index.php代码如下:
<?php /** * wechat php test */ //define your token require_once "common.php"; define("TOKEN", "twgdh"); $wechatObj = new wechatCallbackapiTest(); //当接入成功后,请注销这句话,否则,会反复验证。 //$wechatObj->valid(); //添加响应请求的语句 $wechatObj->responseMsg(); class wechatCallbackapiTest { public function valid() { $echoStr = $_GET["echostr"]; //valid signature , option if($this->checkSignature()){ echo $echoStr; exit; } } public function responseMsg() { //get post data, May be due to the different environments $postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; //extract post data if (!empty($postStr)){ /* libxml_disable_entity_loader is to prevent XML eXternal Entity Injection, the best way is to check the validity of xml by yourself */ // 使用simplexml技术对xml进行解析 // libxml_disable_entity_loader(true), 是从安全性考虑,为了防止xml外部注入, //只对xml内部实体内容进行解析 libxml_disable_entity_loader(true); //加载 postStr 字符串 $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); file_put_contents('abc.log', " ". $postStr, FILE_APPEND); $fromUsername = $postObj->FromUserName; file_put_contents('abc.log', " ". $fromUsername, FILE_APPEND); $toUsername = $postObj->ToUserName; file_put_contents('abc.log', " ". $toUsername, FILE_APPEND); $keyword = trim($postObj->Content); $time = time(); global $tmp_arr; //根据接收到的消息类型,来进行分支处理(switch) switch($postObj->MsgType) { case 'event': if($postObj->Event == 'subscribe') { $contentStr = "欢迎关注leigood微信测试号噢"; $resultStr = sprintf($tmp_arr['text'], $fromUsername, $toUsername, $time, $contentStr); echo $resultStr; } break; case 'text': //回复文本模块 //必须是以“图片”开头,后面并且是以数字结尾 if(preg_match("/^图片([0-9][0-9]*)$/u",$keyword,$matches)){ $connect = mysql_connect('localhost','root','root'); mysql_select_db('wxdb',$connect); mysql_query('set names utf8'); $matches = array(); preg_match("/^图片([0-9][0-9]*)$/u",$keyword,$matches); $sql = "select media_id from keep_image_uploads where id=$matches[1]"; $res = mysql_query($sql,$connect); if($row = mysql_fetch_assoc($res)){ //先取出么media_id $media_id = $row['media_id']; $resultStr = sprintf($tmp_arr['image'], $fromUsername, $toUsername, $time, $media_id); echo $resultStr; }else{ $contentStr = '该图片还没上传噢!'; $resultStr = sprintf($tmp_arr['text'], $fromUsername, $toUsername, $time, $contentStr); echo $resultStr; } }else{ $contentStr = '您输入的格式有误'; $resultStr = sprintf($tmp_arr['text'], $fromUsername, $toUsername, $time, $contentStr); echo $resultStr; } break; case 'image': //处理用户上传图片 $media_id = $postObj -> MediaId; //获取到用户上传的图片的mediaid $resultStr = sprintf($tmp_arr['image'], $fromUsername, $toUsername, $time, $media_id); echo $resultStr; //将图片保存到本地服务器的文件系统 //1.先给图片创建一个名字 $image_file_name = time().'.jpg'; //2.获取该图片的内容 $image_file = file_get_contents($postObj->PicUrl); //3.保存到本地服务器的文件系统 //提醒:一定要保证您创建的文件夹是www用户可读可写,否则无法保存该图片到文件夹下 file_put_contents("./uploadimage/".$image_file_name,$image_file); //将图片的路径和相关信息入库 //1.创建一张表 //2.链接mysql数据库,并且添加图片信息 $connect = mysql_connect('localhost','root','root'); mysql_select_db('wxdb',$connect); mysql_query('set names utf8'); $media_path = "./uploadimage/".$image_file_name; //路径 $sql = "insert into keep_image_uploads (id,openid,media_id,media_path) values(NULL,'{$fromUsername}','{$media_id}','{$media_path}')"; mysql_query($sql,$connect); break; case 'voice': //处理用户上传语言的业务逻辑 $media_id = $postObj -> MediaId; //获取media_id的id号 $resultStr = sprintf($tmp_arr['voice'], $fromUsername, $toUsername, $time, $media_id); echo $resultStr; break; case 'location': //处理用户上传的地理位置信息 $Location_X = $postObj -> Location_X; //获取上传地理位置的纬度 $Location_Y = $postObj -> Location_Y; //获取上传地地理位置经度 $contentStr = "您上报的地理位置是: 经度是:{$Location_Y} 纬度是: {$Location_X}"; $resultStr = sprintf($tmp_arr['text'], $fromUsername, $toUsername, $time, $contentStr); echo $resultStr; break; } }else { echo ""; exit; } } private function checkSignature() { // you must define TOKEN by yourself if (!defined("TOKEN")) { throw new Exception('TOKEN is not defined!'); } $signature = $_GET["signature"]; $timestamp = $_GET["timestamp"]; $nonce = $_GET["nonce"]; $token = TOKEN; $tmpArr = array($token, $timestamp, $nonce); // use SORT_STRING rule sort($tmpArr, SORT_STRING); $tmpStr = implode( $tmpArr ); $tmpStr = sha1( $tmpStr ); if( $tmpStr == $signature ){ return true; }else{ return false; } } } ?>
common.php代码如下:
<?php $tmp_arr = array( 'text' => <<<XML <xml> <ToUserName><![CDATA[%s]]></ToUserName> <FromUserName><![CDATA[%s]]></FromUserName> <CreateTime>%s</CreateTime> <MsgType><![CDATA[text]]></MsgType> <Content><![CDATA[%s]]></Content> <FuncFlag>0</FuncFlag> </xml> XML , 'image'=> <<<XML <xml> <ToUserName><![CDATA[%s]]></ToUserName> <FromUserName><![CDATA[%s]]></FromUserName> <CreateTime>%s</CreateTime> <MsgType><![CDATA[image]]></MsgType> <Image> <MediaId><![CDATA[%s]]></MediaId> </Image> </xml> XML , 'voice'=> <<<XML <xml> <ToUserName><![CDATA[%s]]></ToUserName> <FromUserName><![CDATA[%s]]></FromUserName> <CreateTime>%s</CreateTime> <MsgType><![CDATA[voice]]></MsgType> <Voice> <MediaId><![CDATA[%s]]></MediaId> </Voice> </xml> XML );