12306 抢票脚本 基于laravel console


2018-01-18 17:37
zpq
67

主要接口

  1. POST https://kyfw.12306.cn/otn/login/checkUser 验证用户是否登录
  2. GET https://kyfw.12306.cn/otn/login/init 登录页面初始化
  3. GET https://kyfw.12306.cn/passport/captcha/captcha-image?login_site=E&module=login&rand=sjrand&0.123456789 获取验证码图像接口 末尾是随机数
  4. POST https://kyfw.12306.cn/passport/captcha/captcha-check 验证码验证
  5. POST https://kyfw.12306.cn/passport/web/login 登录请求
  6. POST https://kyfw.12306.cn/passport/web/auth/uamtk 获取uamtk 我也不知道是什么玩意
  7. POST https://kyfw.12306.cn/otn/uamauthclient 最后登录成功
  8. POST https://kyfw.12306.cn/otn/passengers/init 获取乘车人 其实乘车人可以在请求提交订单接口时通过html 正则匹配可以获取,作为抢票工具来说,当然先确定好,后面就只顾抢票就行了。
  9. GET https://kyfw.12306.cn/otn/leftTicket/queryZ 车次查询
  10. POST https://kyfw.12306.cn/otn/leftTicket/submitOrderRequest 请求提交订单
  11. POST https://kyfw.12306.cn/otn/confirmPassenger/initDc 请求订单初始化
  12. POST https://kyfw.12306.cn/otn/confirmPassenger/checkOrderInfo 请求验证订单信息
  13. POSThttps://kyfw.12306.cn/otn/confirmPassenger/confirmSingleForQueue 确认订单信息

eureka注册中心设置用户名密码


2018-01-04 17:20
zpq
37
  1. 加入安全认证依赖
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
  1. 在application.properties加入认证的用户名和密码
security.user.name=你的用户名
security.user.password=你的密码
  1. 修改url注册
eureka.client.serviceUrl.defaultZone=http://${security.user.name}:${security.user.password}@127.0.0.1:${server.port}/eureka/

