pay/webapp/controller/PayNotifyController.class.php

<?php

class PayNotifyController {

    const PUB_KEY = 'MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVd+f/YkGDi8s9AKhZvmHCxZ2+sPKIsr+JVS2Uj4pP6qApuNq5lEwtF4c6LzHJbUUxKge/OttiR7pR481tqW3PgeSYjyU6rayx0rSEo8/xqVHnh4XugbJREUVyq/Evp79f0BePO69zC0AdYZSjXOAVG8uduRzHl4RWb7BiDLBL3QIDAQAB';

    protected function getMysql($accountid)
    {
        $mysql_conf = getMysqlConfig(crc32($accountid));
        $conn = new phpcommon\Mysql(array(
            'host' => $mysql_conf['host'],
            'port' => $mysql_conf['port'],
            'user' => $mysql_conf['user'],
            'passwd' => $mysql_conf['passwd'],
            'dbname' => 'paydb'
        ));
        return $conn;
    }

    private function _redPubkey()
    {
        $pem = "-----BEGIN PUBLIC KEY-----\n" .
             chunk_split(self::PUB_KEY, 64, "\n") .
             "-----END PUBLIC KEY-----\n";
        echo $pem;
        return openssl_pkey_get_public($pem);
    }

    private function _redPrikey()
    {
        $pem = "-----BEGIN RSA PRIVATE KEY-----\n" .
             chunk_split(self::PRI_KEY, 64, "\n") .
             "-----END RSA PRIVATE KEY-----\n";
        error_log($pem);
        return openssl_pkey_get_private($pem);
    }

    private function _reaEncode($str) {
        $prikey = self::_redPrikey();
        return openssl_sign($str, $sign, $prikey, OPENSSL_ALGO_SHA1) ? base64_encode($sign) : false;
    }

    public function payNotify()
    {
        error_log('payNotify:' . json_encode($_REQUEST));
        $sign_info = $this->_reaEncode(
            'MerNo=' . $_REQUEST['MerNo'] . '&' .
            'BillNo=' . $_REQUEST['BillNo'] . '&' .
            'OrderNo=' . $_REQUEST['OrderNo'] . '&' .
            'Amount=' . $_REQUEST['Amount'] . '&' .
            'Succeed=' . $_REQUEST['Succeed']
        );
        if ($sign_info != $_REQUEST['SignInfo']) {
            die('sign error');
        }
        $conn = $this->getMysql($_REQUEST['OrderNo']);
        $conn->execScript("INSERT INTO notify_his(orderid, request_data, ipv4, createtime)" .
                          "VALUES(:orderid, :request_data, :ipv4, :createtime);",
                          array(
                              ':orderid' => $_REQUEST['OrderNo'],
                              ':request_data' => json_encode($_REQUEST),
                              ':ipv4' => phpcommon\getIPv4(),
                              ':createtime' => time()
                          ));
        if ($_REQUEST['Succeed'] == '88') {
            $row = $conn->execQueryOne('SELECT orderid, accountid, sp_pay_result, status FROM orderinfo ' .
                                       'WHERE orderid=:orderid;',
                                       array(
                                           'orderid' => $_REQUEST['OrderNo']
                                       )
            );
            if ($row) {
                if ($row['status'] == 0 && $row['sp_pay_result'] == 0) {
                    $ret = $conn->execScript('UPDATE orderinfo SET ' .
                                             '  sp_pay_result = 1, ' .
                                             '  sp_confirm_time = :sp_confirm_time, ' .
                                             '  sp_orderid = :sp_orderid' .
                                             'WHERE orderid=:orderid;',
                                             array(
                                                 'orderid' => $_REQUEST['OrderNo'],
                                                 'sp_orderid' => $_REQUEST['BillNo'],
                                                 'sp_confirm_time' => time()
                                             ));
                    if ($ret) {
                        die('ok');
                    }
                }
            }
        }
        die('sign error');
    }

}