// 1)将token、timestamp、nonce三个参数进行字典序排序
// 2)将三个参数字符串拼接成一个字符串进行sha1加密
// 3)开发者获得加密后的字符串可与signature对比,标识该请求来源于微信
$signature = $_GET['signature'];
$token = 'mashi';
$timestamp = $_GET['timestamp'];
$nonce = $_GET['nonce'];
$echostr = $_GET['echostr'];
$tmpArr = array($token, $timestamp, $nonce);
sort($tmpArr);
$tmpStr = implode('', $tmpArr);
$tmpStr = sha1( $tmpStr );
if ($tmpStr == $signature) {
    echo $echostr;
} else {
    echo '';
}
04-18 18:24