Http Content-Type 对照表


2017-11-10 11:32
zpq
3
文件扩展名 Content-Type(Mime-Type) 文件扩展名 Content-Type(Mime-Type)
.*( 二进制流,不知道下载文件类型) application/octet-stream .tif image/tiff
.001 application/x-001 .301 application/x-301
.323 text/h323 .906 application/x-906
.907 drawing/907 .a11 application/x-a11
.acp audio/x-mei-aac .ai application/postscript
.aif audio/aiff .aifc audio/aiff
.aiff audio/aiff .anv application/x-anv
.asa text/asa .asf video/x-ms-asf
.asp text/asp .asx video/x-ms-asf
.au audio/basic .avi video/avi
.awf application/vnd.adobe.workflow .biz text/xml
.bmp application/x-bmp .bot application/x-bot
.c4t application/x-c4t .c90 application/x-c90
.cal application/x-cals .cat application/vnd.ms-pki.seccat
.cdf application/x-netcdf .cdr application/x-cdr
.cel application/x-cel .cer application/x-x509-ca-cert
.cg4 application/x-g4 .cgm application/x-cgm
.cit application/x-cit .class java/*
.cml text/xml .cmp application/x-cmp
.cmx application/x-cmx .cot application/x-cot
.crl application/pkix-crl .crt application/x-x509-ca-cert
.csi application/x-csi .css text/css
.cut application/x-cut .dbf application/x-dbf
.dbm application/x-dbm .dbx application/x-dbx
.dcd text/xml .dcx application/x-dcx
.der application/x-x509-ca-cert .dgn application/x-dgn
.dib application/x-dib .dll application/x-msdownload
.doc application/msword .dot application/msword
.drw application/x-drw .dtd text/xml
.dwf Model/vnd.dwf .dwf application/x-dwf
.dwg application/x-dwg .dxb application/x-dxb
.dxf application/x-dxf .edn application/vnd.adobe.edn
.emf application/x-emf .eml message/rfc822
.ent text/xml .epi application/x-epi
.eps application/x-ps .eps application/postscript
.etd application/x-ebx .exe application/x-msdownload
.fax image/fax .fdf application/vnd.fdf
.fif application/fractals .fo text/xml
.frm application/x-frm .g4 application/x-g4
.gbr application/x-gbr . application/x-
.gif image/gif .gl2 application/x-gl2
.gp4 application/x-gp4 .hgl application/x-hgl
.hmr application/x-hmr .hpg application/x-hpgl
.hpl application/x-hpl .hqx application/mac-binhex40
.hrf application/x-hrf .hta application/hta
.htc text/x-component .htm text/html
.html text/html .htt text/webviewhtml
.htx text/html .icb application/x-icb
.ico image/x-icon .ico application/x-ico
.iff application/x-iff .ig4 application/x-g4
.igs application/x-igs .iii application/x-iphone
.img application/x-img .ins application/x-internet-signup
.isp application/x-internet-signup .IVF video/x-ivf
.java java/* .jfif image/jpeg
.jpe image/jpeg .jpe application/x-jpe
.jpeg image/jpeg .jpg image/jpeg
.jpg application/x-jpg .js application/x-javascript
.jsp text/html .la1 audio/x-liquid-file
.lar application/x-laplayer-reg .latex application/x-latex
.lavs audio/x-liquid-secure .lbm application/x-lbm
.lmsff audio/x-la-lms .ls application/x-javascript
.ltr application/x-ltr .m1v video/x-mpeg
.m2v video/x-mpeg .m3u audio/mpegurl
.m4e video/mpeg4 .mac application/x-mac
.man application/x-troff-man .math text/xml
.mdb application/msaccess .mdb application/x-mdb
.mfp application/x-shockwave-flash .mht message/rfc822
.mhtml message/rfc822 .mi application/x-mi
.mid audio/mid .midi audio/mid
.mil application/x-mil .mml text/xml
.mnd audio/x-musicnet-download .mns audio/x-musicnet-stream
.mocha application/x-javascript .movie video/x-sgi-movie
.mp1 audio/mp1 .mp2 audio/mp2
.mp2v video/mpeg .mp3 audio/mp3
.mp4 video/mpeg4 .mpa video/x-mpg
.mpd application/vnd.ms-project .mpe video/x-mpeg
.mpeg video/mpg .mpg video/mpg
.mpga audio/rn-mpeg .mpp application/vnd.ms-project
.mps video/x-mpeg .mpt application/vnd.ms-project
.mpv video/mpg .mpv2 video/mpeg
.mpw application/vnd.ms-project .mpx application/vnd.ms-project
.mtx text/xml .mxp application/x-mmxp
.net image/pnetvue .nrf application/x-nrf
.nws message/rfc822 .odc text/x-ms-odc
.out application/x-out .p10 application/pkcs10
.p12 application/x-pkcs12 .p7b application/x-pkcs7-certificates
.p7c application/pkcs7-mime .p7m application/pkcs7-mime
.p7r application/x-pkcs7-certreqresp .p7s application/pkcs7-signature
