This article mainly introduces PHP processing of WeChat SDK to intercept photo uploads. It has certain reference value. Now I share it with everyone. Friends in need can refer to it
PHP-side processing TP3.2 framework
1: Class name:
namespace Home\Controller; use Think\Controller; use app\common\Curl; class ParentController extends Controller { public function __construct(){ parent::__construct(); $this->appId = '你的appid'; $this->appSecret = '你的appSecret'; $openid = session('openid'); // session("openid",'ogC7U1XRM3ZOqjLZ99O2coJjYsrU'); if(!$openid){ $this->get_openid(); } }
2: Method:
Return necessary WeChat parameters to the client:
/** * 给客户端返回必要微信参数 * @Author TGHan * @DateTime 2018-04-26 * @return [type] [description] */ public function modifyinfor() { $jsapiTicket = $this->getJsApiTicket(); // 注意 URL 一定要动态获取,不能 hardcode. $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://"; $url = "$protocol$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; $timestamp = time(); $nonceStr = $this->createNonceStr(); // 这里参数的顺序要按照 key 值 ASCII 码升序排序 $string = "jsapi_ticket=$jsapiTicket&noncestr=$nonceStr×tamp=$timestamp&url=$url"; $signature = sha1($string); $signPackage = array( "appId" => $this->appId, "nonceStr" => $nonceStr, "timestamp" => $timestamp, "url" => $url, "signature" => $signature, "rawString" => $string ); $this->assign('signPackage',$signPackage); $this->display(); } public function createNonceStr($length = 16) { $chars ="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $str = ""; for ($i = 0; $i < $length; $i++) { $str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1); } return $str; } public function getJsApiTicket() { // jsapi_ticket 应该全局存储与更新,以下代码以写入到文件中做示例 $data =json_decode(file_get_contents("jsapi_ticket.json")); if ($data->expire_time < time()) { $accessToken = $this->getAccessToken(); // 如果是企业号用以下 URL 获取 ticket // $url = "https://qyapi.weixin.qq.com/cgi-bin/get_jsapi_ticket?access_token=$accessToken"; $url = "https://api.weixin.qq.com/cgi-bin/ticket/getticket?type=jsapi&access_token=$accessToken"; $res = json_decode($this->httpGet($url)); $ticket = $res->ticket; if ($ticket) { $data->expire_time = time() + 7000; $data->jsapi_ticket = $ticket; $fp = fopen("jsapi_ticket.json", "w"); fwrite($fp, json_encode($data)); fclose($fp); } } else { $ticket = $data->jsapi_ticket; } return $ticket; } public function getAccessToken() { // access_token 应该全局存储与更新,以下代码以写入到文件中做示例 $data =json_decode(file_get_contents("access_token.json")); if ($data->expire_time < time()) { // 如果是企业号用以下URL获取access_token // $url = "https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=$this->appId&corpsecret=$this->appSecret"; $url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=$this->appId&secret=$this->appSecret"; $res = json_decode($this->httpGet($url)); $access_token = $res->access_token; if ($access_token) { $data->expire_time = time() + 7000; $data->access_token = $access_token; $fp = fopen("access_token.json", "w"); fwrite($fp, json_encode($data)); fclose($fp); } } else { $access_token = $data->access_token; } return $access_token; } public function httpGet($url) { $curl = curl_init(); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_TIMEOUT, 500); // 为保证第三方服务器与微信服务器之间数据传输的安全性,所有微信接口采用https方式调用,必须使用下面2行代码打开ssl安全校验。 // 如果在部署过程中代码在此处验证失败,请到 http://curl.haxx.se/ca/cacert.pem 下载新的证书判别文件。 curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, true); curl_setopt($curl, CURLOPT_URL, $url); $res = curl_exec($curl); curl_close($curl); return $res; }
Three: Method:
Image upload
1, define the file path, write the image stream
2, get the image stream from the WeChat server
3. Upload the image and return the image path to the client
/*图片 * 获取media_id */ public function upload_head(){ if(IS_POST){ $serverId = I('post.media_id'); if(!empty($serverId)){ $news_file = $this->doWechatPic( $serverId ); $this->ajaxReturn(array("is_success"=>"success","msg"=>"上传成功","url"=>$news_file)); }else{ $this->ajaxReturn(array("is_success"=>"error","msg"=>"上传失败1")); } } } /* * 从微信服务器获取图片流 */ public function doWechatPic($serverId){//media_id=jlJs_iQIOA-TKLuhk4nCdPEdXnJ6paIeToO8vr-WUGvz05-6i5n498EzI232xSxn $media_id = $serverId;//提交过来的serverId即$media_id $access_token = $this->getAccessToken(); $pic_url = "http://file.api.weixin.qq.com/cgi-bin/media/get?access_token={$access_token}&media_id={$media_id}"; $filebody = file_get_contents($pic_url);//通过接口获取图片流 $filename = date("Ymd").'_'.uniqid().'.jpg';//定义图片名字及格式 return $this->saveFile($filename, $filebody); } /* * 定义文件路径,写入图片流 */ public function saveFile($filename, $filecontent){ $upload_dir = "./Public/static/images/headers";//保存路径,以时间作目录分层 $mkpath = $upload_dir; if(!is_dir($mkpath)){ if(!mkdir($mkpath)){ die('no mkdir power'); } if(!chmod($mkpath,0755)){//若服务器在阿里云上不建议使用0644 die('no chmod power'); } } $savepath = $upload_dir.'/'.$filename; if(file_put_contents($savepath, $filecontent)){//写入图片流生成图片 $news_file = substr($savepath,1); return $news_file;//返回图片路径 }else{ die('save failed'); } }
Four: After the image is uploaded, the client returns the image path and inserts it into the database
public function save_child(){ $openid = session("openid"); $class_tid = session("class_tid"); if(IS_POST){ $data = array(); $data['cd_head'] = I('post.cd_head') ? I('post.cd_head') : ''; $data['cd_name'] = I('post.cd_name') ? I('post.cd_name') : ''; $data['cd_birthday'] = I('post.cd_birthday') ? I('post.cd_birthday') : ''; $data['cd_sex'] = I('post.cd_sex') ? I('post.cd_sex') : ''; $editData = M("parent_child")->where("class_tid='{$class_tid}' and wx_openid='{$openid}'")->save($data); if($editData !== false){ $this->ajaxReturn(array("is_success"=>"success","msg"=>"修改成功")); }else{ $this->ajaxReturn(array("is_success"=>"error","msg"=>"修改失败")); } } }
Related recommendations:
How to process form upload files in PHP
Steps in PHP to process bmp format images
The above is the detailed content of PHP handles WeChat SDK interception of photo uploads. For more information, please follow other related articles on the PHP Chinese website!

