小程序解密 encryptedData 获取 unionID 等信息

index.php

<?php
include_once "wxBizDataCrypt.php";

// $appid 由小程序微信官方后台获取
$appid = 'wx4f4bc4dec97d474b';

// $sessionKey 值可通过 https://api.weixin.qq.com/sns/jscode2session?appid=... 中的 session_key 获取
$sessionKey = 'tiihtNczf5v6AKRyjwEUhQ==';

// $encryptedData 值由前端通过 wx.getUserInfo(object) 返回值中 encryptedData 字段获取
$encryptedData = "CiyLU1Aw2KjvrjMdj8YKliAjtP4gsMZM
                QmRzooG2xrDcvSnxIMXFufNstNGTyaGS
                9uT5geRa0W4oTOb1WT7fJlAC+oNPdbB+
                3hVbJSRgv+4lGOETKUQz6OYStslQ142d
                NCuabNPGBzlooOmB231qMM85d2/fV6Ch
                evvXvQP8Hkue1poOFtnEtpyxVLW1zAo6
                /1Xx1COxFvrc2d7UL/lmHInNlxuacJXw
                u0fjpXfz/YqYzBIBzD6WUfTIF9GRHpOn
                /Hz7saL8xz+W//FRAUid1OksQaQx4CMs
                8LOddcQhULW4ucetDf96JcR3g0gfRK4P
                C7E/r7Z6xNrXd2UIeorGj5Ef7b1pJAYB
                6Y5anaHqZ9J6nKEBvB4DnNLIVWSgARns
                /8wR2SiRS7MNACwTyrGvt9ts8p12PKFd
                lqYTopNHR1Vf7XjfhQlVsAJdNiKdYmYV
                oKlaRv85IfVunYzO0IKXsyl7JCUjCpoG
                20f0a04COwfneQAGGwd5oa+T8yO5hzuy
                Db/XcxxmK01EpqOyuxINew==";

// $iv 值由前端通过 wx.getUserInfo(object) 返回值中 iv 字段获取
$iv = 'r7BXXKkLb8qrSNn05n0qiA==';

$pc = new WXBizDataCrypt ( $appid, $sessionKey );
$errCode = $pc->decryptData ( $encryptedData, $iv, $data );

if ($errCode == 0) {
    // 返回值 $data 就是一个json字符串
    print ($data . "\n") ;
} else {
    print ($errCode . "\n") ;
}

//正常返回值内容 例子
//如果返回字段中没有返回 unionId。参考官方文档,需要将小程序和公众号绑定到同一开放平台才可以获取到
/*
{
    openId: "oGZUI0egBJY1zhBYw2KhdUfwVJJE",
    nickName: "Band",
    gender: 1,
    language: "zh_CN",
    city: "Guangzhou",
    province: "Guangdong",
    country: "CN",
    avatarUrl: "http://wx.qlogo.cn/mmopen/vi_32/aSKcBBPpibyKNicHNTMM0qJVh8Kjgiak2AHWr8MHM4WgMEm7GFhsf8OYrySdbvAMvTsw3mo8ibKicsnfN5pRjl1p8HQ/0",
    unionId: "ocMvos6NjeKLIBqg5Mr9QjxrP1FA",
    watermark: {
        timestamp: 1477314187,
        appid: "wx4f4bc4dec97d474b"
    }
}
*/

wxBizDataCrypt.php

<?php

/**
 * 对微信小程序用户加密数据的解密示例代码.
 *
 * @copyright Copyright (c) 1998-2014 Tencent Inc.
 */


include_once "errorCode.php";


class WXBizDataCrypt
{
    private $appid;
    private $sessionKey;

    /**
     * 构造函数
     * @param $sessionKey string 用户在小程序登录后获取的会话密钥
     * @param $appid string 小程序的appid
     */
    public function __construct( $appid, $sessionKey)
    {
        $this->sessionKey = $sessionKey;
        $this->appid = $appid;
    }


    /**
     * 检验数据的真实性,并且获取解密后的明文.
     * @param $encryptedData string 加密的用户数据
     * @param $iv string 与用户数据一同返回的初始向量
     * @param $data string 解密后的原文
     *
     * @return int 成功0,失败返回对应的错误码
     */
    public function decryptData( $encryptedData, $iv, &$data )
    {
        if (strlen($this->sessionKey) != 24) {
            return ErrorCode::$IllegalAesKey;
        }
        $aesKey=base64_decode($this->sessionKey);

        
        if (strlen($iv) != 24) {
            return ErrorCode::$IllegalIv;
        }
        $aesIV=base64_decode($iv);

        $aesCipher=base64_decode($encryptedData);

        $result=openssl_decrypt( $aesCipher, "AES-128-CBC", $aesKey, 1, $aesIV);

        $dataObj=json_decode( $result );
        if( $dataObj  == NULL )
        {
            return ErrorCode::$IllegalBuffer;
        }
        if( $dataObj->watermark->appid != $this->appid )
        {
            return ErrorCode::$IllegalBuffer;
        }
        $data = $result;
        return ErrorCode::$OK;
    }

}

errorCode.php

<?php

/**
 * error code 说明.
 * <ul>
 
 *    <li>-41001: encodingAesKey 非法</li>
 *    <li>-41003: aes 解密失败</li>
 *    <li>-41004: 解密后得到的buffer非法</li>
 *    <li>-41005: base64加密失败</li>
 *    <li>-41016: base64解密失败</li>
 * </ul>
 */
class ErrorCode {
    public static $OK = 0;
    public static $IllegalAesKey = - 41001;
    public static $IllegalIv = - 41002;
    public static $IllegalBuffer = - 41003;
    public static $DecodeBase64Error = - 41004;
}

?>

 

posted @ 2018-08-31 14:43  风吹屁股凉冰冰  阅读(10873)  评论(0编辑  收藏  举报