.pc5 application/x-pc5 .pci application/x-pci
.pcl application/x-pcl .pcx application/x-pcx
.pdf application/pdf .pdf application/pdf
.pdx application/vnd.adobe.pdx .pfx application/x-pkcs12
.pgl application/x-pgl .pic application/x-pic
.pko application/vnd.ms-pki.pko .pl application/x-perl
.plg text/html .pls audio/scpls
.plt application/x-plt .png image/png
.png application/x-png .pot application/vnd.ms-powerpoint
.ppa application/vnd.ms-powerpoint .ppm application/x-ppm
.pps application/vnd.ms-powerpoint .ppt application/vnd.ms-powerpoint
.ppt application/x-ppt .pr application/x-pr
.prf application/pics-rules .prn application/x-prn
.prt application/x-prt .ps application/x-ps
.ps application/postscript .ptn application/x-ptn
.pwz application/vnd.ms-powerpoint .r3t text/vnd.rn-realtext3d
.ra audio/vnd.rn-realaudio .ram audio/x-pn-realaudio
.ras application/x-ras .rat application/rat-file
.rdf text/xml .rec application/vnd.rn-recording
.red application/x-red .rgb application/x-rgb
.rjs application/vnd.rn-realsystem-rjs .rjt application/vnd.rn-realsystem-rjt
.rlc application/x-rlc .rle application/x-rle
.rm application/vnd.rn-realmedia .rmf application/vnd.adobe.rmf
.rmi audio/mid .rmj application/vnd.rn-realsystem-rmj
.rmm audio/x-pn-realaudio .rmp application/vnd.rn-rn_music_package
.rms application/vnd.rn-realmedia-secure .rmvb application/vnd.rn-realmedia-vbr
.rmx application/vnd.rn-realsystem-rmx .rnx application/vnd.rn-realplayer
.rp image/vnd.rn-realpix .rpm audio/x-pn-realaudio-plugin
.rsml application/vnd.rn-rsml .rt text/vnd.rn-realtext
.rtf application/msword .rtf application/x-rtf
.rv video/vnd.rn-realvideo .sam application/x-sam
.sat application/x-sat .sdp application/sdp
.sdw application/x-sdw .sit application/x-stuffit
.slb application/x-slb .sld application/x-sld
.slk drawing/x-slk .smi application/smil
.smil application/smil .smk application/x-smk
.snd audio/basic .sol text/plain
.sor text/plain .spc application/x-pkcs7-certificates
.spl application/futuresplash .spp text/xml
.ssm application/streamingmedia .sst application/vnd.ms-pki.certstore
.stl application/vnd.ms-pki.stl .stm text/html
.sty application/x-sty .svg text/xml
.swf application/x-shockwave-flash .tdf application/x-tdf
.tg4 application/x-tg4 .tga application/x-tga
.tif image/tiff .tif application/x-tif
.tiff image/tiff .tld text/xml
.top drawing/x-top .torrent application/x-bittorrent
.tsd text/xml .txt text/plain
.uin application/x-icq .uls text/iuls
.vcf text/x-vcard .vda application/x-vda
.vdx application/vnd.visio .vml text/xml
.vpg application/x-vpeg005 .vsd application/vnd.visio
.vsd application/x-vsd .vss application/vnd.visio
.vst application/vnd.visio .vst application/x-vst
.vsw application/vnd.visio .vsx application/vnd.visio
.vtx application/vnd.visio .vxml text/xml
.wav audio/wav .wax audio/x-ms-wax
.wb1 application/x-wb1 .wb2 application/x-wb2
.wb3 application/x-wb3 .wbmp image/vnd.wap.wbmp
.wiz application/msword .wk3 application/x-wk3
.wk4 application/x-wk4 .wkq application/x-wkq
.wks application/x-wks .wm video/x-ms-wm
.wma audio/x-ms-wma .wmd application/x-ms-wmd
.wmf application/x-wmf .wml text/vnd.wap.wml
.wmv video/x-ms-wmv .wmx video/x-ms-wmx
.wmz application/x-ms-wmz .wp6 application/x-wp6
.wpd application/x-wpd .wpg application/x-wpg
.wpl application/vnd.ms-wpl .wq1 application/x-wq1
.wr1 application/x-wr1 .wri application/x-wri
.wrk application/x-wrk .ws application/x-ws
.ws2 application/x-ws .wsc text/scriptlet
.wsdl text/xml .wvx video/x-ms-wvx
.xdp application/vnd.adobe.xdp .xdr text/xml
.xfd application/vnd.adobe.xfd .xfdf application/vnd.adobe.xfdf
.xhtml text/html .xls application/vnd.ms-excel
.xls application/x-xls .xlw application/x-xlw
.xml text/xml .xpl audio/scpls
.xq text/xml .xql text/xml
.xquery text/xml .xsd text/xml
.xsl text/xml .xslt text/xml
.xwd application/x-xwd .x_b application/x-x_b
.sis application/vnd.symbian.install .sisx application/vnd.symbian.install
.x_t application/x-x_t .ipa application/vnd.iphone
.apk application/vnd.android.package-archive .xap application/x-silverlight-app

