DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
440 Commits
3 Branches
110MB
Tree: afc2911867
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'afc2911867'
${ noResults }
DedeV6/src/include/payment/yeepay.php

424 lines
18KB
Raw Blame History 

  1. <?php

  2. if(!defined('DEDEINC')) exit('dedebiz');

  3. /**

  4.  *易宝接口类

  5.  */

  6. class yeepay

  7. {

  8.     var $dsql;

  9.     var $mid;

  10.   

  11.     # 业务类型

  12.     # 支付请求,固定值"Buy" 

  13.     var $p0_Cmd = 'Buy';

  14.   

  15.     # 送货地址

  16.     # 为"1": 需要用户将送货地址留在易宝支付系统;为"0": 不需要,默认为 "0".

  17.     var $p9_SAF = "0";

  18.     

  19.     # 网关地址不能随便修改

  20.     var $reqURL_onLine = "https://www.yeepay.com/app-merchant-proxy/node";

  21.     //$reqURL_onLine = "http://tech.yeepay.com:8080/robot/debug.action";

  22.     

  23.     var $return_url='/plus/carbuyaction.php?dopost=return'; //返回处理地址

  24.         

  25.     /**

  26.     * 构造函数

  27.     *

  28.     * @access  public

  29.     * @param

  30.     *

  31.     * @return void

  32.     */

  33.     function yeepay()

  34.     {

  35.         global $dsql;

  36.         $this->dsql = $dsql;

  37.     }

  38. 

  39.     function __construct()

  40.     {

  41.         $this->yeepay();

  42.     }

  43.     

  44.     /**

  45.      *  设定接口会送地址

  46.      *

  47.      *  例如: $this->SetReturnUrl($cfg_basehost."/tuangou/control/index.php?ac=pay&orderid=".$p2_Order)

  48.      *

  49.      * @param     string  $returnurl  会送地址

  50.      * @return    void

  51.      */

  52.     function SetReturnUrl($returnurl='')

  53.     {

  54.         if (!empty($returnurl))

  55.         {

  56.             $this->return_url = $returnurl;

  57.         }

  58.     }

  59. 

  60.     /**

  61.     * 生成支付代码

  62.     * @param   array   $order      订单信息

  63.     * @param   array   $payment    支付方式信息

  64.     */

  65.     function GetCode($order, $payment)

  66.     {

  67.         global $cfg_basehost,$cfg_cmspath;

  68.         //对于二级目录的处理

  69.         if(!empty($cfg_cmspath)) $cfg_basehost = $cfg_basehost.'/'.$cfg_cmspath;

  70. 

  71.         #    商家设置用户购买商品的支付信息.

  72.         ##易宝支付平台统一使用GBK/GB2312编码方式,参数如用到中文,请注意转码

  73.         

  74.         #    商户订单号,选填.

  75.         ##若不为"",提交的订单号必须在自身账户交易中唯一;为""时,易宝支付会自动生成随机的商户订单号.

  76.         $p2_Order                    = trim($order['out_trade_no']);

  77.         

  78.         #    支付金额,必填.

  79.         ##单位:元,精确到分.

  80.         $p3_Amt                        = $order['price'];

  81.         

  82.         #    交易币种,固定值"CNY".

  83.         $p4_Cur                        = "CNY";

  84.         

  85.         #    商品名称

  86.         ##用于支付时显示在易宝支付网关左侧的订单产品信息.

  87.         $p5_Pid                        = trim($order['out_trade_no']);

  88.         

  89.         #    商品种类

  90.         $p6_Pcat                    = 'cart';

  91.         

  92.         #    商品描述

  93.         $p7_Pdesc                    = '';

  94.         

  95.         #    商户接收支付成功数据的地址,支付成功后易宝支付会向该地址发送两次成功通知.

  96.         //$p8_Url                        = $cfg_basehost."/plus/carbuyaction.php?dopost=return&code=".$payment['code'];  

  97.         $p8_Url                        =   $cfg_basehost.$this->return_url.'&code='.$payment['code'];

  98.         

