javascript - Ask for advice! Regarding the JSSDK error shared by WeChat - invalid signature.

Question

The signature has been generated, and it is the same as the signature generated by the WeChat signature testing tool. When scanning the QR code to access the page, invalid signature still pops up. How to solve it? ! Please give me some advice!
image description

Generated by WeChat

The one generated by yourself and WeChat

Answer 1

Not familiar with php...

Check whether it is a problem with the url?

Answer 2

<?php

class JSSDK {

    private $appId;
    private $appSecret;

    public function __construct($appId, $appSecret) {
        $this->appId = $appId;
        $this->appSecret = $appSecret;
    }

    public function getSignPackage() {
        $jsapiTicket = getJsapiTicket();
        
        if($jsapiTicket&&$jsapiTicket<>''){
                // 注意 URL 一定要动态获取，不能 hardcode.
                $protocol = (!empty($_SERVER ['HTTPS']) && $_SERVER ['HTTPS'] !== 'off' || $_SERVER ['SERVER_PORT'] == 443) ? "https://" : "http://";
                $url = "$protocol$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";

                $timestamp = time();
                $nonceStr = $this->createNonceStr();
                // 这里参数的顺序要按照 key 值 ASCII 码升序排序
                $string = "jsapi_ticket={$jsapiTicket}&noncestr={$nonceStr}&timestamp={$timestamp}&url={$url}";
      
                $signature = sha1($string);
                $signPackage = array(
                        "appId" => $this->appId,
                        "nonceStr" => $nonceStr,
                        "timestamp" => $timestamp,
                        "url" => $url,
                        "signature" => $signature,
                        "rawString" => $string
                    );

                return $signPackage;

        }else{
            return  false;
        }
        
    }

    private function createNonceStr($length = 16) {
        $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        $str = "";
        for ($i = 0; $i < $length; $i ++) {
            $str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
        }
        return $str;
    }

    private function httpGet($url) {
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl, CURLOPT_TIMEOUT, 500);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($curl, CURLOPT_URL, $url);

        $res = curl_exec($curl);
        curl_close($curl);

        return $res;
    }

}


上面是开源的库，调用方法就算getSignPackage()，执行之后得到nonceStr、signature、timestamp
  $jssdk =new \JSSDK(C('APPID'), C('APPSECRET'));
               $data=$jssdk->getSignPackage();
               $this->assign('nonceStr', $data['nonceStr']);
               $this->assign('signature', $data['signature']);
               $this->assign('appid', C('APPID'));
               $this->assign('timestamp', $data['timestamp']);
我记得公众平台的后台有个jssdk的安全目录要设置的。

Answer 3

Confirm that the appid in config is consistent with the appid used to obtain jsapi_ticket

The best way is to download the WeChat development tool and debug all parameters on the computer side