shopxo/extend/payment/Alipay.php

639 lines
22 KiB
PHP
Raw Normal View History

2018-12-28 18:58:37 +08:00
<?php
// +----------------------------------------------------------------------
// | ShopXO 国内领先企业级B2C免费开源电商系统
// +----------------------------------------------------------------------
2019-02-18 13:52:07 +08:00
// | Copyright (c) 2011~2019 http://shopxo.net All rights reserved.
2018-12-28 18:58:37 +08:00
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Author: Devil
// +----------------------------------------------------------------------
namespace payment;
/**
2019-03-15 10:50:27 +08:00
* 支付宝支付 - 新版本接口
2018-12-28 18:58:37 +08:00
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2018-09-19
* @desc description
*/
class Alipay
{
// 插件配置参数
private $config;
/**
* 构造方法
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2018-09-17
* @desc description
* @param [array] $params [输入参数(支付配置参数)]
*/
public function __construct($params = [])
{
$this->config = $params;
}
/**
* 配置信息
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2018-09-19
* @desc description
*/
public function Config()
{
// 基础信息
$base = [
'name' => '支付宝', // 插件名称
2019-10-29 17:18:19 +08:00
'version' => '1.1.1', // 插件版本
2018-12-28 18:58:37 +08:00
'apply_version' => '不限', // 适用系统版本描述
2019-10-29 14:34:14 +08:00
'apply_terminal'=> ['pc','h5', 'ios', 'android', 'toutiao'], // 适用终端 默认全部 ['pc', 'h5', 'ios', 'android', 'alipay', 'weixin', 'baidu', 'toutiao']
2019-10-29 17:18:19 +08:00
'desc' => '2.0版本适用PC+H5+APP+头条小程序,即时到帐支付方式,买家的交易资金直接打入卖家支付宝账户,快速回笼交易资金。 <a href="http://www.alipay.com/" target="_blank">立即申请</a>', // 插件描述支持html
2018-12-28 18:58:37 +08:00
'author' => 'Devil', // 开发者
'author_url' => 'http://shopxo.net/', // 开发者主页
];
// 配置信息
$element = [
[
'element' => 'input',
'type' => 'text',
'default' => '',
2019-03-15 10:50:27 +08:00
'name' => 'appid',
'placeholder' => '应用ID',
'title' => '应用ID',
2018-12-28 18:58:37 +08:00
'is_required' => 0,
2019-03-15 10:50:27 +08:00
'message' => '请填写应用ID',
2018-12-28 18:58:37 +08:00
],
[
2019-03-15 10:50:27 +08:00
'element' => 'textarea',
'name' => 'rsa_public',
'placeholder' => '应用公钥',
'title' => '应用公钥',
2018-12-28 18:58:37 +08:00
'is_required' => 0,
2019-03-15 10:50:27 +08:00
'rows' => 6,
'message' => '请填写应用公钥',
2018-12-28 18:58:37 +08:00
],
[
2019-03-15 10:50:27 +08:00
'element' => 'textarea',
'name' => 'rsa_private',
'placeholder' => '应用私钥',
'title' => '应用私钥',
'is_required' => 0,
'rows' => 6,
'message' => '请填写应用私钥',
],
[
'element' => 'textarea',
'name' => 'out_rsa_public',
'placeholder' => '支付宝公钥',
'title' => '支付宝公钥',
2018-12-28 18:58:37 +08:00
'is_required' => 0,
2019-03-15 10:50:27 +08:00
'rows' => 6,
'message' => '请填写支付宝公钥',
2018-12-28 18:58:37 +08:00
],
];
return [
'base' => $base,
'element' => $element,
];
}
/**
* 支付入口
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2018-09-19
* @desc description
* @param [array] $params [输入参数]
*/
public function Pay($params = [])
{
// 参数
if(empty($params))
{
return DataReturn('参数不能为空', -1);
}
// 配置信息
if(empty($this->config))
{
return DataReturn('支付缺少配置', -1);
}
2019-10-29 14:34:14 +08:00
// 支付方式
switch(APPLICATION_CLIENT_TYPE)
2018-12-28 18:58:37 +08:00
{
2019-10-29 14:34:14 +08:00
// web
case 'pc' :
case 'h5' :
if(IsMobile())
{
$ret = $this->PayMobile($params);
} else {
$ret = $this->PayWeb($params);
}
break;
// app,头条小程序
case 'ios' :
case 'android' :
case 'toutiao' :
$ret = $this->PayApp($params);
break;
default :
$ret = DataReturn('没有相关支付模块['.APPLICATION_CLIENT_TYPE.']', -1);
2018-12-28 18:58:37 +08:00
}
2019-10-29 14:34:14 +08:00
