本文主要和大家分享PHP后台开发微信公众号实例,包括微信接入、获取微信用户信息、微信支付、JSSDK配置参数获取等部分。如果读者对微信开发没有一个主观上的认识,那么建议读者先研读微信公众平台开发者文档,然后再阅读本文,效果更佳!
微信开发的完整例子已经整理在Github,欢迎查看: yii2-wechat-demo。【八宝粥的博客】
接入微信
Yii2后台配置
1.在app/config/params.php中配置token参数
return [
//微信接入
'wechat' =>[
'token' => 'your token',
],
]; |
2.在app/config/main.php中配置路由
因为接口模块使用的RESTful API,所以需要定义路由规则。
'urlManager' => [
'enablePrettyUrl' => true,
'enableStrictParsing' => true,
'showScriptName' => false,
'rules' => [
[
'class' => 'yii\rest\UrlRule',
'controller' => 'wechat',
'extraPatterns' => [
'GET valid' => 'valid',
],
],
],
], |
3.在app/controllers中新建WechatController
<?php
namespace api\controllers;
use Yii;
use yii\rest\ActiveController;
class WechatController extends ActiveController
{
public $modelClass = '';
public function actionValid()
{
$echoStr = $_GET["echostr"];
$signature = $_GET["signature"];
$timestamp = $_GET["timestamp"];
$nonce = $_GET["nonce"];
//valid signature , option
if($this->checkSignature($signature,$timestamp,$nonce)){
echo $echoStr;
}
}
private function checkSignature($signature,$timestamp,$nonce)
{
// you must define TOKEN by yourself
$token = Yii::$app->params['wechat']['token'];
if (!$token) {
echo 'TOKEN is not defined!';
} else {
$tmpArr = array($token, $timestamp, $nonce);
// use SORT_STRING rule
sort($tmpArr, SORT_STRING);
$tmpStr = implode( $tmpArr );
$tmpStr = sha1( $tmpStr );
if( $tmpStr == $signature ){
return true;
}else{
return false;
}
}
}
} |
微信公众号后台配置
在微信公众号后台配置URL和Token,然后提交验证即可。
URL:http://app.demo.com/wechats/valid Token:your token |
获取用户信息
用户表设计
CREATE TABLE `wechat_user` ( `id` int(11) NOT NULL, `openid` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `nickname` varchar(50) COLLATE utf8_unicode_ci NOT NULL COMMENT '微信昵称', `sex` tinyint(4) NOT NULL COMMENT '性别', `headimgurl` varchar(255) COLLATE utf8_unicode_ci NOT NULL COMMENT '头像', `country` varchar(50) COLLATE utf8_unicode_ci NOT NULL COMMENT '国家', `province` varchar(50) COLLATE utf8_unicode_ci NOT NULL COMMENT '省份', `city` varchar(50) COLLATE utf8_unicode_ci NOT NULL COMMENT '城市', `access_token` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `refresh_token` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `created_at` timestamp NULL DEFAULT CURRENT_TIMESTAMP ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; ALTER TABLE `wechat_user` ADD PRIMARY KEY (`id`); |
获取用户信息的相关接口
1.用户授权接口:获取access_token、openid等;获取并保存用户资料到数据库
public function actionAccesstoken()
{
$code = $_GET["code"];
$state = $_GET["state"];
$appid = Yii::$app->params['wechat']['appid'];
$appsecret = Yii::$app->params['wechat']['appsecret'];
$request_url = 'https://api.weixin.qq.com/sns/oauth2/access_token?appid='.$appid.'&secret='.$appsecret.'&code='.$code.'&grant_type=authorization_code';
//初始化一个curl会话
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $request_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
$result = $this->response($result);
//获取token和openid成功,数据解析
$access_token = $result['access_token'];
$refresh_token = $result['refresh_token'];
$openid = $result['openid'];
//请求微信接口,获取用户信息
$userInfo = $this->getUserInfo($access_token,$openid);
$user_check = WechatUser::find()->where(['openid'=>$openid])->one();
