1、获取 access_token
2、通过access_token换取 jsapi_ticket
3、签名算法
签名生成规则如下:参与签名的字段包括noncestr(随机字符串), 有效的jsapi_ticket, timestamp(时间戳), url(当前网页的URL,不包含#及其后面部分) 。对所有待签名参数按照字段名的ASCII 码从小到大排序(字典序)后,使用URL键值对的格式(即key1=value1&key2=value2…)拼接成字符串string1。这里需要注意的是所有参数名均为小写字符。对string1作sha1加密,字段名和字段值都采用原始值,不进行URL 转义。
二、具体实现方式
1、获取access_token
/** * [getAccessToken description] 获取access_token * @return [type] [description] */private function getAccessToken() { $data = $this->getFile($this->accessTokenFile); if(time() - $data['time'] > 0){ $url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid={$this->appID}&secret={$this->appsecret}"; $re = $this->httpGet($url); $access_token = $re['access_token']; if(isset($access_token)){ $data['access_token'] = $access_token; $data['time'] = time() + 7200; $this->setFile($this->accessTokenFile,json_encode($data)); } }else{ $access_token = $data['access_token']; } return $access_token; }
access_token 的有效时间是7200s,故可以采用文件存储的方法进行保存,避免多次请求;
2、获取jsapi_ticket
/** * [getJsapiTicket description] 获取jsapi_ticket * @return [type] [description] */private function getJsapiTicket() { $access_token = $this->getAccessToken(); $jsapi_ticket = $this->getFile($this->jsapiTicketFile); if(time() - $jsapi_ticket['time'] > 0) { $url = "https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token={$access_token}&type=jsapi"; $re = $this->httpGet($url); $this->preArr($re); $jsapi_ticket = $re['ticket']; if(isset($jsapi_ticket)){ $data['jsapi_ticket'] = $jsapi_ticket; $data['time'] = time() + 7200; $this->setFile($this->jsapiTicketFile, json_encode($data)); } }else{ $jsapi_ticket = $jsapi_ticket['jsapi_ticket']; } return $jsapi_ticket; }
通过access_token进行交换,得到jsapi_ticket,有效期也是7200s;
3、生成签名
/** * [getSignpackage description] 获取签名 * @return [type] [description] */public function getSignpackage(){ $jsapi_ticket = $this->getJsapiTicket(); // 注意 URL 一定要动态获取,不能 hardcode. $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://"; $url = "$protocol$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; $noncestr = $this->createNonceStr(); $timestamp = time(); $string1 = "jsapi_ticket={$jsapi_ticket}&noncestr={$noncestr}×tamp={$timestamp}&url={$url}"; $signature = sha1($string1); $signPackage = array( 'appId' => $this->appID, 'nonceStr' => $noncestr, 'timestamp' => $timestamp, 'signature' => $signature, ); return $signPackage; }
签名算法
使用URL键值对的格式(即key1=value1&key2=value2…)拼接成字符串string1:
对string1进行sha1签名,得到signature:
注意事项:
1.签名用的noncestr和timestamp必须与wx.config中的nonceStr和timestamp相同。
2.签名用的url必须是调用JS接口页面的完整URL。
3.出于安全考虑,开发者必须在服务器端实现签名的逻辑。