息中的订单生成日期是否一致 // $r_ymd = $row["订单生成日期"]; //商户从自己订单系统获取该值 // if($r_ymd!=$c_ymd){ // echo "订单时间有误"; // exit; // } //--校验返回的支付结果的格式是否正确 if ($c_succmark != "Y" && $c_succmark != "N") { //echo "参数提交有误"; return false; } //--根据返回的支付结果,商户进行自己的发货等操作 if ($c_succmark = "Y") { //根据商户自己商务规则,进行发货等系列操作 /* 改变订单状态 */ order_paid($c_order); return true; } else { //echo $c_cause; return false; } }
/** * 响应操作 */ function respond() { $payment = get_payment(basename(__FILE__, '.php')); $m_id = $_POST['m_id']; // 商家号 $m_orderid = $_POST['m_orderid']; // 商家订单号 $m_oamount = $_POST['m_oamount']; // 支付金额 $m_ocurrency = $_POST['m_ocurrency']; // 币种 $m_language = $_POST['m_language']; // 语言选择 $s_name = $_POST['s_name']; // 消费者姓名 $s_addr = $_POST['s_addr']; // 消费者住址 $s_postcode = $_POST['s_postcode']; // 邮政编码 $s_tel = $_POST['s_tel']; // 消费者联系电话 $s_eml = $_POST['s_eml']; // 消费者邮件地址 $r_name = $_POST['r_name']; // 消费者姓名 $r_addr = $_POST['r_addr']; // 收货人住址 $r_postcode = $_POST['r_postcode']; // 收货人邮政编码 $r_tel = $_POST['r_tel']; // 收货人联系电话 $r_eml = $_POST['r_eml']; // 收货人电子地址 $m_ocomment = $_POST['m_ocomment']; // 备注 $State = $_POST['m_status']; // 支付状态2成功,3失败 $modate = $_POST['modate']; // 返回日期 $order_sn = $_POST['m_orderid']; //接收组件的加密 $OrderInfo = $_POST['OrderMessage']; // 订单加密信息 $signMsg = $_POST['Digest']; // 密匙 //接收新的md5加密认证 $newmd5info = $_POST['newmd5info']; //检查签名 $key = $payment['nps_key']; //<--支付密钥--> 注:此处密钥必须与商家后台里的密钥一致 $digest = strtoupper(md5($OrderInfo . $key)); //新的整合md5加密 $newtext = $m_id . $m_orderid . $m_oamount . $key . $State; $newMd5digest = strtoupper(md5($newtext)); if ($digest == $signMsg) { //解密 //$decode = $DES->Descrypt($OrderInfo, $key); $OrderInfo = $this->HexToStr($OrderInfo); //md5密匙认证 if ($newmd5info == $newMd5digest) { if ($State == 2) { //改变订单状态 order_paid($m_orderid); return true; } else { return false; } } else { return false; } } else { return false; } }
/** * 响应操作 */ function respond() { /*取返回参数*/ $cmd_no = $_GET['cmdno']; $pay_result = $_GET['pay_result']; $pay_info = $_GET['pay_info']; $bill_date = $_GET['date']; $bargainor_id = $_GET['bargainor_id']; $transaction_id = $_GET['transaction_id']; $sp_billno = $_GET['sp_billno']; $total_fee = $_GET['total_fee']; $fee_type = $_GET['fee_type']; $attach = $_GET['attach']; $sign = $_GET['sign']; $payment = get_payment('tenpay'); //$order_sn = $bill_date . str_pad(intval($sp_billno), 5, '0', STR_PAD_LEFT); //$log_id = preg_replace('/0*([0-9]*)/', '\1', $sp_billno); //取得支付的log_id if ($attach == 'voucher') { $log_id = get_order_id_by_sn($sp_billno, "true"); } else { $log_id = get_order_id_by_sn($sp_billno); } /* 如果pay_result大于0则表示支付失败 */ if ($pay_result > 0) { return false; } /* 检查支付的金额是否相符 */ if (!check_money($log_id, $total_fee / 100)) { return false; } /* 检查数字签名是否正确 */ $sign_text = "cmdno=" . $cmd_no . "&pay_result=" . $pay_result . "&date=" . $bill_date . "&transaction_id=" . $transaction_id . "&sp_billno=" . $sp_billno . "&total_fee=" . $total_fee . "&fee_type=" . $fee_type . "&attach=" . $attach . "&key=" . $payment['tenpay_key']; $sign_md5 = strtoupper(md5($sign_text)); if ($sign_md5 != $sign) { return false; } else { /* 改变订单状态 */ order_paid($log_id); return true; } }
