接收消息服務器配置 URL填寫20201010 · 騰訊企業微信開發最佳實踐-新鼎云科技有限公司

http://weworkapi.taozhai.cn/callback/Sample.php D:\10weworkapi_php-master201010\callback\ Sample.php ![](https://img.kancloud.cn/e9/ce/e9ce575b13f061663cec879e2d74af9d_933x732.png) ``` <?php include_once "WXBizMsgCrypt.php"; $post000Str =file_get_contents('php://input'); log000ger($post000Str); log002ger( json_decode($post000Str)); log003encode(json_encode($post000Str) ); $post01Str =$_GET; log02ger($post01Str); $json_post001Str= json_encode($post01Str); $noxml_json_post01= str_replace( "xml", "\\", $json_post001Str ); log03ger($noxml_json_post01); log02ger($json_post001Str); $seri_post002Str=serialize($post01Str); log04ger($seri_post002Str); $noxml_seri_post02 = str_replace( "xml", "\\", $seri_post002Str); log05ger($noxml_seri_post02); //log02ger($seri_post002Str); // 假設企業號在公眾平臺上設置的參數如下 $encodingAesKey = "nvLjzSvnHKg33sGTtJ9k3UObvubun5W5SU4YKpPVUSn"; //"jWmYm7qr5nMoAUwZRjGtBxmz3KA1tkAj3ykkR6q2B2C"; $token = "weixin";//"QDG6eK"; $corpId = "wwa3fee80352b06bed"; //"wx5823bf96d3bd56c7"; /* ------------使用示例一：驗證回調URL--------------- *企業開啟回調模式時，企業號會向驗證url發送一個get請求假設點擊驗證時，企業收到類似請求： * GET /cgi-bin/wxpush?msg_signature=5c45ff5e21c57e6ad56bac8758b79b1d9ac89fd3&timestamp=1409659589&nonce=263014780&echostr=P9nAzCzyDtyTWESHep1vC5X9xho%2FqYX3Zpb4yKa9SKld1DsH3Iyt3tP3zNdtp%2B4RPcs8TgAE7OaBO%2BFZXvnaqQ%3D%3D * HTTP/1.1 Host: qy.weixin.qq.com 接收到該請求時，企業應 1.解析出Get請求的參數，包括消息體簽名(msg_signature)，時間戳(timestamp)，隨機數字串(nonce)以及公眾平臺推送過來的隨機加密字符串(echostr), 這一步注意作URL解碼。 2.驗證消息體簽名的正確性 3. 解密出echostr原文，將原文當作Get請求的response，返回給公眾平臺第2，3步可以用公眾平臺提供的庫函數VerifyURL來實現。 */ // $sVerifyMsgSig = HttpUtils.ParseUrl("msg_signature"); $sVerifyMsgSig = "5c45ff5e21c57e6ad56bac8758b79b1d9ac89fd3"; // $sVerifyTimeStamp = HttpUtils.ParseUrl("timestamp"); $sVerifyTimeStamp = "1409659589"; // $sVerifyNonce = HttpUtils.ParseUrl("nonce"); $sVerifyNonce = "263014780"; // $sVerifyEchoStr = HttpUtils.ParseUrl("echostr"); $sVerifyEchoStr = "P9nAzCzyDtyTWESHep1vC5X9xho/qYX3Zpb4yKa9SKld1DsH3Iyt3tP3zNdtp+4RPcs8TgAE7OaBO+FZXvnaqQ=="; // get the paramters $sVerifyMsgSig = $_GET['msg_signature']; $sVerifyTimeStamp = $_GET['timestamp']; $sVerifyNonce = $_GET['nonce']; $sVerifyEchoStr = $_GET['echostr']; // 需要返回的明文 $sEchoStr = ""; $sEchoStr= '<xml> <ToUserName><![CDATA[wwa3fee80352b06bed]]></ToUserName> <FromUserName><![CDATA[fromUser]]></FromUserName> <CreateTime>1348831860</CreateTime> <MsgType><![CDATA[text]]></MsgType> <Content><![CDATA[this234 is a test]]></Content> </xml>'; $sEchoStr = ""; $wxcpt = new WXBizMsgCrypt($token, $encodingAesKey, $corpId); $errCode = $wxcpt->VerifyURL($sVerifyMsgSig, $sVerifyTimeStamp, $sVerifyNonce, $sVerifyEchoStr, $sEchoStr); logger($sEchoStr); if ($errCode == 0) { echo $sEchoStr."\n"; // var_dump($sEchoStr); // // 驗證URL成功，將sEchoStr返回 // HttpUtils.SetResponce($sEchoStr); } else { // print("ERR: " . $errCode . "\n\n"); } /* ------------使用示例二：對用戶回復的消息解密--------------- 用戶回復消息或者點擊事件響應時，企業會收到回調消息，此消息是經過公眾平臺加密之后的密文以post形式發送給企業，密文格式請參考官方文檔假設企業收到公眾平臺的回調消息如下： POST /cgi-bin/wxpush? msg_signature=477715d11cdb4164915debcba66cb864d751f3e6&timestamp=1409659813&nonce=1372623149 HTTP/1.1 Host: qy.weixin.qq.com Content-Length: 613 <xml> <ToUserName><![CDATA[wx5823bf96d3bd56c7]]></ToUserName><Encrypt><![CDATA[RypEvHKD8QQKFhvQ6QleEB4J58tiPdvo+rtK1I9qca6aM/wvqnLSV5zEPeusUiX5L5X/0lWfrf0QADHHhGd3QczcdCUpj911L3vg3W/sYYvuJTs3TUUkSUXxaccAS0qhxchrRYt66wiSpGLYL42aM6A8dTT+6k4aSknmPj48kzJs8qLjvd4Xgpue06DOdnLxAUHzM6+kDZ+HMZfJYuR+LtwGc2hgf5gsijff0ekUNXZiqATP7PF5mZxZ3Izoun1s4zG4LUMnvw2r+KqCKIw+3IQH03v+BCA9nMELNqbSf6tiWSrXJB3LAVGUcallcrw8V2t9EL4EhzJWrQUax5wLVMNS0+rUPA3k22Ncx4XXZS9o0MBH27Bo6BpNelZpS+/uh9KsNlY6bHCmJU9p8g7m3fVKn28H3KDYA5Pl/T8Z1ptDAVe0lXdQ2YoyyH2uyPIGHBZZIs2pDBS8R07+qN+E7Q==]]></Encrypt> <AgentID><![CDATA[218]]></AgentID> </xml> 企業收到post請求之后應該 1.解析出url上的參數，包括消息體簽名(msg_signature)，時間戳(timestamp)以及隨機數字串(nonce) 2.驗證消息體簽名的正確性。 3.將post請求的數據進行xml解析，并將<Encrypt>標簽的內容進行解密，解密出來的明文即是用戶回復消息的明文，明文格式請參考官方文檔第2，3步可以用公眾平臺提供的庫函數DecryptMsg來實現。 */ // $sReqMsgSig = HttpUtils.ParseUrl("msg_signature"); $sReqMsgSig = "477715d11cdb4164915debcba66cb864d751f3e6"; // $sReqTimeStamp = HttpUtils.ParseUrl("timestamp"); $sReqTimeStamp = "1409659813"; // $sReqNonce = HttpUtils.ParseUrl("nonce"); $sReqNonce = "1372623149"; // get the paramters $sVerifyMsgSig = $_GET['msg_signature']; $sVerifyTimeStamp = $_GET['timestamp']; $sVerifyNonce = $_GET['nonce']; $sVerifyEchoStr = $_GET['echostr']; // post請求的密文數據 // $sReqData = HttpUtils.PostData(); $sReqData = "<xml><ToUserName><![CDATA[wwa3fee80352b06bed]]></ToUserName><Encrypt><![CDATA[RypEvHKD8QQKFhvQ6QleEB4J58tiPdvo+rtK1I9qca6aM/wvqnLSV5zEPeusUiX5L5X/0lWfrf0QADHHhGd3QczcdCUpj911L3vg3W/sYYvuJTs3TUUkSUXxaccAS0qhxchrRYt66wiSpGLYL42aM6A8dTT+6k4aSknmPj48kzJs8qLjvd4Xgpue06DOdnLxAUHzM6+kDZ+HMZfJYuR+LtwGc2hgf5gsijff0ekUNXZiqATP7PF5mZxZ3Izoun1s4zG4LUMnvw2r+KqCKIw+3IQH03v+BCA9nMELNqbSf6tiWSrXJB3LAVGUcallcrw8V2t9EL4EhzJWrQUax5wLVMNS0+rUPA3k22Ncx4XXZS9o0MBH27Bo6BpNelZpS+/uh9KsNlY6bHCmJU9p8g7m3fVKn28H3KDYA5Pl/T8Z1ptDAVe0lXdQ2YoyyH2uyPIGHBZZIs2pDBS8R07+qN+E7Q==]]></Encrypt><AgentID><![CDATA[218]]></AgentID></xml>"; $sMsg = ""; // 解析之后的明文 $sEchoStr= '<xml> <ToUserName><![CDATA[wwa3fee80352b06bed]]></ToUserName> <FromUserName><![CDATA[fromUser]]></FromUserName> <CreateTime>1348831860</CreateTime> <MsgType><![CDATA[text]]></MsgType> <Content><![CDATA[this234 