热搜:NVER node 开发 php

微信消息体加密php版

2024-08-17 18:45:01
微信消息体加密php版

使用wx_sample.php和加密的demo.php拼接而成,微信官方的wiki写的比较烂,难以理解,demo也不是很好,类中使用了空参数过程中赋值,初学者难以理解,不如直接得到加密解密方便。另外逻辑上也先写加密后解密,也和微信处理流程相反,造成理解困难。

<?php /**  * wechat php test  *///define your tokendefine("TOKEN", "weixin");$wechatObj = new wechatCallbackapiTest();$wechatObj->responseMsg();class wechatCallbackapiTest{	public function valid()    {        $echoStr = $_GET["echostr"];        //valid signature , option        if($this->checkSignature()){        	echo $echoStr;        	exit;        }    }    public function responseMsg()    {		include_once "wxBizMsgCrypt.php";$encodingAesKey = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG";$token = TOKEN;$timestamp = $_GET["timestamp"];$nonce = $_GET["nonce"];$appId = "wx47224801062443cc";$msg_sign = $_GET["msg_signature"];//解密$pc = new WXBizMsgCrypt($token, $encodingAesKey, $appId);		//get post data, May be due to the different environments		$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];		$msg = '';$errCode = $pc->decryptMsg($msg_sign, $timeStamp, $nonce, $postStr, $msg);if ($errCode == 0) {	$postStr=$msg;	if (!empty($postStr)){                /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,                   the best way is to check the validity of xml by yourself */                libxml_disable_entity_loader(true);              	$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);                $fromUsername = $postObj->FromUserName;                $toUsername = $postObj->ToUserName;                $keyword = trim($postObj->Content);                $time = time();                $textTpl = "%s0";             				if(!empty( $keyword ))                {              		$msgType = "text";                	$contentStr = "Welcome to wechat world!";                	$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);					//加密					$encryptMsg = '';$errCode = $pc->encryptMsg($resultStr, $timeStamp, $nonce, $encryptMsg);							if ($errCode == 0) {								echo $encryptMsg ;							} else {								print($errCode . "\n");							}				                }else{                	echo "Input something...";                }        }else {        	echo "";        	exit;        }		} else {	print($errCode . "\n");}		      	//extract post data		    }			private function checkSignature()	{        // you must define TOKEN by yourself        if (!defined("TOKEN")) {            throw new Exception('TOKEN is not defined!');        }                $signature = $_GET["signature"];        $timestamp = $_GET["timestamp"];        $nonce = $_GET["nonce"];        				$token = TOKEN;		$tmpArr = array($token, $timestamp, $nonce);        // use SORT_STRING rule		sort($tmpArr, SORT_STRING);		$tmpStr = implode( $tmpArr );		$tmpStr = sha1( $tmpStr );				if( $tmpStr == $signature ){			return true;		}else{			return false;		}	}}?>