Example #1
0
	public function decrypt($msgSignature, $timestamp = null, $nonce, $postData, &$msg)
	{
		if (strlen($this->encodingAesKey) != 43) {
			return ErrorCode::$IllegalAesKey;
		}
		if ($timestamp == null) $timestamp = time();

		$pc = new Prpcrypt($this->encodingAesKey);

		$encrypt = simplexml_load_string($postData, 'SimpleXMLElement', LIBXML_NOCDATA);
		$encrypt = $encrypt->Encrypt;

		$sha1 = new SHA1;
		$array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt);
		$ret = $array[0];

		if ($ret != 0) {
			return $ret;
		}

		$signature = $array[1];
		if ($signature != $msgSignature) {
			return ErrorCode::$ValidateSignatureError;
		}

		$result = $pc->decrypt($encrypt, $this->appId);
		if ($result[0] != 0) {
			return $result[0];
		}
		$msg = $result[1];

		return ErrorCode::$OK;
	}
 public function DecryptMsg($signature, $timeStamp = null, $nonce, $encrypt, &$decryptMsg)
 {
     if (strlen($this->m_encodingAesKey) != 43) {
         return ErrorCode::$IllegalAesKey;
     }
     $pc = new Prpcrypt($this->m_encodingAesKey);
     if ($sTimeStamp == null) {
         $sTimeStamp = time();
     }
     $sha1 = new SHA1();
     $array = $sha1->getSHA1($this->m_token, $timeStamp, $nonce, $encrypt);
     $ret = $array[0];
     if ($ret != 0) {
         return $ret;
     }
     $verifySignature = $array[1];
     if ($verifySignature != $signature) {
         return ErrorCode::$ValidateSignatureError;
     }
     $result = $pc->decrypt($encrypt, $this->m_suiteKey);
     if ($result[0] != 0) {
         return $result[0];
     }
     $decryptMsg = $result[1];
     return ErrorCode::$OK;
 }
Example #3
0
 public function decryptMsg($msgSignature, $timestamp = NULL, $nonce, $postData, &$msg)
 {
     if (strlen($this->encodingAesKey) != 43) {
         return ErrorCode::$IllegalAesKey;
     }
     $pc = new Prpcrypt($this->encodingAesKey);
     $xmlparse = new XMLParse();
     $array = $xmlparse->extract($postData);
     $ret = $array[0];
     if ($ret != 0) {
         return $ret;
     }
     if ($timestamp == NULL) {
         $timestamp = time();
     }
     $encrypt = $array[1];
     $touser_name = $array[2];
     $sha1 = new SHA1();
     $array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt);
     $ret = $array[0];
     if ($ret != 0) {
         return $ret;
     }
     $signature = $array[1];
     if ($signature != $msgSignature) {
         return ErrorCode::$ValidateSignatureError;
     }
     $result = $pc->decrypt($encrypt, $this->appId);
     if ($result[0] != 0) {
         return $result[0];
     }
     $msg = $result[1];
     return ErrorCode::$OK;
 }
Example #4
0
	public function index()
	{
		$encryptMsg = file_get_contents('php://input');

		if ($_GET['type'] == 'test') {
		}

		$xml_tree = new DOMDocument();
		$xml_tree->loadXML($encryptMsg);
		$xml_array = $xml_tree->getElementsByTagName('Encrypt');
		$encrypt = $xml_array->item(0)->nodeValue;
		$agentid = 0;

		if (C('agent_version')) {
			$thisAgent = M('agent')->where(array('siteurl' => 'http://' . $_SERVER['HTTP_HOST']))->find();
			$agentid = (isset($thisAgent['id']) ? intval($thisAgent['id']) : 0);
		}

		$account = M('Weixin_account')->where(array('type' => 1, 'agentid' => $agentid))->find();
		import('@.ORG.aes.WXBizMsgCrypt');
		$Prpcrypt = new Prpcrypt($account['encodingAesKey']);
		$postData = $Prpcrypt->decrypt($encrypt, $account['appId']);

		if ($postData[0] != 0) {
			return $postData[0];
		}
		else {
			$msg = $postData[1];
			$xml = new DOMDocument();
			$xml->loadXML($msg);
			$array_a = $xml->getElementsByTagName('InfoType');
			$infoType = $array_a->item(0)->nodeValue;

			if ($infoType == 'unauthorized') {
				$array_b = $xml->getElementsByTagName('AuthorizerAppid');
				$AuthorizerAppid = $array_b->item(0)->nodeValue;
				$where = array('type' => 1, 'appid' => $AuthorizerAppid);
				$save = array('authorizer_access_token' => '', 'authorizer_refresh_token' => '', 'authorizer_expires' => 0);
				M('Wxuser')->where($where)->save($save);
			}
			else if ($infoType == 'component_verify_ticket') {
				$array_e = $xml->getElementsByTagName('ComponentVerifyTicket');
				$component_verify_ticket = $array_e->item(0)->nodeValue;

