Home Explore 关于GitCat
niesen
/
thinkphp6-template
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 27ca824ecd
Branches Tags
thinkphp6-templ...
/
app
/
controller
/
Pay.php

Pay.php 11 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246 
  1. <?php
    2. 

  2. namespace app\controller;
    3. 

  3. 

  4. use app\BaseController;
    5. 

  5. use think\facade\Db;
    6. 

  6. 

  7. //支付控制器
    8. 

  8. class Pay extends BaseController
    9. 

  9. {
    10. 

  10.     protected $noNeedLogin = ['payOrder','payCallback'];
    11. 

  11.     public $baseUrl = 'https://pay.v8jisu.cn';
    12. 

  12.     public $merchantId = '28399';
    13. 

  13.     public $key = '0QknLivpRQB50Bq76r06PiR464SrTrvQ';
    14. 

  14.     public $merchantPublicKey = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9M3hkPM/rAeow0Y6bjJzHFy4btLxIZ4gMB3ggqP1MBDTg+oLwrVfU8OUxYG7/yntiFqDFNOAopccygsNRTzdrWQjenbJ4g9xCwWiIiubMRAKfgYNX9AsUalxcXpWPvmCLKHc4YdHGh8+GrV0qZi/FAQ7uMLXeowe+Np9cUziXIDLYbgJXB0UBqEyI2GVBJMOuFqKaP5pay/DcTTQwLKcHyzPlOUTlMet4ClPrAhqfe/FQYIfa8nFtrSevAzPMwJuZfYrFr6DvyQADaP16RZQS0tLMPW47646ieQ7GmITixXd5yEzlBTlECh1sIKyzn9DjzLkmrVFsDim4NFgJp/eQIDAQAB';
    15. 

  15.     public $merchantPrivateKey = 'MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDkSKP7fp5hjHFgYufalba3+qeJMPKHhXCm1yk7jJKkOIHkgW8tpcQqw/c8krwIRdjW6W5YF5Jr/b3cXP1JmyIeyLfbglSck+GijdFGMWlwbNAPVO/TrJUy8/+beFrqVJdCBlsRYW6lml4aGMXFTIK3Rn69zRfvgUFDYcZOa0VGTfXjfR0hOME6vxw1DxCOvWxczh8uLSeFnbirIyKaES807XGC3eCTmyJi/UsPA3vQeUUTpXliitSZFH/+T6g2K4n0Oy2OER5cTFWL8p/Gpy/pxoxALrc9eSIv8diLIco7WPfFYPABeZFe0cF4FwBeVaCqh1/K9m9uE6SAXhJUKZbzAgMBAAECggEAahuRjQ5Xk8Px1vliB2nbWjy5rrz/nhpaOFJ+Kd23M3nIdmvrP25zdeVMf+08VSQSHCK4VV3vgx6YJ1tZp+LhwylMvE0iAv2BvUrp4RSKi+Un+FhkeSEY4GwlfSA+MflLrTbDEZsWEQdlgf/NvV1IzOOJebNg0sRjj2xc/opB0uD9Dp2CMmdR4cztUXlmnVx0i5UQxl59u0TQitcuriTmqre4qibYX3ddr1V91k7WCde25a7HEdoQSID566O3H3tE6+XSIEp6LXpYrZFSK+b9Zc+V7khr27AmEMsSPpy/nSPI8pKwjaoFbLaGrh9PToXin5ENGbVY79fARIVe+HfAoQKBgQD1K1yqSEs+F09Aml6xY5BjqJ14HJQ8DphktrGzlI0hYHi42OtEfaPOrThLHGes4TipJUnvWjG0YqNaW+t9j2733OShUNF5BqiwTyfZ1/F+UffU+m6Dq0aB/DZV7KGB6rfQ1XUn77rIMs0gcm7BMwhfZLXUWDhj6qen+kMCO9PY+QKBgQDuXlFaQh1/ByR/urOqU6x9EGr5B0iT2QXM1vKbGOpj2wZIRV+wJtfnSy5kTxRigGgm1gXHgqYwRrONGR/0O/yfNVEm/OuEy4IUNBXsU/vjmzpfSNt2ajY91bMuf6aAZ1M688o08ouL4mrCKWQHUXIN8jxnPN6Yp84TcotghZi2SwKBgQCO6TnY4M9LYFcIN3PfP0RZc15nN3GJGJDolD49iehCfnOgfIGXqQ0lWn+n+OTON3LJ1jyk0xSKK71A3LgGtudegFqdVfjk7WbDb0CxkVjp42ntshVdlydAef5KU+dJTcLcbrEeGHXuYP6FXW8GG3NT9+at4sbsJ0qXdiA9WxaAMQKBgHDV5u6x42KRT/7Cs2/KYhllny24++s4zV0U1w0CM1oHgSbO6Cfri0JqvVAwevbRz/uqTlwOBXtOzInbPdwQVVpME9k/2oEnELFdoo8XhmJMxcn7JCAe0QReV46IUJnxz11Vr/92XQZfrKeyji5EqJffdiZskvZyYMOl8kJDm3GXAoGBAOOd8/HCGGeaMA7Uv9bjW17BQ9d/mJ/KmBI/S0t0/Y5Ur7hdtcS/5fw9lHPIqXTP+CJhE5+sQOi5GiwWHy0CCUlWFfi3kwlNTrau3m56sx7chjvaY/1F3b4sG7eFJMbgi8BjXiZREHJ1dehczF9pguIT/rcCtkpDMaWy8DIrSRdp';
    16. 

