Use ThinkPHP as the backend for WeChat login

Y2J
Release: 2017-04-24 14:27:48
Original
3495 people have browsed it

Use ThinkPHP as the backend for WeChat login

WeChat Mini Program officials have given a very detailed login sequence diagram. Of course, for security reasons, signature encryption should be added.

WeChat applet

login: function(e) {
        var that = this;
        wx.login({
          success: function(res){
            var code = res.code;  //获取code
            wx.getUserInfo({  //得到rawData, signatrue, encryptData
              success: function(data){
                var rawData = data.rawData;
                var signature = data.signature;
                var encryptedData = data.encryptedData; 
                var iv = data.iv;
                wx.request({
                  url: '你自己的后台地址',
                  data: {
                    "code" : code,
                    "rawData" : rawData,
                    "signature" : signature,
                    'iv' : iv,
                    'encryptedData': encryptedData
                  },
                  method: 'GET', 
                  success: function(info){
                    console.log(info);
                  }
                })
              }
            })
          },
        })
    }
Copy after login
  1. Call wx.login to get the code.

  2. Call wx.getUserInfo to obtain the rawData, signatrue, and encryptData required for the signature.

  3. Initiate a request to send the obtained data to the background.


ThinkPHP backend

//开发者使用登陆凭证 code 获取 session_key 和 openid
$APPID = '';
$AppSecret = '';
$code = I('get.code');
$url="https://api.weixin.qq.com/sns/jscode2session?appid=".$APPID."&secret=".$AppSecret."&js_code=".$code."&grant_type=authorization_code";
$arr = vget($url);  // 一个使用curl实现的get方法请求
$arr = json_decode($arr,true);
$openid = $arr['openid'];
$session_key = $arr['session_key'];

// 数据签名校验
$signature = I('get.signature');
$signature2 = sha1($_GET['rawData'].$session_key);  //记住不应该用TP中的I方法,会过滤掉必要的数据
if ($signature != $signature2) {
    echo '数据签名验证失败!';die;
}

//开发者如需要获取敏感数据,需要对接口返回的加密数据( encryptedData )进行对称解密
Vendor("PHP.wxBizDataCrypt");  //加载解密文件,在官方有下载
$encryptedData = $_GET['encryptedData'];
$iv = $_GET['iv'];
$pc = new \WXBizDataCrypt($APPID, $session_key);
$errCode = $pc->decryptData($encryptedData, $iv, $data);  //其中$data包含用户的所有数据
if ($errCode != 0) {
    echo '解密数据失败!';die;
}

//生成第三方3rd_session
$session3rd  = null;
$strPol = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
$max = strlen($strPol)-1;
for($i=0;$i<16;$i++){
    $session3rd .=$strPol[rand(0,$max)];
}
echo $session3rd;
Copy after login
  1. Get session_key and openid based on login credentials code.

  2. Data signature verification.

  3. Data decryption.

  4. Generate third-party 3rd_session and return to WeChat applet.


The get method implemented by curl requests the method

public function vget($url){
    $info=curl_init();
    curl_setopt($info,CURLOPT_RETURNTRANSFER,true);
    curl_setopt($info,CURLOPT_HEADER,0);
    curl_setopt($info,CURLOPT_NOBODY,0);
    curl_setopt($info,CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($info,CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($info,CURLOPT_URL,$url);
    $output= curl_exec($info);
    curl_close($info);
    return $output;
}
Copy after login

The above is the detailed content of Use ThinkPHP as the backend for WeChat login. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template