直接上代码:
function googleVerify($sdata,$google_public_key) { $sdata = json_decode($sdata,true); $in_app_purchase_data = isset($sdata['receipt'])?$sdata['receipt']:""; $in_app_data_signature = isset($sdata['signature'])?$sdata['signature']:""; $public_key = "-----BEGIN PUBLIC KEY-----" . PHP_EOL . chunk_split($google_public_key, 64, PHP_EOL) . "-----END PUBLIC KEY-----"; $public_key_handle = openssl_pkey_get_public($public_key); $result = openssl_verify($in_app_purchase_data, base64_decode($in_app_data_signature), $public_key_handle, OPENSSL_ALGO_SHA1); $status = 0; $purchaseTime = 0; if($result == 1){ $status = 1; $in_app_purchase_data = json_decode($in_app_purchase_data, true); $purchaseTime = isset($in_app_purchase_data['purchaseTime'])?intval($in_app_purchase_data['purchaseTime']):0; } return ['status'=>$status,'purcaseTime' => intval($purchaseTime)]; }
参数说明:
$google_public_key:在google play console(https://play.google.com/apps/publish/)后台获取 : 开发工具》服务和API 中能看到的KEY.
$sdata:格式如下:
//
//$sdata为字符串,非json对象
//receipt,signature都是客户端购买后,google返回的数据
$sdata='{ "receipt": "{"orderId":"GPA.3339-1d91-2716-249","packageName":"con","productId":"com.w.coin1","purchaseTime":1540265097944,"purchaseState":0,"purchaseToken":"ogiafjoiY"}", "signature": "fFbfYTh2m/7nL9OZVTkw==" }';
返回数据:
$status:== 1,为真订单,0为假订单
$purcaseTime: 订单购买的时间戳。