diff --git a/webapp/controller/KefuController.class.php b/webapp/controller/KefuController.class.php
index 3000163..832292e 100644
--- a/webapp/controller/KefuController.class.php
+++ b/webapp/controller/KefuController.class.php
@@ -1,9 +1,11 @@
 <?php
 
+include_once "wxBizMsgCrypt.php";
 
 
 class KefuController {
 
+
     protected function getRedis($openid)
     {
 
@@ -16,6 +18,62 @@ class KefuController {
         return $r;
     }
 
+    private function getAwardConfig($gameid, $condition)
+    {
+
+        $url = '';
+        if (SERVER_ENV != _ONLINE) {
+            $url = 'https://center-test.kingsome.cn/api/replays/';
+        } else {
+            $url = 'https://center-test.kingsome.cn/api/replays/';
+        }
+        $url .= $gameid . '/' . $condition;
+        $response = '';
+        $params = array();
+        if (!phpcommon\HttpClient::get($url,$params,$response)) {
+            phpcommon\sendError(100,'获取失败');
+            die();
+            return;
+        }
+        $ret = json_decode($response, true);
+
+        for($i = 0; $i < count($ret); $i++) {
+
+            $itemid = $ret[$i]['item_id'];
+            $itemcount = $ret[$i]['count'];
+            $url = '';
+            $response = '';
+            if (!phpcommon\HttpClient::post($url,
+                                                   json_encode(
+                                                       array(
+                                                           'gameid' => $gameid,
+                                                           'itemid' => $itemid,
+                                                           'itemcount' => $itemcount
+                                                           )
+                                                   )
+                                                   ,
+                                                   $response
+
+            )) {
+                phpcommon\sendError(100,'获取失败');
+                return;
+            }
+
+
+            $data = json_decode($response, true);
+
+            if(isset($data) && $data['ErrorCode'] == 0) {
+
+            } else{
+                phpcommon\sendError(100,'服务器内部错误');
+                return;
+
+            }
+
+        }
+
+    }
+
     public function checkServer()       // 校验服务器地址URL
     {
 
@@ -33,6 +91,7 @@ class KefuController {
 
     public function valid()
     {
+
         $echoStr = $_REQUEST['echostr'];
         if ($this->checkSignature()) {
             echo $echoStr;
@@ -41,6 +100,7 @@ class KefuController {
             echo $echoStr . '+++' . WEIXIN_TOKEN;
             exit;
         }
+
     }
 
     private function checkSignature()
@@ -63,13 +123,17 @@ class KefuController {
         }
     }
 
+    private function sendMsg()
+    {
+
+    }
+
     private function disposeText($postArr, $gameid)
     {
+        error_log('test');
         $openid  = $postArr['FromUserName'];
         $toUserName = $postArr['ToUserName'];
         $CreateTime = $postArr['CreateTime'];
-
-
     }
 
     private function disposeImage($postArr, $gameid)
@@ -121,29 +185,73 @@ class KefuController {
 
     public function responseMsg()
     {
-        $postStr = $GLOBALS ["HTTP_RAW_POST_DATA" ];
-        error_log($postStr);
-        if (!empty( $postStr ) && is_string( $postStr )){
+        $postStr_key = $GLOBALS ["HTTP_RAW_POST_DATA" ];
 
-            $postArr = json_decode( $postStr , true );
-            if (!empty( $postArr ['MsgType']) && $postArr['MsgType'] == 'text'){    // 文本消息
+        error_log('!!!begin:' . $postStr_key);
+        error_log('request:' . json_encode($_REQUEST));
+        $pc = new WXBizMsgCrypt(WEIXIN_TOKEN, WEIXIN_MSG_KEY, WEIXIN_APP_ID);
 