SSH端口转发(隧道)


2017-11-10 09:28
zpq
28

SSH端口转发(Port Forwarding),是一种隧道技术,流往某端口的数据被加密后传向另一机器,依据转发方式的不同,有多种应用场景。

以下所有的命令都是用SSH客户端执行的。执行命令的电脑下面称为“本地”电脑;而“远程服务器”则是运行着SSH服务器的机器(本文以my-remote-host.com为例)。

本地转发

有时,远程机器能访问某个端口(如remote-secret.com:8080),但本地机器无法访问。这时使用SSH的本地转发功能,即可将远程端口映射到本地:

ssh -L 9090:remote-secret.com:8080 my-remote-host.com

此时访问本地的9090端口就相当于用远程服务器my-remote-host.com访问remote-secret.com:8080

如果写成-L 9090: localhost:8080,就是把远程服务器的8080端口映射到本地的9090端口了

应用举例:如果远程服务器处于某受保护的内网中,可以借助其SSH服务获得与其等同的访问权限。

默认情况下,本地转发的端口只能在本机上访问,要想允许外部访问,请添加-g选项。

FormData 对象的使用


2017-10-17 14:37
zpq
12

通过Formdata对象可以组装一组用 Xmlhttprequest发送请求的键/值对。它可以更灵活方便的发送表单数据,因为可以独立于表单使用。如果你把表单的编码类型设置为Multipart/Form-Data ,则通过Formdata传输的数据格式和表单通过Submit() 方法传输的数据格式相同


如何创建一个FormData对象

你可以自己创建一个FormData对象,然后通过调用它的*append()*方法添加字段,就像这样:

var formData = new FormData();

formData.append("username", "Groucho");
formData.append("accountnum", 123456); // 数字 123456 会被立即转换成字符串 "123456"

// HTML 文件类型input,由用户选择
formData.append("userfile", fileInputElement.files[0]);

// JavaScript file-like 对象
var content = '<a id="a"><b id="b">hey!</b></a>'; // 新文件的正文...
var blob = new Blob([content], { type: "text/xml"});

formData.append("webmasterfile", blob);

var request = new XMLHttpRequest();
request.open("POST", "http://foo.com/submitform.php");
request.send(formData);

**注意:**字段 "userfile" 和 "webmasterfile" 都包含一个文件. 字段 "accountnum" 是数字类型,它将被*FormData.append()*方法转换成字符串类型(FormData 对象的字段类型可以是 Blob, File, 或者 string: 如果它的字段类型不是Blob也不是File,则会被转换成字符串类型。

上面的示例创建了一个FormData实例,包含"username", "accountnum", "userfile" 和 "webmasterfile"四个字段,然后使用XMLHttpRequest的send()方法发送表单数据。字段 "webmasterfile" 是 Blob类型。一个 Blob对象表示一个不可变的, 原始数据的类似文件对象。Blob表示的数据不一定是一个JavaScript原生格式。 File 接口基于Blob,继承 blob功能并将其扩展为支持用户系统上的文件。你可以通过 Blob() 构造函数创建一个Blob对象。

spring boot security logout use HTTP POST


2017-08-31 16:48
zpq
50

Adding CSRF will update the LogoutFilter to only use HTTP POST. This ensures that log out requires a CSRF token and that a malicious user cannot forcibly log out your users.

One approach is to use a form for log out. If you really want a link, you can use JavaScript to have the link perform a POST (i.e. maybe on a hidden form). For browsers with JavaScript that is disabled, you can optionally have the link take the user to a log out confirmation page that will perform the POST.

If you really want to use HTTP GET with logout you can do so, but remember this is generally not recommended. For example, the following Java Configuration will perform logout with the URL /logout is requested with any HTTP method:

@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .logout()
          .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
  }
}

https://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/#csrf-logout

网页加载进度条


2017-08-25 18:01
zpq
26

Here’s an emerging UI pattern: a web page loading bar. Unsatisfied with progress indicators provided by the browser, some sites are implementing their own ones to show the load status of the next page. The progress bar appears as a thin line overlaying the content, sitting right underneath the browser toolbar, growing in width across the page as the next one loads.

