后端基本上是组装一些前端请求来的一些参数,再请求腾讯返回信息给前端
1、auth
前端传 code
<?php
header('Access-Control-Allow-Origin:*');
// 响应类型
header('Access-Control-Allow-Methods:POST');
// 响应头设置
header('Access-Control-Allow-Headers:x-requested-with,content-type');
header('Access-Control-Allow-Credentials: true');
//ie支持session
header('P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"');
$code = $_POST['code'];
$nick = $_POST['nick'];
$imgUrl = $_POST['avaurl'];
$sex = $_POST['sex'];
text($code,$nick,$imgUrl,$sex);
function text($code,$nick,$imgUrl,$sex)
{
//echo 'here';die();
/*
$code = $_GET['code'];//小程序传来的code值
$nick = $_GET['nick'];//小程序传来的用户昵称
$imgUrl = $_GET['avaurl'];//小程序传来的用户头像地址
$sex = $_GET['sex'];//小程序传来的用户性别
*/
$url = 'https://api.weixin.qq.com/sns/jscode2session?appid=wx79a47af4c6823509&secret=f2c50a98otesd3b5f606a3fbae43278&js_code=' . $code . '&grant_type=authorization_code';
//yourAppid为开发者appid.appSecret为开发者的appsecret,都可以从微信公众平台获取;
$info = file_get_contents($url);//发送HTTPs请求并获取返回的数据,推荐使用curl
$json = json_decode($info);//对json数据解码
$arr = get_object_vars($json);
$openid = $arr['openid'];
$session_key = $arr['session_key'];
echo json_encode($arr);
exit();
$con = mysqli_connect('localhost', 'root', '123');//连接数据库
if ($con) {
if (mysqli_select_db($con, 'students')) {
$sql1 = "select * from weixin where openid = '$openid'";
$result = mysqli_query($con, $sql1);
$result = mysqli_fetch_assoc($result);
if ($result!=null) {//如果数据库中存在此用户的信息,则不需要重新获取
$result = json_encode($result);
echo $result;
}
else {//没有则将数据存入数据库
if ($sex == '0') {
$sex = 'none';
} else {
$sex = '1' ? 'man' : 'women';
}
$sql = "insert into weixin values ('$nick','$openid','$session_key','$imgUrl','$sex')";
if (mysqli_query($con, $sql)) {
$arr['nick'] = $nick;
$arr['imgUrl'] = $imgUrl;
$arr['sex'] = $sex;
$arr = json_encode($arr);
echo $arr;
} else {
die('failed' . mysqli_error($con));
}
}
}
} else {
die(mysqli_error());
}
}
?>
2、前端传 code 、iv 、encryptedData到后端,后端解密,获取用户信息
3个文件 1、smallWx.php(主类) 2. wxBizDataCrypt.php(加载的解密类)3.errorCode.php ()
1、
<?php
header('Access-Control-Allow-Origin:*');
// 响应类型
header('Access-Control-Allow-Methods:POST');
// 响应头设置
header('Access-Control-Allow-Headers:x-requested-with,content-type');
header('Access-Control-Allow-Credentials: true');
//ie支持session
header('P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"');
include_once "wxBizDataCrypt.php";
$js_code = $_POST['code'];
$iv = $_POST['iv'];
$encryptedData = $_POST['encryptedData'];
$post_wx_url = "https://api.weixin.qq.com/sns/jscode2session?appid=wxxxxxxxxxxxx&secret=f2cxxxxxxxxxxxbae43278&js_code=$js_code&grant_type=authorization_code";
$data = array('data'=>''); //定义参数
$data = @http_build_query($data); //把参数转换成URL数据
$aContext = array('http' => array('method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => $data ));
$cxContext = stream_context_create($aContext);
$sUrl = $post_wx_url; //此处必须为完整路径
$d = @file_get_contents($sUrl,false,$cxContext);
$re_arr_d = json_decode($d,true);
// 将session_id和session_value存表
$sid = session_id();
$pc = new WXBizDataCrypt('wx79a47af4c6205509', $re_arr_d['session_key']);
$errCode = $pc->decryptData($encryptedData, $iv, $return_data );
if ($errCode == 0) {
//$return_data = json_decode($return_data,true);
echo $return_data;
}else{
echo json_encode(array('code'=>-200,"msg"=>'后端报错'));
}
2、
<?php
//namespace Home\Controller;
//namespace Qcloud\Sms;
/**
* 对微信小程序用户加密数据的解密示例代码.
*
* @copyright Copyright (c) 1998-2014 Tencent Inc.
*/
header('Access-Control-Allow-Origin:*');
// 响应类型
header('Access-Control-Allow-Methods:POST');
// 响应头设置
header('Access-Control-Allow-Headers:x-requested-with,content-type');
header('Access-Control-Allow-Credentials: true');
//ie支持session
header('P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"');
include_once "errorCode.php";
class WXBizDataCrypt
{
private $appid;
private $sessionKey;
/**
* 构造函数
* @param $sessionKey string 用户在小程序登录后获取的会话密钥
* @param $appid string 小程序的appid
*/
public function __construct( $appid, $sessionKey)
{
$this->sessionKey = $sessionKey;
$this->appid = $appid;
}
/**
* 检验数据的真实性,并且获取解密后的明文.
* @param $encryptedData string 加密的用户数据
* @param $iv string 与用户数据一同返回的初始向量
* @param $data string 解密后的原文
*
* @return int 成功0,失败返回对应的错误码
*/
public function decryptData( $encryptedData, $iv, &$data )
{
if (strlen($this->sessionKey) != 24) {
return ErrorCode::$IllegalAesKey;
}
$aesKey=base64_decode($this->sessionKey);
if (strlen($iv) != 24) {
return ErrorCode::$IllegalIv;
}
$aesIV=base64_decode($iv);
$aesCipher=base64_decode($encryptedData);
$result=openssl_decrypt( $aesCipher, "AES-128-CBC", $aesKey, 1, $aesIV);
$dataObj=json_decode( $result );
if( $dataObj == NULL )
{
return ErrorCode::$IllegalBuffer;
}
if( $dataObj->watermark->appid != $this->appid )
{
return ErrorCode::$IllegalBuffer;
}
$data = $result;
return ErrorCode::$OK;
}
}
3、
<?php
header('Access-Control-Allow-Origin:*');
// 响应类型
header('Access-Control-Allow-Methods:POST');
// 响应头设置
header('Access-Control-Allow-Headers:x-requested-with,content-type');
header('Access-Control-Allow-Credentials: true');
//ie支持session
header('P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"');
/**
* error code 说明.
* <ul>
* <li>-41001: encodingAesKey 非法</li>
* <li>-41003: aes 解密失败</li>
* <li>-41004: 解密后得到的buffer非法</li>
* <li>-41005: base64加密失败</li>
* <li>-41016: base64解密失败</li>
* </ul>
*/
class ErrorCode
{
public static $OK = 0;
public static $IllegalAesKey = -41001;
public static $IllegalIv = -41002;
public static $IllegalBuffer = -41003;
public static $DecodeBase64Error = -41004;
}
?>