What to do if PHP official account token verification fails

Solution to PHP public account Token verification failure

In the process of developing WeChat public accounts, we often encounter Token verification failures. This situation is usually because the Token configuration is wrong or WeChat The server cannot access the server. This article will introduce several common Token verification failures and their solutions.

1. Token configuration error

When setting the Token, we need to write the Token into our code and configure it on the WeChat public platform. If the Token we fill in is inconsistent with the Token in the code, Token verification will fail.

Solution to Token configuration error:

First, we need to confirm whether the Token we filled in on the public platform is the same as the Token in the code. If they are different, you need to modify them to the same Token.

Secondly, we need to check whether the Token in the code is set correctly. You can check by printing the Token in the code, as shown below:

define("TOKEN", "XXXXXXXXXXXXXX");

echo TOKEN;

The printed result should be the same as the Token set in the public platform. If it is different, you need to modify the Token in the code.

2. Server configuration error

When performing Token verification, the WeChat server will initiate an HTTP GET request to our server. The request contains the information we have on the WeChat public platform. Fill in the three parameters Token, timestamp and nonce. Our server needs to perform encryption processing based on these three parameters and return it to the WeChat server.

If our server cannot be accessed by the WeChat server or the server response is incorrect, Token verification will fail.

Solution to server configuration error:

First of all, we need to confirm whether our server has port 80 open and the firewall does not block access to the WeChat server.

Secondly, we need to check whether the server-side code is set correctly. You can check by printing out the data returned by the server in the code, as shown below:

$echostr = $_GET["echostr"];

echo $echostr;

If the server does not return the data correctly, you need to check whether there are errors or logic problems in the code.

3. Token verification error in safe mode

If our official account turns on safe mode in the settings, then we need to perform special processing on the Token. In safe mode, the WeChat server will initiate an HTTP POST request to our server. The request contains the four parameters Token, timestamp, nonce and msg_signature that we filled in on the WeChat public platform.

Solution to Token verification error in safe mode:

First, we need to confirm that our server can handle HTTP POST requests normally. Secondly, we need to perform special processing on the Token. The code example is as follows:

$token = "XXXXXXXXXXXXXX"; // Token和公众平台上设置一致
$timestamp = $_GET["timestamp"];
$nonce = $_GET["nonce"];
$msg_signature = $_GET["msg_signature"];
$encrypt_type = (isset($_GET['encrypt_type']) && ($_GET['encrypt_type'] == "aes")) ? "aes" : "raw"; // 兼容明文模式与安全模式

if ($msg_signature) {
    $signature = $_GET["signature"];

    $tmpArr = array($token, $timestamp, $nonce);
    sort($tmpArr, SORT_STRING);
    $tmpStr = implode($tmpArr);
    $tmpStr = $encrypt_type == 'aes' ? $tmpStr . $_GET["encrypted"] : $tmpStr;
    $signatureLocal = sha1($tmpStr);

    if ($signature == $signatureLocal) {
        if ($encrypt_type == 'aes') {
            // 对密文进行解密
        }

        $echostr = $_GET["echostr"];

        echo $echostr;
    }
}

4. Token timeout

Token has an expiration time. If our official account exceeds the expiration of the Token time, then our Token will become invalid, causing Token verification to fail.

Solution to Token timeout:

We can set the Token expiration time in the code, for example, set it to 7200 seconds (2 hours). The code example is as follows:

define("TOKEN", "XXXXXXXXXXXXXX");
define("EXPIRE_TIME", 7200);

$timestamp = $_GET['timestamp'];
$nonce = $_GET['nonce'];
$signature = $_GET['signature'];

if (time() - $timestamp > EXPIRE_TIME) {
    die('Token expired');
}

$tmpArr = array(TOKEN, $timestamp, $nonce);
sort($tmpArr, SORT_STRING);
$tmpStr = implode($tmpArr);
$tmpStr = sha1($tmpStr);

if ($tmpStr == $signature) {
    $echostr = $_GET['echostr'];
    echo $echostr;
}

The above is my summary of solutions to PHP official account Token verification failure. I hope it will be helpful to everyone.

The above is the detailed content of What to do if PHP official account token verification fails. For more information, please follow other related articles on the PHP Chinese website!