  16. 

  17.     // 生成RSA公钥
    18. 

  18.     private function makeRsaSign($data)
    19. 

  19.     {
    20. 

  20.         // 排序 & 拼接
    21. 

  21.         ksort($data);
    22. 

  22.         $str = '';
    23. 

  23.         foreach ($data as $k => $v) {
    24. 

  24.             if ($v !== "" && $k != 'sign' && $k != 'sign_type' && !is_array($v)) {
    25. 

  25.                 $str .= "{$k}={$v}&";
    26. 

  26.             }
    27. 

  27.         }
    28. 

  28.         $str = rtrim($str, "&");
    29. 

  29. 

  30.         // 拼接PEM格式
    31. 

  31.         $privateKey = "-----BEGIN PRIVATE KEY-----\n"
    32. 

  32.             . chunk_split($this->merchantPrivateKey, 64, "\n")
    33. 

  33.             . "-----END PRIVATE KEY-----\n";
    34. 

  34. 

  35.         $res = openssl_get_privatekey($privateKey);
    36. 

  36.         if (!$res) {
    37. 

  37.             throw new \Exception('私钥格式错误或无法加载');
    38. 

  38.         }
    39. 

  39.         openssl_sign($str, $sign, $res, OPENSSL_ALGO_SHA256);
    40. 

  40.         return base64_encode($sign);
    41. 

  41.     }
    42. 

  42. 

  43.     // 生成 MD5 签名
    44. 

  44.     private function makeMd5Sign($data)
    45. 

  45.     {
    46. 

  46.         $md5_key = $this->key; // 商户密钥
    47. 

  47.         ksort($data); // 按照 ASCII 码排序
    48. 

  48.         $str = '';
    49. 

  49.         foreach ($data as $k => $v) {
    50. 

  50.             if ($v !== "" && $k != 'sign' && $k != 'sign_type') { 
    51. 

  51.                 // 排除空值、sign 和 sign_type
    52. 

  52.                 $str .= "{$k}={$v}&";
    53. 

  53.             }
    54. 

  54.         }
    55. 

  55.         $str = rtrim($str, "&"); // 去掉最后一个 &
    56. 

  56.         $str .= $md5_key; // 按文档要求,直接拼接 KEY
    57. 

  57.     
    58. 

  58.         return md5($str); // 小写
    59. 

  59.     }
    60. 

  60.     
    61. 

  61.     // 发起Http请求
    62. 

  62.     private function HttpRequest($url, $postData)
    63. 

  63.     {
    64. 

  64.         // 将数组编码为 x-www-form-urlencoded 格式的查询字符串
    65. 

  65.         $postData1 = http_build_query($postData);
    66. 

  66.         // 初始化 cURL 会话
    67. 

  67.         $ch = curl_init($url);
    68. 

  68.         // 设置 cURL 选项
    69. 

  69.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  // 将响应作为字符串返回
    70. 

  70.         curl_setopt($ch, CURLOPT_POST, true);            // 使用 POST 方法
    71. 

  71.         curl_setopt($ch, CURLOPT_POSTFIELDS, $postData1); // 设置 POST 数据
    72. 

  72.         curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    73. 

  73.             'Content-Type: application/x-www-form-urlencoded' // 设置 Content-Type 头
    74. 

  74.         ));
    75. 

  75.         // 执行请求并获取响应
    76. 

  76.         $response = curl_exec($ch);
    77. 

  77.         // 关闭 cURL 会话
    78. 

  78.         curl_close($ch);
    79. 

  79.         // 检查请求是否成功
    80. 

  80.         if ($response === false) {
    81. 

  81.             return "cURL Error: " . curl_error($ch);
    82. 

  82.         } else {
    83. 

