1

application/api/controller/Login.php

@@ -40,9 +40,8 @@ class Login extends Base
      * @param name:headimg type:string require:1 default:-- desc:头像地址
      * @param name:name type:string require:1 default:-- desc:昵称
      * @param name:pid type:int require:0 default:0 desc:推荐人id
-     * @return name:openid type:string default:-- desc:用户openid
-     * @return name:headimg type:string default:-- desc:用户头像地址
-     * @return name:name type:string default:-- desc:用户昵称
+     * @param name:encrypted type:int require:0 default:0 desc:encrypted
+     * @param name:iv type:int require:0 default:0 desc:iv
      * @return name:token type:string default:-- desc:用户登录成功后的token值
      */
     public function weChatLogin(){
@@ -50,6 +49,8 @@ class Login extends Base
         $headimg = input('headimg');
         $name = input('name');
         $pid = input('pid',0);
+        $iv = input('iv');
+        $encryptedData = input('encrypted');
         if(empty($code) || empty($headimg) || empty($name)){
             $this->error('参数错误');
         }
@@ -58,6 +59,15 @@ class Login extends Base
         if(empty($data['openid'])){
             $this->error($data['errmsg']);
         }
+
+        require_once env('root_path').'/vendor/program/wxBizDataCrypt.php';
+        $sessionKey = $data['session_key'];
+        $pc = new \WXBizDataCrypt(config('app.mini_program')['app_id'], $sessionKey);
+        $errCode = $pc->decryptData($encryptedData, $iv, $info);
+        if($errCode != 0) $this->error('微信登录失败');
+        $info = json_decode($info,true);
+        $phone = $info['purePhoneNumber'];
+
         $member = Db::name('store_member')->field('id,phone')->where('openid',$data['openid'])->find();
         if(empty($member)){
             $member_data = array(
@@ -65,6 +75,7 @@ class Login extends Base
                 'headimg' => $headimg,
                 'name' => $name,
                 'pid' =>$pid,
+                'phone' => $phone,
                 'create_at'=>date("Y-m-d H:i:s")
             );
             Db::table('store_member')->insert($member_data);

vendor/program/demo.php

@@ -0,0 +1,36 @@
+<?php
+
+include_once "wxBizDataCrypt.php";
+
+
+$appid = 'wx4f4bc4dec97d474b';
+$sessionKey = 'tiihtNczf5v6AKRyjwEUhQ==';
+
+$encryptedData="CiyLU1Aw2KjvrjMdj8YKliAjtP4gsMZM
+                QmRzooG2xrDcvSnxIMXFufNstNGTyaGS
+                9uT5geRa0W4oTOb1WT7fJlAC+oNPdbB+
+                3hVbJSRgv+4lGOETKUQz6OYStslQ142d
+                NCuabNPGBzlooOmB231qMM85d2/fV6Ch
+                evvXvQP8Hkue1poOFtnEtpyxVLW1zAo6
+                /1Xx1COxFvrc2d7UL/lmHInNlxuacJXw
+                u0fjpXfz/YqYzBIBzD6WUfTIF9GRHpOn
+                /Hz7saL8xz+W//FRAUid1OksQaQx4CMs
+                8LOddcQhULW4ucetDf96JcR3g0gfRK4P
+                C7E/r7Z6xNrXd2UIeorGj5Ef7b1pJAYB
+                6Y5anaHqZ9J6nKEBvB4DnNLIVWSgARns
+                /8wR2SiRS7MNACwTyrGvt9ts8p12PKFd
+                lqYTopNHR1Vf7XjfhQlVsAJdNiKdYmYV
+                oKlaRv85IfVunYzO0IKXsyl7JCUjCpoG
+                20f0a04COwfneQAGGwd5oa+T8yO5hzuy
+                Db/XcxxmK01EpqOyuxINew==";
+
+$iv = 'r7BXXKkLb8qrSNn05n0qiA==';
+
+$pc = new WXBizDataCrypt($appid, $sessionKey);
+$errCode = $pc->decryptData($encryptedData, $iv, $data );
+
+if ($errCode == 0) {
+    print($data . "\n");
+} else {
+    print($errCode . "\n");
+}

vendor/program/errorCode.php

@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * error code 说明.
+ * <ul>
+
+ *    <li>-41001: encodingAesKey 非法</li>
+ *    <li>-41003: aes 解密失败</li>
+ *    <li>-41004: 解密后得到的buffer非法</li>
+ *    <li>-41005: base64加密失败</li>
+ *    <li>-41016: base64解密失败</li>
+ * </ul>
+ */
+class ErrorCode
+{
+	public static $OK = 0;
+	public static $IllegalAesKey = -41001;
+	public static $IllegalIv = -41002;
+	public static $IllegalBuffer = -41003;
+	public static $DecodeBase64Error = -41004;
+}
+
+?>

vendor/program/wxBizDataCrypt.php

@@ -0,0 +1,69 @@
+<?php
+
+/**
+ * 对微信小程序用户加密数据的解密示例代码.
+ *
+ * @copyright Copyright (c) 1998-2014 Tencent Inc.
+ */
+
+
+include_once "errorCode.php";
+
+
+class WXBizDataCrypt
+{
+    private $appid;
+	private $sessionKey;
+
+	/**
+	 * 构造函数
+	 * @param $sessionKey string 用户在小程序登录后获取的会话密钥
+	 * @param $appid string 小程序的appid
+	 */
+	public function __construct( $appid, $sessionKey)
+	{
+		$this->sessionKey = $sessionKey;
+		$this->appid = $appid;
+	}
+
+
+	/**
+	 * 检验数据的真实性，并且获取解密后的明文.
+	 * @param $encryptedData string 加密的用户数据
+	 * @param $iv string 与用户数据一同返回的初始向量
+	 * @param $data string 解密后的原文
+     *
+	 * @return int 成功0，失败返回对应的错误码
+	 */
+	public function decryptData( $encryptedData, $iv, &$data )
+	{
+		if (strlen($this->sessionKey) != 24) {
+			return ErrorCode::$IllegalAesKey;
+		}
+		$aesKey=base64_decode($this->sessionKey);
+
+        
+		if (strlen($iv) != 24) {
+			return ErrorCode::$IllegalIv;
+		}
+		$aesIV=base64_decode($iv);
+
+		$aesCipher=base64_decode($encryptedData);
+
+		$result=openssl_decrypt( $aesCipher, "AES-128-CBC", $aesKey, 1, $aesIV);
+
+		$dataObj=json_decode( $result );
+		if( $dataObj  == NULL )
+		{
+			return ErrorCode::$IllegalBuffer;
+		}
+		if( $dataObj->watermark->appid != $this->appid )
+		{
+			return ErrorCode::$IllegalBuffer;
+		}
+		$data = $result;
+		return ErrorCode::$OK;
+	}
+
+}
+