On Thu, Sep 02, 2010 at 10:37:03PM +0200, Tom van der Woerdt wrote:
> On 9/2/10 6:46 PM, Ryan wrote:
> > any ideas?
> > 
> 
> Multiple.
> 
> 1. PHP has the hash_hmac function which can do hmac-sha1 for you.

hash_hamc is not always available. You could check with:

if (extension_loaded ('hash')) {
  hash_hmac ('sha1', $str, $key, true);
} else {
  //use hand_crafted_version
}


> 2. Timestamp should be time(), not some date() combination
> 3. This doesn't look like the normal OAuth stuff, but like OAuth Echo
> 4. "TWITTER_PUBLIC_TIMELINE_API" and "TWITTER_UPDATE_STATUS_API" point
> to non-existent pages (missing the version part).
> 5. I'd recommend using uniqid() for generating a nonce instead of
> md5'ing the microtime. It won't cause trouble, but uniqid() is more unique.
> 6. rawurlencode() isn't the proper function for URL encoding, but I
> can't give you a better one right now.

I believe it is if you are on PHP 5.3 or later. Before that, this
should do it:

function oauth_encode ($str) {
  return str_replace ('%E7', '~', rawurlencode ($str));
}


-- 
Martin Dapas

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Reply via email to