/** * 响应操作 */ function respond() { $payment = get_payment('upop'); $arr_args = array(); $arr_reserved = array(); if (is_array($_POST)) { $arr_args = $_POST; $cupReserved = isset($arr_args['cupReserved']) ? $arr_args['cupReserved'] : ''; parse_str(substr($cupReserved, 1, -1), $arr_reserved); //去掉前后的{} } else { $cupReserved = ''; $pattern = '/cupReserved=(\\{.*?\\})/'; if (preg_match($pattern, $_POST, $match)) { //先提取cupReserved $cupReserved = $match[1]; } //将cupReserved的value清除(因为含有&, parse_str没法正常处理) $args_r = preg_replace($pattern, 'cupReserved=', $_POST); parse_str($args_r, $arr_args); $arr_args['cupReserved'] = $cupReserved; parse_str(substr($cupReserved, 1, -1), $arr_reserved); //去掉前后的{} } //提取服务器端的签名 if (!isset($arr_args['signature'])) { return false; } //验证签名 $signature = $this->sign($arr_args, $payment['upop_security_key'], 'md5'); if ($signature != $arr_args['signature']) { return false; } $arr_ret = array_merge($arr_args, $arr_reserved); unset($arr_ret['cupReserved']); if ($arr_ret['respCode'] != '00') { return false; } if (!strpos($arr_ret['orderNumber'], '-')) { return false; } $order_sn_arr = explode('-', $arr_ret['orderNumber']); $order_sn = $order_sn_arr['0']; $pay_id = intval($order_sn_arr['1']); $payment_amount = intval($arr_ret['settleAmount']); // 检查商户账号是否一致。 if ($payment['upop_account'] != $arr_ret['merId']) { return false; } // 检查价格是否一致 if (!check_money($pay_id, $payment_amount / 100)) { return false; } // 如果未支付成功。 if ($arr_ret['respCode'] != '00') { return false; } $action_note = $arr_ret['respCode'] . ':' . $arr_ret['respMsg'] . $GLOBALS['_LANG']['upop_txn_id'] . ':' . $arr_ret['qid']; // 完成订单。 order_paid($pay_id, PS_PAYED, $action_note); //告诉用户交易完成 return true; }
/** * 處理函數 */ function respond() { $arPayment = get_payment('ecshop_ecpay_barcode'); $isTestMode = $arPayment['ecshop_ecpay_barcode_test_mode'] == 'Yes'; $arFeedback = null; $arQueryFeedback = null; $szLogID = $_GET['log_id']; $szOrderID = $_GET['order_id']; //$isPaymentInfo = ($_GET['pi'] == 'true'); $this->HashKey = trim($arPayment['ecshop_ecpay_barcode_key']); $this->HashIV = trim($arPayment['ecshop_ecpay_barcode_iv']); try { // 取得回傳的付款結果。 $arFeedback = $this->CheckOutFeedback(); if (sizeof($arFeedback) > 0) { // 查詢付款結果資料。 $this->ServiceURL = $isTestMode ? "https://payment-stage.ecpay.com.tw/Cashier/QueryTradeInfo/v2" : "https://payment.ecpay.com.tw/Cashier/QueryTradeInfo/V2"; $this->MerchantID = trim($arPayment['ecshop_ecpay_barcode_account']); $this->Query['MerchantTradeNo'] = $arFeedback['MerchantTradeNo']; $arQueryFeedback = $this->QueryTradeInfo(); if (sizeof($arQueryFeedback) > 0) { $arOrder = order_info($szOrderID); // 檢查支付金額與訂單是否相符。 if (round($arOrder['order_amount']) == $arFeedback['TradeAmt'] && $arQueryFeedback['TradeAmt'] == $arFeedback['TradeAmt']) { $szCheckAmount = '1'; } // 確認產生條碼。 if ($arFeedback['RtnCode'] == '10100073' && $szCheckAmount == '1' && $arQueryFeedback["TradeStatus"] == '0') { $szPaymentType = $arFeedback['PaymentType']; $szTradeDate = $arFeedback['TradeDate']; $szBankCode = $arFeedback['PaymentNo']; $szExpireDate = $arFeedback['ExpireDate']; $szBarcode1 = $arFeedback['Barcode1']; $szBarcode2 = $arFeedback['Barcode2']; $szBarcode3 = $arFeedback['Barcode3']; $szNote = sprintf($GLOBALS['_LANG']['text_paying'], date("Y-m-d H:i:s"), $szPaymentType, $szTradeDate, $szBankCode, $szExpireDate, $szBarcode1, $szBarcode2, $szBarcode3); order_paid($szLogID, PS_PAYING, $szNote); /* 修改此次交易狀態為未付款 */ $sql = 'UPDATE ' . $GLOBALS['ecs']->table('pay_log') . " SET is_paid = '0' WHERE log_id = '{$szLogID}'"; $GLOBALS['db']->query($sql); ob_get_clean(); print '1|OK'; exit; } // 確認付款結果。 if ($arFeedback['RtnCode'] == '1' && $szCheckAmount == '1' && $arQueryFeedback["TradeStatus"] == '1') { $szNote = $GLOBALS['_LANG']['text_paid'] . date("Y-m-d H:i:s"); order_paid($szLogID, PS_PAYED, $szNote); if ($_GET['background']) { echo '1|OK'; exit; } else { return true; } } else { if ($_GET['background']) { echo !$szCheckAmount ? '0|訂單金額不符。' : $arFeedback['RtnMsg']; exit; } else { return false; } } } else { throw new Exception('ECPay 查無訂單資料。'); } } } catch (Exception $ex) { /* 例外處理 */ } return false; }