				if (M('Weixin_account')->where(array('type' => 1, 'agentid' => $agentid))->save(array('component_verify_ticket' => $component_verify_ticket, 'date_time' => time()))) {
					echo 'success';
				}
			}
		}
	}
 public function index()
 {
     $encryptMsg = file_get_contents("php://input");
     if ($_GET['type'] == 'test') {
         //file_put_contents('testMsg.txt',$encryptMsg);
     } else {
         //file_put_contents('encryptMsg.txt',$encryptMsg);
     }
     $xml_tree = new DOMDocument();
     $xml_tree->loadXML($encryptMsg);
     $xml_array = $xml_tree->getElementsByTagName('Encrypt');
     $encrypt = $xml_array->item(0)->nodeValue;
     $account = M('Weixin_account')->where(array('type' => 1))->find();
     import("@.ORG.aes.WXBizMsgCrypt");
     //$WXBizMsgCrypt= new WXBizMsgCrypt('',$account['encodingAesKey'],$account['appId']);
     $Prpcrypt = new Prpcrypt($account['encodingAesKey']);
     $postData = $Prpcrypt->decrypt($encrypt, $account['appId']);
     if ($postData[0] != 0) {
         return $postData[0];
     } else {
         $msg = $postData[1];
         $xml = new DOMDocument();
         $xml->loadXML($msg);
         $array_a = $xml->getElementsByTagName('InfoType');
         $infoType = $array_a->item(0)->nodeValue;
         //file_put_contents('infoType.txt',$infoType);
         if ($infoType == 'unauthorized') {
             $array_b = $xml->getElementsByTagName('AuthorizerAppid');
             $AuthorizerAppid = $array_b->item(0)->nodeValue;
             $where = array('type' => 1, 'appid' => $AuthorizerAppid);
             $save = array('authorizer_access_token' => '', 'authorizer_refresh_token' => '', 'authorizer_expires' => 0);
             M('Wxuser')->where($where)->save($save);
         } else {
             if ($infoType == 'component_verify_ticket') {
                 $array_e = $xml->getElementsByTagName('ComponentVerifyTicket');
                 $component_verify_ticket = $array_e->item(0)->nodeValue;
                 if (M('Weixin_account')->where(array('type' => 1))->save(array('component_verify_ticket' => $component_verify_ticket, 'date_time' => time()))) {
                     echo 'success';
                 }
             }
         }
     }
 }
Example #6
0
 /**
  * Display a listing of the resource.
  *
  * @return \Illuminate\Http\Response
  */
 public function index($msg_signature, $timestamp, $nonce)
 {
     //
     $msg_signature = urldecode($msg_signature);
     $timestamp = urldecode($timestamp);
     $nonce = urldecode($nonce);
     $echostr = I('echostr');
     $echostr = urldecode($echostr);
     if ($echostr) {
         //验证签名
         if (QyHelper::isSigValid($msg_signature, $this->token, $timestamp, $nonce, $echostr)) {
             $prpcrypt = new Prpcrypt($this->aeskey);
             //解密
             $content = $prpcrypt->decrypt($echostr, $this->corpid);
             if ($prpcrypt->isSuccess()) {
                 Yii::$app->response->format = Response::FORMAT_RAW;
                 \Yii::$app->response->data = $content;
                 return \Yii::$app->response;
             } else {
                 $prpcrypt->printErr();
             }
         } else {
             echo '应用签名校验失败,请检查网站、token、aeskey等配置';
         }
     } else {
         $msg_xml = I('xml');
         if (empty($msg_xml)) {
             $msg_xml = file_get_contents("php://input");
         }
         if (empty($msg_xml)) {
             $msg_xml = $GLOBALS["HTTP_RAW_POST_DATA"];
         }
         $msg = QyHelper::decryptMsg($msg_xml, $this->aeskey, $this->corpid);
         //TODO:后续需要完善,消息接收与推送这块的功能
         //这里需要能区分是哪个租户的哪个应用发来的消息
         //            Yii::warning('记录交互信息:'.$msg,'wx'.__LINE__);
     }
 }
Example #7
0
 /**
  *
  * 回复微信服务器, 此函数支持链式操作
  * Example: $this->text('msg tips')->reply();
  * @param string $msg 要发送的信息, 默认取$this->_msg
  * @param bool $return 是否返回信息而不抛出到浏览器 默认:否
  */
 public function reply($msg = array(), $return = false)
 {
     if (empty($msg)) {
         if (empty($this->_msg)) {
             //防止不先设置回复内容,直接调用reply方法导致异常
             return false;
         }
         $msg = $this->_msg;
     }
     $xmldata = $this->xml_encode($msg);
     $this->log($xmldata);
     if ($this->encrypt_type == 'aes') {
         //如果来源消息为加密方式
         $pc = new Prpcrypt($this->encodingAesKey);
         $array = $pc->encrypt($xmldata, $this->appid);
         $ret = $array[0];
         if ($ret != 0) {
             $this->log('encrypt err!');
             return false;
         }
         $timestamp = time();
         $nonce = rand(77, 999) * rand(605, 888) * rand(11, 99);
         $encrypt = $array[1];
         $tmpArr = array($this->token, $timestamp, $nonce, $encrypt);
         //比普通公众平台多了一个加密的密文
         sort($tmpArr, SORT_STRING);
         $signature = implode($tmpArr);
         $signature = sha1($signature);
         $xmldata = $this->generate($encrypt, $signature, $timestamp, $nonce);
