Home >Backend Development >PHP Tutorial >微信消息体加密php版

微信消息体加密php版

WBOY
WBOYOriginal
2016-06-23 13:45:161261browse

使用wx_sample.php和加密的demo.php拼接而成,微信官方的wiki写的比较烂,难以理解,demo也不是很好,类中使用了空参数过程中赋值,初学者难以理解,不如直接得到加密解密方便。另外逻辑上也先写加密后解密,也和微信处理流程相反,造成理解困难。

<?php /**  * wechat php test  *///define your tokendefine("TOKEN", "weixin");$wechatObj = new wechatCallbackapiTest();$wechatObj->responseMsg();class wechatCallbackapiTest{	public function valid()    {        $echoStr = $_GET["echostr"];        //valid signature , option        if($this->checkSignature()){        	echo $echoStr;        	exit;        }    }    public function responseMsg()    {		include_once "wxBizMsgCrypt.php";$encodingAesKey = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG";$token = TOKEN;$timestamp = $_GET["timestamp"];$nonce = $_GET["nonce"];$appId = "wx47224801062443cc";$msg_sign = $_GET["msg_signature"];//解密$pc = new WXBizMsgCrypt($token, $encodingAesKey, $appId);		//get post data, May be due to the different environments		$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];		$msg = '';$errCode = $pc->decryptMsg($msg_sign, $timeStamp, $nonce, $postStr, $msg);if ($errCode == 0) {	$postStr=$msg;	if (!empty($postStr)){                /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,                   the best way is to check the validity of xml by yourself */                libxml_disable_entity_loader(true);              	$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);                $fromUsername = $postObj->FromUserName;                $toUsername = $postObj->ToUserName;                $keyword = trim($postObj->Content);                $time = time();                $textTpl = "<xml>							<tousername></tousername>							<fromusername></fromusername>							<createtime>%s</createtime>							<msgtype></msgtype>							<content></content>							<funcflag>0</funcflag>							</xml>";             				if(!empty( $keyword ))                {              		$msgType = "text";                	$contentStr = "Welcome to wechat world!";                	$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);					//加密					$encryptMsg = '';$errCode = $pc->encryptMsg($resultStr, $timeStamp, $nonce, $encryptMsg);							if ($errCode == 0) {								echo $encryptMsg ;							} else {								print($errCode . "\n");							}				                }else{                	echo "Input something...";                }        }else {        	echo "";        	exit;        }		} else {	print($errCode . "\n");}		      	//extract post data		    }			private function checkSignature()	{        // you must define TOKEN by yourself        if (!defined("TOKEN")) {            throw new Exception('TOKEN is not defined!');        }                $signature = $_GET["signature"];        $timestamp = $_GET["timestamp"];        $nonce = $_GET["nonce"];        				$token = TOKEN;		$tmpArr = array($token, $timestamp, $nonce);        // use SORT_STRING rule		sort($tmpArr, SORT_STRING);		$tmpStr = implode( $tmpArr );		$tmpStr = sha1( $tmpStr );				if( $tmpStr == $signature ){			return true;		}else{			return false;		}	}}?>


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn