Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Post an Article
Welcome To Ask or Share your Answers For Others

Categories

订单回调思路

0 votes
176 views
in Technique[技术] by (71.8m points)

订单回调思路

最近在写一个充值功能,由于不太好测试,各位大佬请看看我这种写法有啥明显逻辑上的bug么,谢谢各位大神

public $data;
public $where;
/**
 * aliba回调地址
 * {$url}/callback/aliba
 **/
public function alibaAction()
{
    $this->where = $_GET;
    $db          = $this->mysql();
    switch ($this->where['state']) {
        case 2:
            $this->data = [
                'callback_time'   => time(),
                'order_type'      => 1,
                'callback_result' => '充值中',
            ];
            $res = 'no';
            break;
        case 3:
            $this->data = [
                'callback_time' => time(),
                'status'        => 'success',
                'order_type'    => 3,
            ];
            $res = 'OK';
            break;
        case 4:
            $this->data = [
                'callback_time'   => time(),
                'status'          => 'issue_orders',
                'order_type'      => 2,
                'callback_result' => '待补单',
            ];
            $res = 'no';
            break;
    }
    $result = $db->action(function ($database) {
        $result = $database->update('cecharge_order', $this->data, [
            'order_number' => $this->where['orderid'],
            'deletetime'   => null,
            'order_type'   => 1,
            'status'       => 'wait',
        ]);
        if ($result->rowCount() <= 0) {
            dump_log('回调地址: ' . $_SERVER['REQUEST_URI'] . ' 状态: 订单更新失败', 'aliba_callback_error.txt');
            return false;
        }
        if ($this->where['state'] == 2) {
            $result = $database->delete('cecharge_info', [
                'order_number' => $this->where['orderid'],
            ]);
            if ($result->rowCount() <= 0) {
                dump_log('回调地址: ' . $_SERVER['REQUEST_URI'] . ' 状态: 订单记录删除失败', 'aliba_callback_error.txt');
                return false;
            }
        }
        dump_log('回调地址: ' . $_SERVER['REQUEST_URI'] . ' 状态: 成功', 'aliba_callback_success.txt');
        return false;
    });
    dump_log('回调地址: ' . $_SERVER['REQUEST_URI'] . '', 'aliba_callback.txt');
    return $res;
}

}
`


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

收到支付的回调后, 不要直接去更新DB里订单
应该

1.校验请求来源是否安全可靠

如果你的回调接口被暴露了,可能会被恶意请求,随便来个请求就把你的订单数据修改了,造成的后果,你懂得.

2.根据订单编号 查询订单是否真实存在

3.检查订单状态 是否已支付

因为回调受网络影响,可能会重试多次,避免重复处理.

4. 如果订单存在,那么回调给你的支付成功的和数据库里的订单金额是否完全一致

注意 这是一个很容易被忽略的点
创建订单后,可以通过抓包工具,修改金额,然后进行支付,订单号没变,但实际支付的金额缺减少了.

有其他疑问,请在评论区交流.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

Just Browsing Browsing

1.4m articles

1.4m replys

5 comments

56.7k users

Most popular tags

Snow Theme by Q2A Market
Powered by Question2Answer
...