loadXML($postXmlStr); $encrypt_msg = $xml->getElementsByTagName('encrypt')->item(0)->nodeValue; } // 验证请求是否正确 $array = array($encrypt_msg, $token, $nonce, $timestamp); sort($array, SORT_STRING); if ($msgSignature != sha1(implode($array))) { // abort(404, '验证失败'); return '验证失败'; } $k = base64_decode($encodingAesKey . '='); $iv = substr($k, 0, 16); $text = openssl_decrypt($encrypt_msg, 'AES-256-CBC', $k, OPENSSL_ZERO_PADDING, $iv); $pad = ord(substr($text, -1)); if ($pad < 1 || $pad > 32) { $pad = 0; } $text = substr($text, 0, (strlen($text) - $pad)); if (strlen($text) < 16) return 'error'; $content = substr($text, 16, strlen($text)); $len_list = unpack('N', substr($content, 0, 4)); $xml_len = $len_list[1]; $xml_content = substr($content, 4, $xml_len); $from_receiveId = substr($content, $xml_len + 4); if($from_receiveId != $appId) return 'receiveId Error'; return $xml_content; } }