/** * 响应操作 */ function respond() { $payment = get_payment('yeepay_abchina'); $merchant_id = $payment['yp_account']; // 获取商户编号 $merchant_key = $payment['yp_key']; // 获取秘钥 $message_type = trim($_REQUEST['r0_Cmd']); $succeed = trim($_REQUEST['r1_Code']); // 获取交易结果,1成功,-1失败 $trxId = trim($_REQUEST['r2_TrxId']); $amount = trim($_REQUEST['r3_Amt']); // 获取订单金额 $cur = trim($_REQUEST['r4_Cur']); // 获取订单货币单位 $product_id = trim($_REQUEST['r5_Pid']); // 获取产品ID $orderid = trim($_REQUEST['r6_Order']); // 获取订单ID $userId = trim($_REQUEST['r7_Uid']); // 获取产品ID $merchant_param = trim($_REQUEST['r8_MP']); // 获取商户私有参数 $bType = trim($_REQUEST['r9_BType']); // 获取订单ID $mac = trim($_REQUEST['hmac']); // 获取安全加密串 ///生成加密串,注意顺序 $ScrtStr = $merchant_id . $message_type . $succeed . $trxId . $amount . $cur . $product_id . $orderid . $userId . $merchant_param . $bType; $mymac = hmac($ScrtStr, $merchant_key); $v_result = false; if (strtoupper($mac) == strtoupper($mymac)) { if ($succeed == '1') { ///支付成功 $v_result = true; order_paid($orderid); } } return $v_result; }
/** * 响应操作 */ function respond() { $payment = get_payment($_GET['code']); $BillNo = $_REQUEST["BillNo"]; //订单号 $Currency = $_REQUEST["Currency"]; //币种 $BankID = $_REQUEST["BankID"]; //银行ID号 $Amount = $_REQUEST["Amount"]; //金额 $Succeed = $_REQUEST["Succeed"]; //支付状态 $TradeNo = $_REQUEST["TradeNo"]; //支付平台流水号 $Result = $_REQUEST["Result"]; //支付结果 $MD5info = $_REQUEST["MD5info"]; //取得的MD5校验信息 $Remark = $_REQUEST["Remark"]; //备注 //$Drawee = $_REQUEST["Drawee"]; //支付人名称 $MD5key = $payment['MD5key']; //MD5私钥 $md5src = $BillNo . $Currency . $Amount . $Succeed . $MD5key; //校验源字符串 $md5sign = strtoupper(md5($md5src)); //MD5检验结果 /* 验证 */ if ($MD5info != $md5sign) { return false; } if ($Succeed == 1) { /* 改变订单状态 */ order_paid($BillNo, PS_PAYED); return true; } else { return false; } }
* 网站地址: http://www.74cms.com; * ---------------------------------------------------------------------------- * 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和 * 使用;不允许对程序代码以任何形式任何目的的再发布。 * ============================================================================ */ define('IN_QISHI', true); require_once dirname(__FILE__) . '/../data/config.php'; require_once dirname(__FILE__) . '/include/admin_common.inc.php'; require_once ADMIN_ROOT_PATH . 'include/admin_pay_fun.php'; $act = !empty($_REQUEST['act']) ? trim($_REQUEST['act']) : 'list'; check_permissions($_SESSION['admin_purview'], "site_payment"); $smarty->assign('pageheader', "支付方式"); if ($act == 'list') { get_token(); $smarty->assign('payment', get_payment()); $smarty->display('pay/admin_payment_list.htm'); } elseif ($act == 'uninstall_payment') { check_token(); uninstall_payment($_GET['id']) ? adminmsg('成功卸载', 2) : adminmsg('卸载失败', 1); } elseif ($act == 'action_payment') { get_token(); $payment = get_payment_one($_GET['name']); if (!$payment) { adminmsg('获取失败', 1); } require_once "../include/payment/" . $payment['typename'] . ".php"; $smarty->assign('show', $payment); $smarty->assign('pay', pay_info()); $smarty->display('pay/admin_payment_action.htm'); } elseif ($act == 'save_payment') {
