标签:blog http io ar os 使用 sp on 2014
使用wx_sample.php和加密的demo.php拼接而成,微信官方的wiki写的比较烂,难以理解,demo也不是很好,类中使用了空参数过程中赋值,初学者难以理解,不如直接得到加密解密方便。另外逻辑上也先写加密后解密,也和微信处理流程相反,造成理解困难。
<?php /** * wechat php test */ //define your token define("TOKEN", "weixin"); $wechatObj = new wechatCallbackapiTest(); $wechatObj->responseMsg(); class wechatCallbackapiTest { public function valid() { $echoStr = $_GET["echostr"]; //valid signature , option if($this->checkSignature()){ echo $echoStr; exit; } } public function responseMsg() { include_once "wxBizMsgCrypt.php"; $encodingAesKey = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG"; $token = TOKEN; $timestamp = $_GET["timestamp"]; $nonce = $_GET["nonce"]; $appId = "wx47224801062443cc"; $msg_sign = $_GET["msg_signature"]; //解密 $pc = new WXBizMsgCrypt($token, $encodingAesKey, $appId); //get post data, May be due to the different environments $postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; $msg = ''; $errCode = $pc->decryptMsg($msg_sign, $timeStamp, $nonce, $postStr, $msg); if ($errCode == 0) { $postStr=$msg; if (!empty($postStr)){ /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection, the best way is to check the validity of xml by yourself */ libxml_disable_entity_loader(true); $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); $fromUsername = $postObj->FromUserName; $toUsername = $postObj->ToUserName; $keyword = trim($postObj->Content); $time = time(); $textTpl = "<xml> <ToUserName><![CDATA[%s]]></ToUserName> <FromUserName><![CDATA[%s]]></FromUserName> <CreateTime>%s</CreateTime> <MsgType><![CDATA[%s]]></MsgType> <Content><![CDATA[%s]]></Content> <FuncFlag>0</FuncFlag> </xml>"; if(!empty( $keyword )) { $msgType = "text"; $contentStr = "Welcome to wechat world!"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); //加密 $encryptMsg = ''; $errCode = $pc->encryptMsg($resultStr, $timeStamp, $nonce, $encryptMsg); if ($errCode == 0) { echo $encryptMsg ; } else { print($errCode . "\n"); } }else{ echo "Input something..."; } }else { echo ""; exit; } } else { print($errCode . "\n"); } //extract post data } private function checkSignature() { // you must define TOKEN by yourself if (!defined("TOKEN")) { throw new Exception('TOKEN is not defined!'); } $signature = $_GET["signature"]; $timestamp = $_GET["timestamp"]; $nonce = $_GET["nonce"]; $token = TOKEN; $tmpArr = array($token, $timestamp, $nonce); // use SORT_STRING rule sort($tmpArr, SORT_STRING); $tmpStr = implode( $tmpArr ); $tmpStr = sha1( $tmpStr ); if( $tmpStr == $signature ){ return true; }else{ return false; } } } ?>
标签:blog http io ar os 使用 sp on 2014
原文地址:http://blog.csdn.net/u011330225/article/details/41146699