is a test]]></Content> </xml>'; $sMsg = '<xml> <ToUserName><![CDATA[wwa3fee80352b06bed]]></ToUserName> <FromUserName><![CDATA[fromUser]]></FromUserName> <CreateTime>1348831860</CreateTime> <MsgType><![CDATA[text]]></MsgType> <Content><![CDATA[this234 is a test]]></Content> </xml>'; $errCode = $wxcpt->DecryptMsg($sReqMsgSig, $sReqTimeStamp, $sReqNonce, $sReqData, $sMsg); if ($errCode == 0) { // 解密成功，sMsg即為xml格式的明文 // echo $sMsg."\n"; // var_dump($sMsg); // TODO: 對明文的處理 /* "<xml><ToUserName><![CDATA[wx5823bf96d3bd56c7]]></ToUserName> <FromUserName><![CDATA[mycreate]]></FromUserName> <CreateTime>1409659813</CreateTime> <MsgType><![CDATA[text]]></MsgType> <Content><![CDATA[hello]]></Content> <MsgId>4561255354251345929</MsgId> <AgentID>218</AgentID> </xml>" */ } else { // print("ERR: " . $errCode . "\n\n"); //exit(-1); } /* ------------使用示例三：企業回復用戶消息的加密--------------- 企業被動回復用戶的消息也需要進行加密，并且拼接成密文格式的xml串。假設企業需要回復用戶的明文如下： <xml> <ToUserName><![CDATA[mycreate]]></ToUserName> <FromUserName><![CDATA[wx5823bf96d3bd56c7]]></FromUserName> <CreateTime>1348831860</CreateTime> <MsgType><![CDATA[text]]></MsgType> <Content><![CDATA[this is a test]]></Content> <MsgId>1234567890123456</MsgId> <AgentID>128</AgentID> </xml> 為了將此段明文回復給用戶，企業應： 1.自己生成時間時間戳(timestamp),隨機數字串(nonce)以便生成消息體簽名，也可以直接用從公眾平臺的post url上解析出的對應值。 2.將明文加密得到密文。 3.用密文，步驟1生成的timestamp,nonce和企業在公眾平臺設定的token生成消息體簽名。 4.將密文，消息體簽名，時間戳，隨機數字串拼接成xml格式的字符串，發送給企業號。以上2，3，4步可以用公眾平臺提供的庫函數EncryptMsg來實現。 */ // 需要發送的明文 //$sRespData = "<xml><ToUserName><![CDATA[terryDeZhuYaoWeiXinHao]]></ToUserName><FromUserName><![CDATA[wwa3fee80352b06bed]]></FromUserName><CreateTime>1348831860</CreateTime><MsgType><![CDATA[text]]></MsgType><Content><![CDATA[thi2s345 is a test]]></Content><MsgId>1234567890123456</MsgId><AgentID>1000003</AgentID></xml>"; //$sRespData = "<xml><ToUserName><![CDATA[terryDeZhuYaoWeiXinHao|DengJingSong]]></ToUserName><FromUserName><![CDATA[wwa3fee80352b06bed]]></FromUserName><CreateTime>1348831860</CreateTime><MsgType><![CDATA[text]]></MsgType><Content><![CDATA[this56789012345678921234567890123456789012345678951234567896123456789712345678981234567899123456789a123456789b123456789c123456789d123456789e123456789f]]></Content><MsgId>1234567890123456</MsgId><AgentID>1000003</AgentID></xml>"; $sRespData = "<xml><ToUserName><![CDATA[terryDeZhuYaoWeiXinHao]]></ToUserName><FromUserName><![CDATA[wwa3fee80352b06bed]]></FromUserName><CreateTime>1348831860</CreateTime><MsgType><![CDATA[text]]></MsgType><Content><![CDATA[this56789012345678921234567890123456789012345678951234567896123456789712345678981234567899123456789a123456789b123456789c123456789d123456789e123456789f123456789g123456789h123456789i123456789j]]></Content><MsgId>1234567890123456</MsgId><AgentID>1000003</AgentID></xml>"; $tmp_tim001= date('y/n/j_H:i:s', time()); $sRespData = '<xml><ToUserName><![CDATA[terryDeZhuYaoWeiXinHao]]></ToUserName><FromUserName><![CDATA[wwa3fee80352b06bed]]></FromUserName><CreateTime>1348831860</CreateTime><MsgType><![CDATA[text]]></MsgType><Content><![CDATA['; //$sRespData.