php access Dingding registration callback

Example framework-Yii2.0+mysql+crm+crm management system

1: First, you need to download the official php encryption Demo provided by DingTalk

2: I believe that the bloggers who are doing registration approval callbacks have already connected to the Dingding SDK, I will not show the access process one by one-directly initiate the code example (aeskey must be 43 to remember)

3: PHP Demo provided by the official open platform: pkcs7Encoder.php file modification

function Prpcrypt($k){
    $this->key = base64_decode($k. "=");} is modified to the form of the constructor: function __construct($k){
    $this->key = base64_decode($k . "=");}12345678

4: PHP Demo provided by the official open platform: DingtalkCrypt.php file modification

//encryption
	public function encrypt($text, $corpid)
	{
		try {
			//Get a 16-bit random string, fill it before the plaintext
			$random = $this->getRandomStr();
			$text = $random . pack("N", strlen($text)) . $text . $corpid;
			// Network byte order
			// $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
			// $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
			$iv = substr($this->key, 0, 16);
			//Use a custom filling method to fill in the plaintext
			$pkc_encoder = new PKCS7Encoder;
			$text = $pkc_encoder->encode($text);
			// mcrypt_generic_init($module, $this->key, $iv);
			// //Encryption
			// $encrypted = mcrypt_generic($module, $text);
			// mcrypt_generic_deinit($module);
			// mcrypt_module_close($module);

			//print(base64_encode($encrypted));
			//Use BASE64 to encode the encrypted string
			$encrypted = openssl_encrypt($text, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv );
			return array(ErrorCode::$OK, base64_encode($encrypted));
		} catch (Exception $e) {
			print $ e;
			return array(ErrorCode::$EncryptAESError, null);
		}
	}
	//Decryption
	public function decrypt($encrypted, $corpid)
	{
		try {
			$ciphertext_dec = base64_decode($encrypted);
			// $module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
			$iv = substr($this->key, 0, 16);
			// mcrypt_generic_init($module, $this->key, $iv);
			// $decrypted = mdecrypt_generic($module, $ciphertext_dec);
			// mcrypt_generic_deinit($module);
			// mcrypt_module_close($module);
			$decrypted = openssl_decrypt($ciphertext_dec, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
		} catch (Exception $e) {
			return array(ErrorCode::$DecryptAESError, null);
		}
		try {
			//Remove supplementary characters
			$pkc_encoder = new PKCS7Encoder;
			$result = $pkc_encoder->decode($decrypted);
			//Remove 16-bit random string, network byte order and AppId
			if (strlen($result) < 16)
				return "";
			$content = substr($result, 16, strlen($result));
			$len_list = unpack("N", substr($content, 0, 4));
			$ xml_len = $ len_list [1];
			$xml_content = substr($content, 4, $xml_len);
			$from_corpid = substr($content, $xml_len + 4);
		} catch (Exception $e) {
			print $ e;
			return array(ErrorCode::$DecryptAESError, null);
		}
		if ($from_corpid != $corpid)
			return array(ErrorCode::$ValidateSuiteKeyError, null);
		return array(0, $xml_content);

	}1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465

6: Test callback url example

public function actionReceiveCallBack(){
        //Receive value sign timestamp   
        $signature=$_GET['signature'];    
        $ nonce = $ _ GET ['nonce'];         
        $timeStamp=$_GET['timestamp'];
        $suiteKey=Yii::$app->params['corpid'];//Required, enterprise ID
        $token="dingtalk"; //must be the same as in registration
        //Receive the passed value that needs to be decrypted
        $postdata = file_get_contents("php://input");
        $postList = json_decode($postdata,true);
        $encrypt = $postList['encrypt'];
        //Encrypted key during registration
        $aesKey=\Yii::$app->params['aes_key'];    
        $aes_key_encode=base64_encode($aesKey);
        $aes_key=substr($aes_key_encode,0,-1);
        $decryptMsg="";
        $crypt = new DingCallbackCrypt($token,$aes_key,$suiteKey);
        $encryData = $crypt->DecryptMsg($signature,$timeStamp,$nonce,$encrypt,$decryptMsg);  //解密
        if($encryData['errcode']!==0){
         
        }else{
            if($newData->EventType=="bpms_task_change"||$newData->EventType=="bpms_instance_change"){
                    $dingtalk=new DingtalkController();
                    $dingtalk->UpdateProcess($newData->processInstanceId);
            }
            $msg="success";
            $encryptMsg="";
            $data = $crypt->EncryptMsg($msg,$timeStamp,$nonce,$encryptMsg);   //加密
            if($data['errcode']!=0){
               
            }else{
                return $data['data']; //return the encrypted json data 
            }    
        }
    }1234567891011121314151617181920212223242526272829303132333435

I am here to directly write the registered event, and you need to register other changes.

1. DingTalk Business Event Callback-Callback Management API

2. Encryption of callback event message body