About the validation of Apple purchase

The process for users to buy Apple products is as follows:

  
 

   
  

  
1. Apply send request to server, get all products ID List
   
  

  
2. The server returns a list of products IDs
   
  

  
3. App send request to app Store for products
   
  

  
4.APP Store Returns product information
   
  

  
5. The app uses this information to display a store interface to the user
   
  

  
6. The user selects an item from the store
   
  

  
7. App sends payment request to App Store
   
  

  
8.APP Store handles the payment and returns the completed transaction
   
  

  
9. App gets receipt data from transaction and sends it to the server
   
  

  
10. The server records receipt data and establishes a audit trail (review trail)
   
  

  
11. The server sends receipt data to the app Store to verify that it is legitimate transaction
   
  

  
12.APP Store parses receipt data and returns receipt, as well as validation results (legal)
   
  

  
13. The server reads the returned receipt data and determines which user has completed the purchase
   
  

  
14. The server delivers purchased content to iOS apps
  
 
Purchase (Buy)When the user is ready to purchase product, the app requests the App Store to complete the payment. The App Store creates a persistent transaction that will continue to process the payment transaction, even if the user exits and restarts the app. The App Store synchronizes pending trade lists to the app and delivers updates to the app when any trading status changes. Speaking of purchase, one of the things I had to say before I had a headache was validation:
static public Function Getreceiptdata ($receipt, $isSandbox = False) {if ($isSandbox) {        $endpoint = ' Https://sandbox.itunes.apple.com/verifyReceipt ';        } else {$endpoint = ' https://buy.itunes.apple.com/verifyReceipt '; } error_log (Date ("Y-m-d h:i:s"). "Procappstorenotification Request error Data". Serialize ($receipt). "                \ r \ n ", 3, ' Appstore.log ');                $postData = Json_encode (Array (' receipt-data ' = $receipt)); Error_log (Date ("Y-m-d h:i:s"). "Procappstorenotification Request error Data". Serialize ($postData). "        \ r \ n ", 3, ' Appstore.log ');        $ch = Curl_init ($endpoint);        curl_setopt ($ch, Curlopt_returntransfer, true);        curl_setopt ($ch, Curlopt_post, true);                curl_setopt ($ch, Curlopt_postfields, $postData);  curl_setopt ($ch, Curlopt_ssl_verifypeer, 0); ? Mount Luk??? Lu's basket? The Burrow, Lu them, SSL Lu riveting curl_setopt ($ch, CURLOPT_SSL_verifyhost, 0);        $response = curl_exec ($ch);        $errno = Curl_errno ($ch);        $errmsg = Curl_error ($ch);                Curl_close ($ch); //?? The dew?? The LU Lu is the LU that is riveting Lu??        Lu, Spear, if ($errno! = 0) {throw new Exception ($errmsg, $errno);                } $data = Json_decode ($response); Error_log (Date ("Y-m-d h:i:s"). "Procappstorenotification Request error Data". Serialize ($data). "                \ r \ n ", 3, ' Appstore.log '); //?? Lou Lu? Media timestamp??? Road cap?? The dew??        Trade if (!is_object ($data)) {throw new Exception (' Invalid response data '); }                //?? Lu Lu's appearance?!isset ($data->status) | | $data->status! = 0) {throw new excep        tion (' Invalid receipt '); } error_log (Date ("Y-m-d h:i:s"). "Procappstorenotification Request error Data". Serialize ($data). "                \ r \ n ", 3, ' Appstore.log '); The road???? RIDGE RETUrn Array (' quantity ' = $data->receipt->quantity, ' product_id ' = $data-&gt ; receipt->product_id, ' transaction_id ' = $data->receipt->transaction_id, ' Purchase_dat            E ' = $data->receipt->purchase_date, ' app_item_id ' and $data->receipt->app_item_id,        ' Bid ' = $data->receipt->bid, ' Bvrs ' and ' = $data->receipt->bvrs );
} Before some of the bill verification failed, and then checked the next is to send the Apple verification data need to be encoded with Base64, and then I changed
$postData = Json_encode (Array (' receipt-data ' = Base64_encode ($receipt)));


Store ReceiptThe receipt data you send to the App store encodes the transaction information. When the App store validates the receipt, the receipt data is decoded and returned in the response. The receipt response is a JSON dictionary that contains all the information about the Skpaymenttransaction object in the app. The server can therefore query these JSON domains for details about the user's purchase. Apple recommends that iOS apps send only receipt data to the server, do not send transaction data to the server, and then the server goes to the App store to verify receipt. The APP store verifies that the receipt data has not been tampered with. It is more secure for the server to get transaction information from the receipt data that the App store responds to, rather than sending the transaction information directly from the iOS app to the server. The following table lists the information that you can get from the response receipt, and many keys correspond directly to the properties of the Skpaymenttransaction class. The keys that are not specified in the table are reserved by Apple and must not be used.
  
 

   
  
 
   
 
    
Key
 
    
Describe
 
   
 
   
 
    
Quantity
 
    
Number of purchases, corresponding to the transaction.payment.quantity attribute
 
   
 
   
 
    
product_id
 
    
Product ID identification, corresponding to the Transaction.payment.productIdentifier property
 
   
 
   
 
    
transaction_id
 
    
Transaction ID identifier, corresponding to Transaction.transactionidentifier property
 
   
 
   
 
    
Purchase_date
 
    
Date and time when the transaction occurred, corresponding to the Transaction.transactiondate property
 
   
 
   
 
    
original_transaction_id
 
    
For a restore transaction, this value holds the original transaction ID
 
   
 
   
 
    
Original_purchase_date
 
    
For a restore transaction, this value holds the original trading date
 
   
 
   
 
    
app_item_id
 
    
String, which is used by the App Store to uniquely identify an iOS app that created a payment transaction. If your server supports multiple iOS apps, you can use this value to differentiate between different apps. Applications running in the sandbox are not app_item_id, so this key does not exist
 
   
 
   
 
    
Version_external_identifier
 
    
Any numeric value that uniquely identifies your app revision. Sandbox application does not have this key
 
   
 
   
 
    
Bid
 
    
Bundle ID for iOS apps
 
   
 
   
 
    
Bvrs
 
    
Version number of the iOS app
 
   
 
  
  
 

About the validation of Apple purchase