  99.         #    商户扩展信息

  100.         ##商户可以任意填写1K 的字符串,支付成功时将原样返回.                                                

  101.         $pa_MP                        = 'member';

  102.         

  103.         #    应答机制

  104.         ##为"1": 需要应答机制;为"0": 不需要应答机制.

  105.         $pr_NeedResponse    = 1;

  106.         

  107.         #    银行编码

  108.             ##默认为"",到易宝支付网关.若不需显示易宝支付的页面,直接跳转到各银行、神州行支付、骏网一卡通等支付页面,该字段可依照附录:银行列表设置参数值.            

  109.         $pd_FrpId                    = '';

  110.         #调用签名函数生成签名串

  111.         $hmac = $this->getReqHmacString($payment['yp_account'],$payment['yp_key'],$p2_Order,$p3_Amt,$p4_Cur,$p5_Pid,$p6_Pcat,$p7_Pdesc,$p8_Url,$pa_MP,$pd_FrpId,$pr_NeedResponse);

  112.         

  113.         $button = '<form target="_blank" method="post" action="'.$this->reqURL_onLine.'">

  114.                             <input type="hidden" value="'.$this->p0_Cmd.'" name="p0_Cmd">

  115.                             <input type="hidden" value="'.$payment['yp_account'].'" name="p1_MerId">

  116.                             <input type="hidden" value="'.$p2_Order.'" name="p2_Order">

  117.                             <input type="hidden" value="'.$p3_Amt.'" name="p3_Amt">

  118.                             <input type="hidden" value="'.$p4_Cur.'" name="p4_Cur">

  119.                             <input type="hidden" value="'.$p5_Pid.'" name="p5_Pid">

  120.                             <input type="hidden" value="'.$p6_Pcat.'" name="p6_Pcat">

  121.                             <input type="hidden" value="'.$p7_Pdesc.'" name="p7_Pdesc">

  122.                             <input type="hidden" value="'.$p8_Url.'" name="p8_Url">

  123.                             <input type="hidden" value="'.$this->p9_SAF.'" name="p9_SAF">

  124.                             <input type="hidden" value="'.$pa_MP.'" name="pa_MP">

  125.                             <input type="hidden" value="'.$pd_FrpId.'" name="pd_FrpId">

  126.                             <input type="hidden" value="'.$pr_NeedResponse.'" name="pr_NeedResponse"    >

  127.                             <input type="hidden" value="'.$hmac.'" name="hmac">

  128.                             <input type="submit" value="立即使用YeePay易宝支付"></form>';

  129. 

  130.     /* 清空购物车 */

  131.         require_once DEDEINC.'/shopcar.class.php';

  132.         $cart     = new MemberShops();

  133.         $cart->clearItem();

  134.         $cart->MakeOrders();

  135.         return $button;

  136.     }

  137. 

  138.     /**

  139.     * 响应操作

  140.     */

  141.     function respond()

  142.     {

  143. 

  144.         /* 引入配置文件 */

  145. 		$code = preg_replace( "#[^0-9a-z-]#i", "", $_REQUEST['code'] );

  146. 		require_once DEDEDATA.'/payment/'.$code.'.php';

  147.         

  148.         $p1_MerId = trim($payment['yp_account']);

  149.         $merchantKey = trim($payment['yp_key']);

  150.         

  151.         #  解析返回参数.

  152.         $return = $this->getCallBackValue($r0_Cmd, $r1_Code, $r2_TrxId, $r3_Amt, $r4_Cur, $r5_Pid, $r6_Order, $r7_Uid, $r8_MP, $r9_BType, $hmac);

  153.         

  154.         #  判断返回签名是否正确(True/False)

  155.         $bRet = $this->CheckHmac($p1_MerId,$merchantKey,$r0_Cmd,$r1_Code,$r2_TrxId,$r3_Amt,$r4_Cur,$r5_Pid,$r6_Order,$r7_Uid,$r8_MP,$r9_BType,$hmac);

  156. 

