欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

微信消息体加密php版

程序员文章站 2022-06-11 08:09:47
...
使用wx_sample.php和加密的demo.php拼接而成,微信官方的wiki写的比较烂,难以理解,demo也不是很好,类中使用了空参数过程中赋值,初学者难以理解,不如直接得到加密解密方便。另外逻辑上也先写加密后解密,也和微信处理流程相反,造成理解困难。

responseMsg();class wechatCallbackapiTest{	public function valid()    {        $echoStr = $_GET["echostr"];        //valid signature , option        if($this->checkSignature()){        	echo $echoStr;        	exit;        }    }    public function responseMsg()    {		include_once "wxBizMsgCrypt.php";$encodingAesKey = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG";$token = TOKEN;$timestamp = $_GET["timestamp"];$nonce = $_GET["nonce"];$appId = "wx47224801062443cc";$msg_sign = $_GET["msg_signature"];//解密$pc = new WXBizMsgCrypt($token, $encodingAesKey, $appId);		//get post data, May be due to the different environments		$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];		$msg = '';$errCode = $pc->decryptMsg($msg_sign, $timeStamp, $nonce, $postStr, $msg);if ($errCode == 0) {	$postStr=$msg;	if (!empty($postStr)){                /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection,                   the best way is to check the validity of xml by yourself */                libxml_disable_entity_loader(true);              	$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);                $fromUsername = $postObj->FromUserName;                $toUsername = $postObj->ToUserName;                $keyword = trim($postObj->Content);                $time = time();                $textTpl = "%s0";             				if(!empty( $keyword ))                {              		$msgType = "text";                	$contentStr = "Welcome to wechat world!";                	$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);					//加密					$encryptMsg = '';$errCode = $pc->encryptMsg($resultStr, $timeStamp, $nonce, $encryptMsg);							if ($errCode == 0) {								echo $encryptMsg ;							} else {								print($errCode . "\n");							}				                }else{                	echo "Input something...";                }        }else {        	echo "";        	exit;        }		} else {	print($errCode . "\n");}		      	//extract post data		    }			private function checkSignature()	{        // you must define TOKEN by yourself        if (!defined("TOKEN")) {            throw new Exception('TOKEN is not defined!');        }                $signature = $_GET["signature"];        $timestamp = $_GET["timestamp"];        $nonce = $_GET["nonce"];        				$token = TOKEN;		$tmpArr = array($token, $timestamp, $nonce);        // use SORT_STRING rule		sort($tmpArr, SORT_STRING);		$tmpStr = implode( $tmpArr );		$tmpStr = sha1( $tmpStr );				if( $tmpStr == $signature ){			return true;		}else{			return false;		}	}}?>