注:recipt-data 为前端base64之后传过来的订单信息,IOS对receipt-data使用base64加密,转为string类型后,要对字符串中的\n和\r做特殊字符处理,但是千万不要对 “+” 做处理
/**
* 苹果内购
* @param receipt-data 购买凭证(必传)
* @return json
**/
public function ios_pay(){
// $_POST = json_decode('',true);
$this->PwriteLog('ios_pay','ios 下单_data', $_POST);
$post = $_POST;
$receipt_data = $post['receipt-data'];
// 验证参数
if (strlen($receipt_data) < 20) $this->outPutJson(500,'非法参数');
if(empty($receipt_data)) $this->outPutJson(500,'非法参数');
//拼接json字符串,json_encode会转义斜杠
$receipt = '{"receipt-data" : "'.$receipt_data.'"}';
$this->PwriteLog('ios_receipt','ios 回调_data', $receipt);
$response = $this->iosCurl($receipt);
$data = json_decode($response,true); // 如果是沙盒数据 则验证沙盒模式
$this->PwriteLog('ios_notify','ios 回调_data', $data);
if (!is_array($data) || empty($data))$this->outPutJson(500,'验证失败');
if($data['status']=='21007'){
// 请求验证
$response = $this->iosCurl($receipt, 1);
$data = json_decode($response,true);
$data['sandbox'] = '1';
}
$notify_data['out_trade_no'] = $post['oid'];
$notify_data['trade_no'] = '';
$err_msg = array(
'21000' => 'App Store不能读取你提供的JSON对象',
'21002' => 'receipt-data域的数据有问题',
'21003' => 'receipt无法通过验证',
'21004' => '提供的shared secret不匹配你账号中的shared secret',
'21005' => 'receipt服务器当前不可用',
'21006' => 'receipt合法,但是订阅已过期。服务器接收到这个状态码时,receipt数据仍然会解码并一起发送',
'21007' => 'receipt是Sandbox receipt,但却发送至生产系统的验证服务',
'21008' => 'receipt是生产receipt,但却发送至Sandbox环境的验证服务'
);
if(intval($data['status']) === 0){
if ($this->check_ios_order($data,$transaction_id)) {
$result = $this->set_deposit($notify_data); //验证成功后发货处理
if($result){
$this->outPutJson(200,'正式购买成功');
}else {
$this->outPutJson(500,'账户操作失败');
}
}
}else{
$this->outPutJson($data['status'],$err_msg[$data['status']]);
}
}
//检测该笔订单是否在
public function check_ios_order($data,$transaction_id)
{
$flag = false;
$inapps = $data['receipt']['in_app'];
if(!empty($inapps)) {
foreach ($inapps as $item){
if($transaction_id == $item['transaction_id']){
$flag = true;
break;
}
}
}
return $flag;
}
/**
* 21000 App Store不能读取你提供的JSON对象
* 21002 receipt-data域的数据有问题
* 21003 receipt无法通过验证
* 21004 提供的shared secret不匹配你账号中的shared secret
* 21005 receipt服务器当前不可用
* 21006 receipt合法,但是订阅已过期。服务器接收到这个状态码时,receipt数据仍然会解码并一起发送
* 21007 receipt是Sandbox receipt,但却发送至生产系统的验证服务
* 21008 receipt是生产receipt,但却发送至Sandbox环境的验证服务
*/
public function iosCurl($data, $sandbox=1){
//正式购买地址
$urlBuy = "https://buy.itunes.apple.com/verifyReceipt";
//沙盒购买地址
$urlSandbox = "https://sandbox.itunes.apple.com/verifyReceipt";
$url = $sandbox ? $urlSandbox : $urlBuy;
//简单的curl
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // 跳过证书检查
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // 从证书中检查SSL加密算法是否存在
curl_setopt($ch, CURLOPT_HTTPHEADER,
array(
'Content-Type: application/json;charset=UTF-8'
)
);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}