  157.         #  校验码正确.

  158.         if($bRet)

  159.         {

  160.             if($r1_Code=="1")

  161.             {

  162.                 /*判断订单类型*/

  163.                 if(preg_match ("/S-P[0-9]+RN[0-9]/",$r6_Order)) 

  164.                 {

  165.                     //获取用户mid

  166.                     $row = $this->dsql->GetOne("SELECT * FROM #@__shops_orders WHERE oid = '{$r6_Order}'");

  167.                     $this->mid = $row['userid'];

  168.                     $ordertype="goods";

  169.                 } else if (preg_match ("/M[0-9]+T[0-9]+RN[0-9]/",$r6_Order)){

  170.                     $row = $this->dsql->GetOne("SELECT * FROM #@__member_operation WHERE buyid = '{$r6_Order}'");

  171.                     //获取订单信息,检查订单的有效性

  172.                     if(!is_array($row)||$row['sta']==2) return $msg = "您的订单已经处理,请不要重复提交!";

  173.                     $ordertype = "member";

  174.                     $product =    $row['product'];

  175.                     $pname= $row['pname'];

  176.                     $pid=$row['pid'];

  177.                     $this->mid = $row['mid'];

  178.                 } else {    

  179.                     return $msg = "支付失败,您的订单号有问题!";

  180.                 }

  181. 

  182. 

  183.                 #    需要比较返回的金额与商家数据库中订单的金额是否相等,只有相等的情况下才认为是交易成功.

  184.                 #    并且需要对返回的处理进行事务控制,进行记录的排它性处理,防止对同一条交易重复发货的情况发生.                

  185.                 if($r9_BType == "1" || $r9_BType == "3"){

  186.                     if($ordertype == "goods"){ 

  187.                         if($this->success_db($r6_Order))  return $msg = "支付成功!<br> <a href='/'>返回主页</a> <a href='/member'>会员中心</a>";

  188.                         else  return $msg = "支付失败!<br> <a href='/'>返回主页</a> <a href='/member'>会员中心</a>";

  189.                     } else if ($ordertype=="member") {

  190.                         $oldinf = $this->success_mem($r6_Order,$pname,$product,$pid);

  191.                         return $msg = "<span style='color:#dc3545'>".$oldinf."</span><br> <a href='/'>返回主页</a> <a href='/member'>会员中心</a>";

  192.                     }

  193.                 } else if ( $r9_BType == "2" ){

  194.                     #如果需要应答机制则必须回写流,以success开头,大小写不敏感.

  195.                     echo "success";

  196.                     if($ordertype=="goods"){ 

  197.                         if($this->success_db($r6_Order))  return $msg = "支付成功!<br> <a href='/'>返回主页</a> <a href='/member'>会员中心</a>";

  198.                         else  return $msg = "支付失败!<br> <a href='/'>返回主页</a> <a href='/member'>会员中心</a>";

  199.                     } else if ($ordertype=="member") {

  200.                         if($this->success_mem($r6_Order,$pname,$product,$pid))  return $msg = "支付成功!<br> <a href='/'>返回主页</a> <a href='/member'>会员中心</a>";

  201.                         else  return $msg = "支付失败!<br> <a href='/'>返回主页</a> <a href='/member'>会员中心</a>";

  202.                     }

  203.                 }

  204.             }

  205.         } else {

  206.             $this->log_result ("verify_failed");

  207.             return $msg = "交易信息被篡!<br> <a href='/'>返回主页</a> ";

  208.         }

  209.     }

  210. 

  211. 