/** * 响应操作 $_REQUEST["Priv1"] 为 log_id */ function respond() { $payment = get_payment($_GET['code']); $merid=$this->config($payment); $flag = buildKey(PUB_KEY); //获取交易应答的各项值 $merid = $_REQUEST["merid"]; $orderno = $_REQUEST["orderno"]; $transdate = $_REQUEST["transdate"]; $amount = $_REQUEST["amount"]; $currencycode = $_REQUEST["currencycode"]; $transtype = $_REQUEST["transtype"]; $status = $_REQUEST["status"]; $checkvalue = $_REQUEST["checkvalue"]; $gateId = $_REQUEST["GateId"]; $priv1 = $_REQUEST["Priv1"]; $flag = verifyTransResponse($merid, $orderno, $amount, $currencycode, $transdate, $transtype, $status, $checkvalue); if( flag && $status == '1001') { // 检查价格是否一致 if (!check_money($priv1, $amount/100)) { return false; } order_paid($priv1, 2); return true; } else { return false; } }
/** * 处理函数 */ function respond() { if ($_REQUEST['succ'] == '1') { $_REQUEST['c_succmark'] = 'Y'; } if ($_REQUEST['succ'] == '0') { $_REQUEST['c_succmark'] = 'N'; } //echo 'OK'; //exit; $payment = get_payment('ecbank_webatm'); //驗證碼 $checkcode = trim($payment['ecbank_webatm_checkcode']); // 組合字串 $serial = trim($_REQUEST['proc_date'] . $_REQUEST['proc_time'] . $_REQUEST['tsr']); // 回傳的交易驗證壓碼 $tac = trim($_REQUEST['tac']); $c_order = trim($_REQUEST['od_sob']); $c_orderamount = $_REQUEST['amt']; $ecbank_gateway = 'https://ecbank.com.tw/web_service/get_outmac_valid.php'; $post_parm = 'key=' . $checkcode . '&serial=' . $serial . '&tac=' . $tac; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $ecbank_gateway); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $post_parm); $strAuth = curl_exec($ch); if (curl_errno($ch)) { $strAuth = false; } curl_close($ch); if (check_money($c_order, $c_orderamount)) { $checkAmount = "1"; } //print_r($strAuth); echo "<hr>"; //echo "here:".$tac_valid; exit; if ($strAuth == 'valid=1') { if ($_REQUEST['succ'] == '1' && $checkAmount == "1") { //$sql = 'UPDATE ' . $GLOBALS['ecs']->table('pay_log') . " SET is_paid = '0' WHERE log_id = '$c_order'"; //$GLOBALS['db']->query($sql); if ($_REQUEST['inv_error'] == "0") { $note .= ',發票開立成功。'; } else { if ($_REQUEST['inv_error'] == "") { $note .= ',未開立發票。'; } else { $note .= ',發票錯誤代碼' . $_REQUEST['inv_error']; } } order_paid($c_order, PS_PAYED, $note); return true; } } else { //print_r($_REQUEST); $def_url = '不合法的交易'; return $def_url; //echo '不合法的交易:'.$strAut; return false; exit; } }
/** * 响应操作 */ function respond() { $payment = get_payment($_GET['code']); $merchant_acctid = $payment['kq_account']; //人民币账号 不可空 $key = $payment['kq_key']; $get_merchant_acctid = trim($_REQUEST['merchantAcctId']); $pay_result = trim($_REQUEST['payResult']); $version = trim($_REQUEST['version']); $language = trim($_REQUEST['language']); $sign_type = trim($_REQUEST['signType']); $pay_type = trim($_REQUEST['payType']); $bank_id = trim($_REQUEST['bankId']); $order_id = trim($_REQUEST['orderId']); $order_time = trim($_REQUEST['orderTime']); $order_amount = trim($_REQUEST['orderAmount']); $deal_id = trim($_REQUEST['dealId']); $bank_deal_id = trim($_REQUEST['bankDealId']); $deal_time = trim($_REQUEST['dealTime']); $pay_amount = trim($_REQUEST['payAmount']); $fee = trim($_REQUEST['fee']); $ext1 = trim($_REQUEST['ext1']); $ext2 = trim($_REQUEST['ext2']); $err_code = trim($_REQUEST['errCode']); $sign_msg = trim($_REQUEST['signMsg']); //生成加密串。必须保持如下顺序。 $merchant_signmsgval = ''; $merchant_signmsgval = $this->append_param($merchant_signmsgval,"merchantAcctId",$merchant_acctid); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"version",$version); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"language",$language); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"signType",$sign_type); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"payType",$pay_type); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"bankId",$bank_id); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"orderId",$order_id); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"orderTime",$order_time); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"orderAmount",$order_amount); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"dealId",$deal_id); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"bankDealId",$bank_deal_id); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"dealTime",$deal_time); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"payAmount",$pay_amount); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"fee",$fee); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"ext1",$ext1); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"ext2",$ext2); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"payResult",$pay_result); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"errCode",$err_code); $merchant_signmsgval = $this->append_param($merchant_signmsgval,"key",$key); $merchant_signmsg = md5($merchant_signmsgval); //首先对获得的商户号进行比对 if ($get_merchant_acctid != $merchant_acctid) { //商户号错误 return false; } if (strtoupper($sign_msg) == strtoupper($merchant_signmsg)) { if ($pay_result == 10 || $pay_result == 00) { order_paid($ext1); return true; } else { //'支付结果失败'; return false; } } else { //'密钥校对错误'; return false; } }
/** * 响应操作 */ function respond() { $payment = get_payment(basename(__FILE__, '.php')); $v_tempdate = explode('-', $_REQUEST['v_oid']); //接受返回数据验证开始 //v_md5info验证 $md5info_paramet = $_REQUEST['v_oid'] . $_REQUEST['v_pstatus'] . $_REQUEST['v_pstring'] . $_REQUEST['v_pmode']; $md5info_tem = $this->hmac_md5($payment['cappay_key'], $md5info_paramet); //v_md5money验证 $md5money_paramet = $_REQUEST['v_amount'] . $_REQUEST['v_moneytype']; $md5money_tem = $this->hmac_md5($payment['cappay_key'], $md5money_paramet); if ($md5info_tem == $_REQUEST['v_md5info'] && $md5money_tem == $_REQUEST['v_md5money']) { //改变订单状态 order_paid($v_tempdate[2]); return true; } else { return false; } }
// добавление в корзину $goods_id = abs((int) $_GET['goods_id']); $qty_goods = abs((int) $_GET['qty']); addtocard($goods_id, $qty_goods); $_SESSION['total_sum'] = total_sum($_SESSION['card']); //фун-я будет считать общую сумму, и добавлять атрибуты товара - цену, название //колво товара и защита от ввода несущ ID товара total_quantity(); redirect(); break; case 'card': /*корзина*/ //способы доставки/оплаты. получение массива $delivery = get_delivery(); // в массив возвращаем результат работы функции, вызываем ее $payment = get_payment(); // пересчет товаров if (isset($_GET['id'], $_GET['qty'])) { $goods_id = abs((int) $_GET['id']); //получаем айди товара $qty = abs((int) $_GET['qty']); //количество из адресной строки, в которую передается из ява скрипта $qty_goods = abs((int) $_GET['qty']); $qty = $qty - $_SESSION['card'][$goods_id]['qty']; addtocard($goods_id, $qty_goods, $qty); $_SESSION['total_sum'] = total_sum($_SESSION['card']); //общая сумма заказа total_quantity(); //колво товара и защита от ввода несущ ID товара redirect(); }
