码迷,mamicode.com
首页 > 微信 > 详细

微信消息体加密php版

时间:2014-11-15 17:10:13      阅读:347      评论:0      收藏:0      [点我收藏+]

标签:blog   http   io   ar   os   使用   sp   on   2014   

使用wx_sample.php和加密的demo.php拼接而成,微信官方的wiki写的比较烂,难以理解,demo也不是很好,类中使用了空参数过程中赋值,初学者难以理解,不如直接得到加密解密方便。另外逻辑上也先写加密后解密,也和微信处理流程相反,造成理解困难。

<?php
/**
  * wechat php test
  */

//define your token
define("TOKEN", "weixin");
$wechatObj = new wechatCallbackapiTest();
$wechatObj->responseMsg();

class wechatCallbackapiTest
{
	public function valid()
    {
        $echoStr = $_GET["echostr"];

        //valid signature , option
        if($this->checkSignature()){
        	echo $echoStr;
        	exit;
        }
    }

    public function responseMsg()
    {
		include_once "wxBizMsgCrypt.php";


$encodingAesKey = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG";
$token = TOKEN;
$timestamp = $_GET["timestamp"];
$nonce = $_GET["nonce"];
$appId = "wx47224801062443cc";
$msg_sign = $_GET["msg_signature"];
//解密
$pc = new WXBizMsgCrypt($token, $encodingAesKey, $appId);

		//get post data, May be due to the different environments
		$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
		$msg = '';
$errCode = $pc->decryptMsg($msg_sign, $timeStamp, $nonce, $postStr, $msg);
if ($errCode == 0) {
	$postStr=$msg;
	if (!empty($postStr)){
                /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,
                   the best way is to check the validity of xml by yourself */
                libxml_disable_entity_loader(true);
              	$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
                $fromUsername = $postObj->FromUserName;
                $toUsername = $postObj->ToUserName;
                $keyword = trim($postObj->Content);
                $time = time();
                $textTpl = "<xml>
							<ToUserName><![CDATA[%s]]></ToUserName>
							<FromUserName><![CDATA[%s]]></FromUserName>
							<CreateTime>%s</CreateTime>
							<MsgType><![CDATA[%s]]></MsgType>
							<Content><![CDATA[%s]]></Content>
							<FuncFlag>0</FuncFlag>
							</xml>";             
				if(!empty( $keyword ))
                {
              		$msgType = "text";
                	$contentStr = "Welcome to wechat world!";
                	$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
					//加密
					$encryptMsg = '';
$errCode = $pc->encryptMsg($resultStr, $timeStamp, $nonce, $encryptMsg);
							if ($errCode == 0) {
								echo $encryptMsg ;
							} else {
								print($errCode . "\n");
							}
				
                }else{
                	echo "Input something...";
                }

        }else {
        	echo "";
        	exit;
        }
	
	
} else {
	print($errCode . "\n");
}
		
      	//extract post data
		
    }
		
	private function checkSignature()
	{
        // you must define TOKEN by yourself
        if (!defined("TOKEN")) {
            throw new Exception('TOKEN is not defined!');
        }
        
        $signature = $_GET["signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];
        		
		$token = TOKEN;
		$tmpArr = array($token, $timestamp, $nonce);
        // use SORT_STRING rule
		sort($tmpArr, SORT_STRING);
		$tmpStr = implode( $tmpArr );
		$tmpStr = sha1( $tmpStr );
		
		if( $tmpStr == $signature ){
			return true;
		}else{
			return false;
		}
	}
}

?>


微信消息体加密php版

标签:blog   http   io   ar   os   使用   sp   on   2014   

原文地址:http://blog.csdn.net/u011330225/article/details/41146699

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!