直接上代码：

function googleVerify($sdata,$google_public_key){    $sdata = json_decode($sdata,true);    $in_app_purchase_data = isset($sdata['receipt'])?$sdata['receipt']:"";    $in_app_data_signature = isset($sdata['signature'])?$sdata['signature']:"";    $public_key = "-----BEGIN PUBLIC KEY-----" . PHP_EOL .        chunk_split($google_public_key, 64, PHP_EOL) .        "-----END PUBLIC KEY-----";    $public_key_handle = openssl_pkey_get_public($public_key);    $result = openssl_verify($in_app_purchase_data, base64_decode($in_app_data_signature), $public_key_handle, OPENSSL_ALGO_SHA1);    $status = 0;    $purchaseTime = 0;    if($result == 1){        $status = 1;        $in_app_purchase_data = json_decode($in_app_purchase_data, true);        $purchaseTime = isset($in_app_purchase_data['purchaseTime'])?intval($in_app_purchase_data['purchaseTime']):0;    }    return ['status'=>$status,'purcaseTime' => intval($purchaseTime)];}

 

参数说明：

$google_public_key：在google play console（）后台获取  ：  开发工具》服务和API 中能看到的KEY. $sdata:格式如下：

//

//$sdata为字符串，非json对象 //receipt，signature都是客户端购买后，google返回的数据

$sdata='{  "receipt": "{\"orderId\":\"GPA.3339-1d91-2716-249\",\"packageName\":\"con\",\"productId\":\"com.w.coin1\",\"purchaseTime\":1540265097944,\"purchaseState\":0,\"purchaseToken\":\"ogiafjoiY\"}",  "signature": "fFbfYTh2m/7nL9OZVTkw=="}';

返回数据：

$status：== 1，为真订单，0为假订单

$purcaseTime:  订单购买的时间戳。