PHP handles WeChat SDK interception of photo uploads-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

PHP handles WeChat SDK interception of photo uploads

不言

Apr 26, 2018 pm 01:43 PM

phpuploadphoto

This article mainly introduces PHP processing of WeChat SDK to intercept photo uploads. It has certain reference value. Now I share it with everyone. Friends in need can refer to it

PHP-side processing TP3.2 framework

1: Class name:

namespace Home\Controller;
use Think\Controller;
use  app\common\Curl;
class ParentController extends Controller
{
    public function __construct(){
        parent::__construct();
        $this->appId = &#39;你的appid&#39;;
        $this->appSecret = &#39;你的appSecret&#39;;
        $openid = session(&#39;openid&#39;);
        // session("openid",&#39;ogC7U1XRM3ZOqjLZ99O2coJjYsrU&#39;);
        if(!$openid){
            $this->get_openid();
        }
    }

2: Method:

Return necessary WeChat parameters to the client:

/**
     * 给客户端返回必要微信参数
     * @Author   TGHan
     * @DateTime 2018-04-26
     * @return   [type]     [description]
     */
    public function modifyinfor() {
        $jsapiTicket = $this->getJsApiTicket();
        // 注意 URL 一定要动态获取，不能 hardcode.
        $protocol = (!empty($_SERVER[&#39;HTTPS&#39;]) && $_SERVER[&#39;HTTPS&#39;] !== &#39;off&#39; || $_SERVER[&#39;SERVER_PORT&#39;] == 443) ? "https://" : "http://";
        $url = "$protocol$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
        $timestamp = time();
        $nonceStr = $this->createNonceStr();
        // 这里参数的顺序要按照 key 值 ASCII 码升序排序
        $string = "jsapi_ticket=$jsapiTicket&noncestr=$nonceStr&timestamp=$timestamp&url=$url";
        $signature = sha1($string);
        $signPackage = array(
          "appId"     => $this->appId,
          "nonceStr"  => $nonceStr,
          "timestamp" => $timestamp,
          "url"       => $url,
          "signature" => $signature,
          "rawString" => $string
        );
        $this->assign(&#39;signPackage&#39;,$signPackage);
        $this->display();
    }


    public function createNonceStr($length = 16) {
        $chars ="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        $str = "";
        for ($i = 0; $i < $length; $i++) {
            $str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
        }
        return $str;
    }


    public function getJsApiTicket() {
        // jsapi_ticket 应该全局存储与更新，以下代码以写入到文件中做示例
        $data =json_decode(file_get_contents("jsapi_ticket.json"));
        if ($data->expire_time < time()) {
            $accessToken = $this->getAccessToken();
            // 如果是企业号用以下 URL 获取 ticket
            // $url = "https://qyapi.weixin.qq.com/cgi-bin/get_jsapi_ticket?access_token=$accessToken";
            $url = "https://api.weixin.qq.com/cgi-bin/ticket/getticket?type=jsapi&access_token=$accessToken";
            $res = json_decode($this->httpGet($url));
            $ticket = $res->ticket;
            if ($ticket) {
                $data->expire_time = time() + 7000;
                $data->jsapi_ticket = $ticket;
                $fp = fopen("jsapi_ticket.json", "w");
                fwrite($fp, json_encode($data));
                fclose($fp);
            }
        } else {
            $ticket = $data->jsapi_ticket;
        }
        return $ticket;
    }


    public function getAccessToken() {
        // access_token 应该全局存储与更新，以下代码以写入到文件中做示例
        $data =json_decode(file_get_contents("access_token.json"));
        if ($data->expire_time < time()) {
            // 如果是企业号用以下URL获取access_token
            // $url = "https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=$this->appId&corpsecret=$this->appSecret";
            $url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=$this->appId&secret=$this->appSecret";
            $res = json_decode($this->httpGet($url));
            $access_token = $res->access_token;
            if ($access_token) {
                $data->expire_time = time() + 7000;
                $data->access_token = $access_token;
                $fp = fopen("access_token.json", "w");
                fwrite($fp, json_encode($data));
                fclose($fp);
            }
        } else {
            $access_token = $data->access_token;
        }
        return $access_token;
    }


    public function httpGet($url) {
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl, CURLOPT_TIMEOUT, 500);
        // 为保证第三方服务器与微信服务器之间数据传输的安全性，所有微信接口采用https方式调用，必须使用下面2行代码打开ssl安全校验。
        // 如果在部署过程中代码在此处验证失败，请到 http://curl.haxx.se/ca/cacert.pem 下载新的证书判别文件。
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, true);
        curl_setopt($curl, CURLOPT_URL, $url);


        $res = curl_exec($curl);
        curl_close($curl);


        return $res;
    }

Three: Method:

Image upload

1, define the file path, write the image stream

2, get the image stream from the WeChat server

3. Upload the image and return the image path to the client

/*图片
    * 获取media_id 
    */  
    public function upload_head(){  
        if(IS_POST){  
            $serverId = I(&#39;post.media_id&#39;);  
            if(!empty($serverId)){  
                $news_file = $this->doWechatPic( $serverId );
                $this->ajaxReturn(array("is_success"=>"success","msg"=>"上传成功","url"=>$news_file));
            }else{
                $this->ajaxReturn(array("is_success"=>"error","msg"=>"上传失败1"));
            }
        } 
    }  