=$tmp_tim001.':_GET[ '.$post01Str.'] json:_'.$json_post001Str.'] noxml:_'. $noxml_json_post01.']]></Content><MsgId>1234567890123456</MsgId><AgentID>1000003</AgentID></xml>'; $sRespData.=$tmp_tim001.' '.':_GET[ '.$post01Str . '] json:_'.$json_post001Str.'] noxml:_'; //$sRespData.= $noxml_json_post01; //$sRespData.= "'".$post000Str ."'"; //$sRespData.= '(input_j_encode['.json_encode($post000Str).']'; $sRespData.= ']]></Content><MsgId>1234567890123456</MsgId><AgentID>1000003</AgentID></xml>'; $sEncryptMsg = ""; //xml格式的密文 $errCode = $wxcpt->EncryptMsg($sRespData, $sReqTimeStamp, $sReqNonce, $sEncryptMsg); logger($sRespData); if ($errCode == 0) { logger($sEncryptMsg); //$sEchoStr); echo $sEncryptMsg; // var_dump($sEncryptMsg); // print("done \n"); // TODO: // 加密成功，企業需要將加密之后的sEncryptMsg返回 // HttpUtils.SetResponce($sEncryptMsg); //回復加密之后的密文 } else { // print("ERR: " . $errCode . "\n\n"); // exit(-1); } //日志記錄 // private function logger($log_content) { if(isset($_SERVER['HTTP_APPNAME'])){ //SAE sae_set_display_errors(false); sae_debug($log_content); sae_set_display_errors(true); }else if($_SERVER['REMOTE_ADDR'] != "127.0.0.1"){ //LOCAL $max_size = 1000000; $log_filename = "log20200901xml.txt";//"log.xml"; if(file_exists($log_filename) and (abs(filesize($log_filename)) > $max_size)){unlink($log_filename);} file_put_contents($log_filename, date('Y-m-d H:i:s')." ".$log_content."\r\n", FILE_APPEND); } }////日志記錄End function log02ger($log_content) { if(isset($_SERVER['HTTP_APPNAME'])){ //SAE sae_set_display_errors(false); sae_debug($log_content); sae_set_display_errors(true); }else if($_SERVER['REMOTE_ADDR'] != "127.0.0.1"){ //LOCAL $max_size = 1000000; $log_filename = "log20200902xml02.txt";//"log.xml"; if(file_exists($log_filename) and (abs(filesize($log_filename)) > $max_size)){unlink($log_filename);} file_put_contents($log_filename, date('Y-m-d H:i:s')." ".$log_content."\r\n", FILE_APPEND); } }////日志記錄End function log03ger($log_content) { if(isset($_SERVER['HTTP_APPNAME'])){ //SAE sae_set_display_errors(false); sae_debug($log_content); sae_set_display_errors(true); }else if($_SERVER['REMOTE_ADDR'] != "127.0.0.1"){ //LOCAL $max_size = 1000000; $log_filename = "log20200903xml03.txt";//"log.xml"; if(file_exists($log_filename) and (abs(filesize($log_filename)) > $max_size)){unlink($log_filename);} file_put_contents($log_filename, date('Y-m-d H:i:s')." ".