  83.             // 处理响应
    84. 

  84.             return $response;
    85. 

  85.         }
    86. 

  86.     }
    87. 

  87. 

  88.     // JSON清理
    89. 

  89.     function fixEscapedJson($jsonString) {
    90. 

  90.         // 移除多余的反斜杠
    91. 

  91.         $fixed = stripslashes($jsonString);
    92. 

  92.         // 替换HTML实体
    93. 

  93.         $fixed = str_replace(
    94. 

  94.             ['&quot;', '&amp;', '&lt;', '&gt;'],
    95. 

  95.             ['"', '&', '<', '>'],
    96. 

  96.             $fixed
    97. 

  97.         );
    98. 

  98.         return $fixed;
    99. 

  99.     }
    100. 

  100.     
    101. 

  101.     //拉起订单
    102. 

  102.     public function order()
    103. 

  103.     {
    104. 

  104.         $goodsName = $this->request->post('goodsName');     // 商品名称
    105. 

  105.         $amount = $this->request->post('amount');           // 商品金额
    106. 

  106.         $type = $this->request->post('type');               // 支付方式
    107. 

  107.         $isVip = $this->request->post('isVip') ?? 0;        // 是否为购买VIP
    108. 

  108.         $user = $this->getUser();
    109. 

  109.         if (!$goodsName || !$type || !is_numeric($amount)) {
    110. 

  110.             $this->fail(500, '参数校验错误');
    111. 

  111.         }
    112. 

  112.         if (!$user) {
    113. 

  113.             $this->fail(500, '用户未登录');
    114. 

  114.         }
    115. 

  115. 

  116.         // 参数构建
    117. 

  117.         $data['pid'] = $this->merchantId;
    118. 

  118.         $data['method'] = 'jump';    // 接口类型
    119. 

  119.         $data['device'] = 'pc'; // 设备类型
    120. 

  120.         $data['type'] = $type; // 支付方式
    121. 

  121.         $data['out_trade_no'] = date('YmdHis') . strval(mt_rand(100000, 999999)); // 订单号
    122. 

  122.         $data['notify_url'] = 'https://api.danjiwanjia.com/pay/payCallback'; // 服务器异步通知地址
    123. 

  123.         $data['return_url'] = 'https://www.danjiwanjia.com/#/userCenter'; // 页面跳转通知地址
    124. 

  124.         $data['name'] = $goodsName; // 商品名称	
    125. 

  125.         $data['money'] = $amount; // 商品金额	
    126. 

  126.         $data['clientip'] = $this->request->ip(); // 用户ip地址
    127. 

  127.         $data['timestamp'] = time(); // 当前时间戳
    128. 

  128.         $data['param'] = json_encode(['isVip' => $isVip]);   // 业务拓展参数 通过此参数判断用户是否通过VIP页面调起支付
    129. 

  129.         $data['sign_type'] = 'RSA'; // 当前时间戳
    130. 

  130.         $data['sign'] = $this->makeRsaSign($data);  // 签名生成
    131. 

  131. 

  132.         // 插入数据表
    133. 

  133.         Db::table('tb_user_order')
    134. 

  134.             ->insert([
    135. 

  135.                 'user_id'    => $user->user_id,
    136. 

  136.                 'balance'    => $amount,
    137. 

  137.                 'state'      => 0,
    138. 

  138.                 'created_at' => time(),
    139. 

  139.                 'order_no'   => $data['out_trade_no'],
    140. 

  140.             ]);
    141. 

  141. 

  142.         // 发起请求
    143. 

  143.         $url = $this->baseUrl . '/api/pay/create';
    144. 

  144.         $result = $this->HttpRequest($url, $data);
    145. 

  145.         // header('Content-Type: application/json');
    146. 

  146.         // echo $result;
    147. 

  147.         // exit();
    148. 

  148.         $result = json_decode($result, true);
    149. 

  149.         if($result['code'] == 0) {
    150. 

  150.             $this->success('success', $result['pay_info']);
    151. 

  151.         } else {
    152. 

  152.             $this->fail(500, $result['msg']);
    153. 

  153.         }
    154. 

  154.     }
    155. 

  155.     
    156. 

  156.     //获取我的订单
    157. 

  157.     public function getMyOrder()
    158. 

  158.     {
    159. 

  159.         $page = $this->request->post('page');         //页码
    160. 

  160.         $pageNum = $this->request->post('pageNum');         //每页显示的数据条数
    161. 

  161.         if (!is_numeric($pageNum) || !is_numeric($page)) {
    162. 

  162.             $this->fail(500, 'page或pageNum参数校验错误');
    163. 

