php 微信公众号开发: token 验证

最新推荐文章于 2023-10-05 17:54:24 发布

原创最新推荐文章于 2023-10-05 17:54:24 发布 · 1.2k 阅读

1 ·

本内容遵循CC 4.0 BY-SA版权协议

微信专栏收录该内容

1 篇文章

订阅专栏

本文介绍了一种使用PHP进行微信公众号接口测试的方法。通过定义TOKEN并验证签名，确保了消息的有效性和安全性。文章详细展示了如何接收和响应来自微信服务器的消息，包括获取POST数据、解析请求数据及发送回复。

<?php
/**
 * wechat php test
 */

//define your token
define("TOKEN", "weixin");
$wechatObj = new wechatCallbackapiTest();
//$wechatObj->valid();exit;
$wechatObj->responseMsg();
class wechatCallbackapiTest
{
    public function valid()
    {
        $echoStr = $_GET["echostr"];

        //valid signature , option
        if($this->checkSignature()){
            echo $echoStr;
            exit;
        }
    }
    //处理业务逻辑
    public function responseMsg()
    {
        //get post data, May be due to the different environments

        $postStr = file_get_contents("php://input"); //php 7 以上版本
        //$postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; //php 7以下版本，php.ini开启;always_populate_raw_post_data = On

        //extract post data 请求数据
        if (!empty($postStr)){

            $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
            $fromUsername = $postObj->FromUserName;
            $toUsername = $postObj->ToUserName;
            $keyword = trim($postObj->Content);
            $time = time();
            $textTpl = "<xml>  
                            <ToUserName><![CDATA[%s]]></ToUserName>  
                            <FromUserName><![CDATA[%s]]></FromUserName>  
                            <CreateTime>%s</CreateTime>  
                            <MsgType><![CDATA[%s]]></MsgType>  
                            <Content><![CDATA[%s]]></Content>  
                            <FuncFlag>0</FuncFlag>  
                            </xml>";
            if(!empty( $keyword ))
            {
                $msgType = "text";
                $contentStr = "Welcome to wechat world!";

                $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
                echo $resultStr;
            }else{
                echo "Input something...";
            }

        }else {
            echo "";
            exit;
        }
    }

    private function checkSignature()
    {
        $signature = $_GET["signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];

        $token = TOKEN;
        $tmpArr = array($token, $timestamp, $nonce);
        sort($tmpArr);
        $tmpStr = implode( $tmpArr );
        $tmpStr = sha1( $tmpStr );

        if( $tmpStr == $signature ){
            return true;
        }else{
            return false;
        }
    }
}

?>