  212.     #签名函数生成签名串

  213.     function getReqHmacString($p1_MerId,$merchantKey,$p2_Order,$p3_Amt,$p4_Cur,$p5_Pid,$p6_Pcat,$p7_Pdesc,$p8_Url,$pa_MP,$pd_FrpId,$pr_NeedResponse)

  214.     {

  215.         #进行签名处理,一定按照文档中标明的签名顺序进行

  216.         $sbOld = "";

  217.         #加入业务类型

  218.         $sbOld = $sbOld.$this->p0_Cmd;

  219.         #加入商户编号

  220.         $sbOld = $sbOld.$p1_MerId;

  221.         #加入商户订单号

  222.         $sbOld = $sbOld.$p2_Order;     

  223.         #加入支付金额

  224.         $sbOld = $sbOld.$p3_Amt;

  225.         #加入交易币种

  226.         $sbOld = $sbOld.$p4_Cur;

  227.         #加入商品名称

  228.         $sbOld = $sbOld.$p5_Pid;

  229.         #加入商品分类

  230.         $sbOld = $sbOld.$p6_Pcat;

  231.         #加入商品描述

  232.         $sbOld = $sbOld.$p7_Pdesc;

  233.         #加入商户接收支付成功数据的地址

  234.         $sbOld = $sbOld.$p8_Url;

  235.         #加入送货地址标识

  236.         $sbOld = $sbOld.$this->p9_SAF;

  237.         #加入商户扩展信息

  238.         $sbOld = $sbOld.$pa_MP;

  239.         #加入银行编码

  240.         $sbOld = $sbOld.$pd_FrpId;

  241.         #加入是否需要应答机制

  242.         $sbOld = $sbOld.$pr_NeedResponse;

  243.         

  244.         return $this->HmacMd5($sbOld,$merchantKey);

  245.     } 

  246. 

  247.     #    取得返回串中的所有参数

  248.     function getCallBackValue(&$r0_Cmd,&$r1_Code,&$r2_TrxId,&$r3_Amt,&$r4_Cur,&$r5_Pid,&$r6_Order,&$r7_Uid,&$r8_MP,&$r9_BType,&$hmac)

  249.     {  

  250.         $r0_Cmd       = $_REQUEST['r0_Cmd'];

  251.         $r1_Code      = $_REQUEST['r1_Code'];

  252.         $r2_TrxId     = $_REQUEST['r2_TrxId'];

  253.         $r3_Amt       = $_REQUEST['r3_Amt'];

  254.         $r4_Cur       = $_REQUEST['r4_Cur'];

  255.         $r5_Pid       = $_REQUEST['r5_Pid'];

  256.         $r6_Order     = $_REQUEST['r6_Order'];

  257.         $r7_Uid       = $_REQUEST['r7_Uid'];

  258.         $r8_MP        = $_REQUEST['r8_MP'];

  259.         $r9_BType     = $_REQUEST['r9_BType']; 

  260.         $hmac         = $_REQUEST['hmac'];

  261.         return NULL;

  262.     }

  263. 

  264.     function CheckHmac($p1_MerId,$merchantKey,$r0_Cmd,$r1_Code,$r2_TrxId,$r3_Amt,$r4_Cur,$r5_Pid,$r6_Order,$r7_Uid,$r8_MP,$r9_BType,$hmac)

  265.     {

  266.         if($hmac == $this->getCallbackHmacString($p1_MerId,$merchantKey,$r0_Cmd,$r1_Code,$r2_TrxId,$r3_Amt,$r4_Cur,$r5_Pid,$r6_Order,$r7_Uid,$r8_MP,$r9_BType))

  267.             return TRUE;

  268.         else

  269.             return FALSE;

  270.     }

  271. 

  272.     function getCallbackHmacString($p1_MerId,$merchantKey,$r0_Cmd,$r1_Code,$r2_TrxId,$r3_Amt,$r4_Cur,$r5_Pid,$r6_Order,$r7_Uid,$r8_MP,$r9_BType)

  273.     {

  274.         #取得加密前的字符串

  275.         $sbOld = "";

  276.         #加入商家ID

  277.         $sbOld = $sbOld.$p1_MerId;

  278.         #加入消息类型

  279.         $sbOld = $sbOld.$r0_Cmd;

  280.         #加入业务返回码

  281.         $sbOld = $sbOld.$r1_Code;

