前言
移动端支付宝支付的流程大概是 生成订单>生成签名>支付>支付回调
其中 生成签名步骤 后台和移动端都可以进行 但考虑安全问题,支付宝官方建议服务器端进行签名生成及验证 然后将生成的签名返回给移动端,移动端直接用它去支付
下载支付宝sdk
https://docs.open.alipay.com/54/103419/
请求参数说明
https://docs.open.alipay.com/204/105465/
public function getOrderString(){
$receive_data = urldecode(I('json'));
$receive_array = json_decode($receive_data, true);
//移动端请求订单编号order_number 用于提供回调接口的请求参数
$order_number = $receive_array['order_number'];
//支付价格
$total_amount = M('user_order') -> where(array('order_number' => $order_number)) -> getField('price');
//引入sdk 我把sdk放在了vendor目录下
vendor('alipayNew.aop.AopClient');
$aop = new \AopClient;
$aop->gatewayUrl = "https://openapi.alipay.com/gateway.do";
$aop->appId = "你的appid";
$aop->rsaPrivateKey = '你的私钥';
$aop->format = "json";
$aop->charset = "UTF-8";
$aop->signType = "RSA2";
$aop->alipayrsaPublicKey = '你的的公钥';
//实例化具体API对应的request类,类名称和接口名称对应,当前调用接口名称:alipay.trade.app.pay
vendor('alipayNew.aop.request.AlipayTradeAppPayRequest');
$request = new \AlipayTradeAppPayRequest();
//SDK已经封装掉了公共参数,这里只需要传入业务参数
$bizcontent = "{\"body\":\"我是测试数据\","
. "\"subject\": \"项目名\","
. "\"out_trade_no\": \"".'不重复的字符串,也可以直接传订单编号'."\","
. "\"timeout_express\": \"30m\","
. "\"total_amount\": \"".$total_amount."\","
. "\"product_code\":\"QUICK_MSECURITY_PAY\""
. "}";
$request->setNotifyUrl("回调地址");//拼上你回调接口的请求参数,比如需要order_number 回调地址为"回调地址/order_number/".$order_number
$request->setBizContent($bizcontent);
//这里和普通的接口调用不同,使用的是sdkExecute
$response = $aop->sdkExecute($request);
//htmlspecialchars是为了输出到页面时防止被浏览器将关键参数html转义,实际打印到日志以及http传输不会有这个问题
//$return['orderString'] = htmlspecialchars($response);//输出到页面时用htmlspecialchars处理一下
$return['orderString'] = $response;//返回给移动端时直接将$response返回即可
$this -> jsonSuccess($return);
}