一.
授权流程
1. 接收component_verify_ticket:
[1]微信服务器每隔10分钟会向第三方的消息接收地址推送一次component_verify_ticket,拿到后需要在本地做好存储;
[2]微信第三方平台的消息是加密的(下图),需要进行解密才能获取需要的信息;
[3]接收并解密消息,代码如下:
[php] view plain copy
- /**
- * 授权事件接收URL
- */
- public function msg() {
- import("@.ORG.ArrayTool");
- import("@.ORG.Weixincrypt.WXBizMsgCrypt");
- $timestamp = empty($_GET ['timestamp']) ? '' : trim($_GET ['timestamp']);
- $nonce = empty($_GET ['nonce']) ? '' : trim($_GET ['nonce']);
- $msgSign = empty($_GET ['msg_signature']) ? '' : trim($_GET ['msg_signature']);
- $signature = empty($_GET ['signature']) ? '' : trim($_GET ['signature']);
- $encryptType = empty($_GET ['encrypt_type']) ? '' : trim($_GET ['encrypt_type']);
- $encryptMsg = file_get_contents('php://input');
- $wxData = C("platform_setting");
- $encodingAesKey = $wxData['encodingAesKey'];
- $token = $wxData['token'];
- $appId = $wxData['appId'];
- $Wxcrypt = new WXBizMsgCrypt($token, $encodingAesKey, $appId);
- $postArr = ArrayTool::xml2array($encryptMsg);
- $format = "<xml><ToUserName><![CDATA[toUser]]></ToUserName><Encrypt><![CDATA[%s]]></Encrypt></xml>";
- $fromXml = sprintf($format, $postArr['Encrypt']);
- //第三方收到公众号平台发送的消息
- $msg = '';
- $errCode = $Wxcrypt->decryptMsg($msgSign, $timestamp, $nonce, $fromXml, $msg); // 解密
- if ($errCode == 0) {
- $param = ArrayTool::xml2array($msg);
- switch ($param['InfoType']) {
- case 'component_verify_ticket' : // 授权凭证
- $componentVerifyTicket = $param['ComponentVerifyTicket'];
- S('component_verify_ticket_' . $appId, $componentVerifyTicket);
- break;
- case 'unauthorized' : // 取消授权
- break;
- case 'authorized' : // 授权
- break;
- case 'updateauthorized' : // 更新授权
- break;
- }
- }
- exit("success");
- }
2.获取component_access_token:
[1]每个令牌是存在有效期(2小时)的,且令牌的调用不是无限制的,请第三方平台做好令牌的管理,在令牌快过期时(比如1小时50分)再进行刷新。所以要对component_access_token做好本地缓存,代码如下:
[php] view plain copy
- $wxData = C("setting");
- //1. 取得component_verify_ticket
- $vt = S('component_verify_ticket_' . $wxData['appId']);
- $at = S('component_access_token_' . $wxData['appId']);
- //2. 获取第三方平台component_access_token
- if (empty($at) && !empty($vt)) {
- $url2 = "https://api.weixin.qq.com/cgi-bin/component/api_component_token";
- $post = array();
- $post['component_appid'] = $wxData['appId'];
- $post['component_appsecret'] = $wxData['appSecret'];
- $post['component_verify_ticket'] = $vt;
- $return2 = $this->curlPost($url2, $post);
- if (isset($return2['component_access_token'])) {
- $at = $return2['component_access_token'];
- S('component_access_token_' . $wxData['appId'], $at, 6600); //缓存1小时50分钟 = 6600秒
- } else {
- return false;
- }
- }
3.获取pre_auth_code(注意这是预授权码,不是授权码):
[php] view plain copy
- $wxData = C('platform_setting');
- $appId = $wxData['appId'];
- $HT = new HttpTool();
- $at = $HT->getComponentAccessToken();
- if ($at) {
- //3.获取预授权码pre_auth_code
- $url3 = "https://api.weixin.qq.com/cgi-bin/component/api_create_preauthcode?component_access_token={$at}";
- $post = array();
- $post['component_appid'] = $appId;
