function verifyCallback()
{
$async = empty($_GET);
$data = $async ? $_POST : $_GET;
if (empty($data)) {
return FALSE;
}
$signValid = $this->verifyParameters($data, $data["sign"]);
$notify_id = isset($data['notify_id']) ? $data['notify_id'] : NULL;
if ($async && $this->is_mobile) {
//对notify_data解密
if ($this->config['sign_type'] == '0001') {
$data['notify_data'] = $this->rsaDecrypt($data['notify_data'], $this->config['private_key_path']);
}
//notify_id从decrypt_post_para中解析出来(也就是说decrypt_post_para中已经包含notify_id的内容)
$doc = new \DOMDocument();
$doc->loadXML($data['notify_data']);
$notify_id = $doc->getElementsByTagName('notify_id')->item(0)->nodeValue;
}
//获取支付宝远程服务器ATN结果(验证是否是支付宝发来的消息)
$responseTxt = 'true';
if (!empty($notify_id)) {
$responseTxt = $this->verifyFromServer($notify_id);
}
//验证
//$signValid的结果不是true,与安全校验码、请求时的参数格式(如:带自定义参数等)、编码格式有关
//$responsetTxt的结果不是true,与服务器设置问题、合作身份者ID、notify_id一分钟失效有关
return $signValid && preg_match("/true\$/i", $responseTxt);
}