/** * 响应操作 */ function respond() { $payment = get_payment(basename(__FILE__, '.php')); $merchant_acctid = $payment['shenzhou_account']; //收款帐号 不可空 $key = $payment['shenzhou_key']; $get_merchant_acctid = trim($_REQUEST['merchantAcctId']); //接收的收款帐号 $pay_result = trim($_REQUEST['payResult']); $version = trim($_REQUEST['version']); $language = trim($_REQUEST['language']); $sign_type = trim($_REQUEST['signType']); $pay_type = trim($_REQUEST['payType']); //20代表神州行卡密直接支付;22代表快钱账户神州行余额支付 $card_umber = trim($_REQUEST['cardNumber']); $card_pwd = trim($_REQUEST['cardPwd']); $order_id = trim($_REQUEST['orderId']); //订单号 $order_time = trim($_REQUEST['orderTime']); $order_amount = trim($_REQUEST['orderAmount']); $deal_id = trim($_REQUEST['dealId']); //获取该交易在快钱的交易号 $ext1 = trim($_REQUEST['ext1']); $ext2 = trim($_REQUEST['ext2']); $pay_amount = trim($_REQUEST['payAmount']); //获取实际支付金额 $bill_order_time = trim($_REQUEST['billOrderTime']); $pay_result = trim($_REQUEST['payResult']); //10代表支付成功; 11代表支付失败 $sign_type = trim($_REQUEST['signType']); $sign_msg = trim($_REQUEST['signMsg']); //生成加密串。必须保持如下顺序。 $merchant_signmsgval = $this->append_param($merchant_signmsgval, "merchantAcctId", $merchant_acctid); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "version", $version); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "language", $language); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "payType", $pay_type); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "cardNumber", $card_number); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "cardPwd", $card_pwd); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "orderId", $order_id); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "orderAmount", $order_amount); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "dealId", $deal_id); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "orderTime", $order_time); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "ext1", $ext1); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "ext2", $ext2); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "payAmount", $pay_amount); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "billOrderTime", $bill_order_time); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "payResult", $pay_result); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "signType", $sign_type); $merchant_signmsgval = $this->append_param($merchant_signmsgval, "key", $key); $merchant_signmsg = md5($merchant_signmsgval); //首先对获得的商户号进行比对 if ($get_merchant_acctid != $merchant_acctid) { //'商户号错误'; return false; } if (strtoupper($sign_msg) == strtoupper($merchant_signmsg)) { if ($pay_result == 10) { order_paid($ext1); return true; } elseif ($pay_result == 11 && $pay_amount > 0) { $sql = "SELECT order_amount FROM " . $GLOBALS['ecs']->table('order_info') . "WHERE order_id = '{$order_id}'"; $get_order_amount = $GLOBALS['db']->getOne($sql); if ($get_order_amount == $pay_amount && $get_order_amount == $order_amount) { order_paid($ext1); return true; } elseif ($get_order_amount == $order_amount && $pay_amount > 0) { $surplus_amount = $get_order_amount - $pay_amount; //计算订单剩余金额 $sql = 'UPDATE' . $GLOBALS['ecs']->table('order_info') . "SET `money_paid` = (money_paid + '{$pay_amount}')," . " order_amount = (order_amount - '{$pay_amount}') WHERE order_id = '{$order_id}'"; $result = $GLOBALS['db']->query($sql); $sql = 'UPDATE' . $GLOBALS['ecs']->table('order_info') . "SET `order_status` ='" . OS_CONFIRMED . "' WHERE order_id = '{$orderId}'"; $result = $GLOBALS['db']->query($sql); //order_paid($orderId, PS_UNPAYED); //'订单金额小于0'; return false; } else { //'订单金额不相等'; return false; } } else { //'实际支付金额不能小于0'; return false; } } else { //'签名校对错误'; return false; } }
