微信Token验证代码的实现 php

微信开放第三方API接口，

申请地址:

https://mp.weixin.qq.com/advanced/advanced?action=interface&t=advanced/interface&token=1865635074&lang=zh_CN

官方提供PHP开发代码下载:

如果你的微信接口页面没有做好，提交保存的时候，会提示：验证Token失败。这个错误是因为，你的接口页面还没有反馈正确的信息给微信接口。微信在教程方面还做得不够成熟，就一个PHP示例，还是有问题的，在下篇文章我会讲到这个错误在哪。微信官方也没有跟大家说清楚怎么才能是token验证成功。下面我将给出示例告诉大家如何通过token验证。

譬如：微信接口页面是http://bbhet.com 默认页面是weixin.php，我们只需要把weixin.php的代码改为, 然后放到你得网站根目录：

官方下载地址 http://mp.weixin.qq.com/wiki/8/f9a0b8382e0b77d87b3bcc1ce6fbc104.html

方法一: 简单的PHP实现Token验证

[php] view plain copy
<?php  
//1. 将timestamp , nonce , token 按照字典排序  
$timestamp = $_GET['timestamp'];  
$nonce = $_GET['nonce'];  
$token = "你自定义的Token值 用于验证";  
$signature = $_GET['signature'];  
$array = array($timestamp,$nonce,$token);  
sort($array);  
  
//2.将排序后的三个参数拼接后用sha1加密  
$tmpstr = implode('',$array);  
$tmpstr = sha1($tmpstr);  
  
//3. 将加密后的字符串与 signature 进行对比, 判断该请求是否来自微信  
if($tmpstr == $signature)  
{  
    echo $_GET['echostr'];  
    exit;  
}  

方法二: 封装类的代码实现Token验证

<?php  
/** 
  * wechat php test 
  */  
  
//define your token  
define("TOKEN", "weixin");  
$wechatObj = new wechatCallbackapiTest();  
$wechatObj->valid();  
  
class wechatCallbackapiTest  
{  
    public function valid()  
    {  
        $echoStr = $_GET["echostr"];  
  
        //valid signature , option  
        if($this->checkSignature()){  
            echo $echoStr;  
            exit;  
        }  
    }  
  
    public function responseMsg()  
    {  
        //get post data, May be due to the different environments  
        $postStr = $GLOBALS["HTTP_RAW_POST_DATA"];  
  
        //extract post data  
        if (!empty($postStr)){  
                  
                $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);  
                $fromUsername = $postObj->FromUserName;  
                $toUsername = $postObj->ToUserName;  
                $keyword = trim($postObj->Content);  
                $time = time();  
                $textTpl = "<xml>  
                            <ToUserName><![CDATA[%s]]></ToUserName>  
                            <FromUserName><![CDATA[%s]]></FromUserName>  
                            <CreateTime>%s</CreateTime>  
                            <MsgType><![CDATA[%s]]></MsgType>  
                            <Content><![CDATA[%s]]></Content>  
                            <FuncFlag>0</FuncFlag>  
                            </xml>";               
                if(!empty( $keyword ))  
                {  
                    $msgType = "text";  
                    $contentStr = "Welcome to wechat world!";  
                    $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $msgType, $contentStr);  
                    echo $resultStr;  
                }else{  
                    echo "Input something...";  
                }  
  
        }else {  
            echo "";  
            exit;  
        }  
    }  
          
    private function checkSignature()  
    {  
        $signature = $_GET["signature"];  
        $timestamp = $_GET["timestamp"];  
        $nonce = $_GET["nonce"];      
                  
        $token = TOKEN;  
        $tmpArr = array($token, $timestamp, $nonce);  
        sort($tmpArr);  
        $tmpStr = implode( $tmpArr );  
        $tmpStr = sha1( $tmpStr );  
          
        if( $tmpStr == $signature ){  
            return true;  
        }else{  
            return false;  
        }  
    }  
}  
  
?>