2018-12-28 18:58:37 +08:00
return $ret;
}
2019-10-29 14:34:14 +08:00
/**
* app支付
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2019-10-29
* @desc description
* @param [array] $params [输入参数]
*/
private function PayApp($params = [])
{
// 支付参数
$parameter = array(
'app_id' => $this->config['appid'],
'method' => 'alipay.trade.app.pay',
'format' => 'JSON',
'charset' => 'utf-8',
'sign_type' => 'RSA2',
'timestamp' => date('Y-m-d H:i:s'),
'version' => '1.0',
'return_url' => $params['call_back_url'],
'notify_url' => $params['notify_url'],
);
$biz_content = array(
'product_code' => 'QUICK_MSECURITY_PAY',
'subject' => $params['name'],
'out_trade_no' => $params['order_no'],
'total_amount' => $params['total_price'],
);
$parameter['biz_content'] = json_encode($biz_content, JSON_UNESCAPED_UNICODE);
// 生成签名参数+签名
$parameter['sign'] = $this->MyRsaSign($this->GetSignContent($parameter));
// 生成支付参数
$value = '';
$i = 0;
foreach($parameter as $k=>$v)
{
if($v != '' && $v != null && "@" != substr($v, 0, 1))
{
if($i == 0)
{
$value .= $k.'='.urlencode($v);
} else {
$value .= '&'.$k.'='.urlencode($v);
}
$i++;
}
}
unset($k, $v);
return DataReturn('处理成功', 0, $value);
}
2018-12-28 18:58:37 +08:00
/**
* [PayMobile wap手机支付]
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @datetime 2018-09-28T00:41:09+0800
* @param [array] $params [输入参数]
*/
private function PayMobile($params = [])
{
2019-03-15 10:50:27 +08:00
// 支付参数
2018-12-28 18:58:37 +08:00
$parameter = array(
2019-03-15 10:50:27 +08:00
'app_id' => $this->config['appid'],
'method' => 'alipay.trade.wap.pay',
'format' => 'JSON',
'charset' => 'utf-8',
'sign_type' => 'RSA2',
'timestamp' => date('Y-m-d H:i:s'),
'version' => '1.0',
'return_url' => $params['call_back_url'],
'notify_url' => $params['notify_url'],
2018-12-28 18:58:37 +08:00
);
2019-03-15 10:50:27 +08:00
$biz_content = array(
'product_code' => 'QUICK_WAP_WAY',
'subject' => $params['name'],
'out_trade_no' => $params['order_no'],
'total_amount' => $params['total_price'],
);
$parameter['biz_content'] = json_encode($biz_content, JSON_UNESCAPED_UNICODE);
2018-12-28 18:58:37 +08:00
2019-03-15 10:50:27 +08:00
// 生成签名参数+签名
$parameter['sign'] = $this->MyRsaSign($this->GetSignContent($parameter));
// 输出执行form表单post提交
exit($this->BuildRequestForm($parameter));
2018-12-28 18:58:37 +08:00
}
2019-03-15 10:50:27 +08:00
2018-12-28 18:58:37 +08:00
/**
2019-03-15 10:50:27 +08:00
* [PayWeb PC支付]
2018-12-28 18:58:37 +08:00
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
2019-03-15 10:50:27 +08:00
* @datetime 2018-09-28T00:23:04+0800
2018-12-28 18:58:37 +08:00
* @param [array] $params [输入参数]
*/
2019-03-15 10:50:27 +08:00
private function PayWeb($params = [])
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
// 支付参数
2018-12-28 18:58:37 +08:00
$parameter = array(
2019-03-15 10:50:27 +08:00
'app_id' => $this->config['appid'],
'method' => 'alipay.trade.page.pay',
'format' => 'JSON',
'charset' => 'utf-8',
'sign_type' => 'RSA2',
'timestamp' => date('Y-m-d H:i:s'),
'version' => '1.0',
'return_url' => $params['call_back_url'],
'notify_url' => $params['notify_url'],
);
$biz_content = array(
'product_code' => 'FAST_INSTANT_TRADE_PAY',
2018-12-28 18:58:37 +08:00
'subject' => $params['name'],
'out_trade_no' => $params['order_no'],
2019-03-15 10:50:27 +08:00
'total_amount' => $params['total_price'],
2018-12-28 18:58:37 +08:00
);
2019-03-15 10:50:27 +08:00
$parameter['biz_content'] = json_encode($biz_content, JSON_UNESCAPED_UNICODE);
// 生成签名参数+签名
$parameter['sign'] = $this->MyRsaSign($this->GetSignContent($parameter));
2018-12-28 18:58:37 +08:00
