From 7f56daa65a568debc023e7ec51ef54c553d41aae Mon Sep 17 00:00:00 2001
From: tpingzhang <635929049@qq.com>
Date: Tue, 19 Nov 2019 10:14:42 +0800
Subject: [PATCH] =?UTF-8?q?=E5=B9=B3=E5=8F=B0=E5=B8=81=E5=BF=AB=E6=8D=B7?=
 =?UTF-8?q?=E6=94=AF=E4=BB=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Callback/Controller/BaseController.class.php      |  4 ++++
 .../Callback/Controller/NotifyController.class.php    |  1 +
 Application/Sdk/Controller/WapPayController.class.php | 11 +++++++++--
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/Application/Callback/Controller/BaseController.class.php b/Application/Callback/Controller/BaseController.class.php
index 91b16c6f..4a98dc07 100644
--- a/Application/Callback/Controller/BaseController.class.php
+++ b/Application/Callback/Controller/BaseController.class.php
@@ -180,6 +180,10 @@ class BaseController extends Controller {
         $deposit = M('deposit',"tab_");
         $map['pay_order_number'] = $data['out_trade_no'];
         $d = $deposit->where($map)->find();
+        // 支付金额判断 by zgc
+        if (isset($data['money']) && $d['pay_amount'] != $data['money']) {
+        	$this->record_logs("支付金额不一致".$data['out_trade_no'].":".$data['money']);return false;
+        }
         if(empty($d)){return false;}
         if($d['pay_status'] == 0){
             $data_save['pay_status'] = 1;
diff --git a/Application/Callback/Controller/NotifyController.class.php b/Application/Callback/Controller/NotifyController.class.php
index 898dd4f1..37f395e3 100644
--- a/Application/Callback/Controller/NotifyController.class.php
+++ b/Application/Callback/Controller/NotifyController.class.php
@@ -469,6 +469,7 @@ class NotifyController extends BaseController
         {
             $order_info['trade_no'] = $orderNo;
             $order_info['out_trade_no'] = $billNo;
+            $order_info['money'] = $amount;
             $pay_where = substr($billNo, 0, 2);
             switch ($pay_where) {
                 case 'SP':
diff --git a/Application/Sdk/Controller/WapPayController.class.php b/Application/Sdk/Controller/WapPayController.class.php
index aa803fbb..629953ff 100644
--- a/Application/Sdk/Controller/WapPayController.class.php
+++ b/Application/Sdk/Controller/WapPayController.class.php
@@ -312,7 +312,14 @@ class WapPayController extends BaseController{
     		'user_id' => $param['user_id'],
     		'game_id' => $param['game_id']
     	))->order('id desc')->find();
-    	if ($payInfo['price'] <= 0) {
+    	$info = json_decode($payInfo['info'], true);
+    	$deposit = M('deposit', 'tab_')->where([
+    		'pay_order_number' => $info['pay_order_number']
+    	])->find();
+    	if ($deposit['pay_amount'] != $payInfo['price']) {
+    		$this->error("数据有误.", '', true);
+    	}
+    	if ($payInfo['price'] <= 1) {
     		$this->error("数据有误", '', true);
     	}
     	if ($payInfo['status'] == 'payed') {
@@ -437,7 +444,7 @@ class WapPayController extends BaseController{
 	    			'secret' => C('sqpay.key'),
 	    			'merOrderNo' => $payInfo['order_id'],
 	    			'NotifyURL' => "http://api.wmtxkj.cn"."/callback.php?Notify/sq_callback",
-	    			'purpose' => 'aaaa'
+	    			'purpose' => '游戏充值'
 	    		));
 	    		//echo "发送短信==》".time()."<br>";
 	    		if ($ret['resFlag'] == 'success') {