<?php

$signature = isset($_GET['signature'])?$_GET['signature']:'';
$timestamp = isset($_GET['timestamp'])?$_GET['timestamp']:'';
$nonce = isset($_GET['nonce'])?$_GET['nonce']:'';
$echostr = isset($_GET['echostr'])?$_GET['echostr']:'';
$token = TOKEN;
$tmpArr = array ($token, $timestamp, $nonce);
sort($tmpArr,SORT_STRING);
$tmpStr = implode($tmpArr);
$tmpStr = sha1($tmpStr);
//先验证请求是否来自于微信，如果是，再判断是否为绑定服务器验证
if ($tmpStr == $signature){
    
        if ($echostr == true){
            
            die ($echostr);
    
            } else {

                $echostr = "";
        
}
    
    } else {
        
        $file = fopen("request.log", "a");
        fwrite($file, date('Y-m-d H:i:s',time())." "."$tmpStr $signature Unauthorized".""."\n");
        die ("Unauthorized");
            
}