Custom sharing laraverl framework, separation of the front and back the wrong signature invalid 63002

Keywords: PHP curl ascii SHA1

<?php
class JSSDK {
private $appId;
private $appSecret;
private $url; // If the front and back end are separated, it is an interface request, you must customize the current page address to send it, otherwise the signature error 20190905
public function __construct($appId, $appSecret,$url) {
$this->appId = $appId;
$this->appSecret = $appSecret;
$this->url = $url;
}

public function getSignPackage() {
$jsapiTicket = $this->getJsApiTicket();

// Note that URL s must be dynamically retrieved, not hard code. If the front and back end are separated, it is an interface request, you must customize the current page address or sign the wrong 20190905.
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
//$url = "$protocol$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
  $url = $this->url;

$timestamp = time();
$nonceStr = $this->createNonceStr();

// Here, the order of parameters is in ascending order of key value ASCII code.
$string = "jsapi_ticket=$jsapiTicket&noncestr=$nonceStr×tamp=$timestamp&url=$url";

$signature = sha1($string);

$signPackage = array(
  "appId"     => $this->appId,
  "nonceStr"  => $nonceStr,
  "timestamp" => $timestamp,
  "url"       => $url,
  "signature" => $signature,
  "rawString" => $string
);
return $signPackage; 

}

private function createNonceStr($length = 16) {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$str = "";
for ($i = 0; $i < $length; $i++) {
$str .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
}
return $str;
}

private function getJsApiTicket() {
// jsapi_ticket should be stored and updated globally. The following code is written to the file as an example
$data = json_decode($this->get_php_file("jsapi_ticket.php"));

if ($data->expire_time < time()) {
  $accessToken = $this->getAccessToken();
  // If it is an enterprise number, use the following URL to get ticket
  // $url = "https://qyapi.weixin.qq.com/cgi-bin/get_jsapi_ticket?access_token=$accessToken";
  $url = "https://api.weixin.qq.com/cgi-bin/ticket/getticket?type=jsapi&access_token=$accessToken";
  $res = json_decode($this->httpGet($url));
  $ticket = $res->ticket;
  if ($ticket) {
    $data->expire_time = time() + 7000;
    $data->jsapi_ticket = $ticket;
    $this->set_php_file("jsapi_ticket.php", json_encode($data));
  }
} else {

  $ticket = $data->jsapi_ticket;
}

return $ticket;

}

private function getAccessToken() {
// access_token should be stored and updated globally. The following code is written to the file for example
$data = json_decode($this->get_php_file("access_token.php"));

if ($data->expire_time < time()) {

  // If it is an enterprise number, use the following URL to get access_token
  // $url = "https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=$this->appId&corpsecret=$this->appSecret";
  $url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=$this->appId&secret=$this->appSecret";
  $res = json_decode($this->httpGet($url));

  $access_token = $res->access_token;
  if ($access_token) {
    $data->expire_time = time() + 7000;
    $data->access_token = $access_token;
    $this->set_php_file("access_token.php", json_encode($data));
  }
} else {

  $access_token = $data->access_token;
}
return $access_token;

}

private function httpGet($url) {
$curl = curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_TIMEOUT, 500);
/ / to ensure the security of data transmission between the third party server and the server, all the interfaces are invoked in https mode, and the following 2 lines of code must be used to open the ssl security check.
// If the code fails to validate here during deployment, go to http://curl.haxx.se/ca/cacert.pem Download the new certificate discrimination file.
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_URL, $url);

$res = curl_exec($curl);
curl_close($curl);

return $res;

}

private function get_php_file($filename) {
return trim(substr(file_get_contents($filename), 15));
}
private function set_php_file($filename, $content) {
$fp = fopen($filename, "w");
fwrite($fp, "<?php exit();?>" . $content);
fclose($fp);
}
}

============== Interface method

/**

  • Get jssdk
    */
    public function getjssdk(Request $request)
    {

    $requestData = $request->all();
    
    var_dump($requestData);die;
    $jssdk = new \JSSDK("wxed179f31e9bd43e5", "d1cd540d0********90284e7d3231");
    $signPackage = $jssdk->GetSignPackage();
    $returnData = Result::getResult(1, "Get success", $signPackage);
    return json_encode($returnData);

    }

    ==============Front end
    
    // Get jssdk
            getJssdk() {
                //console.log(top.location.href,'999999');
                this.myurl.url = top.location.href;
    
                getReqData('phone/mail/getjssdk',this.myurl).then(res => {
                    console.log(res);
                    var resdata =res.data;
                    wx.config({
                        debug: true,
                        appId: resdata.appId,
                        timestamp:resdata.timestamp ,
                        nonceStr:resdata.nonceStr ,
                        signature:resdata.signature ,
                        jsApiList: [
                        // All API s to be invoked are added to this list
                            "checkJsApi",
                            'onMenuShareTimeline', // Share the Friendship Interface
                            'onMenuShareAppMessage', //  Share with friends
                            'onMenuShareQQ', // Share QQ interface
                            'onMenuShareWeibo', // Sharing to micro-blog interface
                            'openLocation'
                    ]
                })
                    wx.ready(function (){
                        var shareData = {
                            title: 'Chinese wine Maotai',
                            desc: 'The national liquor Moutai has changed its name, but the national wine is well deserved. It likes to drink more, because it is very expensive.',//Special attention should be paid here to removing html
                            link: 'http://tapi.1qibang.cn/qbb_move/webpage/index.html',
                            imgUrl: 'http://pingtai.1qibang.cn/upload/photos/2019/07/31/2dd145a928d50e469a1fea415d9353e4.jpg'
                        };
                        wx.onMenuShareAppMessage(shareData);
    
                    });
                })
            },

Posted by piet123 on Sat, 05 Oct 2019 17:07:19 -0700