Created
December 2, 2018 06:55
-
-
Save youngjuning/3ebad64d646fc44707b0e8b1e5aa7081 to your computer and use it in GitHub Desktop.
wx_sample.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* wechat php test | |
* 2014/8/19 | |
*/ | |
//define your token | |
define("TOKEN", "weixin"); | |
$wechatObj = new wechatCallbackapiTest(); | |
$wechatObj->valid(); | |
class wechatCallbackapiTest | |
{ | |
public function valid() | |
{ | |
$echoStr = $_GET["echostr"]; | |
//valid signature , option | |
if($this->checkSignature()){ | |
echo $echoStr; | |
exit; | |
} | |
} | |
public function responseMsg() | |
{ | |
//get post data, May be due to the different environments | |
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; | |
//extract post data | |
if (!empty($postStr)){ | |
/* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection, | |
the best way is to check the validity of xml by yourself */ | |
libxml_disable_entity_loader(true); | |
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); | |
$fromUsername = $postObj->FromUserName; | |
$toUsername = $postObj->ToUserName; | |
$keyword = trim($postObj->Content); | |
$time = time(); | |
$textTpl = "<xml> | |
<ToUserName><![CDATA[%s]]></ToUserName> | |
<FromUserName><![CDATA[%s]]></FromUserName> | |
<CreateTime>%s</CreateTime> | |
<MsgType><![CDATA[%s]]></MsgType> | |
<Content><![CDATA[%s]]></Content> | |
<FuncFlag>0</FuncFlag> | |
</xml>"; | |
if(!empty( $keyword )) | |
{ | |
$msgType = "text"; | |
$contentStr = "Welcome to wechat world!"; | |
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); | |
echo $resultStr; | |
}else{ | |
echo "Input something..."; | |
} | |
}else { | |
echo ""; | |
exit; | |
} | |
} | |
private function checkSignature() | |
{ | |
// you must define TOKEN by yourself | |
if (!defined("TOKEN")) { | |
throw new Exception('TOKEN is not defined!'); | |
} | |
$signature = $_GET["signature"]; | |
$timestamp = $_GET["timestamp"]; | |
$nonce = $_GET["nonce"]; | |
$token = TOKEN; | |
$tmpArr = array($token, $timestamp, $nonce); | |
// use SORT_STRING rule | |
sort($tmpArr, SORT_STRING); | |
$tmpStr = implode( $tmpArr ); | |
$tmpStr = sha1( $tmpStr ); | |
if( $tmpStr == $signature ){ | |
return true; | |
}else{ | |
return false; | |
} | |
} | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment