pay/webapp/controller/PayController.class.php

<?php

class PayController {

    const SCAN_PAY_API_URL = 'https://gwapi.yemadai.com/pay/aggregatePay';
    const PRI_KEY = 'MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALaDZP3ysvKxkBLWlW/aAT/YM5/34uQcj2gQVV4q9Vkoscw3MSlmRcr4hckwenGUw0tK2LC4vEume8JBCm0ZsWiGoOwcAJp16Zzr+35hUXYVfgXoYiAG5o8N0nBIYCWO1Tk/e+wJsmkY9eHpA3Iq94EAkogttd6bqk+X4nTUIxfJAgMBAAECgYB3pECC3CMERvOr9bC2RtGE2aRV2/iHElXLoNFlToHQ9YU/2npGqj1cJXgF/9p0NFGlPKY5ipAcg0EjgOFlzW7me9C/wC7x704+WMsqZu7POvOXTlFDRVHYpd6iQqLubjToSMPeIEreSBQYjU8giiVxEZ+7mcFpBShFcXSTJWInBQJBANw5/euICWKnqtmN/PXzdKVC+Y4A2TsYgxWCQaCrjO7YytqCCoaZSJn0+rnTchI0VB2YP0nBxlz+8Jp7DkPjpMsCQQDUKR2Olmh7VB9OQ49KhsgGoNMZvZB69borAPtY8I3eSkyS3t6xTa5S9AEXV4hW1553/KewBAYvnAwS0Gkevbc7AkAzlaXjoLbKFAoR8Y9aMQ+WkkyQNaSskf5KcHtc3jIh1EgXzLQYeRknbtm3405p8zXsxLe2WBxVtiW3mbFqt4znAkEAoeLJmd5s1QYoaRimAtD7WgtnaPG7iAduSZgTMhdDuUVqTnte412J0eQ73Oq+rr0SPy37ahR3/+YLVGPQglNytwJAAcbSZ0EhcRaJUMcrrs2HQoMmQ53Gs5qJsVE5VWUh25Ryqjjo6y7kVYVVaYU1xhguMs7309Y4F4VFiPLZeLIpcw==';

    const MER_NO = '49118';
    const SUB_APPID = 'wx7d6509053659d9ed';
    const COMPANY_NO = 'sweep-f4fea613fec043f8bd81e9b70375e364';

    protected function getMysql($accountid)
    {
        $mysql_conf = getMysqlConfig(crc32($accountid));
        $conn = new phpcommon\Mysql(array(
            'host' => $mysql_conf['host'],
            'port' => $mysql_conf['port'],
            'user' => $mysql_conf['user'],
            'passwd' => $mysql_conf['passwd'],
            'dbname' => 'paydb'
        ));
        return $conn;
    }

    //ksome201908191405_xxxxx
    private function getOrderId()
    {
        $conn = $this->getMysql($_REQUEST['account_id']);
        $orderid_pre = 'ksome' . strftime('%y%m%d%H%M%S');
        $ret = $conn->execScript("INSERT INTO orderidx(createtime) VALUES(:createtime);",
                                 array(
                                     'createtime' => time()
                                 ));
        if (!$ret) {
            die();
        }
        $row = $conn->execQueryOne('SELECT LAST_INSERT_ID();', array());
        if (empty($row)) {
            die();
        }
        $orderid = $orderid_pre . '_' . $row[0];
        return $orderid;
    }

    private function _reaEncode($str) {
        $prikey = phpcommon\readPriKey(self::PRI_KEY);
        return openssl_sign($str, $sign, $prikey, OPENSSL_ALGO_SHA1) ? base64_encode($sign) : false;
    }

    public function aggregatePay()
    {
        if (!phpcommon\isValidSessionId(
            $_REQUEST['account_id'],
            $_REQUEST['session_id']
        )) {
            echo json_encode(array(
                'errcode' => 100,
                'errmsg' => 'session无效',
            ));
            die();
        }
        $nowtime = time();
        $openid = phpcommon\extractOpenId($_REQUEST['account_id']);
        $minigame_appid = self::SUB_APPID;
        $minigame_accountid = $_REQUEST['account_id'];
        {
            $ipos = strpos($_REQUEST['data'], '_');
            $gameid = substr($_REQUEST['data'], 0, $ipos);
            $rawdata = substr($_REQUEST['data'], $ipos + 1, strlen($_REQUEST['data']) - $ipos);
            $rawdata = base64_decode($rawdata);