2019-03-15 10:50:27 +08:00
// 输出执行form表单post提交
exit($this->BuildRequestForm($parameter));
}
/**
* 支付回调处理
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2018-09-19
* @desc description
* @param [array] $params [输入参数]
*/
public function Respond($params = [])
{
$data = empty($_POST) ? $_GET : array_merge($_GET, $_POST);
ksort($data);
2018-12-28 18:58:37 +08:00
2019-03-15 10:50:27 +08:00
// 参数字符串
$prestr = '';
foreach($data AS $key=>$val)
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
if ($key != 'sign' && $key != 'sign_type' && $key != 'code')
{
$prestr .= "$key=$val&";
}
2018-12-28 18:58:37 +08:00
}
2019-03-15 10:50:27 +08:00
$prestr = substr($prestr, 0, -1);
// 签名
if(!$this->OutRsaVerify($prestr, $data['sign']))
2019-01-08 14:31:16 +08:00
{
2019-03-15 10:50:27 +08:00
return DataReturn('签名校验失败', -1);
2019-01-08 14:31:16 +08:00
}
2018-12-28 18:58:37 +08:00
2019-03-15 10:50:27 +08:00
// 支付状态
if(!empty($data['trade_no']) || (isset($data['trade_status']) && in_array($data['trade_status'], ['TRADE_SUCCESS', 'TRADE_FINISHED'])))
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
return DataReturn('支付成功', 0, $this->ReturnData($data));
2018-12-28 18:58:37 +08:00
}
2019-03-15 10:50:27 +08:00
return DataReturn('处理异常错误', -100);
2018-12-28 18:58:37 +08:00
}
/**
2019-03-15 10:50:27 +08:00
* [ReturnData 返回数据统一格式]
2018-12-28 18:58:37 +08:00
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
2019-03-15 10:50:27 +08:00
* @datetime 2018-10-06T16:54:24+0800
* @param [array] $data [返回数据]
2018-12-28 18:58:37 +08:00
*/
2019-03-15 10:50:27 +08:00
private function ReturnData($data)
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
// 返回数据固定基础参数
$data['trade_no'] = $data['trade_no']; // 支付平台 - 订单号
$data['buyer_user'] = $data['seller_id']; // 支付平台 - 用户
$data['out_trade_no'] = $data['out_trade_no']; // 本系统发起支付的 - 订单号
$data['subject'] = isset($data['subject']) ? $data['subject'] : ''; // 本系统发起支付的 - 商品名称
$data['pay_price'] = $data['total_amount']; // 本系统发起支付的 - 总价
2018-12-28 18:58:37 +08:00
2019-03-15 10:50:27 +08:00
return $data;
2018-12-28 18:58:37 +08:00
}
2019-05-28 16:07:36 +08:00
/**
* 退款处理
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @date 2019-05-28
* @desc description
* @param [array] $params [输入参数]
*/
public function Refund($params = [])
{
// 参数
$p = [
[
'checked_type' => 'empty',
'key_name' => 'order_no',
'error_msg' => '订单号不能为空',
],
[
'checked_type' => 'empty',
'key_name' => 'trade_no',
'error_msg' => '交易平台订单号不能为空',
],
[
'checked_type' => 'empty',
2019-05-29 14:04:35 +08:00
'key_name' => 'refund_price',
2019-05-28 16:07:36 +08:00
'error_msg' => '退款金额不能为空',
],
];
$ret = ParamsChecked($params, $p);
if($ret !== true)
{
return DataReturn($ret, -1);
}
// 退款原因
2019-05-29 14:04:35 +08:00
$refund_reason = empty($params['refund_reason']) ? $params['order_no'].'订单退款'.$params['refund_price'].'元' : $params['refund_reason'];
2019-05-28 16:07:36 +08:00
// 退款参数
$parameter = array(
'app_id' => $this->config['appid'],
'method' => 'alipay.trade.refund',
'format' => 'JSON',
'charset' => 'utf-8',
'sign_type' => 'RSA2',
'timestamp' => date('Y-m-d H:i:s'),
'version' => '1.0',
);
$biz_content = array(
'out_trade_no' => $params['order_no'],
'trade_no' => $params['trade_no'],
2019-05-29 14:04:35 +08:00
'refund_amount' => $params['refund_price'],
2019-05-28 16:07:36 +08:00
'refund_reason' => $refund_reason,
);
$parameter['biz_content'] = json_encode($biz_content, JSON_UNESCAPED_UNICODE);
// 生成签名参数+签名
$parameter['sign'] = $this->MyRsaSign($this->GetSignContent($parameter));
// 执行请求
