I have come to the technical forum to consult with you. the code for interface development is directly modified using the official example.
The problem is that some messages fail to pass verification.
For example, I sent a message. if the verification succeeds, I will reply to the welcome message. if the verification fails, I will reply to the false keyword.
I sent five messages, sometimes two replies are false, and sometimes three replies are false.
Why does the verification fail?
Thank you for your guidance.
define("TOKEN", "token");$wechatObj = new wechatCallbackapiTest();//$wechatObj->valid();$wechatObj->run();class wechatCallbackapiTest{public function valid() { $echoStr = $_GET["echostr"]; //valid signature , option if($this->checkSignature()){ echo $echoStr; exit; } } public function run() { if($this->checkSignature()) { $this->responseMsg(); }else{ $this->responseMsg("false"); } } public function responseMsg($contentStr = "Welcome to wechat world!") {//get post data, May be due to the different environments$postStr = $GLOBALS["HTTP_RAW_POST_DATA"]; //extract post dataif (!empty($postStr)){ $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA); $fromUsername = $postObj->FromUserName; $toUsername = $postObj->ToUserName; $keyword = trim($postObj->Content); $time = time(); $textTpl = "
%s
%s
%s
%s
%s
0
"; if(!empty( $keyword )) { $msgType = "text"; //$contentStr = "Welcome to wechat world!"; $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr); echo $resultStr; }else{ echo "Input something..."; } }else { echo ""; exit; } }private function checkSignature(){ $signature = $_GET["signature"]; $timestamp = $_GET["timestamp"]; $nonce = $_GET["nonce"]; $token = TOKEN;$tmpArr = array($token, $timestamp, $nonce);sort($tmpArr);$tmpStr = implode( $tmpArr );$tmpStr = sha1( $tmpStr );if( $tmpStr == $signature ){return true;}else{return false;}}}
Reply to discussion (solution)
Record the log and record the retrieved valid returned data to the log. let's take a look at the difference between the success and failure logs for analysis.
The dictionary sorting of your verification parameters is incorrect.
Sort ($ tmpArr); changed to sort ($ tmpArr, SORT_STRING );
To add this question, you sometimes succeed or fail because the successful data is exactly the same as the two sorting results.
The dictionary sorting of your verification parameters is incorrect.
Sort ($ tmpArr); changed to sort ($ tmpArr, SORT_STRING );
Yes, thanks.
The verification method directly copies the official example. I believe them too much.