Message Interface development on WeChat public platform (29) combination of verification signature and message response

Source: Internet
Author: User
Public platform development public platform developer public platform development mode signature verification message response


I. problem source

The public platform uses the valid function for verification when enabling interfaces,

Define ("TOKEN", "Fang times studio"); $ wechatObj = new wechatCallbackapiTest (); $ wechatObj-> valid ();

However, after the verification is complete, the system starts to execute the response to the message. instead of using the valid function, you need to comment it out and set it to responseMsg ()

As follows:

Define ("TOKEN", "Fang times studio"); $ wechatObj = new wechatCallbackapiTest (); $ wechatObj-> responseMsg ();

This operation is actually troublesome because you need to change the function later.


II. problem analysis

Why are two different functions used for processing? This is because two different functions execute different functions,

When the valid function is executed, the verification string is submitted to ensure that the url and token are entered correctly. in this case, the request submitted by the server to the url is

signature=eded789463180edf6c13691398d0cb4c85fb0e23&echostr=5838479218127813673&stamp=1359100969&nonce=1359376876

When responding to a message, you can confirm that the url address is correct. in this case, the xml of the response is obtained. the request submitted is similar to the following:

signature=ba7f5cf8aee512037e5a669596f6f64a8e763d7c&timestamp=1368016183&nonce=1368211921


II. Solution

Let's look back at the valid function.

    public function valid()    { $echoStr = $_GET["echostr"]; //valid signature , option if($this->checkSignature()){ echo $echoStr; exit;        }    }

There is a _ GET variable, so what is the _ GET variable, the following content comes from the http://www.w3school.com.cn/php/php_get.asp

$ _ GET variable
The $ _ GET variable is an array with the variable name and value sent by the http get method.
The $ _ GET variable is used to collect the values in the form from method = "get. The information sent from a form with the GET method is visible to anyone (displayed in the address bar of the browser), and the amount of information sent is limited (up to 100 characters ).

Why use $ _ GET?
Note: When $ _ GET is used, all variable names and values are displayed in the URL. Therefore, this method should not be used when sending passwords or other sensitive information. However, because the variables are displayed in the URL, you can add the page to favorites. In some cases, this is useful.


As described in section 2, there is an echostr variable in the url for two different requests and the signature verification request, but it is not in the response message,

signature=eded789463180edf6c13691398d0cb4c85fb0e23&echostr=5838479218127813673&stamp=1359100969&nonce=1359376876

Then we use the same idea to determine whether the echostr variable exists in the _ GET variable to distinguish two different requests:

The final code is similar to the following:

// Define your token define ("TOKEN", ""); $ wechatObj = new wechatCallbackapiTest (); if (isset ($ _ GET ['echostr']) {$ wechatObj-> valid ();} else {$ wechatObj-> responseMsg ();}


So far, we don't need to comment out another one to enable the other, which reduces the trouble.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.