Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/oop/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 正在验证Amazon Payment Express发送的返回签名_Php_Amazon Pay - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 正在验证Amazon Payment Express发送的返回签名

Php 正在验证Amazon Payment Express发送的返回签名

php

Php 正在验证Amazon Payment Express发送的返回签名,php,amazon-pay,Php,Amazon Pay,我已经通过Amazon登录和Pay Express(基于此处的演示:)成功地完成了支付 但是,当用户成功购买时,他们会被重定向回我的网站return success url,其中包含一组参数,用于描述他们购买的内容,以及Amazon提供的请求签名 我尝试了下面给出的代码来计算验证的原始签名从Amazon返回的签名,但此代码不会生成与Amazon在返回url中发送的签名相匹配的签名 ExpressSuccess.php <?php echo ("<pre>"); print_r(

我已经通过Amazon登录和Pay Express(基于此处的演示:)成功地完成了支付

但是,当用户成功购买时,他们会被重定向回我的网站return success url,其中包含一组参数,用于描述他们购买的内容,以及Amazon提供的请求签名

我尝试了下面给出的代码来计算验证的原始签名从Amazon返回的签名,但此代码不会生成与Amazon在返回url中发送的签名相匹配的签名

ExpressSuccess.php

<?php
echo ("<pre>");
print_r($_GET);
echo ("</pre>");

/* begin signature validation */
$merchantId  = "************"; // SellerID
$accessKey   = "*****************"; // MWS Access Key
$secretKey   = "***********************"; // MWS Secret Key
$lwaClientId = "***********************"; // Login With Amazon Client ID

/* Add http:// or https:// before your Return URL
 * The webpage of your site where the buyer should be redirected to after the payment is made
 * In this example you can link it to the Result.php, which checks for the success or failure of the payment
 * and routes it to the appropriate URL defined
 */
$returnURL   = "http://localhost/demo/pay-with-amazon/ExpressSuccess.php";
$cancelReturnURL = "http://localhost/demo/pay-with-amazon/ExpressCancel.php";

$signatureReturned = $_GET['signature'];
$parameters = $_GET;
unset($parameters['signature']);

if(isset($parameters['sellerOrderId'])) {
    $parameters['sellerOrderId'] = rawurlencode($parameters['sellerOrderId']);
}
uksort($parameters, 'strcmp');

$parseUrl = parse_url($returnURL);    
$stringToSign = "GET\n" . $parseUrl['host'] . "\n" . $parseUrl['path'] . "\n";

foreach ($parameters as $key => $value) {
    $queryParameters[] = $key . '=' . str_replace('%7E', '~', rawurlencode($value));
}
$stringToSign .= implode('&', $queryParameters);

$signatureCalculated = base64_encode(hash_hmac("sha256", $stringToSign, $secretKey, true));
$signatureCalculated = str_replace('%7E', '~', rawurlencode($signatureCalculated));

if ($signatureReturned == $signatureCalculated) {
    echo "Signature was successfully validated.";
} else {
    echo "Signature does not match.";
}
?>
如果有人知道我哪里做错了,请告诉我

谢谢

它的
$signatureReturned
$signatureCalculated
格式相同吗?因为对我来说,亚马逊支付API正在返回
$signatureReturned
rawurlencode
-d2x。比如->
\rawurlencode(\rawurlencode('string'))