Here is a screenshot of the bar on Medium (the thin green line highlighted at the top):

151505803345769.jpeg
And here is a very similar implementation on YouTube, red this time, with a subtle glow effect:

微信支付宝支付注意事项


2017-07-09 11:07
zpq
51

微信支付

Q 商品名称为中文时返回签名失败
A 在签名是需要将字符串转成ISO8859-1格式

//DigestUtils 是第三方commons-codec库
String sign = DigestUtils.md5Hex(signstr.toString().getBytes("ISO8859-1")).toUpperCase();

Q 创建完订单进行扫码支付时,中文商品名称显示乱码
A 微信中用的编码是ISO8859-1 所以需要将字符串转为ISO8859-1格式

String body = new String (goodname.getBytes("UTF-8"),"ISO-8859-1")

Q 如何获取微信成功支付的回调内容
A 回调的内容是xml字符串,我们需要手动解析

// HttpServletRequest request #spring boot 
BufferedReader reader = request.getReader();
StringBuffer inputString = new StringBuffer();
String line ;
while (( line = reader.readLine()) != null) {
	inputString.append(line);
}
String xmlstr = inputString.toString();

支付宝支付

Q 如何正确的签名
A 支付宝签名要比微信的容易的多,而且出错概率较低,签名方式分为RSARSA2,两种方式分别都需要商户自己生成 公钥和私钥,长度必须是2048 私钥保存在本地,公钥需要上传到 商户中心 -- 开发者中心,上传时需要去掉头尾部字符串,并且去掉换行,上传时请分清楚打算用哪个加密,别RSA加密,却上传到RSA2上面.

Q 进行扫码支付时,商品中文是乱码
A 注意提交的参数charset是什么格式,如格式正确,在请求订单是header 部分需要声明字符编码

HttpPost post = new HttpPost(url);
httpPost.setHeader("Content-Type","application/x-www-form-urlencoded");
httpPost.setEntity( new UrlEncodedFormEntity(dataList,"GBK"));

Q 支付成功回调
A 支付宝默认开通 TRADE_SUCCESSWAIT_BUYER_PAY 支付通知,TRADE_CLOSEDTRADE_FINISHED 需要申请开通,回调的内容数据也很好的获取.

// HttpServletRequest request
request.getParameter()

Q 商品名称英文时签名成功,中文时签名失败
A 该问题应该是提交数据时格式编码有误,小伙伴试试这样。在签名时,把签名的字符串转成GBK编码,form 提交时 也用GBK提交
支付宝 判断字符编码格式主要依据于头部Content-Type属性 如"Content-Type :application/x-www-form-urlencoded;charset=utf-8那么字符编码就是utf-8跟公共参数里的charset没有什么关系,这里推荐使用Okhttp包。
微信则需要把中文字符串转成ISO-8859-1编码,然后再进行签名。

如何正确的使用Google Cloud 计算引擎


2017-06-20 10:34
zpq
227

必备条件

  1. 能翻墙
  2. 需要一张外币信用卡 类似VISA
  3. Google账户

注册Google账户登录进去,然后绑定 VISA 卡 绑定的时候会收取1美元验证银行卡 只要验证通过后会退还。

进入 Google Cloud 菜单栏 -> 结算 -> 概览

如果是第一次使用会赠送300美元 有效期一年

laravel 5.4 redis 报错 'Predis\Response\ServerException' with message 'ERR unknown command 'EVAL''


2017-06-15 17:33
zpq
481

在laravel 5.2 迁移到 5.4 出现错误

这个错误不是框架错误 是 redis 版本 过低导致的 !!

redis eval 命令必须在版本 >= 2.6.0

之前安装redis的时候是用yum命令安装的。

安装的版本是2.4.10 找不到高版本的yum安装方式

没办法只能编译安装

编译安装官网也有,这里顺便也复制下来

wget http://download.redis.io/releases/redis-3.2.9.tar.gz
tar xzf redis-3.2.9.tar.gz
cd redis-3.2.9
make
src/redis-server
src/redis-cli

redis 默认是前台运行的 后台运行需要修改配置文件redis.conf
大约在 128 行

# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
daemonize no

no 改成 yes 保存 然后执行命令

./redis-server [/path/to/redis.conf]

laravel 5.4 报错SQLSTATE[42000] Syntax error or access violation 1055 'xxx' isn't in GROUP BY


2017-06-09 12:30
zpq
120

查询mysql 1055错误码发现问题为在mysql的配置中如果设置了sql_mode包含ONLY_FULL_GROUP_BY值得话,在进行查询时需要将select的字段都包含在group by 中。
即 select x,y from xxx group by x,y
否则就会报错