-                $this->disposeText($postArr, $gameid);
+        $gameid = $_REQUEST['gameid'];
+        $msg = '';
+        $msg_sign = $_REQUEST['msg_signature'];
+        $timeStamp = $_REQUEST['timestamp'];
+        $nonce = $_REQUEST['nonce'];
+        $errCode = $pc->decryptJsonMsg($msg_sign, $timeStamp, $nonce, $postStr_key, $postStr);
+        error_log('error_log:' . json_encode($errCode));
+        if ($errCode == 0) {
 
-            } elseif (!empty( $postArr ['MsgType']) && $postArr['MsgType'] == 'image'){ // 图文消息
+            error_log("解密后: " . $postStr . "\n");
 
-                $this->disposeImage($postArr, $gameid);
 
-            } elseif (!empty( $postArr ['MsgType']) && $postArr['MsgType'] == 'event' ){ // 进入客服动作
-                $this->disposeEvent($postArr, $gameid);
+            $pc2 = new WXBizMsgCrypt(WEIXIN_TOKEN, WEIXIN_MSG_KEY, WEIXIN_APP_ID);
+            $encryptMsg = '';
+            $text = $postStr;
+            $errCode = $pc2->encryptJsonMsg($text, $timeStamp, $nonce, $encryptMsg_str);
+            if ($errCode == 0) {
+                error_log("加密后: " . $encryptMsg_str . "\n");
+                $encryptMsg = json_decode($encryptMsg_str, true);
+
+                $errCode = $pc2->decryptJsonMsg($encryptMsg['MsgSignature'], $timeStamp, $nonce, $encryptMsg_str, $postStr2);
+                error_log('error_log:' . json_encode($errCode));
+                if ($errCode == 0) {
+
+                    error_log("解密后: " . $postStr2 . "\n");
+                }
+            } else {
+                error_log($errCode . "\n");
+            }
+
+            error_log('end');
+            exit;
+
+            if (!empty( $postStr ) && is_string( $postStr )){
+
+                $postArr = json_decode( $postStr , true );
+                if (!empty( $postArr ['MsgType']) && $postArr['MsgType'] == 'text'){    // 文本消息
+
+                    $this->disposeText($postArr, $gameid);
+
+                } elseif (!empty( $postArr ['MsgType']) && $postArr['MsgType'] == 'image'){ // 图文消息
+
+                    $this->disposeImage($postArr, $gameid);
+
+                } elseif (!empty( $postArr ['MsgType']) && $postArr['MsgType'] == 'event' ){ // 进入客服动作
+                    $this->disposeEvent($postArr, $gameid);
+
+                } else {
+                    exit ('aaa');
+                }
 
             } else {
-                exit ('aaa');
+                echo "" ;
+                exit ;
             }
+
         } else {
-            echo "" ;
-            exit ;
+            error_log($errCode . "\n");
         }
+
+
     }
 
     public function getAccessToken($openid, $gameid)
@@ -157,7 +265,7 @@ class KefuController {
         else {
 
