Android内购订单验证 --- php实现

时间:2024-06-06 13:04:38

直接上代码:

function googleVerify($sdata,$google_public_key)
{
$sdata = json_decode($sdata,true); $in_app_purchase_data = isset($sdata['receipt'])?$sdata['receipt']:"";
$in_app_data_signature = isset($sdata['signature'])?$sdata['signature']:""; $public_key = "-----BEGIN PUBLIC KEY-----" . PHP_EOL .
chunk_split($google_public_key, 64, PHP_EOL) .
"-----END PUBLIC KEY-----"; $public_key_handle = openssl_pkey_get_public($public_key); $result = openssl_verify($in_app_purchase_data, base64_decode($in_app_data_signature), $public_key_handle, OPENSSL_ALGO_SHA1); $status = 0;
$purchaseTime = 0;
if($result == 1){
$status = 1; $in_app_purchase_data = json_decode($in_app_purchase_data, true); $purchaseTime = isset($in_app_purchase_data['purchaseTime'])?intval($in_app_purchase_data['purchaseTime']):0;
} return ['status'=>$status,'purcaseTime' => intval($purchaseTime)];
}

参数说明:

$google_public_key:在google play console(https://play.google.com/apps/publish/)后台获取  :  开发工具》服务和API 中能看到的KEY.
$sdata:格式如下:
//
//$sdata为字符串,非json对象
//receipt,signature都是客户端购买后,google返回的数据
$sdata='{
"receipt": "{\"orderId\":\"GPA.3339-1d91-2716-249\",\"packageName\":\"con\",\"productId\":\"com.w.coin1\",\"purchaseTime\":1540265097944,\"purchaseState\":0,\"purchaseToken\":\"ogiafjoiY\"}",
"signature": "fFbfYTh2m/7nL9OZVTkw=="
}';

返回数据:

$status:== 1,为真订单,0为假订单

$purcaseTime:  订单购买的时间戳。