Home > Article > Backend Development > What should I do if WeChat token verification fails under PHP?
What should I do if WeChat token verification fails under PHP?
- coldplay.xixiOriginal
- 2020-07-27 10:21:142653browse
The solution to the failure of WeChat token verification under php: first call the system environment variable [$_SERVER] to view the HTTP request information; then write it to a local file and open [url] with a browser log.html] path; finally click mention in WeChat.
Solution to WeChat token verification failure under php:
We add a method to track http records in the code Let’s check whether our own server received the request but did not respond, or WeChat did not send the request at all.
By calling the system environment variable $_SERVER, you can view the HTTP request information, two of which are important are
Add it to the proxy In the above code, and write it to a local file, the entire code
<?php
/*
php中文网 https://www.php.cn/
CopyRight 2013 www.doucube.com All Rights Reserved
*/
traceHttp();
define("TOKEN", "weixin");
$wechatObj = new wechatCallbackapiTest();
if (isset($_GET['echostr'])) {
$wechatObj->valid();
}else{
$wechatObj->responseMsg();
}
class wechatCallbackapiTest
{
public function valid()
{
$echoStr = $_GET["echostr"];
if($this->checkSignature()){
echo $echoStr;
exit;
}
}
private function checkSignature()
{
$signature = $_GET["signature"];
$timestamp = $_GET["timestamp"];
$nonce = $_GET["nonce"];
$token = TOKEN;
$tmpArr = array($token, $timestamp, $nonce);
sort($tmpArr);
$tmpStr = implode( $tmpArr );
$tmpStr = sha1( $tmpStr );
if( $tmpStr == $signature ){
return true;
}else{
return false;
}
}
public function responseMsg()
{
$postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
if (!empty($postStr)){
$postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
$fromUsername = $postObj->FromUserName;
$toUsername = $postObj->ToUserName;
$keyword = trim($postObj->Content);
$time = time();
$textTpl = "<xml>
<ToUserName><![CDATA[%s]]></ToUserName>
<FromUserName><![CDATA[%s]]></FromUserName>
<CreateTime>%s</CreateTime>
<MsgType><![CDATA[%s]]></MsgType>
<Content><![CDATA[%s]]></Content>
<FuncFlag>0</FuncFlag>
</xml>";
if($keyword == "?" || $keyword == "?")
{
$msgType = "text";
$contentStr = date("Y-m-d H:i:s",time());
$resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);
echo $resultStr;
}
}else{
echo "";
exit;
}
}
}
function traceHttp()
{
logger("\n\nREMOTE_ADDR:".$_SERVER["REMOTE_ADDR"].(strstr($_SERVER["REMOTE_ADDR"],'101.226')? " FROM WeiXin": "Unknown IP"));
logger("QUERY_STRING:".$_SERVER["QUERY_STRING"]);
}
function logger($log_content)
{
if(isset($_SERVER['HTTP_APPNAME'])){ //SAE
sae_set_display_errors(false);
sae_debug($log_content);
sae_set_display_errors(true);
}else{ //LOCAL
$max_size = 500000;
$log_filename = "log.xml";
if(file_exists($log_filename) and (abs(filesize($log_filename)) > $max_size)){unlink($log_filename);}
file_put_contents($log_filename, date('Y-m-d H:i:s').$log_content."\r\n", FILE_APPEND);
}
}
?>In this way, when we submit, a log.html file will be generated in the current directory
Open the filled-in URL directly with a browser, and the file will also be written once.
Open the url log.html path directly with a browser. My record is as follows:
2013-01-30 10:15:18 2013-01-30 10:15:18 REMOTE_ADDR:212.179.24.103 Unknown IP 2013-01-30 10:15:18 QUERY_STRING:
Click submit once in WeChat and generate the record again, as follows:
2013-01-30 10:15:49 2013-01-30 10:15:49 REMOTE_ADDR:101.226.89.83 From WeiXin 2013-01-30 10:15:49 QUERY_STRING:signature=eded789463180edf6c13691398d0cb4c85fb0e23&echostr=5838479218127813673×tamp=1359100969&nonce=1359376876
As you can see from the above, this time the IP comes from 101.226.89.83, which is the IP of WeChat. I added this IP to the code to judge for myself
Now you can detect your own according to the following Where is the problem
If no log is generated:
It means that the WeChat server has not contacted you. You need to check whether the server can be accessed through the public network and whether the URL path exists and is correct.
If you generate a log:
If you generate a log, there are REMOTE_ADDR and QUERY_STRING, check if the IP is from Shanghai (currently WeChat server Deployed in the Shanghai Telecom computer room, several failures were said to be caused by road excavation in Shanghai). Check whether the format of QUERY_STRING is similar to that described in the official guide. If there are no problems, first check whether the Token filled in is consistent with The program is consistent, and then check whether there is any problem with the program.
Related learning recommendations: PHP programming from entry to proficiency
The above is the detailed content of What should I do if WeChat token verification fails under PHP?. For more information, please follow other related articles on the PHP Chinese website!