PHP解决微信公众号网页授权域名只能填写一个的问题
现在我只有一个公众号,由于业务需要,我在不同的场景下不同的域名都使用这个公众号,而且都需要获取用户信息。但是网页授权域名只能填写一个,并且只有回调地址的域名与该设置完全相同,才能成功发起微信授权,否则就会提示rediret_uri参数错误。
实现方法如下:
1.在公众号后台设置一个授权回调页面域名,比如叫:wxzz.hysh.xdjst.com,我们可以称其为代理域名。
2.在 wxzz.hysh.xdjst.com 指向的网站根目录下部署一个wxindex.php文件。
wxindex.php内容如下:
<?php
function is_HTTPS()
{
if (!isset($_SERVER['HTTPS'])) return FALSE;
if ($_SERVER['HTTPS'] === 1) { //Apache
return TRUE;
} elseif ($_SERVER['HTTPS'] === 'on') { //IIS
return TRUE;
} elseif ($_SERVER['SERVER_PORT'] == 443) { //其他
return TRUE;
}
return FALSE;
}
function getDomain()
{
$server_name = $_SERVER['SERVER_NAME'];
if (strpos($server_name, 'www.') !== false) {
return substr($server_name, 4);
}
return $server_name;
}
$appid = '';
$scope = 'snsapi_login';
$state = '';
$code = '';
$redirect_uri = '';
$device = '';
$protocol = '';
if (is_HTTPS()) {
$protocol = 'https';
} else {
$protocol = 'http';
}
if (isset($_GET['device'])) {
$device = $_GET['device'];
}
if (isset($_GET['appid'])) {
$appid = $_GET['appid'];
}
if (isset($_GET['state'])) {
$state = $_GET['state'];
}
if (isset($_GET['redirect_uri'])) {
$redirect_uri = $_GET['redirect_uri'];
}
if (isset($_GET['code'])) {
$code = $_GET['code'];
}
if (isset($_GET['scope'])) {
$scope = $_GET['scope'];
}
if ($code == 'test') {
exit;
}
if (empty($code)) {
$authUrl = '';
if ($device == 'pc') {
$authUrl = 'https://open.weixin.qq.com/connect/qrconnect';
} else {
$authUrl = 'https://open.weixin.qq.com/connect/oauth2/authorize';
}
$options = [
$authUrl,
'?appid=' . $appid,
'&redirect_uri=' . urlencode($protocol . '://' . $_SERVER['HTTP_HOST'] . '/'),
'&response_type=code',
'&scope=' . $scope,
'&state=' . $state,
'#wechat_redirect'
];
//把redirect_uri先写到cookie
header(implode('', [
"Set-Cookie: redirect_uri=",
urlencode($redirect_uri),
"; path=/; domain=",
getDomain(),
"; expires=" . gmstrftime("%A, %d-%b-%Y %H:%M:%S GMT", time() + 60),
"; Max-Age=" + 60,
"; httponly"
]));
header('Location: ' . implode('', $options));
} else {
if (isset($_COOKIE['redirect_uri'])) {
$back_url = urldecode($_COOKIE['redirect_uri']);
header('Location: ' . implode('', [
$back_url,
strpos($back_url, '?') ? '&' : '?',
'code=' . $code,
'&state=' . $state
]));
}
}
?>
工作原理如下:
(1)当你的其他域名需要发起微信授权时,将授权请求先发到代理域名wxzz.hysh.xdjst.com,然后wxzz.hysh.xdjst.com会把这个请求转发到微信服务器;
(2)当用户同意授权后,wxzz.hysh.xdjst.com会收到微信的授权回调,并把回调结果(code、state参数)原封不动地再返回给最开始发起授权的域名。
<?php
/**
* tpshop
* ============================================================================
* * 版权所有 2015-2027 深圳搜豹网络科技有限公司,并保留所有权利。
* 网站地址: http://www.tp-shop.cn
* ----------------------------------------------------------------------------
* 这不是一个自由软件!您只能在不用于商业目的的前提下对程序代码进行修改和使用 .
* 不允许对程序代码以任何形式任何目的的再发布。
* 如果商业用途务必到官方购买正版授权, 以免引起不必要的法律纠纷.
