直接上代码：

function googleVerify($sdata,$google_public_key)
{
    $sdata = json_decode($sdata,true);

    $in_app_purchase_data = isset($sdata['receipt'])?$sdata['receipt']:"";
    $in_app_data_signature = isset($sdata['signature'])?$sdata['signature']:"";

    $public_key = "-----BEGIN PUBLIC KEY-----" . PHP_EOL .
        chunk_split($google_public_key, 64, PHP_EOL) .
        "-----END PUBLIC KEY-----";

    $public_key_handle = openssl_pkey_get_public($public_key);

    $result = openssl_verify($in_app_purchase_data, base64_decode($in_app_data_signature), $public_key_handle, OPENSSL_ALGO_SHA1);

    $status = 0;
    $purchaseTime = 0;
    if($result == 1){
        $status = 1;

        $in_app_purchase_data = json_decode($in_app_purchase_data, true);

        $purchaseTime = isset($in_app_purchase_data['purchaseTime'])?intval($in_app_purchase_data['purchaseTime']):0;
    }

    return ['status'=>$status,'purcaseTime' => intval($purchaseTime)];
}

参数说明：

$google_public_key：在google play console（https://play.google.com/apps/publish/）后台获取  ：  开发工具》服务和API 中能看到的KEY.$sdata:格式如下：

//

//$sdata为字符串，非json对象//receipt，signature都是客户端购买后，google返回的数据

$sdata='{
  "receipt": "{\"orderId\":\"GPA.3339-1d91-2716-249\",\"packageName\":\"con\",\"productId\":\"com.w.coin1\",\"purchaseTime\":1540265097944,\"purchaseState\":0,\"purchaseToken\":\"ogiafjoiY\"}",
  "signature": "fFbfYTh2m/7nL9OZVTkw=="
}';

返回数据：

$status：== 1，为真订单，0为假订单

$purcaseTime:  订单购买的时间戳。