         $this->log($xmldata);
     }
     if ($return) {
         return $xmldata;
     } else {
         echo $xmldata;
     }
 }
Example #8
0
 /**
  * 检验消息的真实性,并且获取解密后的明文.
  * <ol>
  *    <li>利用收到的密文生成安全签名,进行签名验证</li>
  *    <li>若验证通过,则提取xml中的加密消息</li>
  *    <li>对消息进行解密</li>
  * </ol>
  *
  * @param $msgSignature string 签名串,对应URL参数的msg_signature
  * @param $timestamp string 时间戳 对应URL参数的timestamp
  * @param $nonce string 随机串,对应URL参数的nonce
  * @param $postData string 密文,对应POST请求的数据
  * @param &$msg string 解密后的原文,当return返回0时有效
  *
  * @return int 成功0,失败返回对应的错误码
  */
 public function DecryptMsg($sMsgSignature, $sTimeStamp = null, $sNonce, $sPostData, &$data)
 {
     if (strlen($this->m_sEncodingAesKey) != 43) {
         return ErrorCode::$IllegalAesKey;
     }
     $pc = new Prpcrypt($this->m_sEncodingAesKey);
     //提取密文
     $xmlparse = new XMLParse();
     $array = $xmlparse->extract($sPostData);
     $ret = $array[0];
     if ($ret != 0) {
         return $ret;
     }
     if ($sTimeStamp == null) {
         $sTimeStamp = time();
     }
     $encrypt = $array[1];
     $touser_name = $array[2];
     //验证安全签名
     $sha1 = new SHA1();
     $array = $sha1->getSHA1($this->m_sToken, $sTimeStamp, $sNonce, $encrypt);
     $ret = $array[0];
     if ($ret != 0) {
         return $ret;
     }
     $signature = $array[1];
     if ($signature != $sMsgSignature) {
         return ErrorCode::$ValidateSignatureError;
     }
     $result = $pc->decrypt($encrypt, $this->m_sCorpid);
     if ($result[0] != 0) {
         return $result[0];
     }
     $sMsg = $result[1];
     $data = array();
     $xml = simplexml_load_string($sMsg, 'SimpleXMLElement', LIBXML_NOCDATA);
     $data = api_json_decode(api_json_encode($xml), TRUE);
     //        if($xml){
     //			foreach ($xml as $key => $value) {
     //				$data[$key] = mb_convert_encoding(strval($value),"GBK","UTF-8");;
     //			}
     //        }
     return ErrorCode::$OK;
 }
Example #9
0
 /**
  * 检验消息的真实性,并且获取解密后的明文.
  * <ol>
  *    <li>利用收到的密文生成安全签名,进行签名验证</li>
  *    <li>若验证通过,则提取xml中的加密消息</li>
  *    <li>对消息进行解密</li>
  * </ol>
  *
  * @param $msgSignature string 签名串,对应URL参数的msg_signature
  * @param $timestamp string 时间戳 对应URL参数的timestamp
  * @param $nonce string 随机串,对应URL参数的nonce
  * @param $postData string 密文,对应POST请求的数据
  * @param &$msg string 解密后的原文,当return返回0时有效
  *
  * @return int 成功0,失败返回对应的错误码
  */
 public function decryptMsg($msgSignature, $timestamp = null, $nonce, $postData, &$msg)
 {
     if (strlen($this->encodingAesKey) != 43) {
         return ErrorCode::$IllegalAesKey;
     }
     $pc = new Prpcrypt($this->encodingAesKey);
     //提取密文
     $array = Tool::extract_xml_data($postData);
     $ret = $array[0];
     if ($ret != 0) {
         return $ret;
     }
     if ($timestamp == null) {
         $timestamp = time();
     }
     $encrypt = $array[1];
     $touser_name = $array[2];
     //验证安全签名
     $array = Tool::getSHA1($this->token, $timestamp, $nonce, $encrypt);
     $ret = $array[0];
     if ($ret != 0) {
         return $ret;
     }
     $signature = $array[1];
     if ($signature != $msgSignature) {
         return ErrorCode::$ValidateSignatureError;
     }
     $result = $pc->decrypt($encrypt, $this->appId);
     if ($result[0] != 0) {
         return $result[0];
     }
     $msg = $result[1];
     return ErrorCode::$OK;
 }
Example #10
0
 /**
  * 检验消息的真实性,并且获取解密后的明文.
  * <ol>
  *    <li>利用收到的密文生成安全签名,进行签名验证</li>
  *    <li>若验证通过,则提取xml中的加密消息</li>
  *    <li>对消息进行解密</li>
  * </ol>
  *
  * @param $msgSignature string 签名串,对应URL参数的msg_signature
  * @param $timestamp string 时间戳 对应URL参数的timestamp
  * @param $nonce string 随机串,对应URL参数的nonce
  * @param $postData string 密文,对应POST请求的数据
  * @param &$msg string 解密后的原文,当return返回0时有效
  *
  * @return int 成功0,失败返回对应的错误码
  */
 public function DecryptMsg($sMsgSignature, $sTimeStamp = null, $sNonce, $sPostData, &$sMsg)
 {
     if (strlen($this->m_sEncodingAesKey) != 43) {
         return ErrorCode::$IllegalAesKey;
     }
     $pc = new Prpcrypt($this->m_sEncodingAesKey);
     //提取密文
     $xmlparse = new XMLParse();
     $array = $xmlparse->extract($sPostData);
     $ret = $array[0];
     if ($ret != 0) {
         return $ret;
     }
     if ($sTimeStamp == null) {
         $sTimeStamp = time();
     }
     $encrypt = $array[1];
     $touser_name = $array[2];
     //验证安全签名
     $sha1 = new SHA1();
     $array = $sha1->getSHA1($this->m_sToken, $sTimeStamp, $sNonce, $encrypt);
     $ret = $array[0];
     if ($ret != 0) {
         return $ret;
     }
     $signature = $array[1];
     if ($signature != $sMsgSignature) {
         return ErrorCode::$ValidateSignatureError;
     }
     $result = $pc->decrypt($encrypt, $this->m_sCorpid);
     if ($result[0] != 0) {
         return $result[0];
     }
     $sMsg = $result[1];
     return ErrorCode::$OK;
 }
Example #11
0
<?php

