thinkphp WeChat Development: Safe Mode message encryption and decryption

The use of thinkphp official WeChat package, the use of different modes can be successful, but the safe mode is not, now will analyze the results of the record.

Tright

Analyze the problem:

Decryption Server message is always unsuccessful, download the public platform under the official given the decryption files and WechatCrypt.class.php to compare the discovery also no problem. Use the File_put_contents function to save the decrypted file for analysis. found that the official package decrypted XML is not a standard XML format, so the simplexml_load_string function cannot be processed.

/** Decrypt Ciphertext * @param string $encrypt ciphertext * @return string plaintext*/ PublicfunctionDecrypt$encrypt){        //BASE64 decoding$encrypt=Base64_decode($encrypt); //Open the cryptographic algorithm module$TD= Mcrypt_module_open (mcrypt_rijndael_128, ", MCRYPT_MODE_CBC,"); //initializing cryptographic algorithm modulesMcrypt_generic_init ($TD,$this->cyptkey,substr($this->cyptkey, 0, 16)); //Perform decryption$decrypt= Mdecrypt_generic ($TD,$encrypt); //Remove PKCS7 complement$decrypt= self::P kcs7decode ($decrypt, Mcrypt_enc_get_key_size ($TD)); //Close the cryptographic algorithm moduleMcrypt_generic_deinit ($TD); Mcrypt_module_close ($TD); if(strlen($decrypt) < 16){            ThrowNew\Exception("Illegal ciphertext string!") "); }        //Remove Random string$decrypt=substr($decrypt, 16); //Get network byte order$size=Unpack("N",substr($decrypt, 0, 4)); $size=$size[1]; //app_id$appid=substr($decrypt,$size+ 4); //Verify app_idif($appid!==$this-appId) {            ThrowNew\Exception("Illegal app_id! "); }                //PlainText Content$text=substr($decrypt, 4,$size); return$text; }    /** * PKCS7 padding characters * @param string $text filled characters * @param integer $size block length*/PrivateStaticfunctionPkcs7encode ($text,$size){        //string Length$str _size=strlen($text); //Fill Length$pad _size=$size- ($str _size%$size); $pad _size=$pad _size? :$size; //characters filled in$pad _CHR=CHR($pad _size); //Perform a fill$text=Str_pad($text,$str _size+$pad _size,$pad _CHR,str_pad_right); return$text; }    /** * Delete PKCS7 filled characters * @param string $text filled characters * @param integer $size block length*/PrivateStaticfunctionPkcs7decode ($text,$size){        //get a complement character$pad _str=Ord(substr($text,-1)); if($pad _str< 1 | |$pad _str>$size) {            $pad _str= 0; }             returnsubstr($text, 0,strlen($text) -$pad _str); }

Workaround:

The output of the XML file is like this

1<XML>2<Tousername> </span> <span>gh_249aeb986d99</span><span><\/tousername>\ n3<Fromusername> </span> <span>oopvmxhzaeqkdpsrcbpwxkkh-j2q</span><span><\/fromusername>\ n4<Createtime>1448944621<\/createtime>\ n5<Msgtype> </span> <span>text</span><span><\/msgtype>\ n6<Content> </span> <span>\u7ecf\u7406</span><span><\/content>\ n7<MsgId>6223169761311044588<\/msgid>\ n8<\/xml>

So it needs to be handled to get simplexml_load_string to handle it.

After the plaintext content of the output, add

1 //Clear text content 2         $text = substr ($decrypt, 4, $size); 3 //Remove extraneous content 4         $text =str_replace ('<\ ', '
  
    );       5         $text$text); 6         return $text; 

Safe mode can be used normally.

The above describes the thinkphp development: Security mode message encryption and decryption, including the exception aspects of the content, I hope that the PHP tutorial interested in a friend helpful.