             $appid = WEIXIN_APP_ID;
-            $appkey = WEICIN_APP_SECRET;
+            $appkey = WEIXIN_APP_SECRET;
             $url = "https://api.weixin.qq.com/cgi-bin/token?" .
                  "grant_type=client_credential&appid=$appid&secret=$appkey";
             $params = array();
@@ -171,7 +279,7 @@ class KefuController {
             if ( $res ) {
                 $r->set('weixin_token:' . $gameid . ':' .
                         $openid, $res['access_token']);       //刚获取的token放到redis中
-                $r->pexpire('weixin_token:' . $openid, 7150); //微信限制过期时间为两小时
+                $r->pexpire('weixin_token:' . $gameid . $openid, 7150); //微信限制过期时间为两小时
                 return $res['access_token'];
             } else {
                 phpcommon\sendError(ERR_INTERNAL, '获取access_token失败');
diff --git a/webapp/controller/errorCode.php b/webapp/controller/errorCode.php
new file mode 100644
index 0000000..804d051
--- /dev/null
+++ b/webapp/controller/errorCode.php
@@ -0,0 +1,35 @@
+<?php
+
+/**
+ * error code 说明.
+ * <ul>
+ *    <li>-40001: 签名验证错误</li>
+ *    <li>-40002: xml解析失败</li>
+ *    <li>-40003: sha加密生成签名失败</li>
+ *    <li>-40004: encodingAesKey 非法</li>
+ *    <li>-40005: appid 校验错误</li>
+ *    <li>-40006: aes 加密失败</li>
+ *    <li>-40007: aes 解密失败</li>
+ *    <li>-40008: 解密后得到的buffer非法</li>
+ *    <li>-40009: base64加密失败</li>
+ *    <li>-40010: base64解密失败</li>
+ *    <li>-40011: 生成xml失败</li>
+ * </ul>
+ */
+class ErrorCode
+{
+	public static $OK = 0;
+	public static $ValidateSignatureError = -40001;
+	public static $ParseXmlError = -40002;
+	public static $ComputeSignatureError = -40003;
+	public static $IllegalAesKey = -40004;
+	public static $ValidateAppidError = -40005;
+	public static $EncryptAESError = -40006;
+	public static $DecryptAESError = -40007;
+	public static $IllegalBuffer = -40008;
+	public static $EncodeBase64Error = -40009;
+	public static $DecodeBase64Error = -40010;
+	public static $GenReturnXmlError = -40011;
+}
+
+?>
\ No newline at end of file
diff --git a/webapp/controller/pkcs7Encoder.php b/webapp/controller/pkcs7Encoder.php
new file mode 100644
index 0000000..04d9a5b
--- /dev/null
+++ b/webapp/controller/pkcs7Encoder.php
@@ -0,0 +1,207 @@
+<?php
+
+include_once "errorCode.php";
+
+/**
+ * PKCS7Encoder class
+ *
+ * 提供基于PKCS7算法的加解密接口.
+ */
+class PKCS7Encoder
+{
+	public static $block_size = 32;
+
+	/**
+	 * 对需要加密的明文进行填充补位
+	 * @param $text 需要进行填充补位操作的明文
+	 * @return 补齐明文字符串
+	 */
+	function encode($text)
+	{
+		$block_size = PKCS7Encoder::$block_size;
+		$text_length = strlen($text);
+		//计算需要填充的位数
+		$amount_to_pad = PKCS7Encoder::$block_size - ($text_length % PKCS7Encoder::$block_size);
+		if ($amount_to_pad == 0) {
+			$amount_to_pad = PKCS7Encoder::block_size;
+		}
+		//获得补位所用的字符
+		$pad_chr = chr($amount_to_pad);
+		$tmp = "";
+		for ($index = 0; $index < $amount_to_pad; $index++) {
+			$tmp .= $pad_chr;
+		}
+		return $text . $tmp;
+	}
+
+	/**
+	 * 对解密后的明文进行补位删除
+	 * @param decrypted 解密后的明文
