Re: [twitter-dev] Where Am I going wrong? Can't get past step 1 of Oauth Integration in PHP...

2010-09-02 Thread Martin Dapas 
On Thu, Sep 02, 2010 at 10:37:03PM +0200, Tom van der Woerdt wrote:
> On 9/2/10 6:46 PM, Ryan wrote:
> > any ideas?
> > 
> 
> Multiple.
> 
> 1. PHP has the hash_hmac function which can do hmac-sha1 for you.

hash_hamc is not always available. You could check with:

if (extension_loaded ('hash')) {
  hash_hmac ('sha1', $str, $key, true);
} else {
  //use hand_crafted_version
}


> 2. Timestamp should be time(), not some date() combination
> 3. This doesn't look like the normal OAuth stuff, but like OAuth Echo
> 4. "TWITTER_PUBLIC_TIMELINE_API" and "TWITTER_UPDATE_STATUS_API" point
> to non-existent pages (missing the version part).
> 5. I'd recommend using uniqid() for generating a nonce instead of
> md5'ing the microtime. It won't cause trouble, but uniqid() is more unique.
> 6. rawurlencode() isn't the proper function for URL encoding, but I
> can't give you a better one right now.

I believe it is if you are on PHP 5.3 or later. Before that, this
should do it:

function oauth_encode ($str) {
  return str_replace ('%E7', '~', rawurlencode ($str));
}


-- 
Martin Dapas

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] Oauth "Incorrect signature" Error

2010-08-18 Thread Martin Dapas 
On Wed, Aug 18, 2010 at 10:40:11AM -0700, Olu wrote:
> Hi, I've been able to get a token and secret for an user but however,
> I'm getting an error while trying to use the status/update call. I've
> googled the problem and tried several solutions but none seems to
> work. I'm not sure what the problem is and I've been looking at this
> for hours. I would appreciate another pair of eyes on this. Any help
> would be greatly appreciated. PHP code below.
> 
> 
>  
> $ch = curl_init("http://api.twitter.com/1/statuses/update.json";);
> 
> curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
> curl_setopt($ch, CURLOPT_HTTPHEADER, array("Expect: ", "Authorization:
> $auth"));
> 
> $b = curl_exec($ch);
> 
> var_dump($b);
> 
> curl_close($ch);

curl defaults to GET, so you're signing a POST for the auth, but
doing a GET. Also, you're not sending the actual status you want to
update, just signing it.



-- 
Martin Dapas
@mahrteen