본문 바로가기

진리는어디에

구글/iOS 인앱 결제 서버 검증 - PHP (In-app purchase server side verification in PHP)

iOS

/* recept
	{
    	"Store":"AppleAppStore",
        "TransactionID":"1000000629303951",
        "Payload":"MIIT+QYJKoZIhvBFja19....BkpGkqEZQbQ8l8fNdoKPFRDc="
    }
*/
function IOSInappPurchaseVerify($recept_from_appstore)
{
	$json = array();
	$json["error_code"] = 0;
	$json["error_message"] = "success";
	$json["order_id"] = "";
	$json["product_id"] = "";
	$json["purchase_date"] = 0;
	$json["user_seq"] = 0;
	$json["char_num"] = 0;
	$json["currency_code"] = "";
	$json["price_amount"] = 0;

	$url = "https://sandbox.itunes.apple.com/verifyReceipt"
	$post_data = json_encode(array("receipt-data" => $recept_from_appstore));

	$curl = curl_init($url); 
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); 
	curl_setopt($curl, CURLOPT_POST, true); 
	curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);

	$response = curl_exec($curl);
	$errno    = curl_errno($curl);
	$errmsg   = curl_error($curl);

	curl_close($curl);

	$result = (object)json_decode($response);

	$json["order_id"] = $result->receipt->in_app[0]->transaction_id;
	$json["product_id"] = $result->receipt->in_app[0]->product_id;
	$json["purchase_date"] = $result->receipt->in_app[0]->purchase_date;
	
	return $json;
}

Android

function GoogleInappPurchaseVerify($receipt, $signature)
{
	$json = array();
	$json["error_code"] = 0;
	$json["error_message"] = "success";
	$json["order_id"] = "";
	$json["product_id"] = "";
	$json["purchase_date"] = 0;
	
	$google_play_key = "MIIBIjANBgkqhkiG9....pA/mCVpBPr7QIDAQAB";
	$public_key = 
	"-----BEGIN PUBLIC KEY-----\n". 
	chunk_split($google_play_key, 64, "\n"). 
	'-----END PUBLIC KEY-----';

	$key = openssl_get_publickey($public_key);
	$decoded_signature = base64_decode($signature);
	$result = json_decode($receipt);

	if(1 != openssl_verify($receipt, $decoded_signature, $key, OPENSSL_ALGO_SHA1 ))
	{
		throw new Exception("fail to verification", 1);
	}
    
	$json["order_id"] = $result->orderId;
	$json["product_id"] = $result->productId;
	$json["purchase_date"] = $result->purchaseTime;

	return $json;
}

$receipt = "{".
    "\"orderId\":\"GPA.3331-7513-9788-96070\",".
    "\"packageName\":\"com.kukuta.pentatiles\",".
    "\"productId\":\"pentatiles.google.hint.10\",".
    "\"purchaseTime\":1633449519729,".
    "\"purchaseState\":0,".
    "\"purchaseToken\":\"apookopndinajikkicgkkifo.AO-J1OzvmCTyKoD4-I93-1xHhddHSpseIRCbBup53Vl83o7A2LwUX9Wl3-2Hnml69AI3p6ZNtHrNoQYE7mMt3VYopfkCrPfAJ9m_HBIrjd_ZTHCTW6TMQlQ\",".
    "\"acknowledged\":false".
"}";

$signature = "nGNND0XpGqUNMA8GZ69BFsGEXYtqWukTaETrzf8dhxqWGo2zB1ZV7xzujruLnRVqwJD3cb9PtV2bEgTF7VrNpuxoXIiOxJNleJ05L0g+O0ex6BClBUscPeE5TnjMnEBfk6IOs0r8VFaq9/EmDSG4f4KkurprNVenpCmtBqSQPPj9wYR1BNu8fW9qVrTzx3RqpN41ytwyqm2OmW4Of0gLDlvrAYBsv43pzJD+J6ejX9fcVfZc1ZpO7pgi/fsirYah9R+BFZQCML6spFZwrzG5w+WfmpNTfwIzBFJ9m4d7DckKxIwCoQNsORaKSMCIGvynRGYaalGFFG4Bx5FNWcpsDg==";
print_r(GoogleInappPurchaseVerify($receipt, $signature));

// OUTPUT :
// Array
// (
//     [error_code] => 0
//     [error_message] => success
//     [order_id] => GPA.3331-7513-9788-96070
//     [product_id] => pentatiles.google.hint.10
//     [purchase_date] => 1633449519729
// )
유익한 글이었다면 공감(❤) 버튼 꾹!! 추가 문의 사항은 댓글로!!