Backend Development
PHP Tutorial
How to perform signature verification on the content of WeChat payment result notification?
How to perform signature verification on the content of WeChat payment result notification?
I have received the data returned by Tencent, but I need to verify the signature to ensure that the data has not been tampered with, and then do the corresponding logical processing.
How is this signature verification done?
What are the parameters for signing?
How to fill in the parameter name and parameter value?
This is my signature code:
<code> ///验证签名
$wx_sign = array();//微信给返回的数据加入一个数组做签名
$wx_sign['appid'] = $wxdata['appid'];
$wx_sign['bank_type'] = $wxdata['bank_type'];
$wx_sign['cash_fee'] = $wxdata['cash_fee'];
$wx_sign['fee_type'] = $wxdata['fee_type'];
$wx_sign['is_subscribe'] = $wxdata['is_subscribe'];
$wx_sign['mch_id'] = $wxdata['mch_id'];
$wx_sign['nonce_str'] = $wxdata['nonce_str'];
$wx_sign['openid'] = $wxdata['openid'];
$wx_sign['out_trade_no'] = $wxdata['out_trade_no'];
$wx_sign['result_code'] = $wxdata['result_code'];
$wx_sign['return_code'] = $wxdata['return_code'];
$wx_sign['time_end'] = $wxdata['time_end'];
$wx_sign['total_fee'] = $wxdata['total_fee'];
$wx_sign['trade_type'] = $wxdata['trade_type'];
$wx_sign['transaction_id'] = $wxdata['transaction_id'];
$wx_sign_all = $this->wechatAppPay->MakeSign($wx_sign);//调用签名函数</code>My signature function:
<code> /**
* 生成签名
* @return 签名
*/
public function MakeSign( $params ){
//签名步骤一:按字典序排序数组参数
ksort($params);
$string = $this->ToUrlParams($params);
//签名步骤二:在string后加入KEY
$string = $string . "&key=".$this->key;
//签名步骤三:MD5加密
$string = md5($string);
//签名步骤四:所有字符转为大写
$result = strtoupper($string);
return $result;
}
</code>The value of $wx_sign_all is different from the returned sign value!
Is the signature verification done by comparing the self-generated sign with the returned sign?
////////////////////////////The problem has been solved//////////////////// ///
I accidentally wrote a wrong value
Reply content:
I have received the data returned by Tencent, but I need to verify the signature to ensure that the data has not been tampered with, and then do the corresponding logical processing.
How is this signature verification done?
What are the parameters for signing?
How to fill in the parameter name and parameter value?
This is my signature code:
<code> ///验证签名
$wx_sign = array();//微信给返回的数据加入一个数组做签名
$wx_sign['appid'] = $wxdata['appid'];
$wx_sign['bank_type'] = $wxdata['bank_type'];
$wx_sign['cash_fee'] = $wxdata['cash_fee'];
$wx_sign['fee_type'] = $wxdata['fee_type'];
$wx_sign['is_subscribe'] = $wxdata['is_subscribe'];
$wx_sign['mch_id'] = $wxdata['mch_id'];
$wx_sign['nonce_str'] = $wxdata['nonce_str'];
$wx_sign['openid'] = $wxdata['openid'];
$wx_sign['out_trade_no'] = $wxdata['out_trade_no'];
$wx_sign['result_code'] = $wxdata['result_code'];
$wx_sign['return_code'] = $wxdata['return_code'];
$wx_sign['time_end'] = $wxdata['time_end'];
$wx_sign['total_fee'] = $wxdata['total_fee'];
$wx_sign['trade_type'] = $wxdata['trade_type'];
$wx_sign['transaction_id'] = $wxdata['transaction_id'];
$wx_sign_all = $this->wechatAppPay->MakeSign($wx_sign);//调用签名函数</code>My signature function:
<code> /**
* 生成签名
* @return 签名
*/
public function MakeSign( $params ){
//签名步骤一:按字典序排序数组参数
ksort($params);
$string = $this->ToUrlParams($params);
//签名步骤二:在string后加入KEY
$string = $string . "&key=".$this->key;
//签名步骤三:MD5加密
$string = md5($string);
//签名步骤四:所有字符转为大写
$result = strtoupper($string);
return $result;
}
</code>The value of $wx_sign_all is different from the returned sign value!
Is the signature verification done by comparing the self-generated sign with the returned sign?
////////////////////////////The problem has been solved//////////////////// ///
I accidentally wrote a wrong value
<code>$wx_sign['sign'] = $wxdata['sign']; $wx_sign_all = $this->wechatAppPay->MakeSign($wx_sign);//调用签名函数</code>
Here we will add sign to the signature string. sign should not participate in the signature.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1378
52
Explain JSON Web Tokens (JWT) and their use case in PHP APIs.
Apr 05, 2025 am 12:04 AM
JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,
Explain late static binding in PHP (static::).
Apr 03, 2025 am 12:04 AM
Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.
What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases?
Apr 03, 2025 am 12:03 AM
What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.
Explain the match expression (PHP 8 ) and how it differs from switch.
Apr 06, 2025 am 12:03 AM
In PHP8, match expressions are a new control structure that returns different results based on the value of the expression. 1) It is similar to a switch statement, but returns a value instead of an execution statement block. 2) The match expression is strictly compared (===), which improves security. 3) It avoids possible break omissions in switch statements and enhances the simplicity and readability of the code.
The difference between H5 and mini-programs and APPs
Apr 06, 2025 am 10:42 AM
H5. The main difference between mini programs and APP is: technical architecture: H5 is based on web technology, and mini programs and APP are independent applications. Experience and functions: H5 is light and easy to use, with limited functions; mini programs are lightweight and have good interactiveness; APPs are powerful and have smooth experience. Compatibility: H5 is cross-platform compatible, applets and APPs are restricted by the platform. Development cost: H5 has low development cost, medium mini programs, and highest APP. Applicable scenarios: H5 is suitable for information display, applets are suitable for lightweight applications, and APPs are suitable for complex functions.
What should I do if the company's security software conflicts with applications? How to troubleshoot HUES security software causes common software to fail to open?
Apr 01, 2025 pm 10:48 PM
Compatibility issues and troubleshooting methods for company security software and application. Many companies will install security software in order to ensure intranet security. However, security software sometimes...
What is Cross-Site Request Forgery (CSRF) and how do you implement CSRF protection in PHP?
Apr 07, 2025 am 12:02 AM
In PHP, you can effectively prevent CSRF attacks by using unpredictable tokens. Specific methods include: 1. Generate and embed CSRF tokens in the form; 2. Verify the validity of the token when processing the request.
How can you prevent a class from being extended or a method from being overridden in PHP? (final keyword)
Apr 08, 2025 am 12:03 AM
In PHP, the final keyword is used to prevent classes from being inherited and methods being overwritten. 1) When marking the class as final, the class cannot be inherited. 2) When marking the method as final, the method cannot be rewritten by the subclass. Using final keywords ensures the stability and security of your code.