if ($user_check) {
//更新用户资料
} else {
//保存用户资料
}
//前端网页的重定向
if ($openid) {
return $this->redirect($state.$openid);
} else {
return $this->redirect($state);
}
} |
2.从微信获取用户资料
public function getUserInfo($access_token,$openid)
{
$request_url = 'https://api.weixin.qq.com/sns/userinfo?access_token='.$access_token.'&openid='.$openid.'&lang=zh_CN';
//初始化一个curl会话
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $request_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
$result = $this->response($result);
return $result;
} |
3.获取用户资料接口
public function actionUserinfo()
{
if(isset($_REQUEST["openid"])){
$openid = $_REQUEST["openid"];
$user = WechatUser::find()->where(['openid'=>$openid])->one();
if ($user) {
$result['error'] = 0;
$result['msg'] = '获取成功';
$result['user'] = $user;
} else {
$result['error'] = 1;
$result['msg'] = '没有该用户';
}
} else {
$result['error'] = 1;
$result['msg'] = 'openid为空';
}
return $result;
} |
微信支付
1.微信支付接口:打包支付数据
public function actionPay(){
if(isset($_REQUEST["uid"])&&isset($_REQUEST["oid"])&&isset($_REQUEST["totalFee"])){
//uid、oid、totalFee
$uid = $_REQUEST["uid"];
$oid = $_REQUEST["oid"];
$totalFee = $_REQUEST["totalFee"];
$timestamp = time();
//微信支付参数
$appid = Yii::$app->params['wechat']['appid'];
$mchid = Yii::$app->params['wechat']['mchid'];
$key = Yii::$app->params['wechat']['key'];
$notifyUrl = Yii::$app->params['wechat']['notifyUrl'];
//支付打包
$wx_pay = new WechatPay($mchid, $appid, $key);
$package = $wx_pay->createJsBizPackage($uid, $totalFee, $oid, $notifyUrl, $timestamp);
$result['error'] = 0;
$result['msg'] = '支付打包成功';
$result['package'] = $package;
return $result;
}else{
$result['error'] = 1;
$result['msg'] = '请求参数错误';
}
return $result;
} |
2.接收微信发送的异步支付结果通知
public function actionNotify(){
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
//
if ($postObj === false) {
die('parse xml error');
}
if ($postObj->return_code != 'SUCCESS') {
die($postObj->return_msg);
}
if ($postObj->result_code != 'SUCCESS') {
die($postObj->err_code);
}
//微信支付参数
$appid = Yii::$app->params['wechat']['appid'];
$mchid = Yii::$app->params['wechat']['mchid'];
$key = Yii::$app->params['wechat']['key'];
$wx_pay = new WechatPay($mchid, $appid, $key);
//验证签名
$arr = (array)$postObj;
unset($arr['sign']);
if ($wx_pay->getSign($arr, $key) != $postObj->sign) {
die("签名错误");
}
//支付处理正确-判断是否已处理过支付状态
$orders = Order::find()->where(['uid'=>$postObj->openid, 'oid'=>$postObj->out_trade_no, 'status' => 0])->all();
if(count($orders) > 0){
//更新订单状态
foreach ($orders as $order) {
//更新订单
$order['status'] = 1;
$order->update();
}
return '<xml><return_code><![CDATA[SUCCESS]]></return_code><return_msg><![CDATA[OK]]></return_msg></xml>';
} else {
//订单状态已更新,直接返回
return '<xml><return_code><![CDATA[SUCCESS]]></return_code><return_msg><![CDATA[OK]]></return_msg></xml>';
}
} |
3.微信支付类 WechatPay.php
<?php
namespace api\sdk;
use Yii;
class WechatPay
{
protected $mchid;
protected $appid;
protected $key;
public function __construct($mchid, $appid, $key){
$this->mchid = $mchid;
$this->appid = $appid;
$this->key = $key;
}
public function createJsBizPackage($openid, $totalFee, $outTradeNo, $orderName, $notifyUrl, $timestamp){
$config = array(
'mch_id' => $this->mchid,
