我们正在验证我们的服务器上的收据,并且我们收到黑客收据并返回状态0!
这是我们的服务器代码:
$postData = json_encode(
array('receipt-data' => $receipt)
);
//return $postData;
// create the cURL request
$ch = curl_init($endpoint);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
// execute the cURL request and fetch response data
$response = curl_exec($ch);
$errno = curl_errno($ch);
$errmsg = curl_error($ch);
curl_close($ch);
// ensure the request succeeded
if ($errno != 0) {
throw new Exception($errmsg, $errno);
}
// parse the response data
$data = json_decode($response);
// ensure response data was a valid JSON string
if (!is_object($data)) {
return 'Invalid response data';
}
// ensure the expected data is present
if (!isset($data->status) || $data->status != 0) {
return "Apple return with error ".$data->status;
}
我已经尝试在收据中放置一个虚假数据,它会回复21002错误(收据格式不正确)。
我检查收据状态是否为0,对于假收据,它会返回YES。
这是一个新鲜的
{
"status": 0,
"environment": "Production",
"receipt": {
"receipt_type": "Production",
"adam_id": 813798979,
"bundle_id": "com.site.gamename",
"application_version": "0.7",
"download_id": 81005576413585,
"request_date": "2014-04-23 21:37:23 Etc/GMT",
"request_date_ms": "1398289043287",
"request_date_pst": "2014-04-23 14:37:23 America/Los_Angeles",
"original_purchase_date": "2014-04-21 20:36:09 Etc/GMT",
"original_purchase_date_ms": "1398112569000",
"original_purchase_date_pst": "2014-04-21 13:36:09 America/Los_Angeles",
"original_application_version": "0.7",
"in_app": []
}
}
STATUS = 0 !!!这怎么可能!?
而且它附带了伪造的交易ID
84091B08-4706-4810-924F-BC10CC1B
我该怎么办?
怎么回事!?我是如何从这些被黑的收据中获得状态0的?!