Home >Backend Development >PHP Tutorial >How to perform signature verification on the content of WeChat payment result notification?
How to perform signature verification on the content of WeChat payment result notification?
- WBOYOriginal
- 2016-09-11 11:34:052657browse
I have received the data returned by Tencent, but I need to verify the signature to ensure that the data has not been tampered with, and then do the corresponding logical processing.
How is this signature verification done?
What are the parameters for signing?
How to fill in the parameter name and parameter value?
This is my signature code:
<code> ///验证签名
$wx_sign = array();//微信给返回的数据加入一个数组做签名
$wx_sign['appid'] = $wxdata['appid'];
$wx_sign['bank_type'] = $wxdata['bank_type'];
$wx_sign['cash_fee'] = $wxdata['cash_fee'];
$wx_sign['fee_type'] = $wxdata['fee_type'];
$wx_sign['is_subscribe'] = $wxdata['is_subscribe'];
$wx_sign['mch_id'] = $wxdata['mch_id'];
$wx_sign['nonce_str'] = $wxdata['nonce_str'];
$wx_sign['openid'] = $wxdata['openid'];
$wx_sign['out_trade_no'] = $wxdata['out_trade_no'];
$wx_sign['result_code'] = $wxdata['result_code'];
$wx_sign['return_code'] = $wxdata['return_code'];
$wx_sign['time_end'] = $wxdata['time_end'];
$wx_sign['total_fee'] = $wxdata['total_fee'];
$wx_sign['trade_type'] = $wxdata['trade_type'];
$wx_sign['transaction_id'] = $wxdata['transaction_id'];
$wx_sign_all = $this->wechatAppPay->MakeSign($wx_sign);//调用签名函数</code>
My signature function:
<code> /**
* 生成签名
* @return 签名
*/
public function MakeSign( $params ){
//签名步骤一:按字典序排序数组参数
ksort($params);
$string = $this->ToUrlParams($params);
//签名步骤二:在string后加入KEY
$string = $string . "&key=".$this->key;
//签名步骤三:MD5加密
$string = md5($string);
//签名步骤四:所有字符转为大写
$result = strtoupper($string);
return $result;
}
</code>
The value of $wx_sign_all is different from the returned sign value!
Is the signature verification done by comparing the self-generated sign with the returned sign?
////////////////////////////The problem has been solved//////////////////// ///
I accidentally wrote a wrong value
Reply content:
I have received the data returned by Tencent, but I need to verify the signature to ensure that the data has not been tampered with, and then do the corresponding logical processing.
How is this signature verification done?
What are the parameters for signing?
How to fill in the parameter name and parameter value?
This is my signature code:
<code> ///验证签名
$wx_sign = array();//微信给返回的数据加入一个数组做签名
$wx_sign['appid'] = $wxdata['appid'];
$wx_sign['bank_type'] = $wxdata['bank_type'];
$wx_sign['cash_fee'] = $wxdata['cash_fee'];
$wx_sign['fee_type'] = $wxdata['fee_type'];
$wx_sign['is_subscribe'] = $wxdata['is_subscribe'];
$wx_sign['mch_id'] = $wxdata['mch_id'];
$wx_sign['nonce_str'] = $wxdata['nonce_str'];
$wx_sign['openid'] = $wxdata['openid'];
$wx_sign['out_trade_no'] = $wxdata['out_trade_no'];
$wx_sign['result_code'] = $wxdata['result_code'];
$wx_sign['return_code'] = $wxdata['return_code'];
$wx_sign['time_end'] = $wxdata['time_end'];
$wx_sign['total_fee'] = $wxdata['total_fee'];
$wx_sign['trade_type'] = $wxdata['trade_type'];
$wx_sign['transaction_id'] = $wxdata['transaction_id'];
$wx_sign_all = $this->wechatAppPay->MakeSign($wx_sign);//调用签名函数</code>
My signature function:
<code> /**
* 生成签名
* @return 签名
*/
public function MakeSign( $params ){
//签名步骤一:按字典序排序数组参数
ksort($params);
$string = $this->ToUrlParams($params);
//签名步骤二:在string后加入KEY
$string = $string . "&key=".$this->key;
//签名步骤三:MD5加密
$string = md5($string);
//签名步骤四:所有字符转为大写
$result = strtoupper($string);
return $result;
}
</code>
The value of $wx_sign_all is different from the returned sign value!
Is the signature verification done by comparing the self-generated sign with the returned sign?
////////////////////////////The problem has been solved//////////////////// ///
I accidentally wrote a wrong value
<code>$wx_sign['sign'] = $wxdata['sign']; $wx_sign_all = $this->wechatAppPay->MakeSign($wx_sign);//调用签名函数</code>
Here we will add sign to the signature string. sign should not participate in the signature.