'appid' => $this->appid,
'key' => $this->key,
);
$unified = array(
'appid' => $config['appid'],
'attach' => '支付',
'body' => $orderName,
'mch_id' => $config['mch_id'],
'nonce_str' => self::createNonceStr(),
'notify_url' => $notifyUrl,
'openid' => $openid,
'out_trade_no' => $outTradeNo,
'spbill_create_ip' => '127.0.0.1',
'total_fee' => intval($totalFee * 100),
'trade_type' => 'JSAPI',
);
$unified['sign'] = self::getSign($unified, $config['key']);
$responseXml = self::curlPost('https://api.mch.weixin.qq.com/pay/unifiedorder', self::arrayToXml($unified));
$unifiedOrder = simplexml_load_string($responseXml, 'SimpleXMLElement', LIBXML_NOCDATA);
if ($unifiedOrder === false) {
die('parse xml error');
}
if ($unifiedOrder->return_code != 'SUCCESS') {
die($unifiedOrder->return_msg);
}
if ($unifiedOrder->result_code != 'SUCCESS') {
die($unifiedOrder->err_code);
}
$arr = array(
"appId" => $config['appid'],
"timeStamp" => $timestamp,
"nonceStr" => self::createNonceStr(),
"package" => "prepay_id=" . $unifiedOrder->prepay_id,
"signType" => 'MD5',
);
$arr['paySign'] = self::getSign($arr, $config['key']);
return $arr;
}
public static function curlGet($url = '', $options = array()){
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
if (!empty($options)) {
curl_setopt_array($ch, $options);
}
//https请求 不验证证书和host
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
public static function curlPost($url = '', $postData = '', $options = array()){
if (is_array($postData)) {
$postData = http_build_query($postData);
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_TIMEOUT, 30); //设置cURL允许执行的最长秒数
if (!empty($options)) {
curl_setopt_array($ch, $options);
}
//https请求 不验证证书和host
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
public static function createNonceStr($length = 16){
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$str = '';
for ($i = 0; $i<$length; $i++){
$str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
}
return $str;
}
public static function arrayToXml($arr){
$xml = "<xml>";
foreach ($arr as $key => $val){
if (is_numeric($val)) {
$xml .= "<" . $key . ">" . $val . "</" . $key . ">";
} else {
$xml .= "<" . $key . "><![CDATA[" . $val . "]]></" . $key . ">";
}
}
$xml .= "</xml>";
return $xml;
}
public static function getSign($params, $key){
ksort($params, SORT_STRING);
$unSignParaString = self::formatQueryParaMap($params, false);
$signStr = strtoupper(md5($unSignParaString . "&key=" . $key));
return $signStr;
}
protected static function formatQueryParaMap($paraMap, $urlEncode = false){
$buff = "";
ksort($paraMap);
foreach ($paraMap as $k => $v){
if (null != $v && "null" != $v) {
if ($urlEncode) {
$v = urlencode($v);
}
$buff .= $k . "=" . $v . "&";
}
}
$reqPar = '';
if (strlen($buff)>0) {
$reqPar = substr($buff, 0, strlen($buff) - 1);
}
return $reqPar;
}
} |
获取JS-SDK的config参数
根据微信公众平台开发者文档:
所有需要使用JS-SDK的页面必须先注入配置信息,否则将无法调用(同一个url仅需调用一次,对于变化url的SPA的web app可在每次url变化时进行调用,目前Android微信客户端不支持pushState的H5新特性,所以使用pushState来实现web app的页面会导致签名失败,此问题会在Android6.2中修复)。
即:
wx.config({
debug: true, // 开启调试模式,调用的所有api的返回值会在客户端alert出来,若要查看传入的参数,可以在pc端打开,参数信息会通过log打出,仅在pc端时才会打印。
appId: '', // 必填,公众号的唯一标识
timestamp: , // 必填,生成签名的时间戳
nonceStr: '', // 必填,生成签名的随机串