* ============================================================================
* $Author: IT宇宙人 2015-08-10 $
*/
namespace app\mobile\controller;
use think\Controller;
use think\Session;
class MobileBase extends Controller {
public $session_id;
public $weixin_config;
public $cateTrre = array();
public $tpshop_config = array();
public function __construct()
{
parent::__construct();
}
/*
* 初始化操作
*/
public function _initialize() {
// Session::start();
session('user');
header("Cache-control: private"); // history.back返回后输入框值丢失问题 参考文章 http://www.tp-shop.cn/article_id_1465.html http://blog.csdn.net/qinchaoguang123456/article/details/29852881
$this->session_id = session_id(); // 当前的 session_id
define('SESSION_ID',$this->session_id); //将当前的session_id保存为常量,供其它方法调用
// 判断当前用户是否手机
if(isMobile())
cookie('is_mobile','1',3600);
else
cookie('is_mobile','0',3600);
//微信浏览器
if(strstr($_SERVER['HTTP_USER_AGENT'],'MicroMessenger')){
$user_temp = session('user');
if (isset($user_temp['user_id']) && $user_temp['user_id']) {
$user = M('users')->where("user_id", $user_temp['user_id'])->find();
if (!$user) {
$_SESSION['openid'] = 0;
session('user', null);
}
}
}
$this->public_assign();
}
// 网页授权登录获取 OpendId
public function GetOpenid()
{
if($_SESSION['openid'])
return $_SESSION['openid'];
//通过code获得openid
if (!isset($_GET['code'])){
//触发微信返回code码
//$baseUrl = urlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING']);
$baseUrl = urlencode('http://shop.hysh.xdjst.com/mobile');
$url = $this->__CreateOauthUrlForCode($baseUrl); // 获取 code地址
Header("Location: $url"); // 跳转到微信授权页面 需要用户确认登录的页面
exit();
} else {
//上面获取到code后这里跳转回来
$code = $_GET['code'];
$data = $this->getOpenidFromMp($code);//获取网页授权access_token和用户openid
$data2 = $this->GetUserInfo($data['access_token'],$data['openid']);//获取微信用户信息
$data['nickname'] = empty($data2['nickname']) ? '微信用户' : trim($data2['nickname']);
$data['sex'] = $data2['sex'];
$data['head_pic'] = $data2['headimgurl'];
$data['subscribe'] = $data2['subscribe'];
$_SESSION['openid'] = $data['openid'];
$data['oauth'] = 'weixin';
if(isset($data2['unionid'])){
$data['unionid'] = $data2['unionid'];
}
return $data;
}
}
/**
* 获取当前的url 地址
* @return type
*/
private function get_url() {
$sys_protocal = isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == '443' ? 'https://' : 'http://';
$php_self = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$path_info = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '';
$relate_url = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $php_self.(isset($_SERVER['QUERY_STRING']) ? '?'.$_SERVER['QUERY_STRING'] : $path_info);
return $sys_protocal.(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '').$relate_url;
}
/**
*
* 通过code从工作平台获取openid机器access_token
* @param string $code 微信跳转回来带上的code
*
* @return openid
*/
public function GetOpenidFromMp($code)
{
//通过code获取网页授权access_token 和 openid 。网页授权access_token是一次性的,而基础支持的access_token的是有时间限制的:7200s。
//1、微信网页授权是通过OAuth2.0机制实现的,在用户授权给公众号后,公众号可以获取到一个网页授权特有的接口调用凭证(网页授权access_token),通过网页授权access_token可以进行授权后接口调用,如获取用户基本信息;
//2、其他微信接口,需要通过基础支持中的“获取access_token”接口来获取到的普通access_token调用。
$url = $this->__CreateOauthUrlForOpenid($code);
$ch = curl_init();//初始化curl
curl_setopt($ch, CURLOPT_TIMEOUT, 300);//设置超时
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,FALSE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$res = curl_exec($ch);//运行curl,结果以jason形式返回
$data = json_decode($res,true);
curl_close($ch);
return $data;
}
/**
*
* 通过access_token openid 从工作平台获取UserInfo
* @return openid
*/
public function GetUserInfo($access_token,$openid)
{
// 获取用户 信息
$url = $this->__CreateOauthUrlForUserinfo($access_token,$openid);
$ch = curl_init();//初始化curl
curl_setopt($ch, CURLOPT_TIMEOUT, 300);//设置超时
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,FALSE);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$res = curl_exec($ch);//运行curl,结果以jason形式返回