- $return3 = $HT->curlPost($url3, $post);
- if (isset($return3['pre_auth_code'])) {
- $preauthcode = $return3['pre_auth_code'];
- $redirectUrl = C('site_url') . U("User/App/setauth", array('uid' => $uid));
- $weixinUrl = "https://mp.weixin.qq.com/cgi-bin/componentloginpage?component_appid={$appId}&pre_auth_code={$preauthcode}&redirect_uri={$redirectUrl}";
- redirect($weixinUrl);
- exit;
- }
- }
- $this->error("亲, 授权失败了!");
4.使用授权码换取公众号的接口调用凭据和授权信息:
[php] view plain copy
- //1. 使用授权码换取公众号的接口调用凭据和授权信息
- import("@.ORG.HttpTool");
- $HT = new HttpTool();
- $wxData = C('platform_setting');
- $caccessToken = $HT->getComponentAccessToken();
- $url1 = "https://api.weixin.qq.com/cgi-bin/component/api_query_auth?component_access_token={$caccessToken}";
- $post = array();
- $post['component_appid'] = $wxData['appId'];
- $post['authorization_code'] = $authcode;
- $return = $HT->curlPost($url1, $post);
- if (isset($return['authorization_info'])) {
- $authinfo = $return['authorization_info'];
- $authid = $authinfo['authorizer_appid'];
- $accessToken = $authinfo['authorizer_access_token'];
- $refreshToken = $authinfo['authorizer_refresh_token'];
- //$funcInfo = $authinfo['func_info'];
- //2. 获取授权方的公众号帐号基本信息
- $url2 = "https://api.weixin.qq.com/cgi-bin/component/api_get_authorizer_info?component_access_token={$caccessToken}";
- $post = array();
- $post['component_appid'] = $wxData['appId'];
- $post['authorizer_appid'] = $authid;
- $return2 = $HT->curlPost($url2, $post);
- if (isset($return2['authorizer_info'])) {
- $wxinfo = $return2['authorizer_info'];
- $fcinfo = $return2['authorization_info'];
- $Wxuser = M("Wxuser");
- //是否已经存在
- $extFilter = array();
- $wxuser['uid'] = $uid;
- $extFilter['auth_appid'] = $fcinfo['authorizer_appid'];
- $isExt = $Wxuser->where($extFilter)->find();
- $wxuser = array();
- $wxuser['uid'] = $uid;
- $wxuser['token'] = $this->getToken();
- $wxuser['wxid'] = $wxinfo['user_name']; //原始ID
- $wxuser['wxname'] = $wxinfo['nick_name']; //昵称
- $wxuser['weixin_type'] = $wxinfo['service_type_info']['id']; //微信类型 授权方公众号类型,0代表订阅号,1代表由历史老帐号升级后的订阅号,2代表服务号
- $wxuser['weixin'] = $wxinfo['alias']; //微信号
- $wxuser['headerpic'] = $wxinfo['head_img']; //头像
- $wxuser['bind_type'] = 1;
- $wxuser['auth_appid'] = $fcinfo['authorizer_appid'];
- $wxuser['auth_access_token'] = $accessToken;
- $wxuser['auth_refresh_token'] = $refreshToken;
- $wxuser['auth_functions'] = json_encode($fcinfo['func_info']);
- $wxuser['auth_business_info'] = json_encode($wxinfo['business_info']);
- $wxuser['create_time'] = time();
- if ($isExt) {
- $sign = $Wxuser->where($extFilter)->save($wxuser);
- } else {
- $sign = $Wxuser->add($wxuser);
- if ($sign) {
- //添加功能模块
- $this->addfc($wxuser['token']);
- //记录公众号数量
- M('Users')->where(array('id' => $uid))->setInc('wechat_card_num');
- }
- }
- if ($sign) {
- redirect(C("site_url") . U('User/Index/index'));
- }
- }
- }
- $this->error("亲,获取授权信息失败!", U('User/Index/index'));
二. 全网发布
代码如下:
[php] view plain copy
- /**
- * 公众号消息与事件接收URL
- */
- public function index() {
