The source code includes installation tutorials, more than 20 function and security update documents, source code descriptions, etc. Xiaobai can also be easily built.
It can easily handle high concurrency and other concurrency issues that the previous version could not handle without being invaded by malicious patch vulnerabilities. The XSS attack vulnerability has been fixed throughout the site.
[Main Function Description]
1. Payment methods can include H5, facial payment, public account, code scanning, UnionPay, express delivery;
2. Settlement types include ordinary settlement, payment settlement, and manual settlement;
3. Maple Control limits polling, IP limits, amount limits, total amount of the day, etc.;
4. Complete billing statistics;
5. Documents are divided into online documents and downloadable document compressed packages;
[Application Scenario] As a third-party and four-party payment platform. It has all the functions it should have.
It can be connected to the official interface of Weixin Pay, it can be connected to a third-party payment interface, or it can be connected to a visa-free interface. You can also connect to the Weixin Official Accounts and pay in person.
Connect with other four-party payment systems, running points systems, etc. Rotation training can be carried out through multiple channels, and multiple rules can be set for a single account.
[Account Type] There are many types such as system back-end administrators, merchant agents, ordinary merchants, and interface users; different sections have different back-end statistics, and relevant data statistics are complete and valid.
Disclaimer:
The source code is provided for free, and all functions and effects are consistent with the demo station. It cannot meet the personalized needs of all customers. The source code is open source. If you have personalized needs, you can develop the source code yourself. Thank you!
The source code is only for exchange, research and testing, and cannot be used for illegal purposes! Otherwise, you will suffer the consequences.
[Reminder] The code has been tested and verified multiple times, and the virtual host space does not support platform construction. You need to use Widow and Linux systems to build it.
Environment:
Nginx1.20.2
MySQL5.6.50
PHP-5.6
phpMyAdmin4.4
PHP installation extension:
ZendGuardLoader
Document Information 3
Source code update document:
The unique design style of the new system UI makes your system stand out. Select template No. 10 in the background template management and experience it.
The entire station fixes XSS vulnerabilities and no longer worries about the system being attacked by hackers XSS cross-site, causing the system to be hacked and financial losses.
Fix the malicious replenishment vulnerability, so that hackers will no longer inject sql statements into malicious replenishment to avoid financial losses.
The manual replenishment method in the background has changed. Originally, the administrator client will send a form form to request replenishment to the downstream by clicking on the replenishment. Now, since downstream generally restrict callback IP addresses, it is basically difficult to successfully replenish the order manually. We have changed to using the server iP curl to send the downstream replenishment request, making the replenishment so easy!
Data cleanup adds login record cleanup and withdrawal record cleanup (there were no such two items before).
The merchant list has added statistics on the total number of successful orders from 00 to 24 points on each channel that day, so that it is convenient and clear to know the multiple channels that a single merchant runs that day and how much each channel runs.
When adding or editing a merchant, an additional payment submission IP whitelist is added to limit the IP addresses that restrict submission when submitting requests to the payment interface (generally it is the merchant's server IP address. If the merchant uses the form form request, it will be the terminal customer's IP address. It is not recommended to use the form form request here, as it will expose order-related information and is not very safe).
The search merchant name has been added to the order list, and the display merchant name has also been added (previously, only the merchant number could be searched).
A new sub-account search has been added to the order list, which was not available before.
New success rate statistics in the order list (not available before) can be calculated for 30 minutes, 60 minutes, 3 hours, 6 hours, the current day, yesterday and other time periods.
Device information of the terminal has been added to the order list, which can display requests submitted by Android, windows, and iPhone devices.
A client IP has been added to the order list. If the merchant submits a request from the form, the system will record and count the IP of the requester. Since the last successful payment to the current time, there are a total of several orders that have not been paid. If the quantity is greater than or equal to 5 times, the system will The user will be prompted in red text that may have submitted the order maliciously. There is a seal after each order. You can block this IP and no more orders can be opened. If you want to unblock the IP, Please go to the gold deposit channel management to find the risk management behind the corresponding channel, and delete the IP (there may be many blocked IP addresses, and the IPs are separated by English commas).
If the user does not submit using the form form, the IP address will always be the same IP address. Because the implicit submission cannot obtain the end user's IP, the merchant's server IP will always be displayed. Don't accidentally block the merchant's server IP., resulting in the order not being able to enter.
The order details will record the value returned by the merchant and the callback content sent by the upstream payment system after the order is successful, so that it is convenient to view the error information during docking, and when an order dispute occurs, the callback content sent by the upstream is easy to check with upstream and downstream.
When the user mentions that an unissued withdrawal order will be displayed with a one-click copy button. Click to copy the payee information (amount, name, card number, bank name, bank name, bank address) of the issued order to the clipboard at one time. It is convenient for payment and use, and there is no need to repeatedly copy and paste a single one at a time.
In gold deposit channel management, you can add upstream callback IP addresses by editing the gold deposit channel. If you leave them blank, you will not limit the callback IP. If you fill in the IP, the channel will only receive callback content sent from IP addresses on the whitelist. Callback results sent by IPs that are not in the whitelist will be rejected.
The gold deposit channel search function has been added. If there are too many channels connected and it is difficult to find, the search function will be used.
Added the setting of floating amount switch and floating amount range. You can set the floating amount range when editing the deposit channel.
In the management of deposit channels, a single deposit channel can be set to a fixed amount, and multiple amounts are separated by English commas, such as (100, 200, 300, 400, 500). This function is used in general bill channels, and this function is still valid when the channel's risk control switch is turned off. You can also set a single amount range, such as 100-5000, and the system will only allow this channel to receive numbers within this amount range.
The overall performance of the system is optimized. Before reaching a certain number of orders every day, the system will respond very slowly. Now, after customers optimize the sql statements, database structure and other codes during actual use, the overall response speed is good, suitable for large customers, and the system is very safe.
Document optimization, docking document rewriting, now the document is clearer and clearer. Previously, it was a document submitted by a form. Since the market now basically needs to return json strings, the past method is no longer suitable. The document has been modified. When technicians connect upstream channels, they must connect in accordance with a unified format.
The merchant's checkout counter used to display all channel information, which sometimes caused misleading to the merchant and always asked the administrator to use some channels that were not opened. Now the checkout counter only displays the channel information allocated to the merchant, and the channels that are not allocated to the customer are not visible to the merchant, so as to avoid wrangling.
The system demo has been updated. The demo case code now has more detailed templates for downstream customers to use, and the online documents have also been updated. Now it will not cause downstream technicians to always be unable to understand the documents, resulting in docking failure, or docking time is longer and other issues.
When technicians connect with upstream channels, DingdianController.class.php can be used as a standard docking template.
English 
Chinese
Comments0