Tag Archives: Twitter

Writing A Twitter Client Using PHP (1): Consumer Requests Request Token


Here I got help from other people’s code. For some code, I don’t know why. But it just works.

Below is about step A and B in the diagram above: Consumer Requests Request Token.
 
Like the diagram shows, 7 values should be transferred to Twitter server:
1, oauth_consumer_key
2, oauth_signature_method
3, oauth_signature
4, oauth_timestamp
5, oauth_nonce
6, oauth_version (optional)
7, oauth_callback

The url is: https://twitter.com/oauth/request_token
The method is: GET

oauth_consumer_key can be get when an API is registered in Twitter;
Here oauth_signature_method is HMAC-SHA1
oauth_timestamp is time() ;
The code below is for oauth_nonce
$mt = microtime();
$rand = mt_rand();
$oauth_nonce = md5($mt . $rand);
Other methods can be used here to get a value for oauth_nonce
oauth_version here uses 1.0a ;
oauth_callback is the url here: http://localhost/itwitter/. When the authentication is finished, the user will be redirected to this url.

It’s a bit hard to get oauth_signature. If it’s wrong, it will show the message as below:

Failed to validate oauth signature and token

Below is the code to get this oauth_signature:

function urlencode_tw($input) { return str_replace( ‘+’, ‘ ‘,  str_replace(‘%7E’, ‘~’, rawurlencode($input)) ); };

$oauth_callback = ‘http://localhost/itwitter/’;
$oauth_callback = str_replace(‘+’,’ ‘, str_replace(‘%7E’, ‘~’, rawurlencode($oauth_callback)));
$sub_string = array( oauth_callback =>$oauth_callback, oauth_consumer_key => $oauth_consumer_key, oauth_nonce => $oauth_nonce, oauth_signature_method => ‘HMAC-SHA1’, oauth_timestamp => $oauth_timestamp, oauth_version => $oauth_version);

$params = $sub_string;
 
$temp = array();
foreach ($params as $param => $values) {
  if (is_array($values)) {
 natsort($values);
 foreach ($values as $value) {
   $temp[] = $param . ‘=’ . $value;
 }
  } else {
   $temp[] = $param . ‘=’ . $values;
    }
}  
 
$sub_string = $temp; 

$sub_string = implode(‘&’, $sub_string);
$base_string=array(“GET”,”https://twitter.com/oauth/request_token”,$sub_string);

$base_string = array_map(urlencode_tw, $base_string);

$base_string = implode(‘&’, $base_string);

$oauth_signature = base64_encode(hash_hmac(‘sha1’, $base_string, $key, true));

$oauth_signature = str_replace(‘+’,’ ‘,str_replace(‘%7E’, ‘~’, rawurlencode($oauth_signature)));

I think that the messages that are transferred to the server will be encrypted with one encryption method to get a key. The server will get a key, the encryption method, and all the messages that aren’t encrypted. With all the information, the server can check if the messages are changed from its original values.

The messages that will be encrypted are something as below:

GET&https%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%252Fitwitter%252F%26oauth_consumer_key%3Dfwwaw3m5sQq4L3M6aXV1jg%26oauth_nonce%3Df9baa315ecf34c0aabf555f785c312fc%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1295839203%26oauth_version%3D1.0a

Then oauth_signature is something as below:
d1zMBrpd/YBdZmYVZxpqpwqxglQ=
Then use the function str_replace(‘+’,’ ‘,str_replace(‘%7E’, ‘~’, rawurlencode($oauth_signature))) to replace the characters that’re not letter(s) and number(s).

The final thing is something as below:
d1zMBrpd%2FYBdZmYVZxpqpwqxglQ%3D

Then all the values are put at the end of “https://twitter.com/oauth/request_token” as below:

https://twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Flocalhost%2Fitwitter%2F&oauth_consumer_key=fwwaw3m5sQq4L3M6aXV1jg
&oauth_nonce=817d10a677547378dbef3547c5545fdb&oauth_signature=Hv48dvKEbWAn4tG4JSEs0UbM1so%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1295839203&oauth_version=1.0a

With the url and parameters, oauth_token will be got. The response is something as below:
oauth_token=Fh8BYm1ec2EGgCXdxFPsWIv46aFgZiGqw6Krv8iLks
&oauth_token_secret=PFNmtGd166NV7SGfnZhk8DFzlU67oiaErWSFyBJlxM&oauth_callback_confirmed=true

plan to develop a mobile version of client part of Twitter

M: I plan to develop a client part of twitter.com, with which the people can access Twitter with their phones in the mainland of China.
M: a mobile version.
U: You will be in jail in two years if you do that
M: maybe when I land on the airport of Beijing one day, I will be send to some reeducation camp directly.
M: (chuckle)
M: but I think it will be ok. the guy who developed the client part of web version lives in the mainland of China quite well now.
U: yes…it will teach you how to be harmonious
U: ok
M: maybe they will cancel my Chinese citizenship. :S
M: it sounds not good for Chinese gov’t if I keep jobless. (chuckle)
U: you can become Canadian citizen
M: I like to keep both.
U: being two citizens is better than one.
M: :) sure
M: My brother told me several days ago that some of his colleagues like to visit http://www.coolder.com regularly and discuss some controversial topics with him.
U: oh really…thats great
M: I surf around the world online.
M: and post the most interesting stuff on the website.
M: They may know the news of China later than me even though they are in CHina.
M: it’s midnight.
U: sorry
M: sorry for what?
U: i was watching classmates videos and posting critiques as required
U: i have one more to watch and post
M: oh, take your time.
U: OK
U: done
U: finally

How to deal with Twitter’s login field: session[username_or_email]

I was working on an Twitter api. I had a problem .
The details is as follows:

<form action=”try.php” method=”post”>
<input name=”session[username_or_email]” tabindex=”1″ type=”text” value=”” />
<input type=”submit” value=”SUBMIT” />
</form>

I couldn’t get a value.

I asked about it in linkedin.com, soon I got a few advices and solved the problem. I concluded them as below:

this is handled as an array:

array(“session[username_or_email]” => USERNAME);

The try.php file to get its values should look like:

$session = array(“session[username_or_email]” => $_POST[‘username_or_email’],”session[password]” => $_POST[‘password’]);