            $iv = '1dd2f605f4f8496b';
            $key = 'c868a478c81ff3c168b35d703f787d3c';
            $data = phpcommon\aesDecrypt($rawdata, $iv, $key);
            if (empty($data)) {
                die();
            }
            $jsonobj = json_decode($data, true);
            if (!isset($jsonobj)) {
                die();
            }
            $game_account_id = $jsonobj['account_id'];
            $game_channel = phpcommon\extractChannel($jsonobj['account_id']);
            $game_openid = phpcommon\extractOpenId($jsonobj['account_id']);
            $amount = $jsonobj['price'];
            $itemid = $jsonobj['itemid'];
            $itemnum = $jsonobj['itemnum'];
            if (SERVER_ENV != _ONLINE) {
                $amount = 0.01;
            }
        }
        $orderid = $this->getOrderId();
        if (empty($orderid)) {
            die();
        }
        $advice_url = '';
        if (SERVER_ENV != _ONLINE) {
            $advice_url = "https://gamepay-test.kingsome.cn/webapp/index.php?c=PayNotify&a=payNotify";
        } else {
            $advice_url = "https://gamepay.kingsome.cn/webapp/index.php?c=PayNotify&a=payNotify";
        }
        $params = array(
            'MerchantNo' => self::MER_NO,
            'MerchantOrderNo' => $orderid,
            'PayType' => 'WxJsapi_OnLine',
            'Amount' => $amount,
            'Subject' => '1',
            'Desc' => '1',
            'CompanyNo' => self::COMPANY_NO,
            'RandomStr' => $orderid,
            'SignInfo' => '',
            'AdviceUrl' => htmlentities($advice_url),
            'SubAppid' => self::SUB_APPID,
            'UserId' => $openid
        );
        $params['SignInfo'] = $this->_reaEncode(
            'AdviceUrl=' . $advice_url . '&' .
            'Amount=' . $params['Amount'] . '&' .
            'MerchantNo=' . $params['MerchantNo'] . '&' .
            'MerchantOrderNo=' . $params['MerchantOrderNo'] . '&' .
            'PayType=' . $params['PayType'] . '&' .
            'RandomStr=' . $params['RandomStr'] .
            ''
        );
        $xml_txt = phpcommon\objectToXml($params, '<AggregatePayRequest/>');
        $xml_txt = str_replace('<?xml version="1.0"?>', '<?xml version="1.0" encoding="utf-8"?>', $xml_txt);
#        echo $xml_txt;
        $requestDomain = base64_encode($xml_txt);
        $response = '';
        if (!phpcommon\HttpClient::post(self::SCAN_PAY_API_URL,
                                        'requestDomain='. urlencode($requestDomain),
                                        $response)
        ) {
            echo json_encode(array(
                'errcode' => 101,
                'errmsg' => '交易失败:' . $response,
            ));
            die();
        }
        $xmlobj = new \SimpleXMLElement(base64_decode($response));
        if ($xmlobj->RespCode == '0000') {
            $conn = $this->getMysql($_REQUEST['account_id']);
            $ret = $conn->execScript('INSERT INTO orderinfo(orderid, accountid, channel, gameid, openid, ' .
                                     '                      itemid, price, ipv4, createtime, sp_orderid, ' .
                                     '                      minigame_appid, minigame_accountid)' .
                                     'VALUES(:orderid, :accountid, :channel, :gameid, :openid, :itemid, ' .
                                     '       :price, :ipv4, :createtime, :sp_orderid, :minigame_appid, :minigame_accountid);',
                                     array(
                                         ':orderid' => $orderid,
                                         ':accountid' => $game_account_id,
                                         ':openid' => $game_openid,
                                         ':channel' => $game_channel,
                                         ':gameid' => $gameid,
                                         ':itemid' => $itemid,
                                         ':price' => $amount,
                                         ':ipv4' => phpcommon\getIPv4(),
                                         ':createtime' => time(),
                                         ':sp_orderid' => (string)$xmlobj->OrderNo,
                                         ':minigame_appid' => $minigame_appid,
                                         ':minigame_accountid' => $minigame_accountid,
                                         ));
            if (!$ret) {
                echo json_encode(array(
                    'errcode' => 2,
                    'errmsg' => '服务器内部错误',
                ));
            }
            echo json_encode(array(
                'errcode' => 0,
                'errmsg' => '',
                'orderid' => $orderid,
                'pay_str' => (string)$xmlobj->PayStr
            ));
        } else {
            echo json_encode(array(
                'errcode' => 1,
                'errmsg' => '平台错误:' . $xmlobj->RespCode,
            ));
        }
    }

}