$result = $this->HttpRequest('https://openapi.alipay.com/gateway.do', $parameter);
$key = str_replace('.', '_', $parameter['method']).'_response';
// 验证签名
if(!$this->SyncRsaVerify($result, $key))
{
return DataReturn('签名验证错误', -1);
}
// 状态
if(isset($result[$key]['code']) && $result[$key]['code'] == 10000)
{
2019-05-28 17:16:18 +08:00
// 统一返回格式
$data = [
'out_trade_no' => isset($result[$key]['out_trade_no']) ? $result[$key]['out_trade_no'] : '',
'trade_no' => isset($result[$key]['trade_no']) ? $result[$key]['trade_no'] : '',
'buyer_user' => isset($result[$key]['buyer_user_id']) ? $result[$key]['buyer_user_id'] : '',
'refund_price' => isset($result[$key]['refund_fee']) ? $result[$key]['refund_fee'] : 0.00,
'return_params' => $result[$key],
];
return DataReturn('退款成功', 0, $data);
2019-05-28 16:07:36 +08:00
}
// 直接返回支付信息
return DataReturn($result[$key]['sub_msg'].'['.$result[$key]['sub_code'].']', -1000);
}
2018-12-28 18:58:37 +08:00
/**
2019-03-15 10:50:27 +08:00
* 建立请求以表单HTML形式构造默认
2018-12-28 18:58:37 +08:00
* @author Devil
2019-03-15 10:50:27 +08:00
* @blog http://gong.gg/
* @version 1.0.0
* @date 2019-03-15
* @desc description
* @param [array] $params [请求参数数组]
* @return [string] [提交表单HTML文本]
2018-12-28 18:58:37 +08:00
*/
2019-03-15 10:50:27 +08:00
private function BuildRequestForm($params)
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
$html = "<form id='alipaysubmit' name='alipaysubmit' action='https://openapi.alipay.com/gateway.do?charset=utf-8' method='POST'>";
2019-03-15 11:14:55 +08:00
foreach($params as $key=>$val)
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
if(!empty($val))
{
$val = str_replace("'", "&apos;", $val);
$html .= "<input type='hidden' name='".$key."' value='".$val."'/>";
}
2018-12-28 18:58:37 +08:00
}
2019-03-15 10:50:27 +08:00
//submit按钮控件请不要含有name属性
2020-06-27 22:48:16 +08:00
$html .= "<input type='submit' value='ok' style='display:none;'></form>";
2019-03-15 10:50:27 +08:00
$html .= "<script>document.forms['alipaysubmit'].submit();</script>";
return $html;
2018-12-28 18:58:37 +08:00
}
2019-05-28 16:07:36 +08:00
/**
* [HttpRequest 网络请求]
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @datetime 2017-09-25T09:10:46+0800
* @param [string] $url [请求url]
* @param [array] $data [发送数据]
* @return [mixed] [请求返回数据]
*/
private function HttpRequest($url, $data)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$body_string = '';
if(is_array($data) && 0 < count($data))
{
foreach($data as $k => $v)
{
$body_string .= $k.'='.urlencode($v).'&';
}
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body_string);
}
$headers = array('content-type: application/x-www-form-urlencoded;charset=UTF-8');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$reponse = curl_exec($ch);
if(curl_errno($ch))
{
return false;
} else {
$httpStatusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if(200 !== $httpStatusCode)
{
return false;
}
}
curl_close($ch);
return json_decode($reponse, true);
}
2018-12-28 18:58:37 +08:00
/**
2019-03-15 10:50:27 +08:00
* 获取签名内容
2018-12-28 18:58:37 +08:00
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
2019-03-15 10:50:27 +08:00
* @date 2019-03-15
2018-12-28 18:58:37 +08:00
* @desc description
2019-03-15 10:50:27 +08:00
* @param [array] $params [需要签名的参数]
2018-12-28 18:58:37 +08:00
*/
2019-03-15 10:50:27 +08:00
public function GetSignContent($params)
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
ksort($params);
$string = "";
$i = 0;
foreach($params as $k => $v)
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
if(!empty($v) && "@" != substr($v, 0, 1))
