From e3a2df651e1cacec6fcd0c4f115c2410c59c3b49 Mon Sep 17 00:00:00 2001 From: aozhiwei Date: Fri, 25 Jan 2019 14:13:26 +0800 Subject: [PATCH] update --- config | 1 + config/game1011/weixin/config.php | 10 ---------- config/kefu.mysql.cluster.php | 11 ----------- config/kefu.redis.cluster.php | 16 ---------------- config/kefu.share.config.php | 10 ---------- config/kefu_robot.json | 7 ------- tools/kefu_robot.py | 20 ++++++++++++++++---- webapp/controller/KefuController.class.php | 15 ++++++++++++++- webapp/endecrypt/wxBizMsgCrypt.php | 8 ++++---- 9 files changed, 35 insertions(+), 63 deletions(-) create mode 120000 config delete mode 100644 config/game1011/weixin/config.php delete mode 100644 config/kefu.mysql.cluster.php delete mode 100644 config/kefu.redis.cluster.php delete mode 100644 config/kefu.share.config.php delete mode 100644 config/kefu_robot.json diff --git a/config b/config new file mode 120000 index 0000000..a2aeaa1 --- /dev/null +++ b/config @@ -0,0 +1 @@ +/var/data/conf_test/kefu/webapp/config \ No newline at end of file diff --git a/config/game1011/weixin/config.php b/config/game1011/weixin/config.php deleted file mode 100644 index e2a528a..0000000 --- a/config/game1011/weixin/config.php +++ /dev/null @@ -1,10 +0,0 @@ - 1, - 'host' => '127.0.0.1', - 'port' => 3306, - 'user' => 'root', - 'passwd' => 'keji178', - ), -); diff --git a/config/kefu.redis.cluster.php b/config/kefu.redis.cluster.php deleted file mode 100644 index c260a30..0000000 --- a/config/kefu.redis.cluster.php +++ /dev/null @@ -1,16 +0,0 @@ - 1, - 'host' => '127.0.0.1', - 'port' => 6379, - 'passwd' => '' - ), - array( - 'instance_id' => 2, - 'host' => '127.0.0.1', - 'port' => 6379, - 'passwd' => '' - ), -); diff --git a/config/kefu.share.config.php b/config/kefu.share.config.php deleted file mode 100644 index ddec516..0000000 --- a/config/kefu.share.config.php +++ /dev/null @@ -1,10 +0,0 @@ - array ( - "title" => '领取奖励', - "pagepath" => "http://mmbiz.qpic.cn/mmbiz_jpg/" . - "6zVc6fZKcB3zuNoqEULTjPSHPcaR26qciaSykxSCvw4SSq1I4Y6TAp7udB2BjST4YB9NedeRFfywlUt3AunAcJg/0", - "thumb_media_id" => 'h2oYnOGns5T7wcJmjFGWTsYnkz3j9Et3258n9xZ8eezOj-8Dzsk23Ao6SzHgV20A' - ) -); diff --git a/config/kefu_robot.json b/config/kefu_robot.json deleted file mode 100644 index 0a1ec90..0000000 --- a/config/kefu_robot.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "listen_port": 10001, - "notify_url": "https://kefu-test.kingsome.cn/webapp/index.php?c=Kefu&a=sendMsgAllUser", - "sendtime1": 32400, - "sendtime2": 64800, - "sendtime3": 0 -} diff --git a/tools/kefu_robot.py b/tools/kefu_robot.py index 07771d6..0978736 100644 --- a/tools/kefu_robot.py +++ b/tools/kefu_robot.py @@ -10,14 +10,19 @@ import tornado.ioloop import tornado.web def md5Sign(params, secret, timestamp, connstr = '&', secret_connstr = ':'): + print('md5in') + print(params) params_str = '' for key in sorted(params.keys()): params_str = params_str + key + '=' + str(params[key]) + connstr + print(params_str) if params_str != '' and connstr != '': params_str = params_str[0:-1] - m = hashlib.md5() - m.update(params_str) - return m.hexdigest() + secret_connstr + str(timestamp) + secret + m5 = hashlib.md5() + + str1 = params_str + secret_connstr + str(timestamp) + secret + m5.update(str1) + return m5.hexdigest() def getDaySeconds(time_val, incdays): time_zone = 8 @@ -25,7 +30,14 @@ def getDaySeconds(time_val, incdays): def sendNotify(conf, sendtime): try: - url = conf['notify_url'] + print('sendNotify') + params = {'key' : 'kingsome'} + secret = 'fc38349c5d084e920925e614c420be9f' + timestamp = time.time() + md5signstr = md5Sign(params, secret, timestamp) + print(md5signstr) + url = conf['notify_url'] + '×tamp=' + timestamp + '&sign=' + md5signstr + print(url) req = urllib.request.Request(url) data = urllib.request.urlopen(req).readall() except: diff --git a/webapp/controller/KefuController.class.php b/webapp/controller/KefuController.class.php index 84662c2..c56bada 100644 --- a/webapp/controller/KefuController.class.php +++ b/webapp/controller/KefuController.class.php @@ -409,7 +409,20 @@ class KefuController { public function sendMsgAllUser() { error_log('sendMsgAllUser:'); - #error_log('request:' . json_encode($_REQUEST['xxx'])); + error_log('request:' . json_encode($_REQUEST)); + if (phpcommon\md5Sign(array + ( + 'exclude_accountids' => $_REQUEST['key'] + ), + 'fc38349c5d084e920925e614c420be9f', + $_REQUEST['timestamp'] + ) != $_REQUEST['sign']) { + echo json_encode(array( + 'errcode' => 100, + 'errmsg' => '签名错误', + )); + return; + } $mysqls = $this->getAllMysql(); foreach($mysqls as $mysql_conf) { $conn = $this->getAppointMysql($mysql_conf); diff --git a/webapp/endecrypt/wxBizMsgCrypt.php b/webapp/endecrypt/wxBizMsgCrypt.php index 7b6eb08..ba290ad 100644 --- a/webapp/endecrypt/wxBizMsgCrypt.php +++ b/webapp/endecrypt/wxBizMsgCrypt.php @@ -81,7 +81,7 @@ class WXBizMsgCrypt $encryptMsg = $xmlparse->generate($encrypt, $signature, $timeStamp, $nonce); return ErrorCode::$OK; } - + public function encryptJsonMsg($replyMsg, $timeStamp, $nonce, &$encryptMsg) { $pc = new Prpcrypt($this->encodingAesKey); @@ -199,16 +199,16 @@ class WXBizMsgCrypt $postData = json_decode($postData_str, true); $encrypt = $postData['Encrypt']; - $touser_name = $postData['TuUserName']; + #$touser_name = $postData['TuUserName']; #error_log('token:' . $this->token); #error_log('timestamp:' . $timestamp); #error_log('nonce:' . $nonce); #error_log('encypt:' . $encrypt); - + //验证安全签名 $sha1 = new SHA1; - error_log('解密encrypt:' . $encrypt); + #error_log('解密encrypt:' . $encrypt); $array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt); $ret = $array[0];