小程序代码
php代码
public function login2()
{
$post = input();
if (!empty($post)) {
$appid = $this->wxappid;
$secret = $this->wxsecret;
if(isset($post[\'code\'])) $code = $post[\'code\'];
if(isset($post[\'iv\'])) $iv = $post[\'iv\'];
if(isset($post[\'rawData\'])) $rawData = $post[\'rawData\'];
if(isset($post[\'signature\'])) $signature = $post[\'signature\'];
if(isset($post[\'encryteData\'])) $encryptedData = $post[\'encryteData\'];
$url = "https://api.weixin.qq.com/sns/jscode2session?appid=" . $appid . "&secret=" . $secret . "&js_code=" . $code . "&grant_type=authorization_code";
$weixin = file_get_contents($url);
$jsondecode = json_decode($weixin);
$res = get_object_vars($jsondecode);
$sessionKey = $res[\'session_key\'];//取出json里对应的值
// 验证签名
$signature2 = sha1(htmlspecialchars_decode($rawData) . $sessionKey);
if ($signature2 !== $signature) return json("signNotMatch");
$data = [];
$errCode = $this->decryptData($encryptedData, $iv, $sessionKey, $data);
if ($errCode == 0) {
return $data;
} else {
return json(\'获取失败\');
}
}
}
public function decryptData( $encryptedData, $iv,$sessionKey, &$data )
{
if (strlen($sessionKey) != 24) {
return json(\'sessionKey错误\');
}
$aesKey=base64_decode($sessionKey);
if (strlen($iv) != 24) {
return json(\'iv错误\');
}
$aesIV=base64_decode($iv);
$aesCipher=base64_decode($encryptedData);
$result=openssl_decrypt( $aesCipher, "AES-128-CBC", $aesKey, 1, $aesIV);
$dataObj=json_decode( $result );
if( $dataObj == NULL )
{
return json(\'IllegalBuffer错误\');
}
if( $dataObj->watermark->appid != $this->wxappid )
{
return json(\'IllegalBuffer错误\');
}
$data = $result;
return $data;
}