After the third-party platform has passed the creation review, the WeChat server will regularly push component_verify_ticket to the "authorized event receiving URL" every 10 minutes. Return the string success directly (the pushed component_verify_ticket is very important, which is needed for the subsequent function implementation of the third-party platform).
The WeChat server pushes the information to our server in XML data format by POST, and the official provides corresponding data examples and field descriptions.
POST data example
<xml>
<AppId></AppId>
<CreateTime>1413192605</CreateTime>
<InfoType></InfoType>
<ComponentVerifyTicket></ComponentVerifyTicket>
</xml>
Field Description
| Field Name | field description |
|---|---|
| AppId | Third-party platform appid |
| CreateTime | timestamp |
| InfoType | component_verify_ticket |
| ComponentVerifyTicket | Ticket content |
This step is also where I have been tossing for the longest time. The main problem is that the pushed information is encrypted. We need to decrypt the information first, decrypt the component_verify_ticket, and then save the ticket.
However, this part of the official decryption DEMO in the corresponding language is provided. The complete code of my own is attached below, which uses the database operation and the WeChat public account cancellation authorization operation:
public function ticket(){
require_once(dirname(FILE).'/wxBizMsgCrypt.php');//该文件在官方demo里面,下载后引入进来就可以了
$encodingAesKey = '';//创建平台时填写的公众号消息加解密Key
$token = '';//创建平台时填写的公众号消息校验Token
$appId = '';//公众号第三方平台AppID
$timeStamp = empty ( $_GET ['timestamp']) ? "" : trim ( $_GET ['timestamp'] );
$nonce = empty ( $_GET ['nonce'] ) ?"" : trim ( $_GET ['nonce'] );
$msg_sign = empty ( $_GET['msg_signature'] ) ? "" : trim ( $_GET ['msg_signature'] );
$encryptMsg = file_get_contents ('php://input' );
$pc = new \WXBizMsgCrypt ( $token,$encodingAesKey, $appId );
// 第三方收到公众号平台发送的消息
$msg = '';
$errCode = $pc->decryptMsg ($msg_sign, $timeStamp, $nonce, $encryptMsg, $msg );
if ($errCode == 0) {
$data = $this->_xmlToArr ( $msg);
if (isset ( $data['ComponentVerifyTicket'] )) {
$config['componentverifyticket'] = $data ['ComponentVerifyTicket'];
$config['create_time'] =date("Y-m-d H:i:s");
$where['id']= '1';
M('Public')->where($where)->setField($config);
} elseif ($data ['InfoType'] =='unauthorized') {
// 在公众号后台取消授权后,同步把系统里的公众号删除掉,并更新相关用户缓存
$map ['appid'] = $data['AuthorizerAppid'];
$map2 ['id'] = M ('WechatPublic' )->where ( $map )->getField ( 'id' );
if ($map2 ['id']) {
M ( 'WechatPublic')->where ( $map2 )->delete();
}
}
echo 'success';
} else {
echo '解密失败'.$errCode;
}
}
public function _xmlToArr($xml) {
$res = @simplexml_load_string ( $xml,NULL, LIBXML_NOCDATA );
$res = json_decode ( json_encode ( $res), true );
return $res;
}
The messages pushed by the WeChat service later need to be decrypted, and this method can be decrypted.