  282.         #加入交易ID

  283.         $sbOld = $sbOld.$r2_TrxId;

  284.         #加入交易金额

  285.         $sbOld = $sbOld.$r3_Amt;

  286.         #加入货币单位

  287.         $sbOld = $sbOld.$r4_Cur;

  288.         #加入产品Id

  289.         $sbOld = $sbOld.$r5_Pid;

  290.         #加入订单ID

  291.         $sbOld = $sbOld.$r6_Order;

  292.         #加入用户ID

  293.         $sbOld = $sbOld.$r7_Uid;

  294.         #加入商家扩展信息

  295.         $sbOld = $sbOld.$r8_MP;

  296.         #加入交易结果返回类型

  297.         $sbOld = $sbOld.$r9_BType;

  298.         

  299.         return $this->HmacMd5($sbOld,$merchantKey,'gbk');

  300. 

  301.     }

  302. 

  303.     function HmacMd5($data,$key,$lang='utf-8')

  304.     {

  305.         //RFC 2104 HMAC implementation for php.

  306.         //Creates an md5 HMAC.

  307.         //Eliminates the need to install mhash to compute a HMAC

  308.         //Hacked by Lance Rushing(NOTE: Hacked means written)

  309.         

  310.         //需要配置环境支持iconv,否则中文参数不能正常处理

  311.         if($GLOBALS['cfg_soft_lang'] != 'utf-8' || $lang!='utf-8')

  312.         {

  313.             $key = gb2utf8($key);

  314.             $data = gb2utf8($data);

  315.         }

  316.         $b = 64; //byte length for md5

  317.         if (strlen($key) > $b) {

  318.             $key = pack("H*",md5($key));

  319.         }

  320.         $key = str_pad($key, $b, chr(0x00));

  321.         $ipad = str_pad('', $b, chr(0x36));

  322.         $opad = str_pad('', $b, chr(0x5c));

  323.         $k_ipad = $key ^ $ipad ;

  324.         $k_opad = $key ^ $opad;

  325.         

  326.         return md5($k_opad.pack("H*",md5($k_ipad.$data)));

  327.     }

  328. 

  329.     /*处理物品交易*/

  330.     function success_db($order_sn)

  331.     {

  332.         //获取订单信息,检查订单的有效性

  333.         $row = $this->dsql->GetOne("SELECT state FROM #@__shops_orders WHERE oid='$order_sn' ");

  334.         if($row['state'] > 0)

  335.         {

  336.             return TRUE;

  337.         }    

  338.         /* 改变订单状态_支付成功 */

  339.         $sql = "UPDATE `#@__shops_orders` SET `state`='1' WHERE `oid`='$order_sn' AND `userid`='".$this->mid."'";

  340.         if($this->dsql->ExecuteNoneQuery($sql))

  341.         {

  342.             $this->log_result("verify_success,订单号:".$order_sn); //将验证结果存入文件

  343.             return TRUE;

  344.         } else {

  345.             $this->log_result ("verify_failed,订单号:".$order_sn);//将验证结果存入文件

  346.             return FALSE;

  347.         }

  348.     }

  349. 

  350.     /*处理点卡,会员升级*/

  351.     function success_mem($order_sn,$pname,$product,$pid)

  352.     {

  353.         //更新交易状态为已付款

  354.         $sql = "UPDATE `#@__member_operation` SET `sta`='1' WHERE `buyid`='$order_sn' AND `mid`='".$this->mid."'";

  355.         $this->dsql->ExecuteNoneQuery($sql);

  356. 

