구글/iOS 인앱 결제 서버 검증 - PHP (In-app purchase server side verification in PHP)

iOS

/* recept
	{
    	"Store":"AppleAppStore",
        "TransactionID":"1000000629303951",
        "Payload":"MIIT+QYJKoZIhvBFja19....BkpGkqEZQbQ8l8fNdoKPFRDc="
    }
*/
function IOSInappPurchaseVerify($recept_from_appstore)
{
‌$json = array();
‌$json["error_code"] = 0;
‌$json["error_message"] = "success";
‌$json["order_id"] = "";
‌$json["product_id"] = "";
‌$json["purchase_date"] = 0;
‌$json["user_seq"] = 0;
‌$json["char_num"] = 0;
‌$json["currency_code"] = "";
‌$json["price_amount"] = 0;

‌$url = "https://sandbox.itunes.apple.com/verifyReceipt"
‌$post_data = json_encode(array("receipt-data" => $recept_from_appstore));

‌$curl = curl_init($url); 
‌curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
‌curl_setopt($curl, CURLOPT_POST, true); 
‌curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);

‌$response = curl_exec($curl);
‌$errno    = curl_errno($curl);
‌$errmsg   = curl_error($curl);

‌curl_close($curl);

‌$result = (object)json_decode($response);

‌$json["order_id"] = $result->receipt->in_app[0]->transaction_id;
‌$json["product_id"] = $result->receipt->in_app[0]->product_id;
‌$json["purchase_date"] = $result->receipt->in_app[0]->purchase_date;
‌
‌return $json;
}

Android

function GoogleInappPurchaseVerify($receipt, $signature)
{
‌$json = array();
‌$json["error_code"] = 0;
‌$json["error_message"] = "success";
‌$json["order_id"] = "";
‌$json["product_id"] = "";
‌$json["purchase_date"] = 0;
‌
‌$google_play_key = "MIIBIjANBgkqhkiG9....pA/mCVpBPr7QIDAQAB";
‌$public_key = 
‌"-----BEGIN PUBLIC KEY-----\n". 
‌chunk_split($google_play_key, 64, "\n"). 
‌'-----END PUBLIC KEY-----';

‌$key = openssl_get_publickey($public_key);
‌$decoded_signature = base64_decode($signature);
‌$result = json_decode($receipt);

‌if(1 != openssl_verify($receipt, $decoded_signature, $key, OPENSSL_ALGO_SHA1 ))
‌{
‌‌throw new Exception("fail to verification", 1);
‌}
​​​​
‌$json["order_id"] = $result->orderId;
‌$json["product_id"] = $result->productId;
‌$json["purchase_date"] = $result->purchaseTime;

‌return $json;
}

$receipt = "{".
​​​​"\"orderId\":\"GPA.3331-7513-9788-96070\",".
​​​​"\"packageName\":\"com.kukuta.pentatiles\",".
​​​​"\"productId\":\"pentatiles.google.hint.10\",".
​​​​"\"purchaseTime\":1633449519729,".
​​​​"\"purchaseState\":0,".
​​​​"\"purchaseToken\":\"apookopndinajikkicgkkifo.AO-J1OzvmCTyKoD4-I93-1xHhddHSpseIRCbBup53Vl83o7A2LwUX9Wl3-2Hnml69AI3p6ZNtHrNoQYE7mMt3VYopfkCrPfAJ9m_HBIrjd_ZTHCTW6TMQlQ\",".
​​​​"\"acknowledged\":false".
"}";

$signature = "nGNND0XpGqUNMA8GZ69BFsGEXYtqWukTaETrzf8dhxqWGo2zB1ZV7xzujruLnRVqwJD3cb9PtV2bEgTF7VrNpuxoXIiOxJNleJ05L0g+O0ex6BClBUscPeE5TnjMnEBfk6IOs0r8VFaq9/EmDSG4f4KkurprNVenpCmtBqSQPPj9wYR1BNu8fW9qVrTzx3RqpN41ytwyqm2OmW4Of0gLDlvrAYBsv43pzJD+J6ejX9fcVfZc1ZpO7pgi/fsirYah9R+BFZQCML6spFZwrzG5w+WfmpNTfwIzBFJ9m4d7DckKxIwCoQNsORaKSMCIGvynRGYaalGFFG4Bx5FNWcpsDg==";
print_r(GoogleInappPurchaseVerify($receipt, $signature));

// OUTPUT :
// Array
// (
//     [error_code] => 0
//     [error_message] => success
//     [order_id] => GPA.3331-7513-9788-96070
//     [product_id] => pentatiles.google.hint.10
//     [purchase_date] => 1633449519729
// )