signature: '',// 必填,签名,见附录1
jsApiList: [] // 必填,需要使用的JS接口列表,所有JS接口列表见附录2
}); |
1.微信支付类 WechatPay.php
<?php
namespace api\sdk;
use Yii;
class WechatPay
{
public function getSignPackage($url) {
$jsapiTicket = self::getJsApiTicket();
$timestamp = time();
$nonceStr = self::createNonceStr();
// 这里参数的顺序要按照 key 值 ASCII 码升序排序
$string = "jsapi_ticket=".$jsapiTicket."&noncestr=".$nonceStr."×tamp=".$timestamp."&url=".$url;
$signature = sha1($string);
$signPackage = array(
"appId" => $this->appid,
"nonceStr" => $nonceStr,
"timestamp" => $timestamp,
"url" => $url,
"signature" => $signature,
"rawString" => $string
);
return $signPackage;
}
public static function getJsApiTicket() {
//使用Redis缓存 jsapi_ticket
$redis = Yii::$app->redis;
$redis_ticket = $redis->get('wechat:jsapi_ticket');
if ($redis_ticket) {
$ticket = $redis_ticket;
} else {
$accessToken = self::getAccessToken();
$url = "https://api.weixin.qq.com/cgi-bin/ticket/getticket?type=jsapi&access_token=".$accessToken;
$res = json_decode(self::curlGet($url));
$ticket = $res->ticket;
if ($ticket) {
$redis->set('wechat:jsapi_ticket', $ticket);
$redis->expire('wechat:jsapi_ticket', 7000);
}
}
return $ticket;
}
public static function getAccessToken() {
//使用Redis缓存 access_token
$redis = Yii::$app->redis;
$redis_token = $redis->get('wechat:access_token');
if ($redis_token) {
$access_token = $redis_token;
} else {
$appid = Yii::$app->params['wechat']['appid'];
$appsecret = Yii::$app->params['wechat']['appsecret'];
$url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=".$appid."&secret=".$appsecret;
$res = json_decode(self::curlGet($url));
$access_token = $res->access_token;
if ($access_token) {
$redis->set('wechat:access_token', $access_token);
$redis->expire('wechat:access_token', 7000);
}
}
return $access_token;
}
public static function curlGet($url = '', $options = array()){
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
if (!empty($options)) {
curl_setopt_array($ch, $options);
}
//https请求 不验证证书和host
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
public static function curlPost($url = '', $postData = '', $options = array()){
if (is_array($postData)) {
$postData = http_build_query($postData);
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_setopt($ch, CURLOPT_TIMEOUT, 30); //设置cURL允许执行的最长秒数
if (!empty($options)) {
curl_setopt_array($ch, $options);
}
//https请求 不验证证书和host
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
public static function createNonceStr($length = 16){
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$str = '';
for ($i = 0; $i<$length; $i++){
$str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
}
return $str;
}
} |
2.获取config参数接口
public function actionConfig(){
if (isset($_REQUEST['url'])) {
$url = $_REQUEST['url'];
//微信支付参数
$appid = Yii::$app->params['wechat']['appid'];
$mchid = Yii::$app->params['wechat']['mchid'];
$key = Yii::$app->params['wechat']['key'];
$wx_pay = new WechatPay($mchid, $appid, $key);
$package = $wx_pay->getSignPackage($url);
$result['error'] = 0;
$result['msg'] = '获取成功';
$result['config'] = $package;
} else {
$result['error'] = 1;
$result['msg'] = '参数错误';
}
return $result;
} |
相关推荐:
以上是PHP后台开发微信公众号实例的详细内容。更多信息请关注PHP中文网其他相关文章!
