HEX

File: /var/www/html/breadsecret.com_bak20260325/AlipayHKBackend/cc2.php
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
</head>
<?php
session_start() ;
error_reporting(E_ALL);
ini_set('display_errors', 1);
/*
echo "<pre>";
    print_r($_POST);
echo "</pre>";
*/
ob_start();

$url = 'https://openapi-int.qfapi.com'; // for credit card
$api_type = '/trade/v1/payment';

$pay_type = '802801'; 
// credit card
  // 802801	Visa / Mastercard Online Payments

//credit card
$app_code = '818F2E644C784DC296F3931AAB0B4EE1';
$app_key = 'DA0FA2200C7645A2A4E14DC925FBFF81';

$fields_string = '';

$extra = array();
$extra['card']['number'] = $_POST['cardNo'];
$extra['card']['cardholder_name'] = $_POST['holderName'];
$extra['card']['exp_month'] = $_POST['expiryMonth'];
$extra['card']['exp_year'] = $_POST['expiryYear'];
$extra['card']['cvc'] = $_POST['cvc'];

$extra['billing_address']['address1'] = $_POST['billAdd1'];
$extra['billing_address']['address2'] = $_POST['billAdd2'];
$extra['billing_address']['address3'] = $_POST['billAdd3'];
$extra['billing_address']['postal_code'] = $_POST['billPostalCode'];
$extra['billing_address']['city'] = $_POST['billCity'];
$extra['billing_address']['country_code'] = $_POST['billCountryCode'];

$extra['customer']['email'] = $_POST['email'];
$extra['customer']['session_id'] = $_POST['sessionID'];
$extra['customer']['ip_address'] = $_POST['ipAddress'];
$extra['customer']['reference_id'] = $_POST['referenceID'];

$extra['customer']['browser']['accept_header'] = "text/html";
$extra['customer']['browser']['user_agent_header'] = $_SERVER['HTTP_USER_AGENT'];
$extra['customer']['browser']['browser_language'] = explode(";",$_SERVER['HTTP_ACCEPT_LANGUAGE'])[0];

$plaintext = json_encode($extra);
$cipher = "aes-256-cbc";
$key = $app_key; // paste your key here
if (in_array($cipher, openssl_get_cipher_methods())){
    $ivlen = openssl_cipher_iv_length($cipher);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);

    $ciphertext = bin2hex(base64_decode($ciphertext));

    $payment_data_enc =  bin2hex(($iv)).$ciphertext;

    // decrypt test
    /*
    $ciphertext = base64_encode(hex2bin($ciphertext));
    $original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
    echo $original_plaintext."\n";
    */
    
} else {
    $payment_data_enc = "";
    echo 'algo not support';
}

$extend_info = ["payment_data_enc"=>$payment_data_enc, "return_url"=>"https://www.breadsecret.com/AlipayHKBackend/cc_result.php"];

$fields = array(
  //'mchid' => urlencode($mchid),
  'pay_type' => urlencode($pay_type),
  'out_trade_no' => urlencode($_POST['outTradeNo']),
  'txcurrcd' => urlencode($_POST['txCurrcd']),
  'txamt' => urlencode($_POST['txAmt']),
  'txdtm' => $_POST['txdTm'],
  'extend_info' => json_encode($extend_info)
);
ksort($fields); //字典排序A-Z升序方式
/*
echo "Input";
    echo "<pre>";
    print_r($fields);
    echo "</pre>";
echo "<hr>";
*/
foreach ($fields as $key => $value) {
    $fields_string .= $key . '=' . $value . '&';
  }
  $fields_string = substr($fields_string, 0, strlen($fields_string) - 1);
  
  $sign = strtoupper(md5($fields_string . $app_key));
  
  //// Header ////
  $header = array();
  $header[] = 'X-QF-APPCODE: ' . $app_code;
  $header[] = 'X-QF-SIGN: ' . $sign;
  
  //Post Data
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $url . $api_type);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
  $output = curl_exec($ch);
  curl_close($ch);
  
  $final_data = json_decode($output, true);
  
  echo "Output";
      echo "<pre>";
          print_r($final_data); 
      echo "</pre>";
      echo "<hr>";

      if(isset($final_data['pay_params']['3ds_challenge_details'])) {

        if(isset($_POST['sessionID']) && !empty($_POST['sessionID'])){
            $_SESSION['session_id'] = $_POST['sessionID'];
            $_SESSION['out_trade_no'] = $_POST['outTradeNo'];
            $_SESSION['set_cookie'] = $final_data['pay_params']['set-cookie'];
            $_SESSION['syssn'] = $final_data['pay_params']['order_code'];        
        }

?>

        <form method="post" action="<?php echo $final_data['pay_params']['3ds_challenge_details']['url'];?>" name="3dsForm" id="3dsForm">
            <table>
                <div>
                    <span>JWT :</span>
                    <textarea rows="3" cols="200" name="JWT"><?php echo $final_data['pay_params']['3ds_challenge_details']['jwt'];?></textarea>
                </div>
            </table>
            <button type="submit">submit</button>
            <script type="text/javascript">
                //$("#3dsForm").submit();
            </script>
        </form>

<?php

      }


  
  ob_end_flush();
?>