Introduction to how PHP implements Alipay payment process

The content of this article is to share with you the process introduction of how to implement Alipay payment in PHP. It has a certain reference value. Friends in need can refer to it

##1 , First of all, let’s talk about third-party payment

The so-called third-party payment is an independent third-party that has signed contracts with some major banks and has certain strength and credibility guarantees. The trading platforms provided by institutions

are currently common on the market such as Alipay, Tenpay, online banking, Yibao Pay, etc. Websites that need to implement third-party payment should first Apply for an account from a third party and sign an agreement. After the agreement takes effect, the third-party payment platform will enable online payment functions for it.

2. The principle of third-party payment

##2.1 The user initiates a request to confirm the order to the mall website

　2.2 Mall The website receives a request to save the order data to the database or other storage media

2.3 Return to the order confirmation page, which should display the order amount and other information

　2.4 The user confirms the payment and initiates a payment request. Note: The payment request is sent to the payment gateway (such as Alipay, online banking) rather than to the mall website.

2.5 Display the payment page

2.6 The user fills in the authentication information (account password, etc.) and submits

　2.7 There are two steps here. One is to jump to the payment result page (displayed to the user) after the deduction is successful, and the other is the payment notification. These two steps may be executed at the same time in no sequence. After the mall website receives the payment notification, it will be executed at the same time. Verification rules verify the validity of the information and make corresponding changes (for example: if valid, change the order to paid status, if invalid, record illegal request information).

Taking Alipay as an example: If you want to integrate the Alipay interface into your website, you must first have an Alipay account, then apply for online payment business with Alipay and sign an agreement. After the agreement comes into effect, Alipay will give the website a partner ID and security verification code. With these two things, you can develop the Alipay interface according to the Alipay interface document. There are only 4 and 7 in the steps above. Each step involves information exchange between the mall and the payment gateway. In step 4, it means sending the data to the payment gateway (Alipay). In step 7, it is the notification verification part. The verification gateway requests a certain address of the website. The website verifies the information according to the verification rules, records and responds. We are developing almost any payment When it comes to the interface, the focus is on the development of these two parts. If you understand the principles of the payment interface, it will not be difficult to develop the payment interface.

In fact, looking at the picture, what we have done is very limited, basically between 1 and 3, generating order data, and then authenticating it through Alipay internal (Of course some shopping cart and order steps are omitted), basically the process is over.

3. Alipay interface development

3.1 Interface introduction and testing

For now, Alipay provides several interfaces such as guaranteed transactions, standard instant payment, and dual functions. There are only some differences in functions. The integration methods are the same, with standard Taking the timely payment interface as an example, after signing an agreement with Alipay, several steps are needed to complete the integration.

#Select the link you will see next in "I want self-service integration" and click to download the technical documentation.

In the downloaded file, there are standard Alipay transaction service interfaces, merchant tools, interface integration guides and other interface documents, as well as demos written in several languages. We can follow the interface documents It is newly developed according to the rules, or can be modified and integrated into the website based on the demo. It should be noted that the payment interface needs to be developed on the public network (the server must be accessible through the external network) to complete the entire debugging process. If the server cannot be accessed from the external network, , you cannot receive payment notifications.

The role of each file in the demo

create_direct_pay_by_user-php-UTF-8
│
├lib┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈Class Folder
│ ┈┈
│ ├alipay_core.function.php ┈┈┈┈┈┈Alipay interface public function file
│ │
│ ├alipay_notify.class.php┈┈┈┈┈┈┈Alipay notification processing class file
│ │
│ ├alipay_submit.class.php┈┈┈┈┈┈┈Alipay interface request submission class file
│ │
│ └alipay_md5.function.php┈┈┈┈┈┈┈Alipay interface MD5 Function file
│
├log.txt┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈Log file
│
├alipay.config.php┈┈┈┈┈ ┈┈┈┈┈┈┈Basic configuration file
│
┈┈┈┈┈┈┈┈┈┈┈┈┈┈Alipay interface entry file
│
├notify_url. php ┈┈┈┈┈┈┈┈┈┈┈┈┈Server asynchronous notification page file
│
├return_url.php ┈┈┈┈┈┈┈┈┈┈┈┈┈Page jump synchronization notification file
│
├cacert.pem ┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈CA certificate file used to verify SSL in CURL
│
└readme.txt ┈┈┈ ┈┈┈┈┈┈┈┈┈┈┈┈Instruction text

has been downloaded here (see the resource directory pay file folder), in order to facilitate debugging, several files have been added and modified, and a data table has been added to save the order information. We modify the configuration file to complete a test process.

Alipay_config.php is the basic information configuration file. We need to write the PID and Key obtained in the Alipay backend into the configuration file.

## Configuration items:

The data in the box is what we need to focus on modifying. The difference between the payment notification address and the return address has been mentioned before. There are two items in step 7: the payment result page and the payment notification information. The payment result page will automatically jump to this address after the user completes the payment. Here is the return address ( $return_url).

$host = $_SERVER['HTTP_HOST'];
//↓↓↓↓↓↓↓↓↓↓请在这里配置您的基本信息↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓
//合作身份者ID，签约账号，以2088开头由16位纯数字组成的字符串，查看地址： 
$alipay_config['partner'] = '****************';

//收款支付宝账号，以2088开头由16位纯数字组成的字符串，一般情况下收款账号就是签约账号
$alipay_config['seller_id'] = $alipay_config['partner'];

// MD5密钥，安全检验码，由数字和字母组成的32位字符串，查看地址： 
$alipay_config['key'] = '****************************';

// 服务器异步通知页面路径  需 
$alipay_config['notify_url'] = "
 
// 页面跳转同步通知页面路径 需 
$alipay_config['return_url'] = "http://".$host."/paycallback/return";

// 客户端的IP地址 非局域网的外网IP地址，如：221.0.0.1
$alipay_config['exter_invoke_ip'] = "182.92.27.46";

## The payment notification address is also the user’s payment. After the user completes the payment, Alipay will request the address ($notify_url ), but the payment notification is directly requested by the Alipay server and will not be seen by the user. These two addresses must be in the full path format starting with http. In order to complete the testing process, /pay/alipay/notify_url.php has been rewritten here, and $notify_url is set to the URL that can access this file. After these items are configured, a data table is created according to the database script (pay/orders.sql). And modify mysql_config.php according to the configuration information of the database. By simply modifying the demo provided by Alipay, you can complete the creation of the payment request (step 4). Here, the payment home page and other pages are changed (see the pay directory of the source code package). Let’s test it first:

An "Order Information" has been added to the database.

If you click the "Confirm Payment" button or the Confirm Payment link, It will jump to the Alipay page. When the button is clicked, the information is submitted to the payment gateway through form POST. Since the payment request data does not need to be seen by the user, it is written in the hidden field. The payment confirmation link is passed through the URL. Because the Alipay interface allows submission in POST or GET, both methods are acceptable. After submitting the parameters to the payment gateway, the page jumps to the payment page. We see the following picture:

##We see that Alipay provides us with two payment methods, one is payment through Alipay account, and the other is payment through bank card. For example, choose to pay with a bank card, fill in your email or mobile phone number and jump to the following page:

##

Our billing Alipay supports almost all bank card payments, as well as credit card and branch payment methods. Select the corresponding bank and follow the prompts to pay. After the payment is completed, the page will return to the $return_url address we configured in the configuration file, and the "order status" will also change.

##Note: If there is no external network test during testing (that is, the payment notification address cannot be accessed from the external network), the payment notification cannot be requested and the order status cannot be modified automatically.

3.2 Alipay interface specification and code analysis

For the Alipay interface specification, please refer to /pay/doc/Standard Alipay Transaction Service Interface (dedicated to preventing phishing website). Pdf, which already has relatively detailed instructions.

　3.2.1 How to create a payment request

In the previous test, we clicked "Confirm Payment" to submit the information to Alipay For payment gateways, we can think about what parameters should be sent to the payment gateway. For the request parameter list, please refer to the standard Alipay transaction service interface (dedicated to anti-phishing websites). 3.2.2 in the Pdf. It should be noted that we do not just need to submit these parameters to Alipay intact. In order to ensure data security, Alipay currently uses the MD5 signature to prevent data tampering.

Before submitting the data, you need to assemble the data to be submitted into a string according to certain rules (see the interface document), and add the security check code (Key) to form a new string. A 32-byte signature is generated through MD5. When we submit a payment request, we also need to submit this signature. Take a look at the form source code

## Alipay will proceed after receiving the parameters Verify the legitimacy of the request parameters. After verification, the payment page will be displayed, otherwise an error will be prompted.

　3.2.2 How to verify payment notification

After the user completes the payment, Alipay will request the website's payment notification address (this address should be passed as a parameter when creating the payment request). For the return parameter list, please refer to the standard Alipay transaction service interface (dedicated to anti-phishing websites). Pdf3.3.1. There is also a signature string in the return data of Alipay (using the same signature method as the payment request). In the payment notification file, the data must first be signed and verified. In addition to verifying the signature, the notify_id in the parameter also needs to be submitted to Alipay's verification gateway Alipay system to verify the authenticity of the notification and notify verification. The Alipay system determines whether the notification is sent by itself. If it is in string format, it returns true, otherwise it returns false. We verify the authenticity of the request by verifying the data returned by the server. If both are verified, we can change the order data and send emails to the user. Notifications and other operations. Regarding verifying signatures, you can take a look at the source code in the notification file. In the demo, the notify_id in the parameter is submitted to Alipay through POST and the return data is obtained. Code snippet:

The key point is the fsockopen function. We have already been exposed to it when sending emails. The socket connection is opened through this function, which is similar to the fopen we have learned before. The function returns a file handle, which can then be operated using file functions (fgets(), fgetss(), fputs(), fclose() feof(), etc.). fputs() is used in the code (same as fwrite() )) function, write data to simulate the form submission of data in POST mode, and finally obtain the returned data through the fgets() function and save it into an array, and finally verify it. Please refer to the source code for details.

The above is the detailed content of Introduction to how PHP implements Alipay payment process. For more information, please follow other related articles on the PHP Chinese website!