+	 * @return 删除填充补位后的明文
+	 */
+	function decode($text)
+	{
+
+		$pad = ord(substr($text, -1));
+		if ($pad < 1 || $pad > 32) {
+			$pad = 0;
+		}
+		return substr($text, 0, (strlen($text) - $pad));
+	}
+
+}
+
+/**
+ * Prpcrypt class
+ *
+ * 提供接收和推送给公众平台消息的加解密接口.
+ */
+class Prpcrypt
+{
+	public $key;
+
+	function Prpcrypt($k)
+	{
+		$this->key = base64_decode($k . "=");
+	}
+
+	/**
+	 * 对明文进行加密
+	 * @param string $text 需要加密的明文
+	 * @return string 加密后的密文
+	 */
+	public function encrypt($text, $appid)
+	{
+
+		try {
+			//获得16位随机字符串，填充到明文之前
+			$random = $this->getRandomStr();
+			$text = $random . pack("N", strlen($text)) . $text . $appid;
+			// 网络字节序
+			$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
+			$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
+			$iv = substr($this->key, 0, 16);
+			//使用自定义的填充方式对明文进行补位填充
+			$pkc_encoder = new PKCS7Encoder;
+			$text = $pkc_encoder->encode($text);
+			mcrypt_generic_init($module, $this->key, $iv);
+			//加密
+			$encrypted = mcrypt_generic($module, $text);
+			mcrypt_generic_deinit($module);
+			mcrypt_module_close($module);
+
+			//print(base64_encode($encrypted));
+			//使用BASE64对加密后的字符串进行编码
+			return array(ErrorCode::$OK, base64_encode($encrypted));
+		} catch (Exception $e) {
+			//print $e;
+			return array(ErrorCode::$EncryptAESError, null);
+		}
+	}
+
+	/**
+	 * 对密文进行解密
+	 * @param string $encrypted 需要解密的密文
+	 * @return string 解密得到的明文
+	 */
+	public function decrypt($encrypted, $appid)
+	{
+
+		try {
+			//使用BASE64对需要解密的字符串进行解码
+			$ciphertext_dec = base64_decode($encrypted);
+			$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
+			$iv = substr($this->key, 0, 16);
+			mcrypt_generic_init($module, $this->key, $iv);
+
+			//解密
+			$decrypted = mdecrypt_generic($module, $ciphertext_dec);
+			mcrypt_generic_deinit($module);
+			mcrypt_module_close($module);
+		} catch (Exception $e) {
+			return array(ErrorCode::$DecryptAESError, null);
+		}
+
+
+		try {
+			//去除补位字符
+			$pkc_encoder = new PKCS7Encoder;
+			$result = $pkc_encoder->decode($decrypted);
+			//去除16位随机字符串,网络字节序和AppId
+			if (strlen($result) < 16)
+				return "";
+			$content = substr($result, 16, strlen($result));
+			$len_list = unpack("N", substr($content, 0, 4));
+			$xml_len = $len_list[1];
+			$xml_content = substr($content, 4, $xml_len);
+			$from_appid = substr($content, $xml_len + 4);
+		} catch (Exception $e) {
+			//print $e;
+			return array(ErrorCode::$IllegalBuffer, null);
+		}
+		if ($from_appid != $appid)
+			return array(ErrorCode::$ValidateAppidError, null);
+		return array(0, $xml_content);
+
+	}
+	public function decryptJson($encrypted, $appid)
+	{
+
+		try {
+			//使用BASE64对需要解密的字符串进行解码
+			$ciphertext_dec = base64_decode($encrypted);
+			$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
+			$iv = substr($this->key, 0, 16);
+			mcrypt_generic_init($module, $this->key, $iv);
+
+			//解密
+			$decrypted = mdecrypt_generic($module, $ciphertext_dec);
+			mcrypt_generic_deinit($module);
+			mcrypt_module_close($module);