Effective methods to prevent session fixed attacks include: 1. Regenerate the session ID after the user logs in; 2. Use a secure session ID generation algorithm; 3. Implement the session timeout mechanism; 4. Encrypt session data using HTTPS. These measures can ensure that the application is indestructible when facing session fixed attacks.

Implementing session-free authentication can be achieved by using JSONWebTokens (JWT), a token-based authentication system where all necessary information is stored in the token without server-side session storage. 1) Use JWT to generate and verify tokens, 2) Ensure that HTTPS is used to prevent tokens from being intercepted, 3) Securely store tokens on the client side, 4) Verify tokens on the server side to prevent tampering, 5) Implement token revocation mechanisms, such as using short-term access tokens and long-term refresh tokens.

The security risks of PHP sessions mainly include session hijacking, session fixation, session prediction and session poisoning. 1. Session hijacking can be prevented by using HTTPS and protecting cookies. 2. Session fixation can be avoided by regenerating the session ID before the user logs in. 3. Session prediction needs to ensure the randomness and unpredictability of session IDs. 4. Session poisoning can be prevented by verifying and filtering session data.

To destroy a PHP session, you need to start the session first, then clear the data and destroy the session file. 1. Use session_start() to start the session. 2. Use session_unset() to clear the session data. 3. Finally, use session_destroy() to destroy the session file to ensure data security and resource release.

How to change the default session saving path of PHP? It can be achieved through the following steps: use session_save_path('/var/www/sessions');session_start(); in PHP scripts to set the session saving path. Set session.save_path="/var/www/sessions" in the php.ini file to change the session saving path globally. Use Memcached or Redis to store session data, such as ini_set('session.save_handler','memcached'); ini_set(

TomodifydatainaPHPsession,startthesessionwithsession_start(),thenuse$_SESSIONtoset,modify,orremovevariables.1)Startthesession.2)Setormodifysessionvariablesusing$_SESSION.3)Removevariableswithunset().4)Clearallvariableswithsession_unset().5)Destroythe

Arrays can be stored in PHP sessions. 1. Start the session and use session_start(). 2. Create an array and store it in $_SESSION. 3. Retrieve the array through $_SESSION. 4. Optimize session data to improve performance.

PHP session garbage collection is triggered through a probability mechanism to clean up expired session data. 1) Set the trigger probability and session life cycle in the configuration file; 2) You can use cron tasks to optimize high-load applications; 3) You need to balance the garbage collection frequency and performance to avoid data loss.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

Atom editor mac version download
The most popular open source editor

VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft

Notepad++7.3.1
Easy-to-use and free code editor

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
