Tag Archives: Writing A Twitter Client Using PHP

Writing A Twitter Client Using PHP (3):How to make Twitter’s response in English through curl?(C)

Last blog: hWriting A Twitter Client Using PHP (2): Service Provider Grants Request Token

Here use the oauth_token to get the authorization webpage from Twitter.com. The code is quite simple as below:

$url2 = “http://api.twitter.com/oauth/authorize?oauth_token=” . $oauth_token;
$rep = http($url2);
echo $rep;

Just I have a problem here. The webpage I get is in French. If I put the url in the address space, it will response a webpage in English. I think that the Twitter server must check the language that the Browser uses, but with curl, I need to send the information about language to the Twitter server, but I don’t know how to do it.

I’m trying to figure it out now.

Added on Mar. 8, 2011

When I post those files on the host server, the webpage turns to be in English. Just on my own computer, use “localhost”, it is in French. So, just put this issue aside and move on.

Writing A Twitter Client Using PHP (2): Service Provider Grants Request Token

last blog: Writing A Twitter Client Using PHP (1): Consumer Requests Request Token 

Here is the step B Service Provider Grants Request Token.
At the last blog, I got url, something as below:
https://twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Flocalhost%2Fitwitter%2F&oauth_consumer_key=fwwaw3m5sQq4L3M6aXV1jg
&oauth_nonce=817d10a677547378dbef3547c5545fdb&oauth_signature=Hv48dvKEbWAn4tG4JSEs0UbM1so%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1295839203&oauth_version=1.0a

Here curl is used. The function is as below:
 
function http( $url) {  
  $ch = curl_init($url);  
  curl_setopt($ch, CURLOPT_HEADER, false); 
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
  curl_setopt($ch, CURLOPT_FRESH_CONNECT,true); 
  curl_setopt($ch, CURLOPT_USERAGENT, “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)”);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
  curl_setopt($ch, CURLOPT_MAXREDIRS, 5);         
  curl_setopt($ch, CURLOPT_COOKIEJAR, ‘cookie.txt’); 
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);      
  $content = curl_exec($ch);  
  curl_close($ch); 
  return $content;
}

Then use echo http($url);

Then I gets the string like below from the Twitter server:

oauth_token=sNwJ4Km398PwLdOOjxBcER7KQ2U8P9uPocLblUaAY
&oauth_token_secret=SMVXvhsBWX9qbwbZNsukn5qc2Ex3vLUV405sQyrrU&oauth_callback_confirmed=true

Then turn this string to an Array and put in a variable:

$oauth_responses = http($url);
$oauth_responses = split(‘&’, $oauth_responses);
$parsed_parameters = array();
foreach ($oauth_responses as $oauth_response) {
  $split = split(‘=’, $oauth_response, 2);
  $parameter = $split[0];
  $value = $split[1];
  if (isset($parsed_parameters[$parameter])) {
 if (is_scalar($parsed_parameters[$parameter])) {
   $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]);
 }
 $parsed_parameters[$parameter][] = $value;
  } else {
   $parsed_parameters[$parameter] = $value;
 }
  }

The value of $parsed_parameters is something like below:

Array ( [oauth_token] => sNwJ4Km398PwLdOOjxBcER7KQ2U8P9uPocLblUaAY [oauth_token_secret] => SMVXvhsBWX9qbwbZNsukn5qc2Ex3vLUV405sQyrrU [oauth_callback_confirmed] => true )

Then get the value of oauth_token, and add it behind the request. The code is as below: 
 
$oauth_token = $parsed_parameters[‘oauth_token’];
$url2 = “http://api.twitter.com/oauth/authorize?oauth_token=” . $oauth_token;

This is the step C in the diagram above.

Writing A Twitter Client Using PHP (1): Consumer Requests Request Token


Here I got help from other people’s code. For some code, I don’t know why. But it just works.

Below is about step A and B in the diagram above: Consumer Requests Request Token.
 
