I integrated Alipay interface to pay for it, but there seems to be no callback in notify_url.php. Therefore, according to official documents, I made the following modifications.
In fact, Alipay interface internal method logResult is used to record callbacks, to see if the file is callback and to see which step is callback.
- $verify_result = $alipayNotify->verifyNotify();
- if($verify_result) {
- //Merchant Order Number
- $order_id = $_POST['out_trade_no'];
- //Alipay transaction number
- $trade_no = $_POST['trade_no'];
- //Trading status
- $trade_status = $_POST['trade_status'];
- //Total order amount
- $total_fee = floatval($_POST['total_fee']);
- //Order Payment Time
- $pay_time = $_POST['gmt_payment'];
- //Customized error mechanism
- $user_debug=1;
- //Refund status
- $refund_status = $_POST['refund_status'];
- logResult('Record the information returned by Alipay after payment.[Order number]:'.$order_id.'[Amount of money]:'.$total_fee.'[time]:'.$pay_time.'[state]:'.$_POST['trade_status']);
- if ($_POST['trade_status'] == 'TRADE_SUCCESS' || $_POST['trade_status'] == 'TRADE_FINISHED') {
- }
- }
- else{
- //Validation failed
- logResult('Validation failed');
- echo "fail";
- }
Pay again and I find that there are many "validation failures" in the log.txt file, so I judge that it is $alipayNotify - > verifyNotify (); this does not return the correct value.
Open the alipay_notify.class.php file, find the verifyNotify method, and find the official comment on a statement
- function verifyNotify(){
- if(empty($_POST)) {//Determine whether the array from POST is empty
- return false;
- }
- else {
- //Generate signature results
- $isSign = $this->getSignVeryfy($_POST, $_POST["sign"]);
- //Get the result of Alipay remote server ATN (verify whether it is to pay the message from Bao).
- $responseTxt = 'true';
- if (! empty($_POST["notify_id"])) {$responseTxt = $this->getResponse($_POST["notify_id"]);}
- //Logging
- //if ($isSign) {
- // $isSignStr = 'true';
- //}
- //else {
- // $isSignStr = 'false';
- //}
- //$log_text = "responseTxt=".$responseTxt."\n notify_url_log:isSign=".$isSignStr.",";
- //$log_text = $log_text.createLinkString($_POST);
- //logResult($log_text);
- //Verification
- //The result of $responsetTxt is not true. It is related to server setup problems, collaborator ID, notify_id one minute failure.
- //The result of isSign is not true. It is related to security check code, parameter format at request (e.g. with custom parameters, etc.) and encoding format.
- if (preg_match("/true$/i",$responseTxt) && $isSign) {
- return true;
- } else {
- return false;
- }
- }
- }
Cancel the comments of the above code, pay again, and look at log.txt to find that the following code is written
Date of implementation: 20140306121304
responseTxt=
Notify_url_log: isSign = true, discount = 0.00 & payment_type = 1 & subject = order subject & trade_no = 2014030615255398 & buyer_email = 287139270@q.com&gmt_create = 2014-03-06 12:55 & notify_type = trade_status_sync & quantity = 1 & out_trade_no = 1394079155627 & seller_id = 2088211562160923 & notify_time = 2014-03-06
12:13:03&trade_status=TRADE_SUCCESS&is_total_fee_adjust=N&total_fee=0.10&gmt_payment=2014-03-06 12:13:03&seller_email=aaaaaa@126.com&price=0.10&buyer_id=2088702034696988¬ify_id=ec0149b551db7c645e3e66a3058d3b067g&use_coupon=N&sign_type=MD5&sign=5a46cb0b739f659089330a28293e042e
So we can see that isSign passed, that is, $this - > getResponse ($_POST ["notify_id"] this method is wrong.
- function getResponse($notify_id) {
- $transport = strtolower(trim($this->alipay_config['transport']));
- $partner = trim($this->alipay_config['partner']);
- $veryfy_url = '';
- if($transport == 'https') {
- $veryfy_url = $this->https_verify_url;
- }
- else {
- $veryfy_url = $this->http_verify_url;
- }
- $veryfy_url = $veryfy_url."partner=" . $partner . "¬ify_id=" . $notify_id;
- $responseTxt = getHttpResponseGET($veryfy_url, $this->alipay_config['cacert']);
- return $responseTxt;
- }
It can be seen that this function is to communicate with Alipay, and this time used Alipay's certificate. I initially suspected that it was a certificate issue. In fact, all the certificates were the same, not according to the different certificates of merchants, but it could also be the question of the certificate path $alipay_config['cacert'] = getcwd().'\cacert.pem'; some people also said that it was changed to $alipay_config['. Cacert']= getcwd().'/cacert.pem'; but I haven't encountered this problem.
Finally, of course, look at the getHttpResponseGET method in alipay_core.function.php
- function getHttpResponseGET($url,$cacert_url) {
- $curl = curl_init($url);
- curl_setopt($curl, CURLOPT_HEADER, 0 ); //Filtering HTTP headers
- curl_setopt($curl,CURLOPT_RETURNTRANSFER, 1);//Display output results
- curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);//SSL Certificate Authentication
- curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);//Strict authentication
- curl_setopt($curl, CURLOPT_CAINFO,$cacert_url);//Certificate address
- $responseText = curl_exec($curl);
- //Var_dump (curl_error($curl)); //If an exception occurs during curl execution, this switch can be turned on to view the exception content
- curl_close($curl);
- return $responseText;
- }
The discovery is a curl_exec method, so it is natural to suspect that the curl_exec method is disabled. When opening phpinfo, it is really curl_exec that is banned. From that we can find the principle of Alipay's work. In fact, it is not very complicated. After the payment is successful, he will come to the notify_url post data. The system will check according to the local certificate, curl.