+		} catch (Exception $e) {
+			return array(ErrorCode::$DecryptAESError, null);
+		}
+
+
+		try {
+			//去除补位字符
+			$pkc_encoder = new PKCS7Encoder;
+			$result = $pkc_encoder->decode($decrypted);
+			//去除16位随机字符串,网络字节序和AppId
+			if (strlen($result) < 16)
+				return "";
+			$content = substr($result, 16, strlen($result));
+			$len_list = unpack("N", substr($content, 0, 4));
+			$xml_len = $len_list[1];
+			$xml_content = substr($content, 4, $xml_len);
+			$from_appid = substr($content, $xml_len + 4);
+		} catch (Exception $e) {
+			//print $e;
+			return array(ErrorCode::$IllegalBuffer, null);
+		}
+		if ($from_appid != $appid)
+			return array(ErrorCode::$ValidateAppidError, null);
+		return array(0, $xml_content);
+
+	}
+
+
+	/**
+	 * 随机生成16位字符串
+	 * @return string 生成的字符串
+	 */
+	function getRandomStr()
+	{
+
+		$str = "";
+		$str_pol = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
+		$max = strlen($str_pol) - 1;
+		for ($i = 0; $i < 16; $i++) {
+			$str .= $str_pol[mt_rand(0, $max)];
+		}
+		return $str;
+	}
+
+}
+
+?>
diff --git a/webapp/controller/sha1.php b/webapp/controller/sha1.php
new file mode 100644
index 0000000..598caf8
--- /dev/null
+++ b/webapp/controller/sha1.php
@@ -0,0 +1,36 @@
+<?php
+
+include_once "errorCode.php";
+
+/**
+ * SHA1 class
+ *
+ * 计算公众平台的消息签名接口.
+ */
+class SHA1
+{
+	/**
+	 * 用SHA1算法生成安全签名
+	 * @param string $token 票据
+	 * @param string $timestamp 时间戳
+	 * @param string $nonce 随机字符串
+	 * @param string $encrypt 密文消息
+	 */
+	public function getSHA1($token, $timestamp, $nonce, $encrypt_msg)
+	{
+		//排序
+		try {
+			$array = array($encrypt_msg, $token, $timestamp, $nonce);
+			sort($array, SORT_STRING);
+			$str = implode($array);
+			return array(ErrorCode::$OK, sha1($str));
+		} catch (Exception $e) {
+			//print $e . "\n";
+			return array(ErrorCode::$ComputeSignatureError, null);
+		}
+	}
+
+}
+
+
+?>
\ No newline at end of file
diff --git a/webapp/controller/wxBizMsgCrypt.php b/webapp/controller/wxBizMsgCrypt.php
new file mode 100644
index 0000000..7b6eb08
--- /dev/null
+++ b/webapp/controller/wxBizMsgCrypt.php
@@ -0,0 +1,236 @@
+<?php
+
+/**
+ * 对公众平台发送给公众账号的消息加解密示例代码.
+ *
+ * @copyright Copyright (c) 1998-2014 Tencent Inc.
+ */
+
+
+include_once "sha1.php";
+include_once "xmlparse.php";
+include_once "pkcs7Encoder.php";
+include_once "errorCode.php";
+
+/**
+ * 1.第三方回复加密消息给公众平台；
+ * 2.第三方收到公众平台发送的消息，验证消息的安全性，并对消息进行解密。
+ */
+class WXBizMsgCrypt
+{
+	private $token;
+	private $encodingAesKey;
+	private $appId;
+
+	/**
+	 * 构造函数
+	 * @param $token string 公众平台上，开发者设置的token
+	 * @param $encodingAesKey string 公众平台上，开发者设置的EncodingAESKey
+	 * @param $appId string 公众平台的appId
+	 */
+	public function WXBizMsgCrypt($token, $encodingAesKey, $appId)
+	{
+		$this->token = $token;
+		$this->encodingAesKey = $encodingAesKey;
+		$this->appId = $appId;
+	}
+
+	/**
+	 * 将公众平台回复用户的消息加密打包.
+	 * <ol>
+	 *    <li>对要发送的消息进行AES-CBC加密</li>
+	 *    <li>生成安全签名</li>
+	 *    <li>将消息密文和安全签名打包成xml格式</li>
+	 * </ol>
+	 *
