支付宝回调,得到这样一个数组(数组只是形式,并不是真实数据)
array ( 'discount' => '0.00', 'payment_type' => '1', 'subject' => '测试02', 'trade_no' => '201603122100106821', 'buyer_email' => '18776152065', 'gmt_create' => '2016-03-12 11:30:08', 'notify_type' => 'trade_status_sync', 'quantity' => '1', 'out_trade_no' => '1603125610283', 'seller_id' => '2088122451677261', 'notify_time' => '2016-03-13 11:54:40', 'body' => '测试02', 'trade_status' => 'TRADE_SUCCESS', 'is_total_fee_adjust' => 'N', 'total_fee' => '0.01', 'gmt_payment' => '2016-03-12 11:30:09', 'seller_email' => 'xxxx@126.com', 'price' => '0.01', 'buyer_id' => '2088612804', 'notify_id' => 'ba20b13f6lk2', 'use_coupon' => 'N', 'sign_type' => 'RSA', 'sign' => 'Bn6IEyE9=', )
然后ksort()
排序,去除sign_type
,sign
,拼接成body=Hello&buyer_email=13788888888&buyer_id=2088002007013600..............
这样字符串
openssl_verify(`拼接字符串`, base64_decode($_POST['sign']), $publickey);
总返回 0 ,验证不成功,是哪一步出错
请问解决了吗?我也遇到这个问题了,直接用的官方php sdk,总是返回0.
支付宝都会提供 demo 的,里面包含了验证签名的算法,其实提供了整个lib包,你直接拿来用就可以了