include_once "request.php";
$action = @get("action");
$source = @post("source");
$aesKey = @post("key");
$no = @post("no");
if (isset($source)) {
    $pc = new Prpcrypt($aesKey);
    if ($action == "encrypt") {
        $result = $pc->encrypt($source, $no);
    } else {
        $result = $pc->decrypt($source);
        // var_dump($result);
    }
    $response = array("success" => true, "result" => $result);
    printf(json_encode($response));
}
/**
 * PKCS7Encoder class
 *
 * 提供基于PKCS7算法的加解密接口.
 */
class PKCS7Encoder
{
    public static $block_size = 32;
    /**
     * 对需要加密的明文进行填充补位
     * @param $text 需要进行填充补位操作的明文
     * @return 补齐明文字符串
     */
Example #12
0
 * 3. 对于第三方托管平台,代理的公众号的事件微信会推送到包含/$APPID$的地址中,
 * 这时只需在该地址的处理中require 本文件即可。并把地址上的APPID取出来放在$APPID变量中
 * 这时消息中$APPID既是appid,可以用它区分是那个公众号
 */
chdir(dirname(__FILE__));
//把工作目录切换到文件所在目录
include_once dirname(__FILE__) . '/__config__.php';
//Token 验证,微信验证主体身份。如果是第三方平台,则不存在token验证
if (!$GLOBALS["HTTP_RAW_POST_DATA"]) {
    if (YDWX_WEIXIN_ACCOUNT_TYPE == YDWX_WEIXIN_ACCOUNT_TYPE_CROP) {
        //企业号的url验证
        $signature = $_GET["msg_signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];
        $echostr = $_GET["echostr"];
        $pc = new Prpcrypt(YDWX_WEIXIN_ENCODING_AES_KEY);
        $sha1 = new SHA1();
        $array = $sha1->getSHA1(YDWX_WEIXIN_TOKEN, $timestamp, $nonce, $echostr);
        $ret = $array[0];
        if ($ret != 0) {
            die;
        }
        $signature = $array[1];
        if ($signature != $signature) {
            die;
        }
        $result = $pc->decrypt($echostr, YDWX_WEIXIN_CROP_ID);
        if ($result[0] != 0) {
            die;
        }
        echo $result[1];