How to implement Alipay payment in PHP

Alipay payment is much simpler to develop than WeChat payment. Today, we will take Alipay mobile website payment as an example to briefly talk about the implementation method:

Preliminary preparation, Of course, I won’t go into details. When you want to develop and use Alipay for payment, you must register for certification on the Alipay Open Platform and create an application with mobile website payment functions! If you don’t understand, you can check the official Alipay documentation (https://docs.open .alipay.com/203/107084/)

1. Development preparation

Before development, you need to prepare the following information

1. Alipay application appid

2. Specify the interface encryption method (RSA or RSA2)

3. Alipay public key

4. Apply private key

2. Payment implementation

Not much to say, let’s go directly to the code

/**
 * 将要参与签名的参数按要求拼接
 * @param $data
 * author 江南极客
 * @return string
 */
function signQueryString($data){
    // 去空
    $data = array_filter($data);
    //签名步骤一：按字典序排序参数
    ksort($data);
    $string_a = http_build_query($data);
    $string_a = urldecode($string_a);
    return $string_a;
}
 
/**
 * 支付宝RSA签名加密
 * @param $data  要参与加密的参数
 * @param $private_key  应用私钥
 * author 江南极客
 * @return array|string
 */
function RSASign($data,$private_key){
    //要签名的参数字符串
    $query_string = signQueryString($data);
    //应用私钥
    $private_key = chunk_split($private_key, 64, "\n");
    $private_key = "-----BEGIN RSA PRIVATE KEY-----\n$private_key-----END RSA PRIVATE KEY-----\n";
    $private_key_id = openssl_pkey_get_private($private_key);
    if ($private_key_id === false){
        return array(-1,'提供的私钥格式不对');
    }
    $rsa_sign = false;
    if($data['sign_type'] == 'RSA'){
        $rsa_sign = openssl_sign($query_string, $sign, $private_key_id,OPENSSL_ALGO_SHA1);
    }else if($data['sign_type'] == 'RSA2'){
        $rsa_sign = openssl_sign($query_string, $sign, $private_key_id,OPENSSL_ALGO_SHA256);
    }
    //释放资源
    openssl_free_key($private_key_id);
    if ($rsa_sign === false){
        return array(-1,'签名失败');
    }
    $signature = base64_encode($sign);
    return $signature;
}
 
/**
 * 支付宝支付
 * @param array $params  构造好的支付参数
 * author 江南极客
 * @return array|string
 */
function aliPay(array $params){
    $public = [
        'app_id' => $params['app_id'],
        'method' => $params['method'],
        'sign_type' => $params['sign_type'],
        'format' => 'JSON',
        'charset' => 'utf-8',
        'version' => '1.0',
        'timestamp' => date('Y-m-d H:i:s'),
        'biz_content' => $params['biz_content'],
    ];
    if(!empty($params['notify_url'])){
        $public['notify_url'] = $params['notify_url'];
    }
    if(!empty($params['return_url'])){
        $public['return_url'] = $params['return_url'];
    }
    $sign = RSASign($public,$params['private_key']);
    if(is_array($sign)){
        return $sign;
    }
    $public['sign'] = $sign;
    $url = 'https://mapi.alipay.com/gateway.do?'. http_build_query($public,'', '&');
    return $url;
}

Note: The payment gateway here, if it is a new interface, is (https://openapi.alipay.com/gateway .do)

Call example:

$biz_content = [
    'body' => '测试商品x1',
    'subject' => '测试商品',
    'out_trade_no' => date('YmdHis').rand(1000,9999),
    'product_code' => 'QUICK_WAP_WAY',
    'total_amount' => 0.01,
];
$notify_url = "https://xxxxxxxx/notify.php";//通知回调地址(必须是可以无障碍访问没有登录验证的地址)
$params = [
    'app_id'  => '2017xxxxxxxxx6554',//appid
    'method'  => 'alipay.trade.wap.pay',//接口名称
    'sign_type'  => 'RSA2',//签名加密方式
    'notify_url'  => $notify_url,
    'biz_content'  => json_encode($biz_content),//请求参数
];
$params['private_key'] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";//应用私钥
$data = aliPay($params);
print_r($data);

3. Callback verification

For transactions generated by mobile website payment, Alipay will use the original payment API The asynchronous notification address notify_url passed in will notify the merchant system of the payment result as a parameter in the form of a POST request. Alipay's asynchronous callback notification POST data is as follows

After getting this data, in order to prevent the data from being tampered with, a visa signature is required. The method is as follows:

/**
 * 支付宝验证签名
 * @param $return_data  支付宝服务器推送给notify_url的数据
 * @param $public_key 支付宝公钥
 * author 江南极客
 * @return bool|int
 */
function RSAVerify($return_data, $public_key){
    if(empty($return_data) || !is_array($return_data)){
        return false;
    }
    //支付宝公钥
    $public_key = wordwrap($public_key, 64, "\n", true);
    $public_key = "-----BEGIN PUBLIC KEY-----\n$public_key\n-----END PUBLIC KEY-----\n";
    $public_key_id = openssl_pkey_get_public($public_key);
    if($public_key_id === false){
        return false;
    }
    //除去sign、sign_type两个参数外，凡是通知返回回来的参数皆是待验签的参数。
    $sign = $return_data['sign'];
    $sign_type = trim($return_data['sign_type'],'"');
    unset($return_data['sign'], $return_data['sign_type']);
 
    $query_string = signQueryString($return_data);
    $sign = base64_decode($sign);
    $rsa_verify = 0;
    if($sign_type == 'RSA'){
        $rsa_verify = openssl_verify($query_string, $sign, $public_key_id,OPENSSL_ALGO_SHA1);
    }else if($sign_type == 'RSA2'){
        $rsa_verify = openssl_verify($query_string, $sign, $public_key_id,OPENSSL_ALGO_SHA256);
    }
    openssl_free_key($public_key_id);
    if($rsa_verify == 0 || $rsa_verify == -1){
        //Returns 1 if the signature is correct, 0 if it is incorrect, and -1 on error.
        return false;
    }
    return $rsa_verify;
}

The other Alipay payment methods (scan code payment, PC payment, APP payment, etc.) are implemented in similar ways. Just modify a few parameters and it will be OK!

For more PHP related knowledge, please visit PHP Tutorial!

The above is the detailed content of How to implement Alipay payment in PHP. For more information, please follow other related articles on the PHP Chinese website!