Home > Article > Backend Development > WeChat public platform message interface development (29) Verification signature and message response merging_PHP tutorial
WeChat public platform message interface development (29) Verification signature and message response merging_PHP tutorial
- WBOYOriginal
- 2016-07-20 11:14:291042browse
WeChat public platform development WeChat public platform developer WeChat public platform development model signature verification message response
Author: Fangbei Studio
Original text: http://www.cnblogs.com/txw1958 /archive/2013/05/08/weixin-if29-valid-responseMsg.html
1. Source of the problem
WeChat public platform uses the valid function for verification when enabling the interface,
<span define</span>("TOKEN", "方倍工作室"<span );
</span><span $wechatObj</span> = <span new</span><span wechatCallbackapiTest();
</span><span $wechatObj</span>->valid();
But after the verification is completed, the response to the message begins. The valid function is no longer used. It needs to be commented out and set to responseMsg()
As follows
<span define</span>("TOKEN", "方倍工作室"<span );
</span><span $wechatObj</span> = <span new</span><span wechatCallbackapiTest();
</span><span $wechatObj</span>->responseMsg();
This operation is actually more troublesome because you have to go back and change the function.
2. Problem Analysis
Why use two different functions to process it? This is because the two different functions perform different functions,
When executing the valid function, a verification string is submitted to ensure that the URL and token are filled in and submitted correctly. At this time, the request submitted by the WeChat server to the URL is
<span signature</span>=eded789463180edf6c13691398d0cb4c85fb0e23<span &echostr</span>=5838479218127813673<span &stamp</span>=1359100969<span &nonce</span>=1359376876
When responding to the message, it can be confirmed that the url address is correct. At this time, the main task is to obtain the reply xml. The request submitted at this time is similar to the following:
<span signature</span>=ba7f5cf8aee512037e5a669596f6f64a8e763d7c<span ×tamp</span>=1368016183<span &nonce</span>=1368211921
2. Solution
Let’s look back at the valid function
<span public</span> <span function</span><span valid()
{
</span><span $echoStr</span> = <span $_GET</span>["echostr"<span ];
</span><span //</span><span valid signature , option</span>
<span if</span>(<span $this</span>-><span checkSignature()){
</span><span echo</span> <span $echoStr</span><span ;
</span><span exit</span><span ;
}
}</span>
There is a _GET variable, so what is the _GET variable? The following content comes from http://www.w3school.com.cn/php/php_get.asp
$_GET variable
$_GET variable is an array whose content is the variable name and value sent by the HTTP GET method.
The $_GET variable is used to collect values from the form with method="get". Information sent from a form with the GET method is visible to everyone (displayed in the browser's address bar), and there is a limit on the amount of information sent (maximum 100 characters).
Why use $_GET?
Note: When using $_GET variables, all variable names and values will be displayed in the URL. So this method should not be used when sending passwords or other sensitive information. However, because the variables appear in the URL, you can bookmark the page. In some cases this is useful.
We noticed that in the two different requests described in Part 2, in the signature verification request, there is an echostr variable in the URL, but there is no echostr variable in the response message,
<span signature</span>=eded789463180edf6c13691398d0cb4c85fb0e23<span &<span <strong><span echostr</span></strong></span></span>=5838479218127813673<span &stamp</span>=1359100969<span &nonce</span>=1359376876
Then we use the same idea to determine whether there is this echostr variable in the _GET variable to distinguish two different requests:
The final code is similar to the following:
<span //</span><span define your token</span>
<span define</span>("TOKEN", "方倍工作室"<span );
</span><span $wechatObj</span> = <span new</span><span wechatCallbackapiTest();
</span><span if</span> (<span isset</span>(<span $_GET</span>['echostr'<span ])) {
</span><span $wechatObj</span>-><span valid();
}</span><span else</span><span {
</span><span $wechatObj</span>-><span responseMsg();
}</span>
At this point, we no longer need to annotate one to enable the other, which saves us a lot of trouble.