$log_content."\r\n", FILE_APPEND); } }////日志記錄End function log04ger($log_content) { if(isset($_SERVER['HTTP_APPNAME'])){ //SAE sae_set_display_errors(false); sae_debug($log_content); sae_set_display_errors(true); }else if($_SERVER['REMOTE_ADDR'] != "127.0.0.1"){ //LOCAL $max_size = 1000000; $log_filename = "log20200904xml04.txt";//"log.xml"; if(file_exists($log_filename) and (abs(filesize($log_filename)) > $max_size)){unlink($log_filename);} file_put_contents($log_filename, date('Y-m-d H:i:s')." ".$log_content."\r\n", FILE_APPEND); } }////日志記錄End function log05ger($log_content) { if(isset($_SERVER['HTTP_APPNAME'])){ //SAE sae_set_display_errors(false); sae_debug($log_content); sae_set_display_errors(true); }else if($_SERVER['REMOTE_ADDR'] != "127.0.0.1"){ //LOCAL $max_size = 1000000; $log_filename = "log20200905xml05.txt";//"log.xml"; if(file_exists($log_filename) and (abs(filesize($log_filename)) > $max_size)){unlink($log_filename);} file_put_contents($log_filename, date('Y-m-d H:i:s')." ".$log_content."\r\n", FILE_APPEND); } }////日志記錄End function log000ger($log_content) { if(isset($_SERVER['HTTP_APPNAME'])){ //SAE sae_set_display_errors(false); sae_debug($log_content); sae_set_display_errors(true); }else if($_SERVER['REMOTE_ADDR'] != "127.0.0.1"){ //LOCAL $max_size = 1000000; $log_filename = "log20200900xml000.txt";//"log.xml"; if(file_exists($log_filename) and (abs(filesize($log_filename)) > $max_size)){unlink($log_filename);} file_put_contents($log_filename, date('Y-m-d H:i:s')." ".$log_content."\r\n", FILE_APPEND); } }////日志記錄End function log002ger($log_content) { if(isset($_SERVER['HTTP_APPNAME'])){ //SAE sae_set_display_errors(false); sae_debug($log_content); sae_set_display_errors(true); }else if($_SERVER['REMOTE_ADDR'] != "127.0.0.1"){ //LOCAL $max_size = 1000000; $log_filename = "log20200900xml002.txt";//"log.xml"; if(file_exists($log_filename) and (abs(filesize($log_filename)) > $max_size)){unlink($log_filename);} file_put_contents($log_filename, date('Y-m-d H:i:s')." ".$log_content."\r\n", FILE_APPEND); } }////日志記錄End function log003encode($log_content) { if(isset($_SERVER['HTTP_APPNAME'])){ //SAE sae_set_display_errors(false); sae_debug($log_content); sae_set_display_errors(true); }else if($_SERVER['REMOTE_ADDR'] != "127.0.0.1"){ //LOCAL $max_size = 1000000; $log_filename = "log20200900xml003encode.txt";//"log.xml"; if(file_exists($log_filename) and (abs(filesize($log_filename)) > $max_size)){unlink($log_filename);} file_put_contents($log_filename, date('Y-m-d H:i:s')." ".$log_content."\r\n", FILE_APPEND); } }////日志記錄End ```