public function decrypt($msgSignature, $timestamp = null, $nonce, $postData, &$msg) { if (strlen($this->encodingAesKey) != 43) { return ErrorCode::$IllegalAesKey; } if ($timestamp == null) $timestamp = time(); $pc = new Prpcrypt($this->encodingAesKey); $encrypt = simplexml_load_string($postData, 'SimpleXMLElement', LIBXML_NOCDATA); $encrypt = $encrypt->Encrypt; $sha1 = new SHA1; $array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt); $ret = $array[0]; if ($ret != 0) { return $ret; } $signature = $array[1]; if ($signature != $msgSignature) { return ErrorCode::$ValidateSignatureError; } $result = $pc->decrypt($encrypt, $this->appId); if ($result[0] != 0) { return $result[0]; } $msg = $result[1]; return ErrorCode::$OK; }
public function DecryptMsg($signature, $timeStamp = null, $nonce, $encrypt, &$decryptMsg) { if (strlen($this->m_encodingAesKey) != 43) { return ErrorCode::$IllegalAesKey; } $pc = new Prpcrypt($this->m_encodingAesKey); if ($sTimeStamp == null) { $sTimeStamp = time(); } $sha1 = new SHA1(); $array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt); $ret = $array[0]; if ($ret != 0) { return $ret; } $verifySignature = $array[1]; if ($verifySignature != $signature) { return ErrorCode::$ValidateSignatureError; } $result = $pc->decrypt($encrypt, $this->m_suiteKey); if ($result[0] != 0) { return $result[0]; } $decryptMsg = $result[1]; return ErrorCode::$OK; }
public function decryptMsg($msgSignature, $timestamp = NULL, $nonce, $postData, &$msg) { if (strlen($this->encodingAesKey) != 43) { return ErrorCode::$IllegalAesKey; } $pc = new Prpcrypt($this->encodingAesKey); $xmlparse = new XMLParse(); $array = $xmlparse->extract($postData); $ret = $array[0]; if ($ret != 0) { return $ret; } if ($timestamp == NULL) { $timestamp = time(); } $encrypt = $array[1]; $touser_name = $array[2]; $sha1 = new SHA1(); $array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt); $ret = $array[0]; if ($ret != 0) { return $ret; } $signature = $array[1]; if ($signature != $msgSignature) { return ErrorCode::$ValidateSignatureError; } $result = $pc->decrypt($encrypt, $this->appId); if ($result[0] != 0) { return $result[0]; } $msg = $result[1]; return ErrorCode::$OK; }
/** * 检验消息的真实性,并且获取解密后的明文. * <ol> * <li>利用收到的密文生成安全签名,进行签名验证</li> * <li>若验证通过,则提取xml中的加密消息</li> * <li>对消息进行解密</li> * </ol> * * @param $msgSignature string 签名串,对应URL参数的msg_signature * @param $timestamp string 时间戳 对应URL参数的timestamp * @param $nonce string 随机串,对应URL参数的nonce * @param $postData string 密文,对应POST请求的数据 * @param &$msg string 解密后的原文,当return返回0时有效 * * @return int 成功0,失败返回对应的错误码 */ public function DecryptMsg($sMsgSignature, $sTimeStamp = null, $sNonce, $sPostData, &$data) { if (strlen($this->m_sEncodingAesKey) != 43) { return ErrorCode::$IllegalAesKey; } $pc = new Prpcrypt($this->m_sEncodingAesKey); //提取密文 $xmlparse = new XMLParse(); $array = $xmlparse->extract($sPostData); $ret = $array[0]; if ($ret != 0) { return $ret; } if ($sTimeStamp == null) { $sTimeStamp = time(); } $encrypt = $array[1]; $touser_name = $array[2]; //验证安全签名 $sha1 = new SHA1(); $array = $sha1->getSHA1($this->m_sToken, $sTimeStamp, $sNonce, $encrypt); $ret = $array[0]; if ($ret != 0) { return $ret; } $signature = $array[1]; if ($signature != $sMsgSignature) { return ErrorCode::$ValidateSignatureError; } $result = $pc->decrypt($encrypt, $this->m_sCorpid); if ($result[0] != 0) { return $result[0]; } $sMsg = $result[1]; $data = array(); $xml = simplexml_load_string($sMsg, 'SimpleXMLElement', LIBXML_NOCDATA); $data = api_json_decode(api_json_encode($xml), TRUE); // if($xml){ // foreach ($xml as $key => $value) { // $data[$key] = mb_convert_encoding(strval($value),"GBK","UTF-8");; // } // } return ErrorCode::$OK; }
/** * 检验消息的真实性,并且获取解密后的明文. * <ol> * <li>利用收到的密文生成安全签名,进行签名验证</li> * <li>若验证通过,则提取xml中的加密消息</li> * <li>对消息进行解密</li> * </ol> * * @param $msgSignature string 签名串,对应URL参数的msg_signature * @param $timestamp string 时间戳 对应URL参数的timestamp * @param $nonce string 随机串,对应URL参数的nonce * @param $postData string 密文,对应POST请求的数据 * @param &$msg string 解密后的原文,当return返回0时有效 * * @return int 成功0,失败返回对应的错误码 */ public function DecryptMsg($sMsgSignature, $sTimeStamp = null, $sNonce, $sPostData, &$sMsg) { if (strlen($this->m_sEncodingAesKey) != 43) { return ErrorCode::$IllegalAesKey; } $pc = new Prpcrypt($this->m_sEncodingAesKey); //提取密文 $xmlparse = new XMLParse(); $array = $xmlparse->extract($sPostData); $ret = $array[0]; if ($ret != 0) { return $ret; } if ($sTimeStamp == null) { $sTimeStamp = time(); } $encrypt = $array[1]; $touser_name = $array[2]; //验证安全签名 $sha1 = new SHA1(); $array = $sha1->getSHA1($this->m_sToken, $sTimeStamp, $sNonce, $encrypt); $ret = $array[0]; if ($ret != 0) { return $ret; } $signature = $array[1]; if ($signature != $sMsgSignature) { return ErrorCode::$ValidateSignatureError; } $result = $pc->decrypt($encrypt, $this->m_sCorpid); if ($result[0] != 0) { return $result[0]; } $sMsg = $result[1]; return ErrorCode::$OK; }
* 这时消息中$APPID既是appid,可以用它区分是那个公众号 */ chdir(dirname(__FILE__)); //把工作目录切换到文件所在目录 include_once dirname(__FILE__) . '/__config__.php'; //Token 验证,微信验证主体身份。如果是第三方平台,则不存在token验证 if (!$GLOBALS["HTTP_RAW_POST_DATA"]) { if (YDWX_WEIXIN_ACCOUNT_TYPE == YDWX_WEIXIN_ACCOUNT_TYPE_CROP) { //企业号的url验证 $signature = $_GET["msg_signature"]; $timestamp = $_GET["timestamp"]; $nonce = $_GET["nonce"]; $echostr = $_GET["echostr"]; $pc = new Prpcrypt(YDWX_WEIXIN_ENCODING_AES_KEY); $sha1 = new SHA1(); $array = $sha1->getSHA1(YDWX_WEIXIN_TOKEN, $timestamp, $nonce, $echostr); $ret = $array[0]; if ($ret != 0) { die; } $signature = $array[1]; if ($signature != $signature) { die; } $result = $pc->decrypt($echostr, YDWX_WEIXIN_CROP_ID); if ($result[0] != 0) { die; } echo $result[1]; } else { //其它公众号的验证