    /* 
    * 从微信服务器获取图片流 
    */  
    public function doWechatPic($serverId){//media_id=jlJs_iQIOA-TKLuhk4nCdPEdXnJ6paIeToO8vr-WUGvz05-6i5n498EzI232xSxn  
        $media_id = $serverId;//提交过来的serverId即$media_id     
        $access_token = $this->getAccessToken();
        $pic_url = "http://file.api.weixin.qq.com/cgi-bin/media/get?access_token={$access_token}&media_id={$media_id}";  
        $filebody = file_get_contents($pic_url);//通过接口获取图片流  
        $filename = date("Ymd").&#39;_&#39;.uniqid().&#39;.jpg&#39;;//定义图片名字及格式  
        return $this->saveFile($filename, $filebody);  
    }  


    /* 
    * 定义文件路径，写入图片流 
    */  
    public function saveFile($filename, $filecontent){  
        $upload_dir = "./Public/static/images/headers";//保存路径，以时间作目录分层  
        $mkpath = $upload_dir;          
        if(!is_dir($mkpath)){  
            if(!mkdir($mkpath)){  
                die(&#39;no mkdir power&#39;);  
            }  
            if(!chmod($mkpath,0755)){//若服务器在阿里云上不建议使用0644  
                die(&#39;no chmod power&#39;);  
            }  
        }
        $savepath = $upload_dir.&#39;/&#39;.$filename;       
        if(file_put_contents($savepath, $filecontent)){//写入图片流生成图片
            $news_file = substr($savepath,1);
            return $news_file;//返回图片路径  
        }else{  
            die(&#39;save failed&#39;);  
        }  


    }

Four: After the image is uploaded, the client returns the image path and inserts it into the database

public function save_child(){
        $openid = session("openid");
        $class_tid = session("class_tid");
        if(IS_POST){
            $data = array();
            $data[&#39;cd_head&#39;] = I(&#39;post.cd_head&#39;) ? I(&#39;post.cd_head&#39;) : &#39;&#39;;
            $data[&#39;cd_name&#39;] = I(&#39;post.cd_name&#39;) ? I(&#39;post.cd_name&#39;) : &#39;&#39;;
            $data[&#39;cd_birthday&#39;] = I(&#39;post.cd_birthday&#39;) ? I(&#39;post.cd_birthday&#39;) : &#39;&#39;;
            $data[&#39;cd_sex&#39;] = I(&#39;post.cd_sex&#39;) ? I(&#39;post.cd_sex&#39;) : &#39;&#39;;
            $editData = M("parent_child")->where("class_tid=&#39;{$class_tid}&#39; and wx_openid=&#39;{$openid}&#39;")->save($data);
            if($editData !== false){
                $this->ajaxReturn(array("is_success"=>"success","msg"=>"修改成功"));
            }else{
                $this->ajaxReturn(array("is_success"=>"error","msg"=>"修改失败"));
            }
        }
    }

Related recommendations:

How to process form upload files in PHP

Steps in PHP to process bmp format images

The above is the detailed content of PHP handles WeChat SDK interception of photo uploads. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How can you prevent session fixation attacks?Apr 28, 2025 am 12:25 AM

Effective methods to prevent session fixed attacks include: 1. Regenerate the session ID after the user logs in; 2. Use a secure session ID generation algorithm; 3. Implement the session timeout mechanism; 4. Encrypt session data using HTTPS. These measures can ensure that the application is indestructible when facing session fixed attacks.

How do you implement sessionless authentication?Apr 28, 2025 am 12:24 AM

Implementing session-free authentication can be achieved by using JSONWebTokens (JWT), a token-based authentication system where all necessary information is stored in the token without server-side session storage. 1) Use JWT to generate and verify tokens, 2) Ensure that HTTPS is used to prevent tokens from being intercepted, 3) Securely store tokens on the client side, 4) Verify tokens on the server side to prevent tampering, 5) Implement token revocation mechanisms, such as using short-term access tokens and long-term refresh tokens.

What are some common security risks associated with PHP sessions?Apr 28, 2025 am 12:24 AM

The security risks of PHP sessions mainly include session hijacking, session fixation, session prediction and session poisoning. 1. Session hijacking can be prevented by using HTTPS and protecting cookies. 2. Session fixation can be avoided by regenerating the session ID before the user logs in. 3. Session prediction needs to ensure the randomness and unpredictability of session IDs. 4. Session poisoning can be prevented by verifying and filtering session data.

How do you destroy a PHP session?Apr 28, 2025 am 12:16 AM

To destroy a PHP session, you need to start the session first, then clear the data and destroy the session file. 1. Use session_start() to start the session. 2. Use session_unset() to clear the session data. 3. Finally, use session_destroy() to destroy the session file to ensure data security and resource release.

How can you change the default session save path in PHP?Apr 28, 2025 am 12:12 AM

How to change the default session saving path of PHP? It can be achieved through the following steps: use session_save_path('/var/www/sessions');session_start(); in PHP scripts to set the session saving path. Set session.save_path="/var/www/sessions" in the php.ini file to change the session saving path globally. Use Memcached or Redis to store session data, such as ini_set('session.save_handler','memcached'); ini_set(

How do you modify data stored in a PHP session?Apr 27, 2025 am 12:23 AM

TomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe

Give an example of storing an array in a PHP session.Apr 27, 2025 am 12:20 AM

Arrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.

How does garbage collection work for PHP sessions?Apr 27, 2025 am 12:19 AM

PHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.

See all articles