Wesmiler

app/Services/Api/MemberService.php

@@ -74,14 +74,31 @@ class MemberService extends BaseService
             return false;
         }
 
+        $encryptedData = isset($params['encryptedData'])?$params['encryptedData']:'';
+        $iv = isset($params['iv'])?$params['iv']:'';
+        $signature = isset($params['signature'])?$params['signature']:'';
+        $rawData = isset($params['rawData'])?$params['rawData']:'';
+
         // 获取用户信息
-        $userInfo = MpService::make()->getUserInfo($code);
-        $openid = isset($userInfo['openid']) ? $userInfo['openid'] : '';
+        $result = MpService::make()->getUserInfo($code);
+        $openid = isset($result['openid']) ? $result['openid'] : '';
+        $sessionKey = isset($result['session_key']) ? $result['session_key'] : '';
+        $signature2 =  sha1(htmlspecialchars_decode($rawData).$sessionKey);
+        // 验证签名
+        if ($signature2 !== $signature){
+            $this->error = '签名验证失败';
+            return false;
+        }
+
+        $userInfo = MpService::make()->decryptData($encryptedData, $iv, $sessionKey);
+        var_dump($userInfo);
         if (empty($userInfo)) {
-            $this->error = MpService::make()->getError();
+            $this->error = '授权登录失败：'.MpService::make()->getError();
             return false;
         }
 
+        var_dump($params);
+
         if (empty($openid)) {
             $this->error = 1042;
             return false;

app/Services/MpService.php

@@ -356,6 +356,48 @@ class MpService extends BaseService
         }
     }
 
+    /**
+     * 检验数据的真实性，并且获取解密后的明文.
+     * @param $encryptedData string 加密的用户数据
+     * @param $iv string 与用户数据一同返回的初始向量
+     * @param $sessionKey string 解密会话KEY
+     *
+     * @return int 成功0，失败返回对应的错误码
+     */
+    public function decryptData($encryptedData, $iv, $sessionKey)
+    {
+        if (strlen($sessionKey) != 24) {
+            $this->error = -41001;
+            return false;
+        }
+
+        $aesKey=base64_decode($sessionKey);
+        if (strlen($iv) != 24) {
+            $this->error = -41002;
+            return false;
+        }
+        $aesIV=base64_decode($iv);
+
+        $aesCipher=base64_decode($encryptedData);
+
+        $result=openssl_decrypt( $aesCipher, "AES-128-CBC", $aesKey, 1, $aesIV);
+
+        $dataObj=json_decode( $result );
+        if( $dataObj  == NULL )
+        {
+            $this->error = -41003;
+            return false;
+        }
+        if( $dataObj->watermark->appid !=  $this->mpAppid)
+        {
+            $this->error = -41003;
+            return false;
+        }
+
+
+        return $result;
+    }
+
 
     /**
      * 保存日志
@@ -370,4 +412,5 @@ class MpService extends BaseService
         }
     }
 
+
 }