支付宝回调如何验证签名?

支付宝回调,得到这样一个数组(数组只是形式,并不是真实数据)

array discount => 0.00, payment_type => 1, subject => 测试02, trade_no => 201603122100106821, buyer_email => 18776152065, gmt_create => 2016-03-12 11:30:08, notify_type => trade_status_sync, quantity => 1, out_trade_no => 1603125610283, seller_id => 2088122451677261, notify_time => 2016-03-13 11:54:40, body => 测试02, trade_status => TRADE_SUCCESS, is_total_fee_adjust => N, total_fee => 0.01, gmt_payment => 2016-03-12 11:30:09, seller_email => xxxx@126.com, price => 0.01, buyer_id => 2088612804, notify_id => ba20b13f6lk2, use_coupon => N, sign_type => RSA, sign => Bn6IEyE9=,

然后ksort排序,去除sign_type,sign,拼接成
body=Hello&buyer_email=13788888888&buyer_id=2088002007013600..............这样字符串

openssl_verify`拼接字符串`, base64_decode$_POST[sign], $publickey;

总返回 0 ,验证不成功,是哪一步出错

支付宝都会提供 demo 的,里面包含了验证签名的算法,其实提供了整个lib包,你直接拿来用就可以了

请问解决了吗?我也遇到这个问题了,直接用的官方php sdk,总是返回0.

该答案已被忽略,原因:

发表评论

电子邮件地址不会被公开。 必填项已用*标注