Writing a small program and found that WeChat payment has v3 version, I thought about taking a new payment, but found that it was poisonous, record the process

First place the order in a unified manner

//統(tǒng)一下單
public?function?wechartAddOrder($name,$ordernumber,$money,$openid){
????????$url?=?"https://api.mch.weixin.qq.com/v3/pay/transactions/jsapi";
????????$urlarr?=?parse_url($url);
????????$appid?=?config('config.appId');//appID
????????$mchid?=?config('config.mchid');//商戶ID
????????$xlid?=?config('config.apiXL');//API序列號
????????$data?=?array();
????????$randstr?=?getRanStr(16,false);//隨機字符串長度不超過32
????????$time?=?time();
????????$data['appid']?=?$appid;
????????$data['mchid']?=?$mchid;
????????$data['description']?=?$name;//商品描述
????????$data['out_trade_no']?=?$ordernumber;//訂單編號
????????$data['notify_url']?=?"https://www.xffly.cn/api/admin/order/wechartCallback";//回調(diào)接口
//??????$data['amount']['total']?=?$money;//金額
????????$data['amount']['total']?=?1;
????????$data['payer']['openid']?=?$openid;//用戶openID
????????$data?=?json_encode($data);?
????????$key?=?$this->getSign($data,$urlarr['path'],$randstr,$time);//簽名
????????$token?=?sprintf('mchid="%s",serial_no="%s",nonce_str="%s",timestamp="%d",signature="%s"',$mchid,$xlid,$randstr,$time,$key);//頭部信息
????????$header??=?array(
????????????'Content-Type:'.'application/json;?charset=UTF-8',
????????????'Accept:application/json',
????????????'User-Agent:*/*',
????????????'Authorization:?WECHATPAY2-SHA256-RSA2048?'.$token
????????);??
????????$ret?=?curl_post_https($url,$data,$header);
????????return?$ret;
????}

To calculate the signature, I have done it many times according to the document

//微信支付簽名
public?function?getSign($data=array(),$url,$randstr,$time){
????????$str?=?"POST"."\n".$url."\n".$time."\n".$randstr."\n".$data."\n";
????????$key?=?file_get_contents('apiclient_key.pem');//在商戶平臺下載的秘鑰
????????$str?=?getSha256WithRSA($str,$key);
????????return?$str;
????}

Get the prepay_id through the unified ordering interface
Use its wx.requestPayment interface to activate the payment in the mini program. It has no content, so I won’t post the code. , write according to the document
In which a signature is required to initiate payment, similarly

//調(diào)起支付的簽名
public?function?getWechartSign($post){
????????$data?=?array();
????????$data['timeStamp']?=?$post['timeStamp'];
????????$data['nonceStr']?=?$post['str'];
????????$data['package']?=?$post['package'];
????????$str?=?config('config.appId')."\n".$data['timeStamp']."\n".$data['nonceStr']."\n".$data['package']."\n";
????????$key?=?file_get_contents('apiclient_key.pem');
????????$str?=?getSha256WithRSA($str,$key);
????????return?$str;
????}

The focus is the callback of successful payment, which is simply poisonous
The json information returned, json_decode parsing becomes empty , it can be parsed after copying it, maybe it has BOM information, but it is not easy to use. Use htmlspecialchars_decode to escape it. The debugging tool can be successful, but the real WeChat payment still doesn't work. In the end, there is no way to save it. In the log, you can fetch it yourself and you can use it.

//微信回調(diào)寫入日志文件并返回
????public?function?writeWechartLog($post){
????????if(!is_dir("upload/log")){
???????????mkdir("upload/log",0777,true);
????????}
????????$log?=?fopen("upload/log/wechart.txt",?"a+");
????????if(is_array($post)){
????????????$post?=?json_encode($post);
????????}
????????fwrite($log,?$post."\n");
????????fclose($log);
????????$read?=?fopen("upload/log/wechart.txt",?"r");
????????fseek($read,?-1,?SEEK_END);
????????$s?=?'';
????????while?(($c?=?fgetc($read))?!==?false)?{
????????????if?($c?==?"\n"?&&?$s)?break;
????????????$s?=?$c?.?$s;
????????????fseek($read,?-2,?SEEK_CUR);
????????}
????????fclose($read);
????????return?$s;//取剛剛存的最后一條回調(diào)信息
????}

In the callback information, there is something encrypted and you need to decrypt it. The data passed in is the data you fetched from the log
sodium_crypto_aead_aes256gcm_decrypt This decryption method requires the PHP extension sodium

//微信回調(diào)解密
????public?function?wechartDecrypt($str)?{
????????$str?=?htmlspecialchars_decode($str,ENT_COMPAT);
????????$post?=?json_decode($str,true);
????????$key?=?config("config.apiv3Key");//商戶平臺設(shè)置的api?v3?密碼
????????$text?=?base64_decode($post['resource']['ciphertext']);
????????$str?=?sodium_crypto_aead_aes256gcm_decrypt($text,$post['resource']['associated_data'],$post['resource']['nonce'],$key);
????????return?json_decode($str,true);
????}

Then the business processing after getting the callback information

Friends who read this article again, if you know why the json returned by the WeChat callback The information cannot be used directly, please tell me, thank you, I haven’t figured it out after a day of research, so I can only deal with it like this first...

The above is the detailed content of [Record] Use of PHP WeChat applet WeChat payment v3. For more information, please follow other related articles on the PHP Chinese website!