$data = json_decode($res,true);
curl_close($ch);
//获取用户是否关注了微信公众号, 再来判断是否提示用户 关注
if(!isset($data['unionid'])){
$access_token2 = $this->get_access_token();//获取基础支持的access_token
$url = "https://api.weixin.qq.com/cgi-bin/user/info?access_token=$access_token2&openid=$openid";
$subscribe_info = httpRequest($url,'GET');
$subscribe_info = json_decode($subscribe_info,true);
$data['subscribe'] = $subscribe_info['subscribe'];
}
return $data;
}
public function get_access_token(){
//判断是否过了缓存期
$expire_time = $this->weixin_config['web_expires'];
if($expire_time > time()){
return $this->weixin_config['web_access_token'];
}
$url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=wx7b469d2e7a49413a&secret=96632770f67e22e3f678d76e53229121";
$return = httpRequest($url,'GET');
$return = json_decode($return,1);
$web_expires = time() + 7140; // 提前60秒过期
M('wx_user')->where(array('id'=>$this->weixin_config['id']))->save(array('web_access_token'=>$return['access_token'],'web_expires'=>$web_expires));
return $return['access_token'];
}
/**
*
* 构造获取code的url连接
* @param string $redirectUrl 微信服务器回跳的url,需要url编码
*
* @return 返回构造好的url
*/
private function __CreateOauthUrlForCode($redirectUrl)
{
$urlObj["appid"] ='wx7b469d2e7a49413a';
$urlObj["redirect_uri"] = "$redirectUrl";
$urlObj["response_type"] = "code";
// $urlObj["scope"] = "snsapi_base";
$urlObj["scope"] = "snsapi_userinfo";
$urlObj["state"] = "STATE"."#wechat_redirect";
$bizString = $this->ToUrlParams($urlObj);
return "http://wxzz.hysh.xdjst.com/wxindex.php?".$bizString;
}//***这里是处理授权的地方***
/**
*
* 构造获取open和access_toke的url地址
* @param string $code,微信跳转带回的code
*
* @return 请求的url
*/
private function __CreateOauthUrlForOpenid($code)
{
$urlObj["appid"] = 'wx7b469d2e7a49413a';
$urlObj["secret"] ='96632770f67e22e3f678d76e53229121';
$urlObj["code"] = $code;
$urlObj["grant_type"] = "authorization_code";
$bizString = $this->ToUrlParams($urlObj);
return "https://api.weixin.qq.com/sns/oauth2/access_token?".$bizString;
}
/**
*
* 构造获取拉取用户信息(需scope为 snsapi_userinfo)的url地址
* @return 请求的url
*/
private function __CreateOauthUrlForUserinfo($access_token,$openid)
{
$urlObj["access_token"] = $access_token;
$urlObj["openid"] = $openid;
$urlObj["lang"] = 'zh_CN';
$bizString = $this->ToUrlParams($urlObj);
return "https://api.weixin.qq.com/sns/userinfo?".$bizString;
}
/**
*
* 拼接签名字符串
* @param array $urlObj
*
* @return 返回已经拼接好的字符串
*/
private function ToUrlParams($urlObj)
{
$buff = "";
foreach ($urlObj as $k => $v)
{
if($k != "sign"){
$buff .= $k . "=" . $v . "&";
}
}
$buff = trim($buff, "&");
return $buff;
}
public function ajaxReturn($data){
exit(json_encode($data));
}
}
只需要把上面的域名换成公众号开始配置的网页授权域名:例如http://wxzz.hysh.xdjst.com/wxindex.php
详细点的例子:
//第三方代理服务器授权登录
public function agencyInfoAuth($redirect_url){
//1.准备scope为snsapi_userInfo网页授权页面
$redirecturl = urlencode($redirect_url);
$snsapi_userInfo_url = 'http://wxzz.hysh.xdjst.com/index.php?appid='.$this->_appid.'&redirect_uri='.$redirecturl.'&response_type=code&scope=snsapi_userinfo&state=YQJ#wechat_redirect';
//2.用户手动同意授权,同意之后,获取code
//页面跳转至redirect_uri/?code=CODE&state=STATE
$code = $_GET['code'];
if( !isset($code) ){
header('Location:'.$snsapi_userInfo_url);
}
//3.通过code换取网页授权access_token
$curl = 'https://api.weixin.qq.com/sns/oauth2/access_token?appid='.$this->_appid.'&secret='.$this->_appsecret.'&code='.$code.'&grant_type=authorization_code';
$content = $this->_request($curl);
$result = json_decode($content);
//4.通过access_token和openid拉取用户信息
$webAccess_token = $result->access_token;
$openid = $result->openid;
$userInfourl = 'https://api.weixin.qq.com/sns/userinfo?access_token='.$webAccess_token.'&openid='.$openid.'&lang=zh_CN ';
$recontent = $this->_request($userInfourl);
$userInfo = json_decode($recontent,true);
return $userInfo;
}
下面附上重要的index.php的代码。