Like the diagram shows, 7 values should be transferred to Twitter server:
1, oauth_consumer_key
2, oauth_signature_method
3, oauth_signature
4, oauth_timestamp
5, oauth_nonce
6, oauth_version (optional)
7, oauth_callback

The url is: https://twitter.com/oauth/request_token
The method is: GET

oauth_consumer_key can be get when an API is registered in Twitter;
Here oauth_signature_method is HMAC-SHA1
oauth_timestamp is time() ;
The code below is for oauth_nonce
$mt = microtime();
$rand = mt_rand();
$oauth_nonce = md5($mt . $rand);
Other methods can be used here to get a value for oauth_nonce
oauth_version here uses 1.0a ;
oauth_callback is the url here: http://localhost/itwitter/. When the authentication is finished, the user will be redirected to this url.

It’s a bit hard to get oauth_signature. If it’s wrong, it will show the message as below:

Failed to validate oauth signature and token

Below is the code to get this oauth_signature:

function urlencode_tw($input) { return str_replace( ‘+’, ‘ ‘,  str_replace(‘%7E’, ‘~’, rawurlencode($input)) ); };

$oauth_callback = ‘http://localhost/itwitter/’;
$oauth_callback = str_replace(‘+’,’ ‘, str_replace(‘%7E’, ‘~’, rawurlencode($oauth_callback)));
$sub_string = array( oauth_callback =>$oauth_callback, oauth_consumer_key => $oauth_consumer_key, oauth_nonce => $oauth_nonce, oauth_signature_method => ‘HMAC-SHA1’, oauth_timestamp => $oauth_timestamp, oauth_version => $oauth_version);

$params = $sub_string;
 
$temp = array();
foreach ($params as $param => $values) {
  if (is_array($values)) {
 natsort($values);
 foreach ($values as $value) {
   $temp[] = $param . ‘=’ . $value;
 }
  } else {
   $temp[] = $param . ‘=’ . $values;
    }
}  
 
$sub_string = $temp; 

$sub_string = implode(‘&’, $sub_string);
$base_string=array(“GET”,”https://twitter.com/oauth/request_token”,$sub_string);

$base_string = array_map(urlencode_tw, $base_string);

$base_string = implode(‘&’, $base_string);

$oauth_signature = base64_encode(hash_hmac(‘sha1’, $base_string, $key, true));

$oauth_signature = str_replace(‘+’,’ ‘,str_replace(‘%7E’, ‘~’, rawurlencode($oauth_signature)));

I think that the messages that are transferred to the server will be encrypted with one encryption method to get a key. The server will get a key, the encryption method, and all the messages that aren’t encrypted. With all the information, the server can check if the messages are changed from its original values.

The messages that will be encrypted are something as below:

GET&https%3A%2F%2Ftwitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Flocalhost%252Fitwitter%252F%26oauth_consumer_key%3Dfwwaw3m5sQq4L3M6aXV1jg%26oauth_nonce%3Df9baa315ecf34c0aabf555f785c312fc%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1295839203%26oauth_version%3D1.0a

Then oauth_signature is something as below:
d1zMBrpd/YBdZmYVZxpqpwqxglQ=
Then use the function str_replace(‘+’,’ ‘,str_replace(‘%7E’, ‘~’, rawurlencode($oauth_signature))) to replace the characters that’re not letter(s) and number(s).

The final thing is something as below:
d1zMBrpd%2FYBdZmYVZxpqpwqxglQ%3D

Then all the values are put at the end of “https://twitter.com/oauth/request_token” as below:

https://twitter.com/oauth/request_token?oauth_callback=http%3A%2F%2Flocalhost%2Fitwitter%2F&oauth_consumer_key=fwwaw3m5sQq4L3M6aXV1jg
&oauth_nonce=817d10a677547378dbef3547c5545fdb&oauth_signature=Hv48dvKEbWAn4tG4JSEs0UbM1so%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1295839203&oauth_version=1.0a

With the url and parameters, oauth_token will be got. The response is something as below:
oauth_token=Fh8BYm1ec2EGgCXdxFPsWIv46aFgZiGqw6Krv8iLks
&oauth_token_secret=PFNmtGd166NV7SGfnZhk8DFzlU67oiaErWSFyBJlxM&oauth_callback_confirmed=true