} if (!empty($_GET['settr'])) { $settr = strtotime("-" . intval($_GET['settr']) . " day"); $wheresql .= empty($wheresql) ? " WHERE " : " AND "; $wheresql .= "o.addtime> " . $settr; } } $joinsql = " left JOIN " . table('members') . " as m ON o.uid=m.uid LEFT JOIN " . table('company_profile') . " as c ON o.uid=c.uid "; $total_sql = "SELECT COUNT(*) AS num FROM " . table('order') . " as o " . $joinsql . $wheresql; $total_val = $db->get_total($total_sql); $page = new page(array('total' => $total_val, 'perpage' => $perpage)); $currenpage = $page->nowindex; $offset = ($currenpage - 1) * $perpage; $orderlist = get_order_list($offset, $perpage, $joinsql . $wheresql . $oederbysql); $smarty->assign('pageheader', "订单管理"); $smarty->assign('payment_list', get_payment(2)); $smarty->assign('orderlist', $orderlist); $smarty->assign('page', $page->show(3)); $smarty->display('company/admin_order_list.htm'); } elseif ($act == 'show_order') { get_token(); check_permissions($_SESSION['admin_purview'], "ord_show"); $smarty->assign('pageheader', "订单管理"); $smarty->assign('url', $_SERVER["HTTP_REFERER"]); $smarty->assign('payment', get_order_one($_GET['id'])); $smarty->display('company/admin_order_show.htm'); } elseif ($act == 'order_notes_save') { check_token(); $link[0]['text'] = "返回列表"; $link[0]['href'] = $_POST['url']; !$db->query("UPDATE " . table('order') . " SET notes='" . $_POST['notes'] . "' WHERE id='" . intval($_GET['id']) . "'") ? adminmsg('操作失败', 1) : adminmsg("操作成功!", 2, $link);
/** * 响应操作 */ function respond() { if (!empty($_POST)) { foreach ($_POST as $key => $data) { $_GET[$key] = $data; } } $payment = get_payment("alipay"); $payment = unserialize_config($payment['pay_config']); $alipay_config = array(); $alipay_config['partner'] = $payment['alipay_partner']; //安全检验码,以数字和字母组成的32位字符 //如果签名方式设置为“MD5”时,请设置该参数 $alipay_config['key'] = $payment['alipay_key']; //商户的私钥(后缀是.pen)文件相对路径 //如果签名方式设置为“0001”时,请设置该参数 $alipay_config['private_key_path'] = ''; //$alipay_config['private_key_path'] = 'key/rsa_private_key.pem'; //支付宝公钥(后缀是.pen)文件相对路径 //如果签名方式设置为“0001”时,请设置该参数 $alipay_config['ali_public_key_path'] = ''; //$alipay_config['ali_public_key_path']= 'key/alipay_public_key.pem'; //签名方式 不需修改 $alipay_config['sign_type'] = 'MD5'; //字符编码格式 目前支持 gbk 或 utf-8 $alipay_config['input_charset'] = 'utf-8'; //$alipay_config['cacert'] = ROOT_PATH .'mobile/includes/modules/cacert.pem'; $alipay_config['cacert'] = ''; //ca证书路径地址,用于curl中ssl校验 //请保证cacert.pem文件在当前文件夹目录中 //$alipay_config['cacert'] = getcwd().'\\cacert.pem'; //访问模式,根据自己的服务器是否支持ssl访问,若支持请选择https;若不支持请选择http $alipay_config['transport'] = 'http'; require_once ROOT_PATH . "includes/modules/lib/alipay_notify.class.php"; $alipayNotify = new AlipayNotify($alipay_config); $verify_result = $alipayNotify->verifyReturn(); if ($verify_result) { $out_trade_no = trim($_GET['out_trade_no']); $order_sn = trim(substr($out_trade_no, 0, 13)); $log_id = get_order_id_by_sn($order_sn); order_paid($log_id); //$sql = "SELECT l.`log_id` FROM " . $GLOBALS['hhs']->table('order_info')." as info LEFT JOIN ". $GLOBALS['hhs']->table('pay_log') ." as l ON l.order_id=info.order_id WHERE info.order_sn = '$order_sn'"; //$order_log_id = $GLOBALS['db']->getOne($sql); return true; } else { return false; } }