  357.         /* 改变点卡订单状态_支付成功 */

  358.         if($product=="card")

  359.         {

  360.             $row = $this->dsql->GetOne("SELECT cardid FROM #@__moneycard_record WHERE ctid='$pid' AND isexp='0' ");;

  361.             //如果找不到某种类型的卡,直接为用户增加金币

  362.             if(!is_array($row))

  363.             {

  364.                 $nrow = $this->dsql->GetOne("SELECT num FROM #@__moneycard_type WHERE pname = '{$pname}'");

  365.                 $dnum = $nrow['num'];

  366.                 $sql1 = "UPDATE `#@__member` SET `money`=money+'{$nrow['num']}' WHERE `mid`='".$this->mid."'";

  367.                 $oldinf ="已经充值了".$nrow['num']."金币到您的帐号";

  368.             } else {

  369.                 $cardid = $row['cardid'];

  370.                 $sql1=" UPDATE #@__moneycard_record SET uid='".$this->mid."',isexp='1',utime='".time()."' WHERE cardid='$cardid' ";

  371.                 $oldinf='您的充值密码是:<span style="color:color:#dc3545">'.$cardid.'</span>';

  372.             }

  373.             //更新交易状态为已关闭

  374.             $sql2=" UPDATE #@__member_operation SET sta=2,oldinfo='$oldinf' WHERE buyid='$order_sn'";

  375.             if($this->dsql->ExecuteNoneQuery($sql1) && $this->dsql->ExecuteNoneQuery($sql2))

  376.             {

  377.                 $this->log_result("verify_success,订单号:".$order_sn); //将验证结果存入文件

  378.                 return $oldinf;

  379.             } else {

  380.                 $this->log_result ("verify_failed,订单号:".$order_sn);//将验证结果存入文件

  381.                 return "支付失败";

  382.             }

  383.         /* 改变会员订单状态_支付成功 */

  384.         } else if ( $product=="member" ){

  385.             $row = $this->dsql->GetOne("SELECT `rank`,exptime FROM `#@__member_type` WHERE aid='$pid' ");

  386.             $rank = $row['rank'];

  387.             $exptime = $row['exptime'];

  388.             /*计算原来升级剩余的天数*/

  389.             $rs = $this->dsql->GetOne("SELECT uptime,exptime FROM `#@__member` WHERE mid='".$this->mid."'");

  390.             if($rs['uptime']!=0 && $rs['exptime']!=0 ) 

  391.             {

  392.                 $nowtime = time();

  393.                 $mhasDay = $rs['exptime'] - ceil(($nowtime - $rs['uptime'])/3600/24) + 1;

  394.                 $mhasDay=($mhasDay>0)? $mhasDay : 0;

  395.             }

  396.             //获取会员默认级别的金币和积分数

  397.             $memrank = $this->dsql->GetOne("SELECT money,scores FROM `#@__arcrank` WHERE `rank`='$rank'");

  398.             //更新会员信息

  399.             $sql1 =  " UPDATE `#@__member` SET `rank`='$rank',money=money+'{$memrank['money']}',

  400.                        scores=scores+'{$memrank['scores']}',exptime='$exptime'+'$mhasDay',uptime='".time()."' 

  401.                        WHERE mid='".$this->mid."'";

  402.             //更新交易状态为已关闭

  403.             $sql2=" UPDATE `#@__member_operation` SET sta='2',oldinfo='会员升级成功!' WHERE buyid='$order_sn' ";

  404.             if($this->dsql->ExecuteNoneQuery($sql1) && $this->dsql->ExecuteNoneQuery($sql2))

  405.             {

  406.                 $this->log_result("verify_success,订单号:".$order_sn); //将验证结果存入文件

  407.                 return "会员升级成功";

  408.             } else {

  409.                 $this->log_result ("verify_failed,订单号:".$order_sn);//将验证结果存入文件

  410.                 return "会员升级失败";

  411.             }

  412.         }    

  413.     }

  414. 

  415.     function  log_result($word) {

  416.         global $cfg_cmspath;

  417.         $fp = fopen(dirname(__FILE__)."/../../data/payment/log.txt","a");

  418.         flock($fp, LOCK_EX) ;

  419.         fwrite($fp,$word.",执行日期:".strftime("%Y-%m-%d %H:%I:%S",time())."\r\n");

  420.         flock($fp, LOCK_UN);

  421.         fclose($fp);

  422.     }

  423. 

  424. }//End API