  163.         }
    164. 

  164.         $data = Db::table('tb_user_order')
    165. 

  165.             ->where(['user_id' => $this->getUser()->user_id])
    166. 

  166.             ->order('created_at DESC')
    167. 

  167.             ->paginate([
    168. 

  168.                 'page' => $page,
    169. 

  169.                 'list_rows' => $pageNum,
    170. 

  170.             ]);
    171. 

  171.         $this->success('success', $data);
    172. 

  172.     }
    173. 

  173.     
    174. 

  174.     /**
    175. 

  175.      * 支付回调
    176. 

  176.      */
    177. 

  177.     public function payCallback()
    178. 

  178.     {
    179. 

  179.         $data = $this->request->param();
    180. 

  180.         error_log('payCallback: '.json_encode($data));
    181. 

  181.         if(!$data) {
    182. 

  182.             exit('无法获取到传参');
    183. 

  183.         }
    184. 

  184.         $order_sn = $data['out_trade_no'];
    185. 

  185.         $amount = $data['money'];
    186. 

  186.         $isVip = json_decode($this->fixEscapedJson($data['param']), true)['isVip'];
    187. 

  187.         $order = Db::name('tb_user_order')->where('order_no', $order_sn)->find();
    188. 

  188.         if (!$order) {
    189. 

  189.             exit('订单不存在');
    190. 

  190.         }
    191. 

  191.         if ($order['state'] == 1) {
    192. 

  192.             // 订单已支付 不走后面的逻辑但是要返回success
    193. 

  193.             exit('success');
    194. 

  194.         }
    195. 

  195.         // 订单校验通过 更新订单状态
    196. 

  196.         Db::name('tb_user_order')
    197. 

  197.         ->where('order_no', $order_sn)
    198. 

  198.         ->update([
    199. 

  199.             'state' => 1,
    200. 

  200.             'pay_at' => time(),
    201. 

  201.         ]);
    202. 

  202.         // 业务判断
    203. 

  203.         if($isVip == 1) {
    204. 

  204.             // 增加用户VIP时长
    205. 

  205.             // 查找对应价格VIP等级
    206. 

  206.             $vipInfo = Db::name('tb_user_vip_price')
    207. 

  207.                 ->where('user_id', $order['user_id'])
    208. 

  208.                 ->where('price', $amount)
    209. 

  209.                 ->find();
    210. 

  210.             // 首先判断当前用户是否已经为VIP
    211. 

  211.             $userVip = Db::name('tb_user_vip')->where('user_id', $order['user_id'])->find();
    212. 

  212.             if($userVip) {
    213. 

  213.                 // 如果用户已经为VIP 且为同类型VIP则增加VIP时长
    214. 

  214.                 if($userVip['type'] == $vipInfo['type']) {
    215. 

  215.                     Db::name('tb_user_vip')
    216. 

  216.                         ->where('user_id', $order['user_id'])
    217. 

  217.                         ->setInc('expired_at', strtotime($vipInfo['duration'] . 'month'));
    218. 

  218.                 } else {
    219. 

  219.                     // 如果用户已经为VIP 且为不同类型VIP则删除原有VIP记录并新增VIP记录
    220. 

  220.                     Db::name('tb_user_vip')
    221. 

  221.                         ->where('user_id', $order['user_id'])
    222. 

  222.                         ->delete();
    223. 

  223.                     Db::name('tb_user_vip')->insert([
    224. 

  224.                         'user_id' => $order['user_id'],
    225. 

  225.                         'type' => $vipInfo['type'],
    226. 

  226.                         'expired_at' => strtotime($vipInfo['duration'] . 'month')
    227. 

  227.                     ]);
    228. 

  228.                 }
    229. 

  229.             } else {
    230. 

  230.                 // 如果用户不是VIP 则新增VIP记录
    231. 

  231.                 Db::name('tb_user_vip')->insert([
    232. 

  232.                     'user_id' => $order['user_id'],
    233. 

  233.                     'type' => $vipInfo['type'],
    234. 

  234.                     'expired_at' => strtotime($vipInfo['duration'] . 'month')
    235. 

  235.                 ]);
    236. 

  236.             }
    237. 

  237.         } else {
    238. 

  238.             // 增加用户余额
    239. 

  239.             Db::name('tb_user')
    240. 

  240.                 ->where('id', $order['user_id'])
    241. 

  241.                 ->inc('balance', $amount * 2)   // 限时活动 实际到账金额为金额的2倍
    242. 

  242.                 ->update();
    243. 

  243.         }
    244. 

  244.         exit('success');
    245. 

  245.     }
    246. 

  246. }
    247.