/** * 响应操作 */ function respond() { $payment = get_payment('paypal'); $merchant_id = $payment['paypal_account']; ///获取商户编号 // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header = "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) ."\r\n\r\n"; $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; $order_sn = $_POST['invoice']; $memo = !empty($_POST['memo']) ? $_POST['memo'] : ''; $action_note = $txn_id . '(' . $GLOBALS['_LANG']['paypal_txn_id'] . ')' . $memo; if (!$fp) { fclose($fp); return false; } else { fputs($fp, $header . $req); while (!feof($fp)) { $res = fgets($fp, 1024); if (strcmp($res, 'VERIFIED') == 0) { // check the payment_status is Completed if ($payment_status != 'Completed' && $payment_status != 'Pending') { fclose($fp); return false; } // check that txn_id has not been previously processed /*$sql = "SELECT COUNT(*) FROM " . $GLOBALS['ecs']->table('order_action') . " WHERE action_note LIKE '" . mysql_like_quote($txn_id) . "%'"; if ($GLOBALS['db']->getOne($sql) > 0) { fclose($fp); return false; }*/ // check that receiver_email is your Primary PayPal email if ($receiver_email != $merchant_id) { fclose($fp); return false; } // check that payment_amount/payment_currency are correct $sql = "SELECT order_amount FROM " . $GLOBALS['ecs']->table('pay_log') . " WHERE log_id = '$order_sn'"; if ($GLOBALS['db']->getOne($sql) != $payment_amount) { fclose($fp); return false; } if ($payment['paypal_currency'] != $payment_currency) { fclose($fp); return false; } // process payment order_paid($order_sn, PS_PAYED, $action_note); fclose($fp); return true; } elseif (strcmp($res, 'INVALID') == 0) { // log for manual investigation fclose($fp); return false; } } } }
/** * 响应操作 */ function respond() { /*取返回参数*/ $tid = $_REQUEST["tid"]; // 商户唯一交易号 $bid = $_REQUEST["bid"]; // 商户网站订单号 $sid = $_REQUEST["sid"]; // 易付通交易成功 流水号 $prc = $_REQUEST["prc"]; // 支付的金额 $actionCode = $_REQUEST["actioncode"]; // 交易码 $actionParameter = $_REQUEST["actionparameter"]; // 业务代码 $card = $_REQUEST["card"]; // 支付方式 $success = $_REQUEST["success"]; // 成功标志, $bankcode = $_REQUEST["bankcode"]; // 支付银行 $remark1 = $_REQUEST["remark1"]; // 备注信息 $username = $_REQUEST["username"]; // 商户网站支付用户 $md = $_REQUEST["md"]; // 32位md5加密数据 $payment = get_payment('xpay'); if ($success == 'false') { return false; } // 验证数据是否正确 $ymd = md5($payment['xpay_key'] . ":" . $bid . "," . $sid . "," . $prc . "," . $actionCode . "," . $actionParameter . "," . $tid . "," . $card . "," . $success); // 本地进行数据加密 if ($md != $ymd) { return false; } else { order_paid($bid, PS_PAYED); return true; } }
/** * 响应操作 */ function respond() { /*取返回参数*/ $cmd_no = $_GET['cmdno']; $retcode = $_GET['retcode']; $status = $_GET['status']; $seller = $_GET['seller']; $total_fee = $_GET['total_fee']; $trade_price = $_GET['trade_price']; $transport_fee = $_GET['transport_fee']; $buyer_id = $_GET['buyer_id']; $chnid = $_GET['chnid']; $cft_tid = $_GET['cft_tid']; $mch_vno = $_GET['mch_vno']; $attach = !empty($_GET['attach']) ? $_GET['attach'] : ''; $version = $_GET['version']; $sign = $_GET['sign']; $payment = get_payment('tenpayc2c'); $log_id = get_order_id_by_sn($mch_vno); //$log_id = str_replace($attach, '', $mch_vno); //取得支付的log_id /* 如果$retcode大于0则表示支付失败 */ if ($retcode > 0) { //echo '操作失败'; return false; } /* 检查支付的金额是否相符 */ if (!check_money($log_id, $total_fee / 100)) { //echo '金额不相等'; return false; } /* 检查数字签名是否正确 */ $sign_text = "buyer_id=" . $buyer_id . "&cft_tid=" . $cft_tid . "&chnid=" . $chnid . "&cmdno=" . $cmd_no . "&mch_vno=" . $mch_vno . "&retcode=" . $retcode . "&seller=" .$seller . "&status=" . $status . "&total_fee=" . $total_fee . "&trade_price=" . $trade_price . "&transport_fee=" . $transport_fee . "&version=" . $version . "&key=" . $payment['tenpay_key']; $sign_md5 = strtoupper(md5($sign_text)); if ($sign_md5 != $sign) { //echo '签名错误'; return false; } elseif ($status = 3) { /* 改变订单状态为已付款 */ order_paid($log_id, PS_PAYING); return true; } else { //为止error return false; } }