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
if ($i == 0) {
$string .= "$k" . "=" . "$v";
} else {
$string .= "&" . "$k" . "=" . "$v";
2018-12-28 18:58:37 +08:00
}
2019-03-15 10:50:27 +08:00
$i++;
2018-12-28 18:58:37 +08:00
}
}
2019-03-15 10:50:27 +08:00
unset($k, $v);
return $string;
}
2018-12-28 18:58:37 +08:00
2019-03-15 10:50:27 +08:00
/**
* [MyRsaSign 签名字符串]
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @datetime 2017-09-24T08:38:28+0800
* @param [string] $prestr [需要签名的字符串]
* @return [string] [签名结果]
*/
private function MyRsaSign($prestr)
{
2019-11-28 11:32:02 +08:00
if(stripos($this->config['rsa_private'], '-----') === false)
{
$res = "-----BEGIN RSA PRIVATE KEY-----\n";
$res .= wordwrap($this->config['rsa_private'], 64, "\n", true);
$res .= "\n-----END RSA PRIVATE KEY-----";
} else {
$res = $this->config['rsa_private'];
}
2019-03-15 10:50:27 +08:00
return openssl_sign($prestr, $sign, $res, OPENSSL_ALGO_SHA256) ? base64_encode($sign) : null;
}
/**
* [MyRsaDecrypt RSA解密]
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @datetime 2017-09-24T09:12:06+0800
* @param [string] $content [需要解密的内容,密文]
* @return [string] [解密后内容,明文]
*/
private function MyRsaDecrypt($content)
{
2019-11-28 11:32:02 +08:00
if(stripos($this->config['rsa_public'], '-----') === false)
{
$res = "-----BEGIN PUBLIC KEY-----\n";
$res .= wordwrap($this->config['rsa_public'], 64, "\n", true);
$res .= "\n-----END PUBLIC KEY-----";
} else {
$res = $this->config['rsa_public'];
}
2019-03-15 10:50:27 +08:00
$res = openssl_get_privatekey($res);
$content = base64_decode($content);
$result = '';
for($i=0; $i<strlen($content)/128; $i++)
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
$data = substr($content, $i * 128, 128);
openssl_private_decrypt($data, $decrypt, $res, OPENSSL_ALGO_SHA256);
$result .= $decrypt;
2018-12-28 18:58:37 +08:00
}
2019-03-15 10:50:27 +08:00
openssl_free_key($res);
return $result;
}
2018-12-28 18:58:37 +08:00
2019-03-15 10:50:27 +08:00
/**
* [OutRsaVerify 支付宝验证签名]
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
* @datetime 2017-09-24T08:39:50+0800
* @param [string] $prestr [需要签名的字符串]
* @param [string] $sign [签名结果]
* @return [boolean] [正确true, 错误false]
*/
private function OutRsaVerify($prestr, $sign)
{
2019-11-28 11:32:02 +08:00
if(stripos($this->config['out_rsa_public'], '-----') === false)
{
$res = "-----BEGIN PUBLIC KEY-----\n";
$res .= wordwrap($this->config['out_rsa_public'], 64, "\n", true);
$res .= "\n-----END PUBLIC KEY-----";
} else {
$res = $this->config['out_rsa_public'];
}
2019-03-15 10:50:27 +08:00
$pkeyid = openssl_pkey_get_public($res);
$sign = base64_decode($sign);
if($pkeyid)
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
$verify = openssl_verify($prestr, $sign, $pkeyid, OPENSSL_ALGO_SHA256);
openssl_free_key($pkeyid);
2018-12-28 18:58:37 +08:00
}
2019-03-15 10:50:27 +08:00
return (isset($verify) && $verify == 1) ? true : false;
2018-12-28 18:58:37 +08:00
}
2019-03-15 10:50:27 +08:00
/**
* [SyncRsaVerify 同步返回签名验证]
2018-12-28 18:58:37 +08:00
* @author Devil
* @blog http://gong.gg/
* @version 1.0.0
2019-03-15 10:50:27 +08:00
* @datetime 2017-09-25T13:13:39+0800
2018-12-28 18:58:37 +08:00
* @param [array] $data [返回数据]
2019-03-15 10:50:27 +08:00
* @param [boolean] $key [数据key]
2018-12-28 18:58:37 +08:00
*/
2019-03-15 10:50:27 +08:00
private function SyncRsaVerify($data, $key)
2018-12-28 18:58:37 +08:00
{
2019-03-15 10:50:27 +08:00
$string = json_encode($data[$key], JSON_UNESCAPED_UNICODE);
return $this->OutRsaVerify($string, $data['sign']);
2018-12-28 18:58:37 +08:00
}
}
?>