+	 * @param $replyMsg string 公众平台待回复用户的消息，xml格式的字符串
+	 * @param $timeStamp string 时间戳，可以自己生成，也可以用URL参数的timestamp
+	 * @param $nonce string 随机串，可以自己生成，也可以用URL参数的nonce
+	 * @param &$encryptMsg string 加密后的可以直接回复用户的密文，包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,
+	 *                      当return返回0时有效
+	 *
+	 * @return int 成功0，失败返回对应的错误码
+	 */
+	public function encryptMsg($replyMsg, $timeStamp, $nonce, &$encryptMsg)
+	{
+		$pc = new Prpcrypt($this->encodingAesKey);
+
+		//加密
+		$array = $pc->encrypt($replyMsg, $this->appId);
+		$ret = $array[0];
+		if ($ret != 0) {
+			return $ret;
+		}
+
+		if ($timeStamp == null) {
+			$timeStamp = time();
+		}
+		$encrypt = $array[1];
+
+		//生成安全签名
+		$sha1 = new SHA1;
+		$array = $sha1->getSHA1($this->token, $timeStamp, $nonce, $encrypt);
+		$ret = $array[0];
+		if ($ret != 0) {
+			return $ret;
+		}
+		$signature = $array[1];
+
+		//生成发送的xml
+		$xmlparse = new XMLParse;
+		$encryptMsg = $xmlparse->generate($encrypt, $signature, $timeStamp, $nonce);
+		return ErrorCode::$OK;
+	}
+    
+	public function encryptJsonMsg($replyMsg, $timeStamp, $nonce, &$encryptMsg)
+	{
+		$pc = new Prpcrypt($this->encodingAesKey);
+
+		//加密
+		$array = $pc->encrypt($replyMsg, $this->appId);
+        #error_log('加密array:' . json_encode($array));
+		$ret = $array[0];
+		if ($ret != 0) {
+			return $ret;
+		}
+
+		if ($timeStamp == null) {
+			$timeStamp = time();
+		}
+		$encrypt = $array[1];
+
+		//生成安全签名
+		$sha1 = new SHA1;
+        error_log('加密encrypt:' . $encrypt);
+		$array = $sha1->getSHA1($this->token, $timeStamp, $nonce, $encrypt);
+		$ret = $array[0];
+		if ($ret != 0) {
+			return $ret;
+		}
+		$signature = $array[1];
+
+		//生成发送的json
+        $enctyptMsgArray = array(
+            'Encrypt' => $encrypt,
+            'MsgSignature' => $signature,
+            'TimeStamp' => $timeStamp,
+            'Nonce' => $nonce
+        );
+		$encryptMsg = json_encode($enctyptMsgArray);
+		return ErrorCode::$OK;
+	}
+
+
+	/**
+	 * 检验消息的真实性，并且获取解密后的明文.
+	 * <ol>
+	 *    <li>利用收到的密文生成安全签名，进行签名验证</li>
+	 *    <li>若验证通过，则提取xml中的加密消息</li>
+	 *    <li>对消息进行解密</li>
+	 * </ol>
+	 *
+	 * @param $msgSignature string 签名串，对应URL参数的msg_signature
+	 * @param $timestamp string 时间戳 对应URL参数的timestamp
+	 * @param $nonce string 随机串，对应URL参数的nonce
+	 * @param $postData string 密文，对应POST请求的数据
+	 * @param &$msg string 解密后的原文，当return返回0时有效
+	 *
+	 * @return int 成功0，失败返回对应的错误码
+	 */
+	public function decryptMsg($msgSignature, $timestamp = null, $nonce, $postData, &$msg)
+	{
+		if (strlen($this->encodingAesKey) != 43) {
+			return ErrorCode::$IllegalAesKey;
+		}
+
+		$pc = new Prpcrypt($this->encodingAesKey);
+
+		//提取密文
+		$xmlparse = new XMLParse;
+		$array = $xmlparse->extract($postData);
+		$ret = $array[0];
+
+		if ($ret != 0) {
+			return $ret;
+		}
+
+		if ($timestamp == null) {
+			$timestamp = time();
+		}
+
+		$encrypt = $array[1];
+		$touser_name = $array[2];
+
+		//验证安全签名
+		$sha1 = new SHA1;
+		$array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt);
