crm/app/api/controller/WorkEventPush.php

<?php

namespace app\api\controller;

use DOMDocument;
use openssl\Aes;

/**
 * 微信事件接受类
 */
class WorkEventPush
{
    public function index()
    {
        $msgSignature = $_GET['msg_signature'];
        $timestamp = $_GET['timestamp'];
        $nonce = $_GET['nonce'];


        $token = 'hYjfU0XvjkX7VcYJ';
        $encodingAesKey = 'wEhkrcrDtyfsh2aEtfWKxt95vEyKOyB0OWE9xyI8bse';
        $appId = 'ww16ab285cc1f0bdac';

        if (isset($_GET["echostr"])) {
            $encrypt_msg = str_replace('\/', '/', $_GET["echostr"]);
        } else {
            // xml中获取
            $postXmlStr = file_get_contents('php://input');
            trace($postXmlStr, 'debug');
            $xml = new DOMDocument();
            $xml->loadXML($postXmlStr);
            $encrypt_msg = $xml->getElementsByTagName('encrypt')->item(0)->nodeValue;
        }

        // 验证请求是否正确

        $array = array($encrypt_msg, $token, $nonce, $timestamp);
        sort($array, SORT_STRING);

        if ($msgSignature != sha1(implode($array))) {
            // abort(404, '验证失败');
            return '验证失败';
        }

        $k = base64_decode($encodingAesKey . '=');
        $iv = substr($k, 0, 16);
        $text = openssl_decrypt($encrypt_msg, 'AES-256-CBC', $k, OPENSSL_ZERO_PADDING, $iv);

        $pad = ord(substr($text, -1));
        if ($pad < 1 || $pad > 32) {
            $pad = 0;
        }
        $text = substr($text, 0, (strlen($text) - $pad));
        if (strlen($text) < 16) return 'error';

        $content = substr($text, 16, strlen($text));
        $len_list = unpack('N', substr($content, 0, 4));
        $xml_len = $len_list[1];
        $xml_content = substr($content, 4, $xml_len);
        $from_receiveId = substr($content, $xml_len + 4);
        if($from_receiveId != $appId) return 'receiveId Error';

        return $xml_content;
    }
}