- $timestamp = empty($_GET['timestamp']) ? '' : trim($_GET['timestamp']);
- $nonce = empty($_GET['nonce']) ? '' : trim($_GET ['nonce']);
- $msgSign = empty($_GET['msg_signature']) ? '' : trim($_GET['msg_signature']);
- $signature = empty($_GET['signature']) ? '' : trim($_GET['signature']);
- $encryptType = empty($_GET['encrypt_type']) ? '' : trim($_GET['encrypt_type']);
- $openid = trim($_GET['openid']);
- import("@.ORG.ArrayUtil");
- import("@.ORG.Weixincrypt.WXBizMsgCrypt");
- $input = file_get_contents('php://input');
- $paramArr = ArrayUtil::xml2array($input);
- //$this->logPrint($paramArr);
- //$this->logPrint($_GET);
- //解密
- $wxData = C("platform_setting");
- $encodingAesKey = $wxData['encodingAesKey'];
- $token = $wxData['token'];
- $appId = $wxData['appId'];
- $Wxcrypt = new WXBizMsgCrypt($token, $encodingAesKey, $appId);
- $format = "<xml><ToUserName><![CDATA[toUser]]></ToUserName><Encrypt><![CDATA[%s]]></Encrypt></xml>";
- $fromXml = sprintf($format, $paramArr['Encrypt']);
- $errCode = $Wxcrypt->decryptMsg($msgSign, $timestamp, $nonce, $fromXml, $toXml); // 解密
- $this->logPrint($toXml);
- if ($errCode == 0) {
- $param = ArrayUtil::xml2array($toXml);
- $keyword = isset($param['Content']) ? trim($param['Content']) : '';
- // 案例1 - 发送事件
- if (isset($param['Event']) && $paramArr['ToUserName'] == 'gh_3c884a361561') {
- $contentStr = $param ['Event'] . 'from_callback';
- }
- // 案例2 - 返回普通文本
- elseif ($keyword == "TESTCOMPONENT_MSG_TYPE_TEXT") {
- $contentStr = "TESTCOMPONENT_MSG_TYPE_TEXT_callback";
- }
- // 案例3 - 返回Api文本信息
- elseif (strpos($keyword, "QUERY_AUTH_CODE:") !== false) {
- import("@.ORG.HttpTool");
- $authcode = str_replace("QUERY_AUTH_CODE:", "", $keyword);
- $contentStr = $authcode . "_from_api";
- $HT = new HttpTool();
- $authDetail = $HT->getAccessTokenByAuthCode($authcode);
- $accessToken = $authDetail['authorizer_access_token'];
- $HT->sendFansText($accessToken, $param['FromUserName'], $contentStr);
- //$tokenInfo = WechatOpenApiLogic::getAuthorizerAccessTokenByAuthCode($ticket);
- //$param ['authorizerAccessToken'] = $tokenInfo ['authorization_info'] ['authorizer_access_token'];
- //self::sendServiceMsg($param['FromUserName'], $param['ToUserName'], 1, $contentStr); // 客服消息接口
- return 1;
- }
- $result = '';
- if (!empty($contentStr)) {
- $xmlTpl = "<xml>
- <ToUserName><![CDATA[%s]]></ToUserName>
- <FromUserName><![CDATA[%s]]></FromUserName>
- <CreateTime>%s</CreateTime>
- <MsgType><![CDATA[text]]></MsgType>
- <Content><![CDATA[%s]]></Content>
- </xml>";
- $result = sprintf($xmlTpl, $param['FromUserName'], $param['ToUserName'], time(), $contentStr);
- if (isset($_GET['encrypt_type']) && $_GET['encrypt_type'] == 'aes') { // 密文传输
- $wxData = C("platform_setting");
- $msgCryptObj = new WXBizMsgCrypt($wxData['token'], $wxData['encodingAesKey'], $wxData['appId']);
- $encryptMsg = '';
- $msgCryptObj->encryptMsg($result, $_GET['timestamp'], $_GET['nonce'], $encryptMsg);
- $result = $encryptMsg;
- }
- }
- echo $result;
- }
- }