但是查看自己的配置my.cnf发现在sql_mode中并没有ONLY_FULL_GROUP_BY这个值

然后去查看Laravel的配置文件,config/database.php,查找mysql的配置,

'mysql' => [
            'driver' => 'mysql',
            'host' => env('DB_HOST', 'localhost'),
            'port' => env('DB_PORT', '3306'),
            'database' => env('DB_DATABASE', 'forge'),
            'username' => env('DB_USERNAME', 'forge'),
            'password' => env('DB_PASSWORD', ''),
            'charset' => 'utf8',
            'collation' => 'utf8_unicode_ci',
            'prefix' => env('DB_PREFIX',''),
            'strict' => true,
            'engine' => null,
        ],

发现有个strict项,默认为true,上网也没有查找到相关解释,根据字面意思猜测可能为是否开启严格模式,将其修改为false,再次测试发现问题解决,可以输出正确结果
源代码解释
vendor\laravel\framework\src\Illuminate\Database\Connectors\MySqlConnector.php 约144行

protected function setModes(PDO $connection, array $config)
    {
        if (isset($config['modes'])) {
            $this->setCustomModes($connection, $config);
        } elseif (isset($config['strict'])) {
            if ($config['strict']) {		//这边有个判断如果是true则执行strictMode()方法所以要改为false
                $connection->prepare($this->strictMode())->execute();
            } else {
                $connection->prepare("set session sql_mode='NO_ENGINE_SUBSTITUTION'")->execute();
            }
        }
    }
protected function strictMode()
    {
        return "set session sql_mode='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'";
    }

也可以编辑 /etc/my.cnf 文件
在**[mysqld]**追加

~~```
sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"


~~重启mysql即可。~~

关闭X-Powered-By 信息(隐藏PHP版本信息)


2017-06-02 14:28
zpq
75


会暴露服务器运行的是php

修改 php.ini 文件 设置 expose_php = Off

官方给出的说明

Decides whether PHP may expose the fact that it is installed on the server
(e.g. by adding its signature to the Web server header). It is no security
threat in any way, but it makes it possible to determine whether you use PHP
on your server or not.

决定服务器上是否暴露安装有PHP,
(例如:把这些信息加到Web服务器头响应)。这是不安全的。
但能确定你的服务器时候运行着PHP。
意思就是打开的话可以告诉其他人这台服务器可以运行PHP,但不一定安全,可以关掉

微信支付报错“支付签名验证失败”


2017-06-01 22:06
zpq
53

微信支付有几个地方需要注意的

  • sign 签名时需要在末尾增加key参数 key 参数在商户后台进行设置 sign签名验证
  • wx.config 签名验证工具 url 参数必须是当前js运行所在的url(包括参数) 如果签名失败可能跟支付的授权目录有关
  • 微信创建统一订单时返回的数据格式中只有prepay_id参数有用,其他返回的参数无用
  • wx.chooseWXpay 在调起微信支付时需要二次签名(sign签名),其中有个地方需要注意(巨坑)。具体二次签名如下
$appid = 'appid';              //appid
$randstr = '123123213213';     //随机字符串
$time = '123456789';           //时间戳
$key = 'keyyyyyyyy';           //商户后台设置的key
$prepayid = 'wx2017060115493564b5a926a10145685802';//假设统一订单返回的prepayid
$prepayid = 'prepay_id='.$prepayid;//这里要组装(我是坑)
        $signstr = "appId={$appid}&nonceStr={$randstr}&package={$prepayid}&signType=MD5&timeStamp={$time}&key={$key}";
//生成需要签名的字符串为
//appId=appid&nonceStr=123123213213&package=prepay_id=wx2017060115493564b5a926a10145685802&signType=MD5&timeStamp=123456789&key=keyyyyyyyy";
$paysign = strtoupper(md5($signstr));
//data 为返回为前台数据
$data = [
    'nonceStr' => $randstr,
    'timestamp' => $time,
    'signType' => 'MD5',
    'paySign' => $paysign,
    'package' => $prepayid,
];
  • wx.chooseWXpay 中有个参数timestamp 不是timeStamp 需要签名的时间戳都是timeStamp js里的都是小写的。