+		$ret = $array[0];
+
+		if ($ret != 0) {
+			return $ret;
+		}
+
+		$signature = $array[1];
+		if ($signature != $msgSignature) {
+			return ErrorCode::$ValidateSignatureError;
+		}
+
+		$result = $pc->decrypt($encrypt, $this->appId);
+		if ($result[0] != 0) {
+			return $result[0];
+		}
+		$msg = $result[1];
+
+		return ErrorCode::$OK;
+	}
+
+    
+	public function decryptJsonMsg($msgSignature, $timestamp = null, $nonce, $postData_str, &$msg)
+	{
+		if (strlen($this->encodingAesKey) != 43) {
+			return ErrorCode::$IllegalAesKey;
+		}
+
+		$pc = new Prpcrypt($this->encodingAesKey);
+
+		if ($timestamp == null) {
+			$timestamp = time();
+		}
+
+        $postData = json_decode($postData_str, true);
+		$encrypt = $postData['Encrypt'];
+		$touser_name = $postData['TuUserName'];
+
+        #error_log('token:' . $this->token);
+        #error_log('timestamp:' . $timestamp);
+        #error_log('nonce:' . $nonce);
+        #error_log('encypt:' . $encrypt);
+        
+		//验证安全签名
+		$sha1 = new SHA1;
+        error_log('解密encrypt:' . $encrypt);
+		$array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt);
+		$ret = $array[0];
+
+		if ($ret != 0) {
+			return $ret;
+		}
+
+		$signature = $array[1];
+        error_log($signature);
+        error_log($msgSignature);
+		if ($signature != $msgSignature) {
+			return ErrorCode::$ValidateSignatureError;
+		}
+
+		$result = $pc->decrypt($encrypt, $this->appId);
+		if ($result[0] != 0) {
+			return $result[0];
+		}
+		$msg = $result[1];
+
+		return ErrorCode::$OK;
+	}
+
+}
+
diff --git a/webapp/controller/xmlparse.php b/webapp/controller/xmlparse.php
new file mode 100644
index 0000000..ad57762
--- /dev/null
+++ b/webapp/controller/xmlparse.php
@@ -0,0 +1,55 @@
+<?php
+include_once "errorCode.php";
+
+/**
+ * XMLParse class
+ *
+ * 提供提取消息格式中的密文及生成回复消息格式的接口.
+ */
+class XMLParse
+{
+
+	/**
+	 * 提取出xml数据包中的加密消息
+	 * @param string $xmltext 待提取的xml字符串
+	 * @return string 提取出的加密消息字符串
+	 */
+	public function extract($xmltext)
+	{
+		libxml_disable_entity_loader(true);
+		try {
+			$xml = new DOMDocument();
+			$xml->loadXML($xmltext);
+			$array_e = $xml->getElementsByTagName('Encrypt');
+			$array_a = $xml->getElementsByTagName('ToUserName');
+			$encrypt = $array_e->item(0)->nodeValue;
+			$tousername = $array_a->item(0)->nodeValue;
+			return array(0, $encrypt, $tousername);
+		} catch (Exception $e) {
+			//print $e . "\n";
+			return array(ErrorCode::$ParseXmlError, null, null);
+		}
+	}
+
+	/**
+	 * 生成xml消息
+	 * @param string $encrypt 加密后的消息密文
+	 * @param string $signature 安全签名
+	 * @param string $timestamp 时间戳
+	 * @param string $nonce 随机字符串
+	 */
+	public function generate($encrypt, $signature, $timestamp, $nonce)
+	{
+		$format = "<xml>
+<Encrypt><![CDATA[%s]]></Encrypt>
+<MsgSignature><![CDATA[%s]]></MsgSignature>
+<TimeStamp>%s</TimeStamp>
+<Nonce><![CDATA[%s]]></Nonce>
+</xml>";
+		return sprintf($format, $encrypt, $signature, $timestamp, $nonce);
+	}
+
+}
+
+
+?>
\ No newline at end of file