The WeChat public platform provides a simple PHP sample code. Before further development, it is necessary for us to understand it in detail.
WeChat official website: http://mp.weixin.qq.com/mpres/htmledition/res/wx_sample.zip
The complete code is as follows:
<?php /** * wechat php test */ //define your token define("TOKEN", "weixin"); $wechatObj = new wechatCallbackapiTest(); $wechatObj->valid(); class wechatCallbackapiTest { public function valid() { $echoStr = $_GET["echostr"]; //valid signature , option if($this->checkSignature()){ echo $echoStr; exit; } } public function responseMsg() { //get post data, May be due to the different environments $postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; //extract post data if (!empty($postStr)){ $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); $fromUsername = $postObj->FromUserName; $toUsername = $postObj->ToUserName; $keyword = trim($postObj->Content); $time = time(); $textTpl = "<xml> <ToUserName><![CDATA[%s]]></ToUserName> <FromUserName><![CDATA[%s]]></FromUserName> <CreateTime>%s</CreateTime> <MsgType><![CDATA[%s]]></MsgType> <Content><![CDATA[%s]]></Content> <FuncFlag>0</FuncFlag> </xml>"; if(!empty( $keyword )) { $msgType = "text"; $contentStr = "Welcome to wechat world!"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; }else{ echo "Input something..."; } }else { echo ""; exit; } } private function checkSignature() { $signature = $_GET["signature"]; $timestamp = $_GET["timestamp"]; $nonce = $_GET["nonce"]; $token = TOKEN; $tmpArr = array($token, $timestamp, $nonce); sort($tmpArr); $tmpStr = implode( $tmpArr ); $tmpStr = sha1( $tmpStr ); if( $tmpStr == $signature ){ return true; }else{ return false; } } } ?>
3.1 Overall analysis
The original sample code is roughly divided into four parts:
3.2 Detailed analysis
3.2.1 Define TOKEN
define("TOKEN", "weixin");
define is a function used to assign values to constants. This sentence means assigning the constant value "TOKEN" to "weixin".
TOKEN is used for interactive security authentication. Developers can define it at will, and it must be the same as the one set in the public platform.
3.2.2 Declare a class
class wechatCallbackapiTest{
}
Declare a class wechatCallbackapiTest, which contains three methods (functions).
a. public function valid()
Used to send verification information to WeChat when applying to become a developer.
b. public function responseMsg()
Processing and replying to messages sent by users is also the most commonly used function. Almost all functions are implemented here.
<strong>responseMsg 函数详解:</strong> $postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; 接收微信公众平台发送过来的用户消息,该消息数据结构为XML,不是php默认的识别数据类型,因此这里用了$GLOBALS['HTTP_RAW_POST_DATA']来接收,同时赋值给了$postStr if (!empty($postStr)) 判断$postStr是否为空,如果不为空(接收到了数据),就继续执行下面的语句;如果为空,则跳转到与之相对应的else语句。 $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); 使用simplexml_load_string() 函数将接收到的XML消息数据载入对象$postObj中。这个严谨的写法后面还得加个判断是否载入成功的条件语句,不过不写也没事。 $fromUsername = $postObj->FromUserName; 将对象$postObj中的发送消息用户的OPENID赋值给$fromUsername变量 $toUsername = $postObj->ToUserName; 将对象$postObj中的公众账号的ID赋值给$toUsername变量 $keyword = trim($postObj->Content); trim() 函数从字符串的两端删除空白字符和其他预定义字符,这里就可以得到用户输入的关键词 $time = time(); time() 函数返回当前时间的 Unix 时间戳,即自从 Unix 纪元(格林威治时间 1970 年 1 月 1 日 00:00:00)到当前时间的秒数。 $textTpl = "<xml> <ToUserName><![CDATA[%s]]></ToUserName> <FromUserName><![CDATA[%s]]></FromUserName> <CreateTime>%s</CreateTime> <MsgType><![CDATA[%s]]></MsgType> <Content><![CDATA[%s]]></Content> <FuncFlag>0</FuncFlag> </xml>"; 存放微信输出内容的模板 if(!empty( $keyword )) 判断$keyword是否为空,不为空则继续执行下面的语句;如果为空,则跳转到与之相对应的else语句,即 echo "Input something..."; $msgType = "text"; 消息类型是文本类型 $contentStr = "Welcome to wechat world!"; 回复的消息内容 $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); 使用sprintf() 函数将格式化的数据写入到变量中去; $fromUsername, $toUsername, $time, $msgType, $contentStr 分别顺序替换模板里“%s”位置,也即是“$resultStr”这个变量最后实际为:
echo $resultStr; //Output the reply message
c. private function checkSignature()
Developers verify the request by checking the signature (verification methods are listed below). If it is confirmed that this GET request comes from the WeChat server and the request returns the echostr parameter content as it is, the access will take effect, otherwise the access will fail.
The signature combines the token parameter filled in by the developer with the timestamp parameter and nonce parameter in the request.
加密/校验流程: 1. 将token、timestamp、nonce三个参数进行字典序排序 2. 将三个参数字符串拼接成一个字符串进行sha1加密 3. 开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
3.2.3 Create instance object
$wechatObj = new wechatCallbackapiTest();
3.2.4 Call class method verification
$wechatObj->valid();
Call the valid() method of the class to perform interface verification, and comment it out after the interface is set successfully.
The above is an analysis of the WeChat official sample code. If there are any incorrect explanations, experts are invited to point them out. In addition, this code is only a simple example code provided by the official. If complex development is required, developers are still required to rewrite this code according to a rigorous development model, which will be explained in subsequent tutorials.
WeChat official public platform API document: http://mp.weixin.qq.com/wiki/index.php