我在客户端的执行代码:
wx.login({
success: function (result) {
if (result.code) {
wx.request({
url: config.service.requestUrl + ‘/v.php’,
data: {
code: result.code
},
header: {
‘content-type’: ‘application/x-www-form-urlencoded’
},
method: ‘POST’,
success: function (res) {
wx.getUserInfo({
success: function (res) {
that.localData.rawdata = res.rawData
that.localData.signature = res.signature
that.globalData.userInfo = res.userInfo
wx.request({
url: config.service.requestUrl + ‘/verify.php’,
data: {},
header: {
‘content-type’: ‘application/x-www-form-urlencoded’,
‘Cookie’: ‘PHPSESSID=’ + wx.getStorageSync(‘session_id’),
‘raw’: escape(this.localData.rawdata),
‘signature’: this.localData.signature
},
method: ‘POST’,
success: function (res) {
},
fail: function (res) {
}
})
}
})
}
})
}
}
})
在v.php中,通过appid、appsecret、code获取到了openid和session_key,并保存到开发者服务器。
在verify.php中:
$raw = js_unescape ($_SERVER['HTTP_RAW']);
$sig = $_SERVER['HTTP_SIGNATURE'];
$cleartext = $raw . $session_key;
$signature = sha1($cleartext);
现在,问题来了:$sig和$signature,这两个值在某些情况下是相同的,而在某些情况下是不同的!我们用了很多个手机做测试,相同和不同的概率大概五五开,而且跟IOS系统或Android系统无关。咋回事呢?
强力驱动