声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
您如何防止与会议有关的跨站点脚本(XSS)攻击?Apr 23, 2025 am 12:16 AM要保护应用免受与会话相关的XSS攻击,需采取以下措施:1.设置HttpOnly和Secure标志保护会话cookie。2.对所有用户输入进行输出编码。3.实施内容安全策略(CSP)限制脚本来源。通过这些策略,可以有效防护会话相关的XSS攻击,确保用户数据安全。
您如何优化PHP会话性能?Apr 23, 2025 am 12:13 AM优化PHP会话性能的方法包括:1.延迟会话启动,2.使用数据库存储会话,3.压缩会话数据,4.管理会话生命周期,5.实现会话共享。这些策略能显着提升应用在高并发环境下的效率。
什么是session.gc_maxlifetime配置设置?Apr 23, 2025 am 12:10 AMthesession.gc_maxlifetimesettinginphpdeterminesthelifespanofsessiondata,setInSeconds.1)它'sconfiguredinphp.iniorviaini_set().2)abalanceIsiseededeedeedeedeedeedeedto to to avoidperformance andununununununexpectedLogOgouts.3)
您如何在PHP中配置会话名?Apr 23, 2025 am 12:08 AM在PHP中,可以使用session_name()函数配置会话名称。具体步骤如下:1.使用session_name()函数设置会话名称,例如session_name("my_session")。2.在设置会话名称后,调用session_start()启动会话。配置会话名称可以避免多应用间的会话数据冲突,并增强安全性,但需注意会话名称的唯一性、安全性、长度和设置时机。
您应该多久再生一次会话ID?Apr 23, 2025 am 12:03 AM会话ID应在登录时、敏感操作前和每30分钟定期重新生成。1.登录时重新生成会话ID可防会话固定攻击。2.敏感操作前重新生成提高安全性。3.定期重新生成降低长期利用风险,但需权衡用户体验。
如何在PHP中设置会话cookie参数?Apr 22, 2025 pm 05:33 PM在PHP中设置会话cookie参数可以通过session_set_cookie_params()函数实现。1)使用该函数设置参数,如过期时间、路径、域名、安全标志等;2)调用session_start()使参数生效;3)根据需求动态调整参数,如用户登录状态;4)注意设置secure和httponly标志以提升安全性。
在PHP中使用会议的主要目的是什么?Apr 22, 2025 pm 05:25 PM在PHP中使用会话的主要目的是维护用户在不同页面之间的状态。1)会话通过session_start()函数启动,创建唯一会话ID并存储在用户cookie中。2)会话数据保存在服务器上,允许在不同请求间传递数据,如登录状态和购物车内容。
您如何在子域中分享会议?Apr 22, 2025 pm 05:21 PM如何在子域名间共享会话?通过设置通用域名的会话cookie实现。1.在服务器端设置会话cookie的域为.example.com。2.选择合适的会话存储方式,如内存、数据库或分布式缓存。3.通过cookie传递会话ID,服务器根据ID检索和更新会话数据。
热AI工具
Undresser.AI Undress
人工智能驱动的应用程序,用于创建逼真的裸体照片
AI Clothes Remover
用于从照片中去除衣服的在线人工智能工具。
Undress AI Tool
免费脱衣服图片
Clothoff.io
AI脱衣机
Video Face Swap
使用我们完全免费的人工智能换脸工具轻松在任何视频中换脸!
热门文章
刺客信条阴影:贝壳谜语解决方案
3 周前ByDDD
Windows 11 KB5054979中的新功能以及如何解决更新问题
2 周前ByDDD
在哪里可以找到原子中的起重机控制钥匙卡
3 周前ByDDD
<🎜>:死铁路 - 如何完成所有挑战
4 周前ByDDD
Atomfall指南:项目位置,任务指南和技巧
4 周前ByDDD
热工具
SublimeText3 Mac版
神级代码编辑软件(SublimeText3)
安全考试浏览器
Safe Exam Browser是一个安全的浏览器环境,用于安全地进行在线考试。该软件将任何计算机变成一个安全的工作站。它控制对任何实用工具的访问,并防止学生使用未经授权的资源。
Atom编辑器mac版下载
最流行的的开源编辑器
EditPlus 中文破解版
体积小,语法高亮,不支持代码提示功能
SecLists
SecLists是最终安全测试人员的伙伴。它是一个包含各种类型列表的集合,这些列表在安全评估过程中经常使用,都在一个地方。SecLists通过方便地提供安全测试人员可能需要的所有列表,帮助提高安全测试的效率和生产力。列表类型包括用户名、密码、URL、模糊测试有效载荷、敏感数据模式、Web shell等等。测试人员只需将此存储库拉到新的测试机上,他就可以访问到所需的每种类型的列表。
